问题
Multi part file upload in spring boot application is not working with tomcat version 9.0.31. But this functionality working fine with older version 9.0.30 .But there is a vulnerability in this version and forced to upgrade the version. See the error given below
"timestamp": "2020-03-09T08:01:56.169+0000",
"status": 500,
"error": "Internal Server Error",
"message": "Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly",
Error log is given below
nested exception is org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly] with root causeorg.apache.tomcat.util.http.fileupload.MultipartStream$MalformedStreamException: Stream ended unexpectedly
Please help to resolve this.
回答1:
I think the bug has been fixed with latest tomcat version 9.0.33.
The multi-part file upload functionality which was not working in version 9.0.31, has also been fixed with the upgrade. Also, I have tried checking if there are any vulnerability using owasp dependency checker and found that there are no vulnerabilities in this version.
Just upgrade your dependency with the below version:
<!-- https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.33</version>
</dependency>
回答2:
This is a bug in Tomcat 9.0.31. There's already an entry in Apache's Bugzilla: https://bz.apache.org/bugzilla/show_bug.cgi?id=64195.
According to the bug report, to prevent this issue you can either - use Http11Nio2Protocol instead of Http11NioProtocol - use Tomcat 9.0.30, where this doesn't happen (but has the critical Ghostcat vulnerability in Tomcat's AJP protocol)
The issue will be fixed in 9.0.32 (which is not released yet).
Note: When using http instead of https the problem also does not appear.
来源:https://stackoverflow.com/questions/60597598/multipart-file-upload-using-spring-boot-with-tomcat-version-9-0-31-is-failing