diff --git a/content/vault/v1.16.x/content/docs/configuration/listener/tcp/index.mdx b/content/vault/v1.16.x/content/docs/configuration/listener/tcp/index.mdx index 3617a7be7e..e7758c56a6 100644 --- a/content/vault/v1.16.x/content/docs/configuration/listener/tcp/index.mdx +++ b/content/vault/v1.16.x/content/docs/configuration/listener/tcp/index.mdx @@ -280,6 +280,42 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co this listener. The default configuration will honor the global [configuration](/vault/docs/configuration/request-limiter). + The JSON parsing limits like `max_json_depth` and `max_json_token` have + intentionally permissive defaults to suport a wide range of use cases. The + primary constraints on parsing limits are available RAM and CPU. We recommend + tuning your JSON parsing limits down from the defaults to match your specific + application needs and available resourcess. Due to the way the parsing limits + interact, running with permissive defaults in a low-resource environment like + a lightweight container can increase the risk that a large, complex JSON + payload could exhaust the available resources. + +- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON + payload. Limiting object depth mitigates the risk of stack exhaustion from + deeply nested objects, which could lead to a Denial of Service (DoS). + +- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed + length in bytes for a single string value within a JSON payload. Limiting + string length provides a critical defense against excessive memory allocation + attacks where a client might send a very large string to exhaust server memory. + Defaults to 1MB. + +- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of + key-value pairs allowed in a single JSON object. Limiting the entry count on + JSON objects helps mitigate hash-collision Denial of Service (HashDoS) attacks + and prevents general resource exhaustion from objects with an excessive number + of entries. + +- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number + of elements permitted in a single JSON array. Limiting the number of array + elements prevents a single request from causing excessive memory consumption + when processing large lists. + +- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens + (e.g., keys, values, braces, brackets) permitted in a single JSON payload. + Setting a limit on tokens acts as an overall complexity limit to provide a + safeguard against attacks that use a huge number of small elements to exhaust + CPU and memory. + ### `telemetry` parameters - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows diff --git a/content/vault/v1.18.x/content/docs/configuration/listener/tcp/index.mdx b/content/vault/v1.18.x/content/docs/configuration/listener/tcp/index.mdx index 2fe9fd3166..c85799cef0 100644 --- a/content/vault/v1.18.x/content/docs/configuration/listener/tcp/index.mdx +++ b/content/vault/v1.18.x/content/docs/configuration/listener/tcp/index.mdx @@ -297,6 +297,42 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co - `disable_replication_status_endpoints` `(bool: false)` - Disables replication status endpoints for the configured listener when set to `true`. + The JSON parsing limits like `max_json_depth` and `max_json_token` have + intentionally permissive defaults to suport a wide range of use cases. The + primary constraints on parsing limits are available RAM and CPU. We recommend + tuning your JSON parsing limits down from the defaults to match your specific + application needs and available resourcess. Due to the way the parsing limits + interact, running with permissive defaults in a low-resource environment like + a lightweight container can increase the risk that a large, complex JSON + payload could exhaust the available resources. + +- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON + payload. Limiting object depth mitigates the risk of stack exhaustion from + deeply nested objects, which could lead to a Denial of Service (DoS). + +- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed + length in bytes for a single string value within a JSON payload. Limiting + string length provides a critical defense against excessive memory allocation + attacks where a client might send a very large string to exhaust server memory. + Defaults to 1MB. + +- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of + key-value pairs allowed in a single JSON object. Limiting the entry count on + JSON objects helps mitigate hash-collision Denial of Service (HashDoS) attacks + and prevents general resource exhaustion from objects with an excessive number + of entries. + +- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number + of elements permitted in a single JSON array. Limiting the number of array + elements prevents a single request from causing excessive memory consumption + when processing large lists. + +- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens + (e.g., keys, values, braces, brackets) permitted in a single JSON payload. + Setting a limit on tokens acts as an overall complexity limit to provide a + safeguard against attacks that use a huge number of small elements to exhaust + CPU and memory. + ### `telemetry` parameters - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows diff --git a/content/vault/v1.19.x/content/docs/configuration/listener/tcp/index.mdx b/content/vault/v1.19.x/content/docs/configuration/listener/tcp/index.mdx index 2fe9fd3166..c85799cef0 100644 --- a/content/vault/v1.19.x/content/docs/configuration/listener/tcp/index.mdx +++ b/content/vault/v1.19.x/content/docs/configuration/listener/tcp/index.mdx @@ -297,6 +297,42 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co - `disable_replication_status_endpoints` `(bool: false)` - Disables replication status endpoints for the configured listener when set to `true`. + The JSON parsing limits like `max_json_depth` and `max_json_token` have + intentionally permissive defaults to suport a wide range of use cases. The + primary constraints on parsing limits are available RAM and CPU. We recommend + tuning your JSON parsing limits down from the defaults to match your specific + application needs and available resourcess. Due to the way the parsing limits + interact, running with permissive defaults in a low-resource environment like + a lightweight container can increase the risk that a large, complex JSON + payload could exhaust the available resources. + +- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON + payload. Limiting object depth mitigates the risk of stack exhaustion from + deeply nested objects, which could lead to a Denial of Service (DoS). + +- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed + length in bytes for a single string value within a JSON payload. Limiting + string length provides a critical defense against excessive memory allocation + attacks where a client might send a very large string to exhaust server memory. + Defaults to 1MB. + +- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of + key-value pairs allowed in a single JSON object. Limiting the entry count on + JSON objects helps mitigate hash-collision Denial of Service (HashDoS) attacks + and prevents general resource exhaustion from objects with an excessive number + of entries. + +- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number + of elements permitted in a single JSON array. Limiting the number of array + elements prevents a single request from causing excessive memory consumption + when processing large lists. + +- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens + (e.g., keys, values, braces, brackets) permitted in a single JSON payload. + Setting a limit on tokens acts as an overall complexity limit to provide a + safeguard against attacks that use a huge number of small elements to exhaust + CPU and memory. + ### `telemetry` parameters - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows diff --git a/content/vault/v1.20.x/content/docs/configuration/listener/tcp/index.mdx b/content/vault/v1.20.x/content/docs/configuration/listener/tcp/index.mdx index 2fe9fd3166..c85799cef0 100644 --- a/content/vault/v1.20.x/content/docs/configuration/listener/tcp/index.mdx +++ b/content/vault/v1.20.x/content/docs/configuration/listener/tcp/index.mdx @@ -297,6 +297,42 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co - `disable_replication_status_endpoints` `(bool: false)` - Disables replication status endpoints for the configured listener when set to `true`. + The JSON parsing limits like `max_json_depth` and `max_json_token` have + intentionally permissive defaults to suport a wide range of use cases. The + primary constraints on parsing limits are available RAM and CPU. We recommend + tuning your JSON parsing limits down from the defaults to match your specific + application needs and available resourcess. Due to the way the parsing limits + interact, running with permissive defaults in a low-resource environment like + a lightweight container can increase the risk that a large, complex JSON + payload could exhaust the available resources. + +- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON + payload. Limiting object depth mitigates the risk of stack exhaustion from + deeply nested objects, which could lead to a Denial of Service (DoS). + +- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed + length in bytes for a single string value within a JSON payload. Limiting + string length provides a critical defense against excessive memory allocation + attacks where a client might send a very large string to exhaust server memory. + Defaults to 1MB. + +- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of + key-value pairs allowed in a single JSON object. Limiting the entry count on + JSON objects helps mitigate hash-collision Denial of Service (HashDoS) attacks + and prevents general resource exhaustion from objects with an excessive number + of entries. + +- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number + of elements permitted in a single JSON array. Limiting the number of array + elements prevents a single request from causing excessive memory consumption + when processing large lists. + +- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens + (e.g., keys, values, braces, brackets) permitted in a single JSON payload. + Setting a limit on tokens acts as an overall complexity limit to provide a + safeguard against attacks that use a huge number of small elements to exhaust + CPU and memory. + ### `telemetry` parameters - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows