Skip to content

Commit 3108c1d

Browse files
committed
fix: limit outgoing webhook response size and add changeset
1 parent e708664 commit 3108c1d

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

.changeset/shiny-pears-admire.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
---
2+
'@rocket.chat/meteor': patch
3+
---
4+
5+
Fix: Limit outgoing webhook response size to 10MB to prevent memory exhaustion
6+
7+
Added a 10MB size limit to outgoing webhook responses to prevent the server from crashing when integrations return unexpectedly large responses.

apps/meteor/app/integrations/server/lib/triggerHandler.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -621,7 +621,7 @@ class RocketChatIntegrationHandler {
621621
...(opts.data && { body: opts.data }),
622622
// SECURITY: Integrations can only be configured by users with enough privileges. It's ok to disable this check here.
623623
ignoreSsrfValidation: true,
624-
size: 20 * 1024 * 1024,
624+
size: 10 * 1024 * 1024,
625625
},
626626
settings.get('Allow_Invalid_SelfSigned_Certs'),
627627
)

0 commit comments

Comments
 (0)