fix: limit outgoing webhook response size to prevent memory exhaustion (#38760)

Co-authored-by: Kevin Aleman <11577696+KevLehman@users.noreply.github.com>
pull/38701/head^2
khizar (RinX) 5 days ago committed by GitHub
parent 3145c41615
commit dad0dba81e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 5
      .changeset/shiny-pears-admire.md
  2. 1
      apps/meteor/app/integrations/server/lib/triggerHandler.ts

@ -0,0 +1,5 @@
---
'@rocket.chat/meteor': patch
---
Limits `Outgoing webhook` maximum response size to 10mb.

@ -621,6 +621,7 @@ class RocketChatIntegrationHandler {
...(opts.data && { body: opts.data }),
// SECURITY: Integrations can only be configured by users with enough privileges. It's ok to disable this check here.
ignoreSsrfValidation: true,
size: 10 * 1024 * 1024,
},
settings.get('Allow_Invalid_SelfSigned_Certs'),
)

Loading…
Cancel
Save