This MR contains the following updates:
breaking: Added default limit to how much data
Bytes::from_requestwill consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash.
The default limit is at 2 MB and can be disabled by adding the new
DefaultBodyLimit::disable()middleware. See its documentation for more details.
This also applies to these extractors which used
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.