Fix #15691: Increase Nginx timeouts for big uploads #3552

marob · 2026-02-09T18:34:05Z

No description provided.

vitam-prg · 2026-02-09T18:39:59Z

Checkmarx One – Scan Summary & Details – 353e2330-12ed-424a-8f97-a0fb21d5d8ca

New Issues (3)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	CVE-2026-24400	Maven-org.assertj:assertj-core-3.11.1	details Description: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 through 3.27.7, an XML External E... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
2	CVE-2026-24400	Maven-org.assertj:assertj-core-3.27.7	details Description: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 through 3.27.7, an XML External E... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
3	CVE-2026-24400	Maven-org.assertj:assertj-core-3.27.3	details Description: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 through 3.27.7, an XML External E... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package

Fixed Issues (120)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 168
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 215
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 194
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 192
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 287
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 236
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 253
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 287
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 253
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 236
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 270
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 288
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 287
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 253
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 254
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 237
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 236
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 288
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 254
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 237
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 270
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 271
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 270
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 271
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 185
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 186
	~~Log_Forging~~	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	~~Log_Forging~~	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
	~~Log_Forging~~	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
	~~Log_Forging~~	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

GiooDev · 2026-02-09T21:22:20Z

deployment/roles/reverse/templates/nginx/conf.d/vhosts.conf.j2

+    # Increase send timeout to allow the upstream more time to consume the stream.
+    # This prevents "Early EOF" errors during large uploads if the backend slows down.
+    # Note: This is a timeout between two successive write operations, not for the total duration.
+    proxy_send_timeout 600s;


Je suppose que ces timeouts dépendent de la volumétrie à transférer, devrait-on rendre ces paramètres configurable pour un exploitant ?
En gros, est-ce que 600s est suffisant ou aura-t-on besoin d'y revenir ? :)

A-t-on besoin des mêmes timeout pour collect ? car là c'est sur l'upstream de ingest.

Fix #15691: Increase Nginx timeouts for big uploads

b8d4cdf

marob added this to the IT 165 milestone Feb 9, 2026

marob added the bug Something isn't working label Feb 9, 2026

GiooDev reviewed Feb 9, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix #15691: Increase Nginx timeouts for big uploads #3552

Fix #15691: Increase Nginx timeouts for big uploads #3552

marob commented Feb 9, 2026

Uh oh!

vitam-prg commented Feb 9, 2026

Uh oh!

GiooDev Feb 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Fix #15691: Increase Nginx timeouts for big uploads #3552

Are you sure you want to change the base?

Fix #15691: Increase Nginx timeouts for big uploads #3552

Conversation

marob commented Feb 9, 2026

Uh oh!

vitam-prg commented Feb 9, 2026

Uh oh!

GiooDev Feb 9, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants