fix: cap payment challenge request parsing by brendanjryan · Pull Request #9 · stripe/mpp-java

brendanjryan · 2026-06-17T17:09:41Z

Summary

Reject WWW-Authenticate request parameters above the 16 KiB parser cap before later decoding.
Added a parser regression test for oversized challenge request parameters.

Aligns the Java SDK with the request-size hardening in tempoxyz/mpp-tools#35 so oversized challenge parameters fail early.

Reuses the existing Parsing.MAX_PAYLOAD_SIZE limit.
Leaves normal parsing behavior unchanged for missing or in-limit request parameters.

fix: cap payment challenge request parsing

2b181ea

raubrey-stripe marked this pull request as ready for review June 17, 2026 17:24

emmajam mentioned this pull request Jun 17, 2026

fix: cap payment challenge request parsing #12

Merged

raubrey-stripe merged commit cc72115 into stripe:main Jun 17, 2026
7 checks passed