Hello, In regard to CVE-2023-28709<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709> we would like to know if the vulnerability caused by the incomplete fix, "If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur", was completely fixed in the release 9.0.74 and thus is enough just to do an upgrade to a version >= 9.0.74 to solve the issue.
Regards, Andreea Prodan
