Add documentation about new Vault Listener params

Author: biazmoreira

content/vault/v1.16.x/content/docs/configuration/listener/tcp/index.mdx

@@ -280,6 +280,27 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
   this listener. The default configuration will honor the global
   [configuration](/vault/docs/configuration/request-limiter).
 
+- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON payload.
+  This is a security control to mitigate the risk of stack exhaustion from deeply nested
+  objects, which could lead to a Denial of Service (DoS).
+
+- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed length in bytes
+  for a single string value within a JSON payload. This is a critical defense against excessive memory
+  allocation attacks where a client might send a very large string to exhaust server memory. Defaults to 1MB.
+
+- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of key-value pairs
+  allowed in a single JSON object. This helps mitigate hash-collision Denial of Service (HashDoS)
+  attacks and prevents general resource exhaustion from objects with an excessive number of entries.
+
+- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number of elements
+  permitted in a single JSON array. This prevents a single request from causing excessive memory
+  consumption when processing large lists.
+
+- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens
+  (e.g., keys, values, braces, brackets) permitted in a single JSON payload. This acts as an overall
+  complexity limit, providing a safeguard against attacks that use a huge number of small elements
+  to exhaust CPU and memory.
+
 ### `telemetry` parameters
 
 - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows

content/vault/v1.18.x/content/docs/configuration/listener/tcp/index.mdx

@@ -297,6 +297,27 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
 - `disable_replication_status_endpoints` `(bool: false)` - Disables replication
   status endpoints for the configured listener when set to `true`.
 
+- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON payload.
+  This is a security control to mitigate the risk of stack exhaustion from deeply nested
+  objects, which could lead to a Denial of Service (DoS).
+
+- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed length in bytes
+  for a single string value within a JSON payload. This is a critical defense against excessive memory
+  allocation attacks where a client might send a very large string to exhaust server memory. Defaults to 1MB.
+
+- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of key-value pairs
+  allowed in a single JSON object. This helps mitigate hash-collision Denial of Service (HashDoS)
+  attacks and prevents general resource exhaustion from objects with an excessive number of entries.
+
+- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number of elements
+  permitted in a single JSON array. This prevents a single request from causing excessive memory
+  consumption when processing large lists.
+
+- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens
+  (e.g., keys, values, braces, brackets) permitted in a single JSON payload. This acts as an overall
+  complexity limit, providing a safeguard against attacks that use a huge number of small elements
+  to exhaust CPU and memory.
+
 ### `telemetry` parameters
 
 - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows

content/vault/v1.19.x/content/docs/configuration/listener/tcp/index.mdx

@@ -297,6 +297,27 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
 - `disable_replication_status_endpoints` `(bool: false)` - Disables replication
   status endpoints for the configured listener when set to `true`.
 
+- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON payload.
+  This is a security control to mitigate the risk of stack exhaustion from deeply nested
+  objects, which could lead to a Denial of Service (DoS).
+
+- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed length in bytes
+  for a single string value within a JSON payload. This is a critical defense against excessive memory
+  allocation attacks where a client might send a very large string to exhaust server memory. Defaults to 1MB.
+
+- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of key-value pairs
+  allowed in a single JSON object. This helps mitigate hash-collision Denial of Service (HashDoS)
+  attacks and prevents general resource exhaustion from objects with an excessive number of entries.
+
+- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number of elements
+  permitted in a single JSON array. This prevents a single request from causing excessive memory
+  consumption when processing large lists.
+
+- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens
+  (e.g., keys, values, braces, brackets) permitted in a single JSON payload. This acts as an overall
+  complexity limit, providing a safeguard against attacks that use a huge number of small elements
+  to exhaust CPU and memory.
+
 ### `telemetry` parameters
 
 - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows

content/vault/v1.20.x/content/docs/configuration/listener/tcp/index.mdx

@@ -297,6 +297,27 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co
 - `disable_replication_status_endpoints` `(bool: false)` - Disables replication
   status endpoints for the configured listener when set to `true`.
 
+- `max_json_depth` `(int: 500)` – Specifies the maximum nesting depth of a JSON payload.
+  This is a security control to mitigate the risk of stack exhaustion from deeply nested
+  objects, which could lead to a Denial of Service (DoS).
+
+- `max_json_string_value_length` `(int: 1048576)` – Defines the maximum allowed length in bytes
+  for a single string value within a JSON payload. This is a critical defense against excessive memory
+  allocation attacks where a client might send a very large string to exhaust server memory. Defaults to 1MB.
+
+- `max_json_object_entry_count` `(int: 10000)` – Sets the maximum number of key-value pairs
+  allowed in a single JSON object. This helps mitigate hash-collision Denial of Service (HashDoS)
+  attacks and prevents general resource exhaustion from objects with an excessive number of entries.
+
+- `max_json_array_element_count` `(int: 10000)` – Determines the maximum number of elements
+  permitted in a single JSON array. This prevents a single request from causing excessive memory
+  consumption when processing large lists.
+
+- `max_json_token` `(int: 500000)` – Sets the maximum total number of tokens
+  (e.g., keys, values, braces, brackets) permitted in a single JSON payload. This acts as an overall
+  complexity limit, providing a safeguard against attacks that use a huge number of small elements
+  to exhaust CPU and memory.
+
 ### `telemetry` parameters
 
 - `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows