https://bz.apache.org/bugzilla/show_bug.cgi?id=60276
--- Comment #6 from Konstantin Kolinko <[email protected]> --- I think that using compression with dynamic data (as in your configuration) is insecure. There are well-known CRIME and BREACH attacks. See https://en.wikipedia.org/wiki/CRIME Tomcat 8.5 and 9 can be configured to serve pre-compressed static files. This is configured with init-param "precompressed" of DefaultServlet. http://tomcat.apache.org/tomcat-8.5-doc/default-servlet.html -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
