https://bz.apache.org/bugzilla/show_bug.cgi?id=60276
--- Comment #6 from Konstantin Kolinko <knst.koli...@gmail.com> --- I think that using compression with dynamic data (as in your configuration) is insecure. There are well-known CRIME and BREACH attacks. See https://en.wikipedia.org/wiki/CRIME Tomcat 8.5 and 9 can be configured to serve pre-compressed static files. This is configured with init-param "precompressed" of DefaultServlet. http://tomcat.apache.org/tomcat-8.5-doc/default-servlet.html -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org