https://bz.apache.org/bugzilla/show_bug.cgi?id=60276
--- Comment #7 from cnsilvan <cnsil...@gmail.com> --- (In reply to Konstantin Kolinko from comment #6) > I think that using compression with dynamic data (as in your configuration) > is insecure. There are well-known CRIME and BREACH attacks. See > > https://en.wikipedia.org/wiki/CRIME > > Tomcat 8.5 and 9 can be configured to serve pre-compressed static files. > This is configured with init-param "precompressed" of DefaultServlet. > > http://tomcat.apache.org/tomcat-8.5-doc/default-servlet.html thank u! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org