https://bz.apache.org/bugzilla/show_bug.cgi?id=63932
--- Comment #11 from Konstantin Kolinko <knst.koli...@gmail.com> --- (In reply to Michael Osipov from comment #8) > > I get the feeling that compression configuration must be moved sooner or > later to a subelement <Compression> beneath a connector. Enabling compression globally like that may make one vulnerable to BREACH exploit. Maybe controlling this feature from within a web application is a way to go. (E.g. like sendfile feature can be used by DefaultServlet). https://en.wikipedia.org/wiki/BREACH > WDYT about adding a suffix and removing it on the fly like mod_deflate should > do? I do not have a clue what you are talking about here. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org