Until django releases an official patch for the BREACH vulnerability, I think we should take a look at django-debreach. The django-debreach package provides some, possibly enough, protection against a BREACH attack. Its integration to Horizon is clear by following the configuration found here: https://pypi.python.org/pypi/django-debreach
The proposed change to Horizon: https://review.openstack.org/#/c/247838/ The proposed change to Requirements: https://review.openstack.org/#/c/248233/ Regards, Rick Bartra
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
