Document GzipMiddleware security issues
|Reported by:||EvilDMP||Owned by:||timo|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
https://docs.djangoproject.com/en/dev/ref/middleware/#django.middleware.gzip.GZipMiddleware doesn't provide any caveats. https://docs.djangoproject.com/en/dev/topics/cache/#other-optimizations seems to say that GZipMiddleware is a jolly good idea.
In light of https://code.djangoproject.com/ticket/20869 and https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/, what should the docs have to say about using it?
If there is a security issue presented by it right now, what should be done about the existing 1.5 (or even earlier) documentation that mentions it?
Change History (6)
comment:1 Changed 20 months ago by timo
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
- Type changed from Uncategorized to Bug
comment:2 Changed 19 months ago by timo
- Owner changed from nobody to timo
- Status changed from new to assigned
- Version changed from 1.5 to master
comment:3 Changed 19 months ago by Tim Graham <timograham@…>
- Resolution set to fixed
- Status changed from assigned to closed