Document GzipMiddleware security issues
|Reported by:||Daniele Procida||Owned by:||Tim Graham|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
https://docs.djangoproject.com/en/dev/ref/middleware/#django.middleware.gzip.GZipMiddleware doesn't provide any caveats. https://docs.djangoproject.com/en/dev/topics/cache/#other-optimizations seems to say that GZipMiddleware is a jolly good idea.
In light of https://code.djangoproject.com/ticket/20869 and https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/, what should the docs have to say about using it?
If there is a security issue presented by it right now, what should be done about the existing 1.5 (or even earlier) documentation that mentions it?
Change History (6)
comment:1 Changed 3 years ago by
|Patch needs improvement:||unset|
|Triage Stage:||Unreviewed → Accepted|
|Type:||Uncategorized → Bug|
comment:2 Changed 3 years ago by
|Owner:||changed from nobody to Tim Graham|
|Status:||new → assigned|
|Version:||1.5 → master|