#20887 closed Bug (fixed)
Document GzipMiddleware security issues
| Reported by: | Daniele Procida | Owned by: | Tim Graham |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
https://docs.djangoproject.com/en/dev/ref/middleware/#django.middleware.gzip.GZipMiddleware doesn't provide any caveats. https://docs.djangoproject.com/en/dev/topics/cache/#other-optimizations seems to say that GZipMiddleware is a jolly good idea.
In light of https://code.djangoproject.com/ticket/20869 and https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/, what should the docs have to say about using it?
If there is a security issue presented by it right now, what should be done about the existing 1.5 (or even earlier) documentation that mentions it?
Change History (6)
comment:1 by , 11 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|---|
| Type: | Uncategorized → Bug |
comment:2 by , 11 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
| Version: | 1.5 → master |
comment:3 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
In da843e7dba4ae8ed2846475564bb6ded82960827: