You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The module has gzip is enabled by default, when someone configures to uses HTTPS without modifying this parameter they are susceptible to www.breachattack.com.
It would be more appropriate and safer for the default to be undef and take the default of the nginx module which is "off" when not configured.
If someone wants to explicitly configure then it should be added.
This will avoid misconfiguration and opening users sites to the possible attack.
The text was updated successfully, but these errors were encountered:
The module has gzip is enabled by default, when someone configures to uses HTTPS without modifying this parameter they are susceptible to www.breachattack.com.
It would be more appropriate and safer for the default to be undef and take the default of the nginx module which is "off" when not configured.
If someone wants to explicitly configure then it should be added.
This will avoid misconfiguration and opening users sites to the possible attack.
The text was updated successfully, but these errors were encountered: