-
Bug
-
Resolution: Unresolved
-
Medium
-
El Alto Release
spring-security-web (all versions) are vulnerable to a BREACH attack. The workaround for this issue is to disable http compression for external requests.
Details of the attack and the workaround may be found at : https://github.com/spring-projects/spring-security/pull/4002#issuecomment-239827460