With gzip enabled (recommended)

hey :slight_smile:


is save to use gzip and ssl with Vikunja?

If I understood that attack correctly, Vikunjs is not vulnerable since there are no secrets in the body of http requests which could then be reflected.

Also the vulnerability is from 2013 so Iā€™d expect the gzip implementations in nginx nowadays to prevent these kinds of attacks.

1 Like