diff options
Diffstat (limited to 'doc/security/crime_vulnerability.md')
-rw-r--r-- | doc/security/crime_vulnerability.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md index 39cd8f8e074..fdf3e5055b0 100644 --- a/doc/security/crime_vulnerability.md +++ b/doc/security/crime_vulnerability.md @@ -23,10 +23,10 @@ GitLab supports both Gzip and [SPDY](https://nginx.org/en/docs/http/ngx_http_spd vulnerability by deactivating Gzip when HTTPS is enabled. The sources of the files are here: -- [Source installation NGINX file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/support/nginx/gitlab-ssl) -- [Omnibus installation NGINX file](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb) +- [Self-compiled installation NGINX file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/support/nginx/gitlab-ssl) +- [Linux package installation NGINX file](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb) -Although SPDY is enabled in Omnibus installations, CRIME relies on compression +Although SPDY is enabled in Linux package installations, CRIME relies on compression (the 'C') and the default compression level in the NGINX SPDY module is 0 (no compression). |