William A. Rowe, Jr. wrote:
But given how lightweight zlib is, and how much of a moving target it was before 1.2.3, I'd strongly argue that 'deflate' is a core feature, that if we teach httpd to 'reinflate' there are many old vulnerabilites that we expose our users to, and that shipping 1.2.3 would add very little pain for much mod_deflate gain.
it might be worth turning mod_deflate on by default. there are still too many sites out there that do not have it on.
