compress: add security warning to docs The compression standard may be insecure without taking special care to flush the dictionary on stanza boundaries. This must be done on both the client and the server, and means that compression can't be used safely unless all implementations behave correctly. Because of this, add a warning in the documentation to try and discourage use of this package.
1 files changed, 4 insertions(+), 0 deletions(-) M compress/compression.go
M compress/compression.go => compress/compression.go +4 -0
@@ 4,6 4,10 @@ // Package compress implements XEP-0138: Stream Compression and XEP-0229: Stream // Compression with LZW. // // Be advised: stream compression has many of the same security considerations // as TLS compression (see RFC3749 §6) and may be difficult to implement safely // without special expertise. package compress // import "mellium.im/xmpp/compress" import (