Until django releases an official patch for the BREACH vulnerability, I think we should take a look at django-debreach. The django-debreach package provides some, possibly enough, protection against a BREACH attack. Its integration to Horizon is clear by following the configuration found here: https://pypi.python.org/pypi/django-debreach The proposed change to Horizon: https://review.openstack.org/#/c/247838/ The proposed change to Requirements: https://review.openstack.org/#/c/248233/ Regards, Rick Bartra -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151120/e03b6efa/attachment.html>