Bug: GZip compression + new request (Brotli)

Lucee v6.2.0.164 (RC) in the Webadmin → Output settings:
Gzip compression can not be disabled. Once “Update” is pressed, it resets to active.

Request for implementing Brotli compression instead, a much newer standard. There is a Tomcat compatible jbrotli library already (4 years old) that could be implemented.

Why? There are security issues with Gzip ( CVE-2022-1271 ) thous making the Brotli algorithm more secure as well as more efficient.

Until this is fixed in the Webadmin GUI, where can one modify in any of the settings file to disable the compression of the output?

Screenshot from 2024-11-11 22-17-05

Lucee Server Administrator:
Settings » Output » Compression

Application.cfc:

//Application.cfc
this.compression = false

Or use the environment variables/ sustem properties:
LUCEE_ALLOW_COMPRESSION
lucee.allow.compression

More information in the docs

1 Like

Managed to uncheck the “Enable compression (GZip) for the Lucee Response stream” in the Lucee Web Admin → Settings → Output
AND also
add the LUCEE_ALLOW_COMPRESSION=false
yet the html/text thous generated by Lucee is still gzip compressed
(yes, I cleared the template cache before testing)

Any other way to prevent this? Maybe replace it with Brotli compression instead of gZip?

Better yet, I suggest the implementation of the ZSTD compression format - a newer, faster (in de/compressing) format compared to Brotli and MUCH faster and more efficient than GZIP. Cloudflare uses it:

https://facebook.github.io/zstd/

1 Like