LZ77-based compression algorithms are susceptible to timing side channels attacks which could be used by a remote attacker to disclose secret compressed information based on the time it takes for the algorithm to decompress such data. Algorithms such as DEFLATE (in zlib), PGLZ (in PostgreSQL), and zstd if used to store attacker-controlled data together with some secret data (e.g. a cookie) could leak the secret part of the data through the differences in timing required to decompress the data. References: https://arxiv.org/abs/2111.08404
It is not clear if there is even a fix for this issue yet. The paper proposes few mitigations: 1) disabling LZ77: I think this would defeat the purpose of compression, so I'm not sure it is feasible 2) masking: protect secrets from being compressed with attacker-controlled data 3) randomization: unclear if it is valuable mitigation 4) keyword protection: uses a "sensitive keyword list" used to split the set of keywords into a subset of secret/sensitive keywords and non-secret ones According to the paper, probably the best strategy in practice is to avoid sensitive data being compressed with potential attacker-controlled data.