diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index b30c68d..2f61e29 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -2303,6 +2303,22 @@ include_dir 'conf.d'
         but at the cost of some extra CPU spent on the compression during
         WAL logging and on the decompression during WAL replay.
        </para>
+
+       <warning>
+        <para>
+         When enabling <varname>wal_compression</varname>, there is a risk
+         to leak data similarly to the BREACH and CRIME attacks on SSL where
+         the compression ratio of a full page image gives a hint of what is
+         the existing data of this page.  Tables that contain sensitive
+         information like <structname>pg_authid</structname> with password
+         data could be potential targets to such attacks. Note that as a
+         prerequisite a user needs to be able to insert data on the same page
+         as the data targeted and need to be able to detect checkpoint
+         presence to find out if a compressed full page write is included in
+         WAL to calculate the compression ratio of a page using WAL positions
+         before and after inserting data on the page with data targeted.
+        </para>
+       </warning>
       </listitem>
      </varlistentry>