|
Hi, that means it's tagged as a security bug, have you tried asking about it on #mediawiki on freenode? from the mailing lists, I see George Argyros and Aggelos Kiayias reported that the method used to generate password reset tokens is not sufficiently secure. Instead we use various more secure random number generators, depending on what is available on the platform. Windows users are strongly advised to install either the openssl extension or the mcrypt extension for PHP so that MediaWiki can take advantage of the cryptographic random number facility provided by Windows. Any extension developers using mt_rand() to generate random numbers in contexts where security is required are encouraged to instead make use of the MWCryptRand class introduced with this release. For more details, see https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 and http://www.mail-archive.com/[email protected]/msg126907.html Regards, Snowolf On 2012-05-04 1152, Thorsten Glaser wrote: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]Hi, just looked at this again, and I *still* do not have the permissions to access the bug https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 which is kinda hinderingâ¦bye, //mirabilos |
- Bug#666269: update Thorsten Glaser
- Bug#666269: update Snowolf
- Bug#666269: update Thorsten Glaser

