Hi,

that means it's tagged as a security bug, have you tried asking about it on #mediawiki on freenode?

from the mailing lists, I see

George Argyros and Aggelos Kiayias reported that the method used to generate
password reset tokens is not sufficiently secure. Instead we use various
more
secure random number generators, depending on what is available on the
platform. Windows users are strongly advised to install either the openssl
extension or the mcrypt extension for PHP so that MediaWiki can take
advantage
of the cryptographic random number facility provided by Windows.

Any extension developers using mt_rand() to generate random numbers in
contexts
where security is required are encouraged to instead make use of the
MWCryptRand class introduced with this release.

For more details, see https://bugzilla.wikimedia.org/show_bug.cgi?id=35078

and

http://www.mail-archive.com/[email protected]/msg126907.html


Regards,
Snowolf

On 2012-05-04 1152, Thorsten Glaser wrote:
Hi,

just looked at this again, and I *still* do not have the
permissions to access the bug
https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
which is kinda hindering…

bye,
//mirabilos
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to