On 9 May 2014 00:37, Jasper Deng <[email protected]> wrote: > > On Thu, May 8, 2014 at 11:46 PM, Liangent <[email protected]> wrote: > > > On Mar 23, 2012 3:38 AM, "Sam Reed" <[email protected]> wrote: > > > > > > I'm happy to announce the availability of the second beta release of > the > > > new MediaWiki 1.19 release series. >
[Snip] > > George Argyros and Aggelos Kiayias reported that the method used to > > > > generate > > password reset tokens is not sufficiently secure. Instead we > > > use various more secure random number generators, depending on > > > what is available on the platform. Windows users are strongly advised > > > to install either th > e > openssl extension or the mcrypt extension > for PHP > > > > so that MediaWiki can take > > advantage > > of the cryptographic random > > > number facility provided by Windows. > > > > > > Any extension developers using mt_rand() to generate random numbers in > > > contexts where security is required are encouraged to instead > make use > > > > of the MWCryptRand class introduced with this release. > > > > > > For more details, see > > > > https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 > > > > I came across this mail and found this link still not viewable. > > Surely this reply was a mistake? No? Just overly-quoted. J. -- James D. Forrester Product Manager, VisualEditor Wikimedia Foundation, Inc. [email protected] | @jdforrester _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
