On 8 May 2014 23:46, Liangent <[email protected]> wrote: > On Mar 23, 2012 3:38 AM, "Sam Reed" <[email protected]> wrote: > > I'm happy to announce the availability of the second beta release of the > > new MediaWiki 1.19 release series.
[Snip] > > George Argyros and Aggelos Kiayias reported that the method used to > > > generate > > password reset tokens is not sufficiently secure. Instead we > > use various more secure random number generators, depending on > > what is available on the platform. Windows users are strongly advised > > to install either th > e > openssl extension or the mcrypt extension > for PHP > > > so that MediaWiki can take > > advantage > > of the cryptographic random > > number facility provided by Windows. > > > > Any extension developers using mt_rand() to generate random numbers in > > contexts where security is required are encouraged to instead > make use > > > of the MWCryptRand class introduced with this release. > > > > For more details, see > > > https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 > > I came across this mail and found this link still not viewable. > I've asked on the bug whether it's OK to making it public again. J. -- James D. Forrester Product Manager, VisualEditor Wikimedia Foundation, Inc. [email protected] | @jdforrester _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
