On 8 May 2014 23:46, Liangent <liangent(a)gmail.com> wrote:
On Mar 23, 2012 3:38 AM, "Sam Reed"
<reedy(a)wikimedia.org> wrote:
> I'm happy to announce the availability of the second beta release of the
> new MediaWiki 1.19 release series.
[Snip]
George Argyros
and Aggelos Kiayias reported that the method used to
>
generate
password reset tokens is not sufficiently secure. Instead we
use various more secure random number generators,
depending on
what is available on the platform. Windows users are strongly advised
to install either th
e
openssl extension or the mcrypt extension
for PHP
so that MediaWiki can take
advantage
of the cryptographic random
number facility provided by Windows.
Any extension developers using mt_rand() to generate random numbers in
contexts where security is required are encouraged to instead
make use
of the MWCryptRand class introduced with this
release.
For more details, see
I came across this mail and found this link still not viewable.
I've asked on the bug whether it's OK to making it public again.
J.
--
James D. Forrester
Product Manager, VisualEditor
Wikimedia Foundation, Inc.
jforrester(a)wikimedia.org | @jdforrester