On 9 May 2014 00:37, Jasper Deng <jasper(a)jasperswebsite.com> wrote:
On Thu, May 8, 2014 at 11:46 PM, Liangent <liangent(a)gmail.com> wrote:
On Mar 23, 2012 3:38 AM, "Sam Reed"
<reedy(a)wikimedia.org> wrote:
>
> I'm happy to announce the availability of the second beta release of
the
> new MediaWiki 1.19 release series.
[Snip]
George Argyros
and Aggelos Kiayias reported that the method used to
>
generate
password reset tokens is not sufficiently secure. Instead we
> use various more secure random number
generators, depending on
> what is available on the platform. Windows users are strongly advised
> to install either th
e
openssl extension or the mcrypt extension
for PHP
> so that MediaWiki can take
advantage
of the cryptographic random
> number facility provided by Windows.
>
> Any extension developers using mt_rand() to generate random numbers in
> contexts where security is required are encouraged to instead
make use
> of the MWCryptRand class introduced with
this release.
>
> For more details, see
>
https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
I came across this mail and found this link still not viewable.
Surely this reply was a mistake?
No? Just overly-quoted.
J.
--
James D. Forrester
Product Manager, VisualEditor
Wikimedia Foundation, Inc.
jforrester(a)wikimedia.org | @jdforrester