Hi all,

We've just landed a patch to the master branch of CentralAuth[0] that helps avoid timing attacks with token comparisons. The Phabricator task is T125290[1].

If you are are using CentralAuth (which is probably not many of you), please update your installations with this patch.

-Chad

[0] https://gerrit.wikimedia.org/r/#/c/284237/ [1] https://phabricator.wikimedia.org/T125290