-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use random_bytes function if it is available for random number genera…
…tion
- Loading branch information
Showing
2 changed files
with
10 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6a217dc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi! This should be considered a BC breaking commit. We had a buggy code that instantiated an "\Error" class that comes with the random_compat package. Why is this package included as mandatory and not optional? The message "It is recommended that you install the "paragonie/random_compat" library or" is meaningless as the random_compat library is installed no matter what.
Thanks!
6a217dc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you are referring to fcd3160 where this dependency was introduced to fix a security issue. However, I fail to see how this breaks your application. Though please open a new issue if you think that there is a bug.