This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
release-2.5.2
Added ----- - Nothing. Deprecated ---------- - Nothing. Removed ------- - Nothing. Fixed ----- - **ZF2015-09**: `Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the `array_rand()` calls to use `Zend\Math\Rand::getInteger()`, which provides better RNG.
Assets 2
-
2015-11-23T15:37:48Z -
2015-11-23T15:37:48Z - Loading