Added security annoucement about RNG

README.md

@@ -33,6 +33,27 @@ New polyfill support was created which does the following:
 The functionality works with both Composer and ZF2's autoloading support, using
 either PSR-0 or classmaps. All typehinting is preserved.
 
+#### Security fix: Better RNG support
+
+The `Zend\Math\Rand` component generates random bytes using the OpenSSL
+or Mcrypt extensions when available but will otherwise use PHP's
+`mt_rand()` function as a fallback. All outputs from `mt_rand()` are
+predictable for the same PHP process if an attacker can brute force
+the seed - which can be done if the attacker has access to a random number
+generated by `mt_rand` or the session ID (if generated without using additional
+entropy). 
+
+Zend Framework have revised the `Zend\Math\Rand` component to replace the
+current `mt_rand()` fallback for OpenSSL/Mcrypt with Anthony Ferrara's
+[RandomLib](https://github.com/ircmaxell/RandomLib), incorporating an additional
+entropy source based on [source code published by George
+Argyros](https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP). The new
+fallback collects entropy from numerous sources other than PHP's internal seed
+mechanism and extracts random bytes from the resulting mixed entropy pool.
+
+For more information on this security vector, please see
+[ZF2013-02](http://framework.zend.com/security/ZF2013-02).
+
 Please see [CHANGELOG.md](CHANGELOG.md).
 
 ### SYSTEM REQUIREMENTS