laminas-captcha 2.4.9 Based on https://github.com/zendframework/zend-captcha/releases/tag/release-2.4.9 (commit bb5f8195c634e6f27b667b66e07e3d1131269d2e in this repo) Added ----- - Nothing. Deprecated ---------- - Nothing. Removed ------- - Nothing. Fixed ----- - **ZF2015-09**: `Laminas\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the `array_rand()` calls to use `Laminas\Math\Rand::getInteger()`, which provides better RNG.