laminas-captcha 2.5.2 Based on https://github.com/zendframework/zend-captcha/releases/tag/release-2.5.2 (commit 098989fa7eefe4f023fcc8f11cc8d344dff9f649 in this repo) Added ----- - Nothing. Deprecated ---------- - Nothing. Removed ------- - Nothing. Fixed ----- - **ZF2015-09**: `Laminas\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the `array_rand()` calls to use `Laminas\Math\Rand::getInteger()`, which provides better RNG.