Hi all, We've just landed a patch to the master branch of CentralAuth[0] that helps avoid timing attacks with token comparisons. The Phabricator task is T125290[1].
If you are are using CentralAuth (which is probably not many of you), please update your installations with this patch. -Chad [0] https://gerrit.wikimedia.org/r/#/c/284237/ [1] https://phabricator.wikimedia.org/T125290 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l