random_compat v1.0.6 Release Notes

Release Date: 2015-10-15 // over 6 years ago
  • Don't let the version number fool you, this was a pretty significant change.

    ๐Ÿ‘ 1. Added support for ext-libsodium, if it exists on the system. This is morally equivalent to adding getrandom(2) support without having to expose the syscall interface in PHP-land.

    1. Relaxed open_basedir restrictions. In previous versions, if open_basedir was set, PHP wouldn't even try to read from /dev/urandom. Now it will still do so if you can. ๐Ÿ›  3. Fixed integer casting inconsistencies between random_compat and PHP 7.
    2. Handle edge cases where an integer overflow turns one of the parameters into a float.

    One change that we discussed was making random_bytes() and random_int() strict typed; meaning you could only pass integers to either function. While most veteran programmers are probably only doing this already (we strongly encourage it), it wouldn't be consistent with how these functions behave in PHP

    1. Please use these functions responsibly.

    ๐Ÿš€ We've had even more of the PHP community involved in this release; the โšก๏ธ contributors list has been updated. If I forgot anybody, I promise you it's not because your contributions (either code or ideas) aren't valued, it's because I'm a bit overloaded with information at the moment. Please let me know immediately and I will correct my oversight.

    ๐Ÿ‘ Thanks everyone for helping make random_compat better.