GHSA-3FMQ-X9Q6-WM39 random_compat Uses insecure CSPRNG

randomcompat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators CSPRNG. The affected versions use opensslrandompseudobytes, which may result in insufficient entropy and compromise the security of...

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe In most versions of PHP, it lies about being secure And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: Release a new version v1.3.0 or most likely v2.0.0 that doesn't rely...