Skip to content

Add cryptographic security note to System.Random API docs#12481

Merged
gewarren merged 2 commits intomainfrom
copilot/copy-note-to-system-random-doc
Apr 2, 2026
Merged

Add cryptographic security note to System.Random API docs#12481
gewarren merged 2 commits intomainfrom
copilot/copy-note-to-system-random-doc

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 2, 2026
edited
Loading

The main System.Random API reference lacked the security caveat present in the supplementary docs, leaving users unaware that System.Random is unsuitable for cryptographic use.

Changes

  • xml/System/Random.xml: Expanded the type-level <remarks> from a bare supplementary-docs link into a <format type="text/markdown"> block containing:
    • A [!NOTE] callout directing users to System.Security.Cryptography.RandomNumberGenerator for cryptographically secure random numbers
    • The existing supplementary docs link (reformatted to markdown link syntax)

The rendered note will read:

Note
To generate a cryptographically secure random number, such as one that's suitable for creating a random password, use one of the static methods in the System.Security.Cryptography.RandomNumberGenerator class.

@github-actions github-actions bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Apr 2, 2026
Copilot AI linked an issue Apr 2, 2026 that may be closed by this pull request
Copy note from System.Random supplementary documentation to main System.Random doc #12480
Closed
@GrabYourPitchforks
Add cryptographic security NOTE to System.Random type-level remarks
43ce8b5 
Agent-Logs-Url: https://github.com/dotnet/dotnet-api-docs/sessions/864bf564-cbba-4176-b4fa-a901073a6b7c

Co-authored-by: GrabYourPitchforks <1746272+GrabYourPitchforks@users.noreply.github.com>
Copilot AI changed the title [WIP] Update System.Random documentation to include cryptographic note Add cryptographic security note to System.Random API docs Apr 2, 2026
Copilot AI requested a review from GrabYourPitchforks April 2, 2026 18:26
@github-actions github-actions bot added area-System.Security Issues related to security practices for .NET developers. and removed needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners labels Apr 2, 2026
@dotnet-policy-service
Copy link
Copy Markdown
Contributor

dotnet-policy-service bot commented Apr 2, 2026

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones

@GrabYourPitchforks GrabYourPitchforks marked this pull request as ready for review April 2, 2026 22:33
@GrabYourPitchforks GrabYourPitchforks requested a review from a team as a code owner April 2, 2026 22:33
Copilot AI review requested due to automatic review settings April 2, 2026 22:33
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a cryptographic safety caveat to the System.Random API reference documentation so users aren’t misled into using Random for security-sensitive scenarios.

Changes:

  • Replaced the one-line <remarks> with a markdown <format> block.
  • Added a [!NOTE] callout pointing users to System.Security.Cryptography.RandomNumberGenerator for cryptographically secure randomness.
  • Reformatted the existing supplemental remarks link as a markdown link.

@gewarren gewarren merged commit 91bb36d into main Apr 2, 2026
10 checks passed
@gewarren gewarren deleted the copilot/copy-note-to-system-random-doc branch April 2, 2026 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gewarren gewarren gewarren approved these changes

+1 more reviewer

@GrabYourPitchforks GrabYourPitchforks GrabYourPitchforks approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@GrabYourPitchforks GrabYourPitchforks

Copilot code review Copilot

Labels

area-System.Security Issues related to security practices for .NET developers.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Copy note from System.Random supplementary documentation to main System.Random doc

4 participants

@GrabYourPitchforks @gewarren