A flaw was found in Mediawiki before 1.28.1 / 1.27.2. Affected versions contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. References: https://phabricator.wikimedia.org/T161453 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html