In the SecurityInfo plugin, the Session > save_path test shows a warning (yellow). After debugging, I found out that the reason it shows the warning is that the common tempdir occurs in the session save_path. But the warning is wrong because the tempdir is /tmp/ and the session save_path is set by Piwik to /path/to/piwik/tmp/sessions/, which contains /tmp/. So there's no way to get rid of the warning by configuration. I think the test should be changed to only check whether the save_path starts with the common tempdir, not whether it contains it.
How do we deal with that? Do we open a ticket on their repo?
I think the project is not maintained anymore, so it would be OK to hot-fix our copy of the lib.