Note that the XWiki Docker image does use urandom: xwiki-docker/template/tomcat/setenv.sh at master · xwiki/xwiki-docker · GitHub
So indeed if the XWiki debian distribution doesn’t, it should, definitely. Same thing for tomcat’s config for slash and backslash if it’s not set up by default in that distribution. I quickly searched XWiki’s source and couldn’t find any use of that… A jira issue for that would be great.
cc @tmortagne