The pingback system is an optional mechanism which reports statistical data to civicrm.org. The pingback URL specified an unencrypted protocol (HTTP), and well-positioned eavesdropper could potentially intercept statistical data. The pingback URL should specify an encrypted protocol (HTTPS) to prevent eavesdropping.
- 4.7.20 and earlier
- 4.6.28 and earlier
Upgrade to the latest version of CiviCRM
If you cannot upgrade you should apply either of the following patches:
Thanks to Nicolas Ganivent of CiviDesk for reporting the issue
Seamus Lee of Australian Greens for fixing