- 4.7.20 and earlier
- 4.6.28 and earlier
The pingback system is an optional mechanism which reports statistical data to civicrm.org. The pingback URL specified an unencrypted protocol (HTTP), and well-positioned eavesdropper could potentially intercept statistical data. The pingback URL should specify an encrypted protocol (HTTPS) to prevent eavesdropping.
Upgrade to the latest version of CiviCRM
If you cannot upgrade you should apply either of the following patches:
Thanks to Nicolas Ganivent of CiviDesk for reporting the issue
Seamus Lee of Australian Greens for fixing