Skip to content

1.5.1 Security

Compare
Choose a tag to compare
@adixon adixon released this 14 Jun 21:04
· 528 commits to master since this release

As identified by Chris Burgess (https://github.com/xurizaemon), the extension had the potential to be storing client credit card data on production sites, contrary to PCI requirements (for typical sites using this extension). This condition occurs only on Drupal sites with the 'framework logging' setting turned on (default is off). Under these circumstances, debug code was writing the credit card data into the Drupal watchdog log.

This release includes a fix to that code (by only writing this debug data when using the test environment), as well as a short list of other resolved issues, including the ability to use the www2.iatspayments.com as the payment processor domain for sites that don't support the new SSL requirements.

Separate releases to support CiviCRM 4.3 and 4.2 that are still using this extension will be available shortly.