Dear Users of X-Payments hosted subscriptions (Basic, PRO and Multistore),As you may already know the Internet was hit by the POODLE vulnerability in SSLv3 protocol – a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.This is neither a vulnerability in X-Cart nor in X-Payments but you still need to take an action.We are disabling SSLv3 support at our X-Payments servers on Nov 19th 2014. This may cause interruption of connection between your X-Cart based shops and X-Payments if your X-Cart shop is not ready.
X-Cart 5-based store owners
- In order to avoid such an issue X-Cart 5 users need to install latest version of X-Payments connector module available at the X-Cart 5 Marketplace – do it in a couple of clicks, without leaving the admin area of your store. No manual patching is required 😉
- Make sure the server where X-Cart is run uses cURL v 7.18.1 or newer.
X-Cart 4-based store owners
- Apply a very simple patch published at X-Payments users forum.
- Make sure the server where your X-Cart is installed uses cURL v 7.18.1 or newer.