Credit Card System Update (IN11-003)

Just a quick update on the IN11-003 bug.. Most vendors are patched now, however a few holdouts remain.

I can however report that at least one of the oAuth provider libraries that was affected has now patched their software. So if you're a user of tmhOauth, (commonly used with Twitter) you will want to upgrade to at least version 0.61.

If you're an affected vendor who wants to go public, please let me know and I'll do what I can to help get the upgrade message out.

Also, developers please ensure that you do not set CURLOPT_SSL_VERIFYHOST to false or true, (the correct value is unset or 2). This will also cause the IN11-003 vulnerability in your code.