2026-02-25 01:09:20
GitHub_M
PUBLISHED
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMRs HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle (MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.