Note: this is a cross-post from my contribution at OpenXtips.com yesterday.
Just like in March 2010, a new version of the OpenX software has been released recently, but not a single byte of publicity has been devoted to it. No mention on the OpenX blog or on Twitter, nothing. Judging from the dates on the files in the download archive, the new release was completed on September 2nd of 2010, so almost a week ago.
This new version 2.8.6 seems to be mostly about the security issue that was found and fixed a few weeks ago. Back then, on August 12, a somewhat cryptic announcement was posted on the OpenX forums, informing people how to fix the security problem. That post also hinted at a new release that would be out soon.
The release notes file in the 2.8.6 archive points to the OpenX Developer site for more details, but the issue tracker for version 2.8.6 is still open and most issues in it are still marked as unresolved. And the version check inside the OpenX software doesn’t give any notifications about upgrade availability.
Altogether, this is a pretty strange situation. Obviously, it’s smart to upgrade to a new version as soon as it’s released, especially if the upgrade is about fixing security issues. On the other hand, what should we think about a release that is not announced in any way, shape or form?