A new version of the OpenX Ad Server software has been released. This version 2.8.7 fixes a very serious security issue. According to the announcement on the OpenX blog:
there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.
The issue stems from the Video Ads plugin for OpenX, which in turn uses an open source third party component called Open Flash Charts (OFC) to display graphs about video ad performance. There was a security issue with OFC which has now been fixed.
In addition, the upgrade notification inside the OpenX management pages has this information:
If you recently upgraded to version 2.8.6, you can simply install an upgraded video ad plug-in available [here] or remove the following file: admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php from your installation.
This is the second update in less than 1 week, which might sound alarming. On the other hand, there will always be bugs and security vulnerabilities in software, and it’s better to have those fixed.
Besides this fix for the security issue that was uncovered, there is also a seemingly small functional change in this new version:
For users in the UK, all market interfaces now reflect your participation in Orange Ad Market, and all Orange Ad Market market monetary values are in GBP.
Since both the OpenX main website and the OpenX blog appear to be down at the time I’m writing this, I can’t give you any more information than what I included above.
What does still seem to work at the moment is the download link at http://download.openx.org/openx-2.8.7.zip.