Revive Adserver v3.0.2 has been released. This release fixes one critical security issue. These Release Notes contain all of the details, which users are encouraged to read carefully before upgrading.
The new version can be downloaded from the Downloads page.
Revive Adserver v3.0.2 Release Notes
- Release date: December 20, 2013
- This release includes all the changes, fixes, improvements and enhancements of earlier releases. Please review previous Release Notes when you are upgrading from an earlier version.
This version addresses one security issue, which was recently discovered and reported to the Revive Adserver Project team by community member Florian Sander.
We strongly advise users to upgrade to the most recent version 3.0.2 of Revive Adserver. This also includes any user running any version of OpenX Source or older versions of the application, which may also be vulnerable. In case the upgrade cannot be performed in a timely fashion, we suggest to delete the “www/delivery/axmlrpc.php” script (if not in use) as a temporary fix until the application is upgraded.
Please review our Security Advisory for the details.
The Revive Adserver Project Team wish to thank community member Florian Sander for reporting this issue. He wrote about it on his blog. Florian also submitted a proposed code patch to our Github project, and he worked closely with us to achieve the final solution.
If you come across any other security issues, or suspects that a vulnerability exists, please contact us via the special e-mail address security AT revive-adserver DOT com. As we demonstrated with this release, we take security notices extremely serious and we aim to provide resolutions as soon as possible.