Revive Adserver v3.1.0 released

Revive Adserver logoThe Revive Adserver Project Team is proud to announce the release of a new version of the popular free open source ad server system Revive Adserver.

Revive Adserver 3.1.0 has several new features and enhancements, and also includes two security fixes. For users who are not yet ready to upgrade to version 3.1.0, we have also released version 3.0.6, with just the two security fixes. Please read the paragraph below in this blog post to learn more about these security fixes.

Please also note that Revive Adserver 3.1.0 requires at least PHP 5.3.0; older versions of PHP will no longer be supported in future releases of Revive Adserver. Please make sure to study the release notes below, including the notes on non-backwards compatible changes.

What’s New in Revive Adserver version 3.1.0?

Version 3.1.0 of Revive Adserver includes two important security fixes. More details can be found in the paragraph on security below.

We have developed the following new features and improvements:

  • Blank impressions are now logged and taken into account during prioritization. This should allow using zones without remnant campaigns, which was previously discouraged. Blank impressions are also counted in the “Global History” and “Website & Zones” statistic screens and separately displayed in the “Campaign distribution” tab for websites and zones.
  • The “Contract (Exclusive)” campaign type has been re-named to “Override”.
  • Added the ability to intentionally attempt to over deliver Contract campaigns by a given percentage of impressions against the predicted “ideal” to help ensure that Contract campaigns always meet their contracted delivery by their end date.
  • The Revive Adserver delivery engine now includes a completely inclusive CORS header (i.e. ‘Access-Control-Allow-Origin: *’).
  • The domain used for the viewerId cookie is now configurable.
  • The “My Account” main menu has been re-named to “Preferences” for clarity.
  • The quick navigation dropdown lists for advertisers/campaigns and websites is now sorted alphabetically.
  • The “midnight sync” process that checks for updates to Revive Adserver is now the very last thing to happen in the overall maintenance process.

The new version also includes the following bug fixes:

  • Fixed a problem with timezones not being taken into account when running the zone allocation algorithm during maintenance. This resulted in underdelivery if the account timezone had a positive offset from UTC, and potentially some overdelivery otherwise.
  • Fixed the editing of campaigns when conversion tracking is disabled.
  • Fixed the preview of all banners on the “Banners” page user interface preference.
  • Fixed incorrectly displayed error message when trying to link a banner to an email zone where the banner’s parent campaign dates overlap with an already linked campaign.
  • Fixed incorrectly displayed message stating that a link has been created when trying to link an email zone to a banner where the banner’s parent campaign dates overlap with an already linked campaign.
  • VAST tracking URLs now use https:// when called via SSL.
  • Removed useless Content-Length headers when sending the 1×1 transparent gif and spc delivery files, as the header interferes with ob_gzhandler and/or zlib.output_compression.
  • Fixed issue with banner delivery over SSL when using Postgres.
  • Fixed click redirection to internationalized domain names when the IDN functions are available (PHP 5.3+).
  • Properly display the current value in the UI when settings contain an underscore in their name.
  • Properly display ‘Site – Variable’ delivery limitations when the value is set to zero (i.e. ‘0’).
  • Fixed product name and removed bad documentation link on installer pre-check warning page.
  • Allow Revive Adserver to be installed on Debian Wheezy PHP versions that have had a critical PHP bugfix backported.
  • Fixed an issue with old creative file being deleted although still in use when a banner image file was replaced.
  • Fixed use of custom application name in the generation of zone invocation tags; made the use of this consistent across tracker beacons and SPC tags as well, and removed all incorrect code relating to a non-existent user preference.
  • Added compatibility for systems affected by PHP bug #53829, i.e. having gzopen64 rather than gzopen.

Version 3.1.0 introduces a number of non-backwards compatible changes:

  • Revive Adserver 3.1.0+ now requires PHP 5.3+
  • HTML banners no longer present URL and Target fields in the user interface unless editing an existing HTML banner where one of these fields is present; the URL(s) and target(s) should be set as part of the HTML banner.
  • A number of database table columns are removed as part of the upgrade process for Revive Adserver 3.1.0, as they were deprecated with the removal of the OpenX Market in version 3.0.0. Please ensure that you back up your Revive Adserver database before upgrading to 3.1.0.
  • Existing accounts with the name “Default manager” will be updated to “Default Account” to ensure the account name is consistent with updated language files. Similarly, existing accounts with the name “Administrator account” will be updated to “System Administrator”.
  • Activation/deactivation emails and scheduled reports are now disabled by default when creating new advertisers via the API, in order to match the UI behaviour. This does not affect any existing advertiser account settings for this feature; but please be aware that the default for all new advertiser accounts has been changed.
  • The adRender hook function signature was missing the $richMedia argument before $loc and $referer. Please make sure you double check your custom plugins in case they use such hook.

The full list of changes included in version 3.1.0 can be reviewed on the project’s Github pages

Download, install and upgrade

Revive Adserver v3.1.0 is now available for download.

Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Upgrading Revive Adserver. Make sure that the server(s) being used meet the minimum technical requirements.

Security fixes in Revive Adserver version 3.0.6 and version 3.1.0

Versions 3.0.6 and 3.1.0 of Revive Adserver address two moderate security issues, one of which was reported to us by security researchers at HTBridge.

As usual, we recommend that users upgrade to the most recent version 3.1.0 of Revive Adserver as soon as possible. This also includes any user running any version of OpenX Source or older versions of the application, which may also be vulnerable.

For users who are not yet ready to upgrade to version 3.1.0, we have created version 3.0.6, which is functionally identical to version 3.0.5 but does contain the two security fixes.

Please review our Security Advisory for the details.

Written by

Revive Adserver is an open source project, dedicated to building and supporting the open source ad server software and the community of users around the world.