Revive Adserver v3.2.2 is now available.
This release fixes a number of medium security issues, which were recently discovered and reported to the Revive Adserver Project team, some via direct community feedback, but mostly via the Revive Adserver HackerOne project (which is the reason for the relatively large number of security issues resolved in this release).
We strongly advise users to upgrade to the most recent version 3.2.2 of Revive Adserver. This also includes any user running any version of OpenX Source or older versions of the application, which may also be vulnerable to the security issues fixed in this release. Please review our Security Advisory for the details.
Download, install and upgrade
Revive Adserver v3.2.2 is available for download now.
Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Upgrading Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements.
Community contribution
The Revive Adserver Project Team wish to thank all community & HackerOne members for their contributions – the details can be found in the Security Advisory.
If you come across any other security issues, or suspects that a vulnerability exists, please see our page on reporting security issues.
Hi there,
The Advisory is unreachable (404).
Regards, Flo
Hi Flo,
Thanks for noticing this, the link has been fixed.
Regards, Erik Geurts
Why haven’t you included the latest bugfixes from the Github project?
Still old ones are missing like this one: https://github.com/revive-adserver/revive-adserver/commit/d221d4c9443cbed0a5f32e9288e2bd3eafe1fd57
Hi Francesco,
Since this was a security release, it is best for it to only contain security related changes to avoid unexpected and potentially undesired regressions when rushing to upgrade a vulnerable instance.
Best regards, Matteo