The Revive Adserver team is proud to announce the immediate availability of Revive Adserver v5.2.0.
We are pleased to announce the release of version 5.2.0 of the Revive Adserver software. This version contains new features and improvements related to click tracking, and it fixes several bugs and two low risk security issues.
Here is a list of new features and improvements in Revive Adserver v5.2.0:
- Protocol relative URLs (e.g. “//example.com”) are now recognized as valid destinations when altering HTML banners to add click tracking.
- We now allow optional custom destinations in HTML banners using the “{clickurl}” macro and dynamically appending a URL-encoded destination. The new click URL validity setting specifies the number of seconds a generated click URL will be accepted and will redirect to the specified destination parameter. The feature is disabled by default to avoid abuse.
- The “ct0” parameter has been reworked and reintroduced. Revive Adserver tags can now be modified so that they can be placed into third party ad servers and have both ad servers track ad clicks.
- We replaced “product name” with “application name” in the recently redesigned password recovery emails.
We fixed a number of bugs in this version 5.2.0 of Revive Adserver:
- Issue with password recovery emails being sent to the administrator or not being sent at all.
- Issue with determining the real IP addresses of viewers behind a proxy server when proxy headers contained the origin port number.
- PHP errors in ck.php and cl.php when no banner/zoneid were provided.
- PHP errors preventing the video reports from properly functioning.
- Issue preventing the “bannertext” property from being added or modified using the API.
- Issue preventing the “Don’t count ad clicks… within the specified time” feature from working as expected.
- Issue in the legacy JavaScript tag generation. All the non-async JS tags generated in v5.1.x should be replaced with new ones, as they could break the layout of the websites they have been placed onto.
- Issue with site variable magic macro detection in the destination URL.
- The option to “track Google AdSense clicks” when generating iframe tags, which was a leftover from the removal of the non-working functionality that had already been removed, has also been removed.
- Reverted and made optional the change to use srcdoc when rendering async tags as it is not fully compatible with some third party tags. However, the behavior can be selected by adding data-revive-srcdoc=”1″ as an attribute of the ins HTML tag.
Full release notes for v5.2.0 can be found on our Github page.
Security fixes
This version 5.2.0 contains fixes for some low risk security issues that were recently discovered:
- Reflected XSS vulnerability in campaign-zone-zones.php via the status parameter.
- Reflected XSS vulnerability in stats.php via the statsBreakdown parameter.
A more detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-003/
We recommend upgrading to the most recent 5.2.0 version of Revive Adserver as soon as possible.
Download, install and upgrade
Revive Adserver v5.2.0 is available for download now.
Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements.
Community contributions
The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com.
Another way to contribute to our project, is by using the Revive Adserver Hosted edition.
Bug report and fix
A few days after the release of Revive Adserver v5.2.0, we received a report about a bug that affects the click-through (a.k.a. redirect) specifically and only for the invocation code generated for email newsletter zones. The fix for this bug will be in the upcoming v5.2.1, or in v5.3 (whichever of the two is earlier). If you're affected by this bug and can't afford to wait for the fix in a future release, then you can find a quick fix (patch) on our Github project page.