Editor’s note: this is a post by guest blogger Erik Geurts
In recent weeks, many stories have been published about security issues regarding the OpenX Ad Server software. Please find below some additional information on the current situation regarding the security of the OpenX software.
The most recent and most severe issues all resulted from a security problem in a third party open source component named “Open Flash Charts 2″. This component is used in the Video Ads plugin that comes with OpenX v2.8.4 and higher. The problem has been corrected with the release of OpenX v2.8.7. Instead of performing a full upgrade, a much simpler task is to just upgrade the Video Ads plugin. If you run OpenX version 2.8.3, which doesn’t have the Video ads plugin, you will not be affected by this particular issue.
There is also a smaller but still significant issue in the OpenX core software. It affects all version of the OpenX v2.8 software, up to v2.8.5 and it is relatively easy to fix. The way to do that is outlined in an OpenX forum post. Applying this patch is not complicated, but it does require some skill in editing php software files.
You can find out which version of OpenX you have by looking at the source code of any page of your OpenX system, including the login page. The version number is displayed in line 4 of that source code.
To summarize the above:
- if you run OpenX v2.8.2 or older, an upgrade to version 2.8.3 would be recommended, including a patch for the security issue that was discovered in August.
- if you run OpenX v2.8.3, applying the security patch that was published in August should be sufficient.
- if you run OpenX v2.8.4 or higher, it would be smart to upgrade the Video Ads plugin, and apply the patch for the security issue, or to upgrade to OpenX v2.8.7.