Security is an important priority at OpenX and we’re constantly working to provide security patches and bug fixes as soon as we become aware of any potential issue. As these issues are discovered, we validate, patch and release as quickly as we can. But it’s important to understand that avoiding potential security issues also requires server administrators to be vigilant and upgrade their systems to new, patched versions as soon as they become available.
It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. We have already closed this vulnerability with the latest version of our software. To avoid this issue, we recommend that all users immediately upgrade their systems to 2.8.7.
OpenX also provides both free and Enterprise hosted versions of the ad server. Both of these products are managed and operated by the OpenX team, including upgrades, maintenance, and security scans, freeing you and your team from handling such issues. If ad serving is mission-critical to your business, we suggest contacting our team to learn more about OpenX Enterprise.
When operating any software, especially software that interacts with the public, it is important to keep up to date with the latest version. And, as always, please let us know of any potential security problems by emailing security@openx.org.
