Revive Adserver 5.5.1
16 March 2024
Revive Adserver version 5.5.1 is now available (major release).
What's New in Revive Adserver 5.5.1
5.5.1
Security
- Fixed reflected XSS vulnerability (CVE-2023-38040).
Non-Backwards Compatible Changes
- Removed support for creating new inline video ads using FLV type and/or streaming format. Backwards compatibility for delivery is retained.
Bug Fixes
- Fixed an issue preventing username and password from being always requested during upgrades from 5.3.x and older versions. Running an upgrade with an active logged-in session on the browser could result in the admin account requiring a password reset at the next login.
- Fixed an issue with non-ASCII (e.g. accented) characters not being properly encoded when sending e-mails.
- Fixed an issue with the CLI installer not setting permissions properly.
- Removed legacy checks for register_argc_argv being enabled. In fact it is recommended to keep it disabled ony SAPI, other than "cli", for security reasons.
- Removed references to safe_mode, which has been removed from PHP a long ago.
- Fix fatal TypeError being triggered during delivery under some circumstances.
- Fix potential out of memory error during maintenance in case of database issues.
- Added proper escaping when displaying custom application name and UI colour settings.
5.5.0
New Features
- Bundled VAST2 Video Ads plugins.
- Added command line install / upgrade scripts.
Bug Fixes
- Fixed issue preventing plugin hook "addUrlParams" from being called when generating click URLs since the introduction of the signed clicks functionality.
- Fixed issue preventing click-based conversion tracking from properly working.
- Fixed issue preventing password recovery from working properly when using a Postgres database.
- Added missing check for the tokenizer PHP extension during install and upgrade.
- Fixed zone delete action being always displayed regardless of the actual permissions.
- Fixed the "Export Statistics to Excel" functionality so that the link is only disabled when the selected range has no statistics at all.
- Fixed usage of specific charset with spc on local invocation.
- Fixed uncommon issue preventing maintenance from properly completing.