Revive Adserver

5.5.1

(Hauptversion) (Sicherheitsupdate)
16 März 2024 - 100MB5.5.1

Security

• Fixed reflected XSS vulnerability (CVE-2023-38040).
  

Non-Backwards Compatible Changes

• Removed support for creating new inline video ads using FLV type and/or streaming format. Backwards compatibility for delivery is retained.
  

Bug Fixes

• Fixed an issue preventing username and password from being always requested during upgrades from 5.3.x and older versions. Running an upgrade with an active logged-in session on the browser could result in the admin account requiring a password reset at the next login.
  
• Fixed an issue with non-ASCII (e.g. accented) characters not being properly encoded when sending e-mails.
  
• Fixed an issue with the CLI installer not setting permissions properly.
  
• Removed legacy checks for register_argc_argv being enabled. In fact it is recommended to keep it disabled ony SAPI, other than "cli", for security reasons.
  
• Removed references to safe_mode, which has been removed from PHP a long ago.
  
• Fix fatal TypeError being triggered during delivery under some circumstances.
  
• Fix potential out of memory error during maintenance in case of database issues.
  
• Added proper escaping when displaying custom application name and UI colour settings.
  

5.5.0

New Features

• Bundled VAST2 Video Ads plugins.
  
• Added command line install / upgrade scripts.
  

Bug Fixes

• Fixed issue preventing plugin hook "addUrlParams" from being called when generating click URLs since the introduction of the signed clicks functionality.
  
• Fixed issue preventing click-based conversion tracking from properly working.
  
• Fixed issue preventing password recovery from working properly when using a Postgres database.
  
• Added missing check for the tokenizer PHP extension during install and upgrade.
  
• Fixed zone delete action being always displayed regardless of the actual permissions.
  
• Fixed the "Export Statistics to Excel" functionality so that the link is only disabled when the selected range has no statistics at all.
  
• Fixed usage of specific charset with spc on local invocation.
  
• Fixed uncommon issue preventing maintenance from properly completing.

Lesen Sie mehr: https://github.com/revive-adserver/revive-adserver/blob/v5.5.1/RELEASE_NOTES.txt

5.4.1

(Hauptversion) (Sicherheitsupdate)
28 September 2022 - 100MBSecurity

• Bcrypt is now used to store password hashes. The password of the admin user executing the upgrade is automatically re-hashed. All other users users will be sent an email and asked to reset their password upon login.
  
• Minimum password length is now set to 12 characters. The default can be changed in the configuration file.
  
• Added password strength indicator, based on MIT licensed Dropbox's zxcvbn library.
  
• For more info: https://www.revive-adserver.com/faq/passwords-in-v5-4-0/
  

Bug Fixes

• Added support for PHP 8.1.
  
• Added support for WEBP format in image and HTML5 banners.
  
• Fixed issue causing permission denied errors in some statistics screens,e.g. banner / zone history.
  
• Restored Export Statistics to Excel functionality, mistakenly removed in version 5.4.0.
  
• Fixed incompatibility between the {clickurl} macro and other magic macros,e.g. {random}, when used together in a destination URL.
  
• Fixed SQL errors on Postgres when displaying some cross entity historystats screens, e.g. campaign / website.
  
• Fixed an issue detecting campagin start/end date overlap when linkingbanners to newsletter zones under some circumstances.
  
• Website invocation code generation now uses async tags.
  
• Asynchronous tag now sends a custom "revive-<ID>-loaded" JS event when loading each banner and a "revive-<ID>-completed" event when all the positions on the page have been filled. This allows interaction and customisation, e.g. dynamically adding a class to all image banners.
  
• Added welcome email for new users to prompt them to set up their own password.
  
• Added password strength indicator during installation and password set up / recovery.
  
• Added autocomplete attributes for username and password fields.
  
• Tags are now generated using https by default, with the possibility to use plain http instead in the invocation code screens.
  
• Added banner delivery setting to configure the "rel" HTML attribute for the click tracking links of image and text banners, defaulting to "noopener nofollow". The setting is also exposed in the newly added "{rel}" magic macro.
  
• Added new maintenance screen to resend invitation emails to new users and password reset emails to users requiring the update to the new bcrypt password hash system.
  
• Added missing linkUserToAdvertiserAccount, linkUserToTraffickerAccount and linkUserToManagerAccount methods to the v2 XML-RPC Api client library and fixed bugs related to (re)setting permissions through them.

Lesen Sie mehr: https://github.com/revive-adserver/revive-adserver/blob/v5.4.1/RELEASE_NOTES.txt

3.0.5

(Sicherheitsupdate)
16 Mai 2014 - 73MBSecurity

• CVE-2013-5954 - Fixed CSRF vulnerability a number of UI pages performing delete and unlink actions (www/admin/admin-user-unlink.php, www/admin/advertiser-delete.php, www/admin/advertiser-user-unlink.php, www/admin/affiliate-delete.php, www/admin/affiliate-user-unlink.php, www/admin/agency-delete.php, www/admin/agency-user-unlink.php, www/admin/banner-delete.php, www/admin/campaign-delete.php, www/admin/channel-delete.php, www/admin/tracker-delete.php, www/admin/userlog-delete.php and www/admin/zone-delete.php). For more information: http://www.revive-adserver.com/security/revive-sa-2014-001
  

New Features

• An error message is now displayed when trying to install or upgrade Revive Adserver with unsupported PHP 5.4/5.5 versions (< 5.4.20 or < 5.5.2).
  
• Updated the MaxMind GeoIP plugin to include the May 2014 MaxMind GeoCountry database.
  

Bug Fixes

• Fixed bad translation in the Russian language translation.
  
• Fixed history statistics screens to prevent displaying future dates when showing "All statistics".
  
• Fixed broken "DeliveryDataPrepare:dataPageInfo" and "DeliveryDataPrepare:dataUserAgent" components of the standard delivery logging plugin.
  
• Added proper Content-Type header with charset to some scripts in order to override the webserver default.
  
• Changed a few occurrences of the non-existing "Content-Size" header to "Content-Length".
  
• Switched a few deprecated "ereg" calls to "preg" in PEAR libraries.

3.0.4

9 April 2014 - 73MBBug Fixes

• Fixed problem with automatic maintenance not working in 3.0.3
• Fixed mangled characters in the hebrew translation
• Fixed query errors when a non-existing zone was requested
• Removed references to previous product name from plugin translation files

3.0.3

14 März 2014 - 73MBNew Features

• Preview of Flash banners now also shows the backup image, if set.
• API now supports setting chainedZoneId.
• Added support for WebM videos in the IAB Video plugin.
• Increased the maximum delay in the midnight maintenance script (from 10 econds to 30 seconds) before calling the sync server for update information to improve load distribution on the server.
• Updated the Revive Adserver application header to replace the "Report bug" link with a more useful "Support" link (which includes details on how to report a bug, in addition to how to get support).
• Added support for hosting providers of Revive Adserver to configure a custom URL for the "Support" link in the application header.
• Removed usage of PEAR libraries to detect non-routable IP addresses during delivery.

Bug Fixes

• Fixed the detected product name on upgrade to correctly distinguish between older OpenX Source installations vs. newer Revive Adserver installations.
• Fixed the date format for the Spanish language pack.
• Fixed some instances of the old application name in robots.txt files.
• Fixed API incompatibilities with PHP 5.4+.
• Fixed an issue with the generation of a platform hash value which is used when connecting to the sync server to check for updates to Revive Adserver.
• Fixed encoding issues and bad translations in the Chinese language translations.
• Fixed encoding issues with some of the Czech language translations.
• Fixed encoding issues with some of the Russian language translations.
• Added (some) new Chinese translations for plugins.
• Fixed SWF plugin version requirements for v18-22.
• Fixed a bug that prevented successfully submitting the forms after a server side validation error.
• Fixed a library bug that was causing invalid errors to be displayed in the statistics screens under certain conditions.
• Added missing configuration options relating to the filenames for Single Page Call functionality to the admin user Configuration > Global Settings > Banner Delivery Settings tab.
• Fixed incorrect detection of command-line based called to Revive Adserver, so that an error message is shown when the maintenance script is called without] the required host parameter, instead of displaying a PHP error.
• Fixed branding on the website Single Page Call invocation code tag page.
• Fixed the display of the license on the install/upgrade welcome screen when using a non-root based installation process.
• Fixed bug causing the last advertiser being sometimes hidden in the advertiser index screen.
• Fixed issue that allowed installing an already installed plugin, causing the plugin tables to be dropped without notice.
• Fixed logging of direct selection impressions/requests not properly working on Postgres under some circumstances.
• Fixed API XML-RPC output not properly dealing with NULL values.

Non-Backwards Compatible Changes

• Email based campaign activation/deactivation reports are now disabled by default when creating new advertisers. This does not affect any existing advertiser account settings for this feature; but please be aware that the default for all new advertiser accounts has been changed.
• 3rd party plugins developers should be aware: The unused Zend XML-RPC library has been removed; please make sure your 3rd party plugins bundle their own copy if they need it.
• 3rd party plugins developers should be aware: The OA_Sync class has been moved to the RV_Sync class; please make sure your 3rd party plugins are updated accordingly.

3.0.2

(Hauptversion)
30 Januar 2014 - 73MB

2.8.11

13 August 2013 - 73MB

2.8.10

14 September 2012 - 73MB

2.8.9

9 Mai 2012 - 73MB

2.8.8

4 November 2011 - 73MB

2.8.7

16 September 2010 - 73MB

2.8.5

2 März 2010 - 73MB

2.8.4

26 Januar 2010 - 32MB

2.8.3

4 Januar 2010 - 32MB

2.8.2

5 November 2009 - 32MB

2.8.1

29 Mai 2009 - 32MB

2.8.0

4 April 2009 - 32MB

2.6.4

29 Januar 2009 - 32MB

2.6.3

10 November 2008 - 32MB

2.6.2

7 Oktober 2008 - 32MB

2.6.1

29 August 2008 - 32MB

2.6.0

24 Juli 2008 - 32MB

2.4.7

24 Juni 2008 - 32MB

2.4.6

15 Mai 2008 - 32MB

2.4.5

17 April 2008 - 32MB

2.4.4

20 Februar 2008 - 32MB

2.4.3

6 Februar 2008 - 32MB

2.4.2

3 April 2004 - 32MB

2.4.1

3 April 2004 - 32MB

2.4.0

17 September 2007 - 32MB

2.0.11-pr1

29 April 2007 - 7MB

2.0.11

10 Februar 2007 - 7MB

2.0.9-pr1

17 November 2006 - 9MB

2.0.8-pr1

2 November 2006 - 9MB

2.0.8

9 April 2006 - 9MB

2.0.7

25 November 2005 - 9MB

2.0.6

24 August 2005 - 9MB

2.0.5

11 Juli 2005 - 9MB

2.0.4pr2

8 Mai 2005 - 3MB

2.0.3

21 Februar 2005 - 3MB

2.0

3 April 2004 - 3MB