Jump to content

Revive Adserver Forum

Administrators
  • Posts

    18
  • Joined

  • Last visited

About Revive Adserver Forum

Contact Methods

  • Website URL
    http://www.revive-adserver.com/

Recent Profile Visitors

7,819 profile views

Revive Adserver Forum's Achievements

  1. We are proud to release Revive Adserver v5.3.0 This version ensures that Revive Adserver is compatible with both PHP 8.0 and MySQL 8.0. While there is no new functionality in this new release, it did require a major undertaking to check and modify the entire code base in order to achieve this level of compatibility. Here is a list of changes and and improvements in Revive Adserver v5.3.0: We added PHP 8.0 compatibility. We added MySQL 8.0 compatibility. We added compatibility for the MySQL ‘utf8mb4’ character set. We also fixed a number of bugs in this version 5.3.0 of Revive Adserver: We fixed hourly breakdown statistics links from daily history pages not working properly. We added missing support for SSL connections to MySQL databases in the delivery scripts. We fixed multiple issues related to upgrading plugins, especially on PHP8. We removed a useless option to add a cache buster when generating async tags. we fixed an issue with the maintenance delivery rules check screen not properly working. Full release notes for v5.3.0 can be found on our Github page. Non-backward compatible changes A PHP version equal to or higher than 7.2.5 is now required to run Revive Adserver 5.3.0 or higher. The mysql4_compatiblity setting has been removed: Revive Adserver will now always make sure that the appropriate (empty) sql_mode is set when running on a MySQL database. Support for the legacy pecl msqyl extension has been removed: mysqli will always be used instead. Security fix This version 5.3.0 contains a fix for a low risk security issue that was recently discovered: Session ID and CSRF token generation now uses CSPRNG instead of uniqid(). A more detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-005/ This version 5.3.0 also contains a security improvement: Database password is no longer returned in the database settings form. We recommend upgrading to the most recent 5.3.0 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.3.0 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.3.0 released appeared first on Revive Adserver. [url={url}]View the full article[/url]
  2. Revive Adserver turns 8! Revive Adserver turns 8! Today we celebrate the 8th anniversary of the Revive Adserver project. On September 13, 2013, we unveiled the new Revive Adserver open source project, and released a brand new version 3.0 to the world. Although the software already had a long history at the time, the predecessor of Revive Adserver did not get the love and care it deserved. Our project team was created to take the ad serving system under its wings and revitalize it. Here is a very brief rundown of some of the many things we achieved in the 8 years since. Download edition – from 2013 Since that first release of version 3.0.0 in September 2013, we’ve continued working on making the software faster, more secure, and more powerful. There have been over 30 new releases in these 8 years. To date, there are more than 6,000 known self-hosted installations of the Download edition, and probably many more we don’t know about. Revive Software and Services – from 2015 In order to secure the future of the Revive Adserver open source project, we formed a legal entity called Revive Software and Services in 2015. The goal of this company was and still is to act as the guardian of the intellectual property rights for the software even when project members may not be participating in the future. It also enables us to correctly handle sponsorships and paid services, for example in light of fiscal regulations, and to work with outside vendors, contractors, service providers and (who knows, in the future) paid employees. Patreon – from 2017 In 2017, we created a Patreon program, enabling companies and individuals using Revive Adserver to share a small (or large) portion of the revenue they make with the ad server with our project. A loyal group of sponsors contribute to our project every month. Most of them have set their contribution to $10 per month, but we’re also incredibly grateful that a few sponsors contribute as much as $150 every month. Hosted edition – from 2018 On the 5 year project anniversary in 2018, we announced the creation of a hosted service for Revive Adserver. This service is intended for people interested in using the software, but lacking the time, skill, resources or patience to install, configure and maintain a self-hosted ad server. The Revive Adserver Hosted edition took off in a big way after we started inviting subscribers in the fall of 2018. Nowadays, hundreds of subscribers use the service every single day, in order to display hundreds of millions of ads every month. Check out Revive Adserver Hosted edition Thanks to the community! The continued use of our software by a large community is what drives us to keep going. It’s very rewarding to work on a free, open source, ad serving system that is a real alternative to the huge and anonymous corporate ad systems that seem to dominate the internet these days. Revive Adserver enables companies, big and small, to take control of the advertising on their sites and apps, without having to worry about what will happen with their data. This also motivated us to take on a large project in 2021. In the year when we celebrate our 8th anniversary, we’re releasing the next version of Revive Adserver that supports both PHP 8 and MySQL 8. Version 5.3.0 will be released on September 14, 2021. Watch this space! Revive Adserver blog The post Revive Adserver turns 8! appeared first on Revive Adserver. [url={url}]View the full article[/url]
  3. The Revive Adserver project team is proud to announce that a Release Candidate 1 (RC1) is now available for the upcoming Revive Adserver v5.3.0. Introducing Revive Adserver v5.3.0 The primary goal of v5.3.0 is to provide compatibility with PHP 8 and MySQL 8. This version has no new features or functionality, but it does fix a number of bugs and has a small security improvement. So while this may not be a terribly exciting new release from an end-user perspective, a huge number of changes have been made in the code to achieve compatibility with PHP8 and MySQL 8. This justifies a thorough testing phase before the final release. Summary of changes in Revive Adserver v5.3.0 New in this version: Added PHP 8.0 compatibility. Added MySQL 8.0 compatibility. Added compatibility for the MySQL ‘utf8mb4’ character set. This version also fixes a number of bugs and has one security improvement: Fixed hourly breakdown statistics links from daily history pages not working properly. Added missing support for ssl connections to MySQL databases in the delivery scripts. Fixed multiple issues related to upgrading plugins, especially on PHP8. Removed useless option to add a cache buster when generating async tags. Database password is no longer returned in the database settings form. The full release notes are available on the project’s Github pages. Staging Only! Today’s RC1 should not be used in a production environment. We would like to invite system administrators and developers to install it in a staging environment, or to make a copy of their production environment and update that copy to this new version. If you’d like to do a fresh install of this release candidate, please see the instructions for installing Revive Adserver on the website. A detailed process for updating the Revive Adserver software can be found on the website as well. Update path of Revive Adserver and PHP Any versions of Revive Adserver prior to v5.3.0 will not run with PHP8, whereas Revive Adserver v5.3.0 won’t run on PHP versions prior to 7.2.5. If all else fails, you might consider following this update path: Update Revive Adserver to version 5.2.1 if still using an older version Update the server to PHP version 7.2.5 or higher, but not PHP 8 Update Revive Adserver to version 5.3.0-RC1 Update the server to PHP version 8.0.x Technical requirements for PHP 8 can be found on the php.net website. Updating MySQL It is recommended to update MySQL to v8 only after a successful update of Revive Adserver to v5.3.0 or higher. Download now! Release Candidate 1 of Revive Adserver v5.3.0 can be downloaded now from the Downloads page of the website. Reporting issues Any issues or bugs found during the installation, update, or use of the v5.3.0 RC1 should be reported only by creating a new issue in our Github repository. However, before doing so, please check to see if the issue you noticed has already been reported, and consider adding a comment about any additional observations to the issue instead. The issue you observed may have already been fixed. Please try to be as specific as possible, including any error log entries you might be able to provide, and/or screenshots of the issue. Describe what you were trying to do, what you expected to happen, and what actually happened instead. Make sure to mask any sensitive details like usernames, passwords, paths and URLs. Timeline for final release of v5.3.0 If necessary, a second release candidate will be posted in the week of August 16, 2021. Our current plan is to have a final release of v5.3.0 available on September 13, 2021. However, this may have to be delayed due to pending issues at that time. You can follow our progress towards completing the v5.3.0 release on our Github page. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project financially, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Release Candidate 1 for Revive Adserver v5.3.0 appeared first on Revive Adserver. [url={url}]View the full article[/url]
  4. The Revive Adserver team is proud to announce the immediate availability of Revive Adserver v5.2.1. We are pleased to announce the release of version 5.2.1 of the Revive Adserver software. This version contains several improvements, and fixes a bug and a low risk security issue. Here is a list of improvements in Revive Adserver v5.2.1: We added a security check in the admin UI that verifies upon login and on demand if the browser can access files that should be forbidden, eventually prompting the admin to fix the potential security problem. Several major languages were missing from the Client Language delivery rule: the list has been revised and updated. We fixed a bug in this version 5.2.1 of Revive Adserver: We fixed an issue preventing clicks from redirecting to the destination URL on newsletter zones. Full release notes for v5.2.0 can be found on our Github page. Security fixes This version 5.2.1 contains a fix for a low risk security issue that was recently discovered: Reflected XSS vulnerability in stats.php via the statsBreakdown parameter. A more detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-004/ We recommend upgrading to the most recent 5.2.1 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.2.1 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.2.1 released appeared first on Revive Adserver. [url={url}]View the full article[/url]
  5. About the changes to click tracking in Revive Adserver v5.1 and v5.2 This blog post is a deep dive into the changes to the click tracking functionality of the Revive Adserver software, with the recent versions 5.1 and 5.2. Introduction There have been two major releases of the Revive Adserver software in recent weeks. Version 5.1 came out on January 19, 2021 and version 5.2 was released on March 16, 2021, exactly 8 weeks later. The most significant changes in these two versions have to do with the ability to count clicks on third party ad tags. In this blog post, we’ll dive deeper into what has been changed, and why. Click tracking changes in v5.1 In the last quarter of 2020, we started receiving more and more reports that Revive Adserver’s “open redirect” capability was being abused by malicious actors. They would craft links that looked innocent or trustworthy, but ultimately redirect unsuspecting web users to pages that could only be described as spammy or even scammy. Even though the ad server itself didn’t run any particular risk from this behavior, it could harm the reputation of the organization or individual operating the ad server. The open redirect capability was the industry standard implementation for click counting functionality (a.k.a. click tracking), which is an essential part of any ad server. One of the most important changes in version 5.1 was the removal of the software’s ability to perform an open redirect. It was replaced by a new click tracking feature that adds a unique signature to any click link that Revive Adserver creates. Without a valid signature, Revive Adserver v5.1 will simply refuse to redirect the person clicking the link to the manipulated destination, and instead it will just redirect to the actual destination URL as defined with the banner that was just clicked. While working on the changes in Revive Adserver v5.1, we also evaluated the so-called ‘3rd Party Servers’ plugin that has been shipping with Revive Adserver for ages. Our evaluation confirmed that all of these third party ad servers were either no longer in business, or had changed so much in recent years that the automatic click trackers that Revive Adserver attempted to insert into third party tags, no longer worked. That resulted in the decision to remove the 3rd Party Servers plugin from Revive Adserver starting with v5.1. We also changed the functionality related to Revive Adserver zone invocation codes for inclusion in other ad servers. This is for the scenario where a zone invocation code (a.k.a. tag) from Revive Adserver is entered into another ad server to act as a creative there. Before v5.1 it was possible to define the tag so that it would be possible to count a click on a banner delivered through the combination of both ad servers. Both Revive Adserver and the external ad server would be able to count the click. Revive Adserver had a parameter ‘ct0’ for this. This feature also relied on the ability to perform an open redirect, and since this was being removed with v5.1, the ct0 parameter also needed to be removed. Click tracking reworked in v5.2 After the release of v5.1 in January 2021, we started receiving messages from users, from subscribers of the Revive Adserver Hosted edition, and from customers of some of our partners like Aqua Platform, that they were disappointed that the features for integration of click counting between Revive Adserver and external ad servers was removed. For example, a very common scenario is to take javascript tags from Google’s DCM system (primarily used by large advertisers and agencies), and to paste these into Generic HTML banners in Revive Adserver. While the ads would display just fine, and DCM was perfectly able to count any clicks on them, Revive Adserver software v5.1 was no longer able to count such clicks. For this use case, Revive Adserver v5.2 has a reworked ability to use the {clickurl} macro in third party ad tags, which have the characteristic that the ultimate destination URL is unknown to Revive Adserver. For this scenario, a new click URL validity setting has been created, which defines the length of time that the click link will be allowed to perform a redirect, after it has been generated by Revive Adserver. This functionality uses the recently introduced signing mechanism to protect the links from being tampered with. The validity is expressed in seconds, and by default, it is set to 0 seconds, meaning it is disabled. Setting the value to anything higher than zero results in click links that remain functional for that length of time. It is recommended to use a relatively short validity window, for example 600 seconds (10 minutes), or at least no longer than 3600 seconds (1 hour). If a malicious actor attempts to abuse the redirect capability of these signed and time-restricted click links, by putting them into spam mails, or by submitting them in contact forms, or any other type of scenario, this will no longer work after the validity window expires. Attempts to manipulate the timestamp in the click link won’t work either, because that will result in an invalid signature. The signatures that Revive Adserver generates for the click links are extra secure because they’re also based on a randomly generated and unique seed value that’s unknown externally, and unique to every installation of the software. Any attempt to manipulate the click link will result in the Revive Adserver software simply not redirecting the user anywhere. As such, it is now almost impossible for threat actors to abuse the feature, at least not at scale and only within a short window of opportunity. We feel this is a reasonable compromise between functionality and security. If you don’t want to open up your ad server to redirects at all, simply leave the clickValidity setting at its default value of 0 (zero) seconds. Additionally, the support for Revive Adserver zone invocation codes being included in other ad servers via the ct0 parameter has been reimplemented in a way that causes no open redirect. For the time being, users who want to use the ct0 parameter will need to manually insert it into invocation codes, we are considering the development of a special plugin to help with this in the future. The post About the changes to click tracking in Revive Adserver v5.1 and v5.2 appeared first on Revive Adserver. [url={url}]View the full article[/url]
  6. The Revive Adserver team is proud to announce the immediate availability of Revive Adserver v5.2.0. We are pleased to announce the release of version 5.2.0 of the Revive Adserver software. This version contains new features and improvements related to click tracking, and it fixes several bugs and two low risk security issues. Here is a list of new features and improvements in Revive Adserver v5.2.0: Protocol relative URLs (e.g. “//example.com”) are now recognized as valid destinations when altering HTML banners to add click tracking. We now allow optional custom destinations in HTML banners using the “{clickurl}” macro and dynamically appending a URL-encoded destination. The new click URL validity setting specifies the number of seconds a generated click URL will be accepted and will redirect to the specified destination parameter. The feature is disabled by default to avoid abuse. The “ct0” parameter has been reworked and reintroduced. Revive Adserver tags can now be modified so that they can be placed into third party ad servers and have both ad servers track ad clicks. We replaced “product name” with “application name” in the recently redesigned password recovery emails. We fixed a number of bugs in this version 5.2.0 of Revive Adserver: Issue with password recovery emails being sent to the administrator or not being sent at all. Issue with determining the real IP addresses of viewers behind a proxy server when proxy headers contained the origin port number. PHP errors in ck.php and cl.php when no banner/zoneid were provided. PHP errors preventing the video reports from properly functioning. Issue preventing the “bannertext” property from being added or modified using the API. Issue preventing the “Don’t count ad clicks… within the specified time” feature from working as expected. Issue in the legacy JavaScript tag generation. All the non-async JS tags generated in v5.1.x should be replaced with new ones, as they could break the layout of the websites they have been placed onto. Issue with site variable magic macro detection in the destination URL. The option to “track Google AdSense clicks” when generating iframe tags, which was a leftover from the removal of the non-working functionality that had already been removed, has also been removed. Reverted and made optional the change to use srcdoc when rendering async tags as it is not fully compatible with some third party tags. However, the behavior can be selected by adding data-revive-srcdoc=”1″ as an attribute of the ins HTML tag. Full release notes for v5.2.0 can be found on our Github page. Security fixes This version 5.2.0 contains fixes for some low risk security issues that were recently discovered: Reflected XSS vulnerability in campaign-zone-zones.php via the status parameter. Reflected XSS vulnerability in stats.php via the statsBreakdown parameter. A more detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-003/ We recommend upgrading to the most recent 5.2.0 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.2.0 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.2.0 released appeared first on Revive Adserver. [url={url}]View the full article[/url]
  7. The Revive Adserver team is proud to announce the immediate availability of Revive Adserver v5.1.1. We are pleased to announce the release of version 5.1.1 of the Revive Adserver software. This new version fixes two bugs in the previous v5.1.0, and addresses two low risk security issues that have been discovered recently. We fixed two bugs in this version 5.1.1 of Revive Adserver: We fixed newsletter zones ad delivery and legacy remote invocation. We fixed an issue preventing checkboxes and delete button from appearing on the advertisers list, even when the user had proper permission to delete inventory items. Full release notes for v5.1.1 can be found on our Github page. Security fixes This version 5.1.1 contains fixes for two low risk security issues that were recently discovered. A detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-002/ We recommend upgrading to the most recent 5.1.1 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.1.1 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.1.1 released appeared first on Revive Adserver. [url={url}]View the full article[/url]
  8. What’s New? in Revive Adserver v5.1 This blog post provides a detailed description of the changes and enhancements in version 5.1 of the Revive Adserver software, including an explanation of the reasons behind some of the changes. Introduction On January 19, 2021, we released version 5.1 of Revive Adserver. The release notes for the new version list the changes, enhancements and improvements in a technical manner. We thought it might prove useful to provide some more detailed descriptions and explanations about the changes. Improved Password Recovery Emails We have reworded the email message that is sent to users when they request a password reset. These emails were not very informative in the past, so they sometimes caused confusion. The new text looks similar to this example: Dear recipient, You, or someone pretending to be you, recently requested that your Revive Adserver password be reset. If this request was made by you, then you can reset the password for your username ‘{username}’ by clicking on the following link: <link appears here> If you submitted the password reset request by mistake, or if you didn’t make a request at all, simply ignore this email. No changes have been made to your password and the password reset link will expire automatically. If you continue to receive these password reset mails, then it may indicate that someone is attempting to gain access to your username. In that case, please contact the support team or system administrator for your Revive Adserver system, and notify them of the situation. Accounts can be active, suspended, or inactive The Revive Adserver software has the ability to house multiple accounts. These can be useful, for example, if one installation of the software is to be used by multiple business units of a larger organization, or if the software is used to provide commercial hosting services, such as the Revive Adserver Hosted edition. Especially in the latter case, it was found that subscribers often forget to remove the ad server codes from their websites when they cancelled their subscription. It also happens sometimes that the monthly renewal payment for their subscription fails. For these scenarios, we’ve introduced a setting with accounts that enable us to set it to either suspended or inactive. A suspended account is expected to be activated again once the renewal payment succeeds eventually, whereas an inactive account is associated with a cancelled subscription. Setting an account to either suspended or inactive could be useful in other scenarios as well. When a website triggers an ad request for a zone that’s part of an inactive or suspended account, the ad server will simply output an empty response, while still recording an ad request. Optionally, the system administrator can configure a message to be included with the response, for example “This ad server account has been suspended.” The messages that should be returned for a suspended or an inactive account can be defined in the Delivery settings in the “Configuration” tab of the Revive Adserver installation. Ad server response for a request to a non-existent zone When a website contains the zone invocation code for a zone that no longer exists, or has never existed, it slows down the website unnecessarily, and it also creates additional load on the ad server that should be avoided. To help webmasters discover and fix such invalid ad requests, a message can be configured to be returned by the ad server. This optional message could look something like this example: “Invalid ad request. Zone ID does not exist.”. The message that should be returned when a non-existent zone is requested ban be defined in the Delivery Settings in the “Configuration” tab. Prevent inventory items from being deleted by accident Up to the previous version of Revive Adserver, any user with account manager level access would be able to delete any of the inventory items such as advertisers, campaigns, banners, websites, or zones. Through feedback from users and subscribers at Revive Adserver Hosted edition, we learned that it was too easy to accidentally delete items, and users weren’t always aware that this also deleted any and all statistics associated with that item. For example, if a user deletes a zone, this deletes the statistics of the zone, and as a result also the statistics of all banners ever delivered through that zone. Since banner statistics sum into campaign statistics, this would have the unwanted effect of incomplete data for campaigns, which are often the basis for invoicing to customers (advertisers). It could also have the unexpected effect of re-activating campaigns that had previously expired when they reached their defined impression target. To prevent such accidents, a new account manager level permission to delete inventory items has been introduced in Revive Adserver v5.1. Users that are already present when updating to version 5.1 will not have the permission enabled by default. System administrators can simply tick a checkbox to add the permission to selected manager users. A system administrator will always be able to delete anything, since these users are expected to be knowledgeable about the consequences of doing so. Flash functionality removed In late December 2020, Adobe formally stopped providing support for their Flash software. The Revive Adserver software still contained a few features related to Flash, including the ability to upload Flash banners. This was despite the fact that modern browsers stopped supporting Flash a long time ago. Now that Flash is effectively gone, we’ve removed the ability to upload Flash banners, and any existing Flash banners still present in your inventory will no longer work either. Video ads previewer The Revive Adserver had a built-in video player to preview video ads, which used to be based on a Flash component. Since browsers no longer support Flash, this preview feature has been broken for a long time. With Revive Adserver v5.1, we’ve replaced this with a native HTML5 video player that’s supported by all modern browsers. Change for geotargeting in South Africa There has been a change in the ISO standard coding for two geographic subdivisions in South Africa. The code for ZA-GT was changed to ZA-GP, and ZA-NL was changed to ZA-KZN. In Revive Adserver v5.1 we’ve implemented this change as well. Any banners that use the codes that have been phased out will have to be changed manually to use the new codes. These banners will simply not be eligible for delivery until this change has been made. Bug fixes and security fixes The new version 5.1 of Revive Adserver also comes with fixes for a number of bugs, plus a few low risk security issues. The details can be found in the release notes and the security advisory, respectively. Anyone interested in the exact details of all the changes can have a look at the release notes and the change log of the new release. The post What’s new in Revive Adserver v5.1 appeared first on Revive Adserver. [url={url}]View the full article[/url]
  9. The Revive Adserver team is proud to announce the immediate availability of Revive Adserver v5.1.0. We are pleased to announce the release of version 5.1.0 of the Revive Adserver software. This new version has several enhancements and improvements, and addresses some low risk security issues that have been discovered recently. Here is a list of enhancements in Revive Adserver v5.1.0: We redesigned the email sent to users when a password reset request is made. We added an agency status, allowing to suspend or deactivate accounts, optionally showing custom messages during delivery for such accounts. No blank impressions will be logged in such cases. We added an optional custom message during delivery when a non-existent zone ID is requested. No requests, nor blank impressions will be logged either. We replaced the Flash-based video player for video ads with the HTML5 video tag supported by modern browsers. We added a new manager level permission to delete items. We fixed a number of bugs in this version 5.1.0 of Revive Adserver: Removed usage of the *et_magic_quotes_gpc() deprecated functions. Optimized ad selection context build algorithm. Improved compatibility of Asychronous JS invocation with single page applications, by using the srcdoc attribute when possible. Updated subdivisions for South Africa, following ISO-3166-2: change of subdivision code from ZA-GT to ZA-GP, ZA-NL to ZA-KZN. Added missing delivery script settings for async tags. Removed the possibility to set individual permissions for users that are linked to an admin account as such users always have all the permissions by design. Even though the UI was showing checkboxes it has actually never been possible to disable them. Full release notes for v5.1.0 can be found on our Github page. Security fixes This version 5.1.0 contains fixes for some low risk security issues that were recently discovered: Fixed open redirect in the click tracking script, by deprecating the existing ck.php script and making it ignore the oadest parameter, so that it only redirects to the destination saved in the banner itself. Alongside, a new “signed” click tracking delivery script as been added, (cl.php): it uses regular query string parameters and HMAC SHA256 signature to ensure the destination URL is not tampered with. Fixed a persistent XSS vulnerability caused by missing HTML escaping when displaying the website URL in the affiliate-preview.php tag generation page. Fixed a reflected XSS vulnerability in afr.php that could still be achieved on legacy browsers, bypassing a previous fix. A more detailed security advisory is available at https://www.revive-adserver.com/security/revive-sa-2021-001/ We recommend upgrading to the most recent 5.1.0 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.1.0 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.1.0 released appeared first on Revive Adserver. [url={url}]View the full article[/url]
  10. Available for download: release candidate for the upcoming Revive Adserver v5.1.0 We are pleased to announce the availability of the first release candidate of the upcoming version 5.1.0 of the Revive Adserver software. The new v5.1.0 contains more than a dozen improvements and enhancements. It also contains a security improvement related to the click tracking functionality. Since this new version includes many changes and enhancements, including some breaking changes, we feel it is appropriate to first publish it as a Release Candidate. This will enable users, administrators, plugin developers, hosting providers, and consultants to put the new version to the test in all sorts of scenarios and environments. If everything goes according to plan, we expect to release the final v5.1.0 two weeks from today, on Tuesday, January 19, 2021. Here is a list of new features, improvements, and enhancements in Revive Adserver v5.1.0-RC1: We redesigned the email sent to users when a password reset request is made. We added an agency status, allowing the system administrator to suspend or deactivate accounts, optionally showing custom messages during delivery for such accounts. No blank impressions will be logged in such cases. We added optional custom messages during delivery when a non-existent zone is requested. Requests nor blank impressions will be logged. We replaced the Flash-based video player for video ad previews with the HTML5 video tag that’s built into modern browsers. We added a new account level permission to delete items. We removed the open redirect functionality in the click tracking script, by deprecating the existing ck.php script and making it ignore the oadest parameter, so that it only redirects to the destination saved with the banner itself. At the same time, a new “signed” click tracking delivery script as been added, cl.php: it uses regular query string parameters and HMAC SHA256 signature to ensure the destination URL is not tampered with. There are also several bug fixes and code improvements in Revive Adserver v5.1.0-RC1: Removed usage of the *et_magic_quotes_gpc() deprecated functions. Optimized ad selection context build algorithm. Improved compatibility of Asychronous JS invocation with single page applications, by using the srcdoc attribute when possible. Updated subdivisions for South Africa, following ISO-3166-2: change of subdivision code from ZA-GT to ZA-GP, ZA-NL to ZA-KZN. Added missing delivery script settings for async tags. Important: this release candidate and the actual v5.1.0 release later, has a number of Non-Backwards Compatible Changes: Delivery rules including South African subdivisions Gauteng and Kwazulu-Natal will require manual adjusting. Click tracking via ck.php is deprecated and the behavior of some ad render internal functions (_adRenderBuildClickUrl, _adRenderBuildParams) has changed accordingly. The “{clickurlparams}” magic macro has been removed. Removed 3rd Party click tracking plugin, as the system is not compatible with the new signed click tracking functionality. Deprecated PHP execution inside banners by removing the setting from the admin UI. The (risky) functionality itself will be still working if enabled in the configuration file, but will be removed in a future release. Removed support for Flash banners and the fl.js delivery file that is now unnecessary. Removed Flash-based graphs and supporting libraries in the video ads plugin reports. The new manager permission is disabled by default, which means that non-admin managers won’t be able to delete items, unless an admin grants them the permission. The VAST output was still using the obsolete video/x-mp4 as content type, which has now been updated to video/mp4. Full release notes for v5.1.0-RC1 can be found on our Github page. Release candidate: for testing purposes We would like to invite community members to install this release candidate on a staging server, or update their existing staging installations to this release candidate. Any feedback would be highly appreciated. Please report anything unusual you find in this release candidate, either by adding a comment to the existing issues tagged for this release, or by opening a new issue on our Github pages. Please make sure to first check if the issue you’re about to report has already been reported by another community member. If no blocking issues are found and reported, we plan to release the final v5.1.0 two weeks from today, on Tuesday, January 19, 2021. Download, install and upgrade Revive Adserver v5.1.0-RC1 is available for download now. Please keep in mind that this is a release candidate, and as such it can result in issues. If you don’t feel confident about testing release candidate software, we recommend that you wait until the final v5.1.0 is available. This will be announced here on the blog, on our Twitter account, and to the subscribers to our mailing list. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Updating Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.1.0 Release Candidate appeared first on Revive Adserver. [url={url}]View the full article[/url]
  11. How to Use Revive Adserver Introducing the new How To article section, with tutorials for new and experienced users of the Revive Adserver software. How to use Revive Adserver – Getting Started Tutorials Anyone using the Revive Adserver software will agree that it is relatively simple to use. There aren’t as many bells and whistles as we see in other ad serving systems, many of which every day users won’t actually need. How To Articles Still, as with any specialized software, there is a bit of a learning curve. In order to help new users get started quickly and easily, we’ve worked on a new How To section here on our website. Right now, there is already a nice collection of articles covering the basics of the software: advertisers, campaigns, banners, websites, zones, and preferences. Once you’ve studied these articles and followed the examples, you’ll have a good level of understanding for the most commonly used features. Each article is filled with a large number of screenshots, visually demonstrating the explanations and instructions. There are also many tips and best practices, straight from the developers of the software, and based on over a decade of hands-on experience helping literally hundreds of users and clients. Over the coming months, we will continue to add articles, making the new How To section even more comprehensive. The table of contents below will automatically be updated every time an article gets added. Articles about How to Use Revive Adserver Advertisers Create an Advertiser Campaigns Create a Campaign Link a Campaign to Zones Campaign Types Campaign Pricing Models Banners Create a Banner Define Delivery Rules Websites Create a Website Zones Create a Zone Create Zone Invocation Code Preferences Create Delivery Rule Sets The post Announcing new How to Use Revive Adserver articles section appeared first on Revive Adserver. View the full article
  12. Revive Adserver Plugin store open for business! Summary Introducing the Revive Adserver Plugin store, offering third party plugins to extend and enhance the functionality of your ad server system. In more detail The Revive Adserver software can be extended and enhanced by adding plugins. This enables developers to build additional functionality or to extend existing functionality. As a matter of fact, a large part of the core functionality of the Revive Adserver software is provided in the form of plugins. These plugins are automatically installed when the Revive Adserver software is installed. The beauty about all plugins – assuming they’ve been coded correctly – is that they will automatically be taken along during software updates of the Revive Adserver software itself. The update wizard will simply go over the entire list of installed plugins and put them into the updated version. Plugins can also be updated individually, when the developer releases a new version of their product, without having to do a full update of the core software. Even though the plugin model has been a part of the Revive Adserver software for more than a decade, we noticed that this is not as well known as we would like it to be. We want to encourage users of our software to consider adding plugins that might make it even more useful. And we also want to encourage developers to consider building new plugins. In addition, we want it to be more convenient for users to discover high quality plugins and to safely purchase them. That’s why we’re launching the Revive Adserver Plugin store right here on the website. It is open for business already, and we’ve listed the first few products as well. More will be added in the very near future. For potential buyers of these plugins, it should act as a place where they can find and purchase products that have been vetted by the Revive Adserver team. For developers, this should act as a central hub that’s easy to find for buyers, potentially giving them a much larger audience then trying to build a presence on their own. Initially, we will proactively reach out to developers we know and trust, asking them if they’re interested in having their products listed in the new Plugin store. Later, we will create a way for other developers to submit their products to us for consideration. At that time we will also publish the requirements that each new product will have to fulfil, and the details and costs of the verification process that will be put into place.  Let's go shopping! Please take a minute to have a look at the plugins already available in the Revive Adserver Plugin store! The post Revive Adserver Plugin store open for business! appeared first on Revive Adserver. View the full article
  13. Response to report about outdated Revive Adserver installations being compromised Summary A report about compromised Revive Adserver installations does not emphasize enough that these installations ran outdated versions of the software. We put a lot of effort into security updates. As part of that, we are about to introduce rewards for security researchers who report newly found vulnerabilities responsibly on HackerOne. We urge users to always update to the most recent version available. In more detail A few weeks ago, a company called Confiant posted a blog about some cases where they discovered Revive Adserver installations being compromised. Whoever was responsible for this then proceeded to insert malicious codes into existing ads. The malicious codes would redirect site visitors exposed to these compromised ads to sites that would then attempt to infect the visitor’s computer or perform other malicious actions. In their blog post, Confiant points to our Github project and – unfortunately – misspells our project name consistently. They describe the Revive Adserver project as “a huge PHP project that has been around for well over a decade.”. They also link to our webpage with past Security Advisories and our HackerOne program page. Next, Confiant is correct in stating (direct quote from their blog): This not to say that the Revive team doesn’t handle security issues well, but more to illustrate that this is a large project that has been around for many years and that there are many ad serving infrastructures out there that are based on dated versions of Revive. And that last part is where the crux in this matter lies: even though our project frequently releases updates of the Revive Adserver software, which anyone can download free of charge and install in a matter of minutes, there are still many individuals and organizations who continue to run outdated versions. This is – of course – not limited to just our software. Keeping the software being used for an online operation up to date is crucial, but that doesn’t mean that everyone puts in the effort all the time. As can be seen from our Security Advisories page and from our release history, we put a lot of effort into investigating any reported vulnerabilities, and into releasing security fixes for these as soon as is humanly possible. However, we can’t force the users of our software to update. Fortunately, many users do so anyway. At the time of this writing, almost 1,600 known installations of our software run the recent v5.0 x software. And more than 600 of those have been updated to the most recently published version v5.0.5, just a few weeks after it was released. For good measure: both v5.0.5 and v5.0.4 contain some security fixes, and these were all for very minor issues that are completely unrelated to the larger problem that Confiant refers to. And Confiant even adds: “For context, Tag Barnakle have compromised ~60 ad servers in total.”. So, in the context of literally thousands of known installations, the number of compromised installations is relatively small. Of course, even just one compromised installation is one too many. Contrary to what Confiant writes, this is not a new problem. The practice of attacking and compromising outdated installations of ad server software has been around for as long as ad servers have been in existence. That’s because an ad server is a very attractive environment for criminals, since it enables them to very easily reach a large audience. In that sense, creators of malware are not that different from regular advertisers. Confiant does not give any detail about how the compromised installations were attacked. We assume however, that these attackers simply use the well published attack vectors to get into outdated installations. People and organizations running outdated versions with known security vulnerabilities are in fact responsible for the issues they face. We do our very best to inform our users as soon as a new version is available. We have a free mailing list to inform subscribers about new releases. The software displays a message inside the user interface, informing system administrators about new releases. We post updates on our blog, on the community forums, on Twitter and on Facebook. But then the users themselves will have to take action and spend a little time to actually perform an update. We continue to take the security of our software extremely seriously. And we’re literally putting our money where our mouth is. Later this year, we will enhance our existing HackerOne program, offering rewards to security researchers who report new vulnerabilities to us, obviously, in a responsible manner. We will investigate any report we receive and we will release security updates if and when necessary. Meanwhile, we urge our users to always update their installations to the most recent version of the Revive Adserver software. It was, is, and continues to be a free download, so there’s no reason to delay updating for financial reasons. Don’t want to update yourself? Alternatively, if you don’t want to spend any time on keeping the software up to date, we also have a Hosted edition that you can subscribe to. This is a Software-as-a-Service offering that uses the exact same software, and that will always be kept up to date with the most recent version. All you have to do is subscribe, log in and use it. The post Response to report about outdated Revive Adserver installations being compromised appeared first on Revive Adserver. View the full article
  14. The Revive Adserver team announces the immediate availability of Revive Adserver v5.0.5. We are pleased to announce the release of version 5.0.5 of the Revive Adserver software. This new version addresses issues with cookies when running PHP 7.3 and higher. It also addresses some minor security issues that have been discovered recently. Here is a list of changes in Revive Adserver v5.0.5: Fixed issue with setting cookies on PHP 7.3+ introduced with the latest cookie changes. Full release notes for v5.0.5 can be found on our Github page. Security fix This version 5.0.5 contains fixes for some minor security issues that were recently discovered. We recommend upgrading to the most recent 5.0.5 version of Revive Adserver as soon as possible. Download, install and upgrade Revive Adserver v5.0.5 is available for download now. Once downloaded, please refer to the instructions for Installations of Revive Adserver or for Upgrading Revive Adserver. Make sure that the server(s) being used meet(s) the minimum technical requirements. Community contributions The continued development of Revive Adserver is being sponsored by community members, either financially or in the form of code contributions. We’re very grateful for the support we’ve received. If you would like to contribute to our project, please consider becoming a patron on Patreon.com. Another way to contribute to our project, is by using the Revive Adserver Hosted edition. The post Revive Adserver v5.0.5 released – includes security fixes appeared first on Revive Adserver. View the full article
  15. Revive Adserver, cookies, Google Chrome v80 Revive Adserver, cookies, Google Chrome v80 Summary: With the release of version 5.0.4 of Revive Adserver on January 21, 2020, our software is now fully prepared for the upcoming changes regarding third-party cookies in Google Chrome v80. In more detail As announced by Google, Google Chrome v80 is due to be pushed to users in February 2020. This version implements what Google calls a “secure-by-default model for cookies”. Mozilla’s Firefox and Microsoft’s Edge are set to also implement this in the near future. Instead of trying to explain what this means, we would like to recommend having a look at the article posted on the Webmaster Central blog, Get Ready for New SameSite=None; Secure Cookie Settings. In case you find it hard to understand this rather technical article by Google, you could also have a look at article WTF is Chrome’s SameSite cookie update? On Digiday.com, which has a somewhat more humorous take on the matter. We released Revive Adserver v5.0.3 on January 14th, 2020, including some changes to the way we set cookies, with the aim of supporting the new directive. Unfortunately, the changes were not entirely successful, and a few days later we became aware of several issues affecting cookies. While the ad server still worked, several features that require cookies, for example frequency capping, did not. These issues have been tackled with priority. On January 21, 202, we released Revive Adserver v5.0.4, which fixes the earlier cookie issues and made some additional improvements to how Revive Adserver deals with cookies. We recommend updating to Revive Adserver v5.0.4 at your earliest convenience, so that you’re fully prepared for the release of Chrome v80 next month. Don’t want to update yourself? Alternatively, if you don’t want to spend any time on keeping the software up to date, we also have a Hosted edition that you can subscribe to. This is a Software-as-a-Service offering that uses the exact same software, and that will always be kept up to date with the most recent version. All you have to do is sign up, log in and use it. The post Revive Adserver, cookies, Google Chrome v80 appeared first on Revive Adserver. View the full article
×
×
  • Create New...