Users of OpenX Source started receiving notifications about the release of a new version of the software earlier today, when they log in as a system administrator. It is the generic message that’s always used to announce new versions, but the message says specifically:
It is highly recommended to install this update as soon as possible, because it contains a number of security fixes.
There is no news about this new release on the OpenX community forums or blog, as of yet. The readme file that comes with the downloaded file does not contain any specific information as to the nature of the security issues that have been fixed. However, a quick comparison of the source code of version 2.8.7 and version 2.8.8 reveals that there are multiple changes in the API, which seems to match reports about the origins of many hacking incidents that occurred these past few months.
You can download OpenX Source version 2.8.8 from the OpenX website.
Update November 8, 2011: Since many people are asking me for tips on how to upgrade their OpenX Source software, I’d like to point to an blog post I published in November, 2010: How to upgrade OpenX Source Ad Server software.
Update December 2nd, 2011: Yesterday, a post has been added to the OpenX official company blog, officially announcing this security fix release. It also specifically mentions that the security fixes relate to issues found in OpenX Source version 2.8.7, which indicates that versions 2.8.6 and earlier are not affected. However, it is always a good idea to upgrade to the most recent version available. Read the post “Security matters” on the OpenX blog for more information.