OpenX Continues To Release Updates Without Details of Changes

OpenX has released a 2.8.7 which patches a vulnerability that could cause OpenX to be compromised. Previous vulnerabilities have led to numerous OpenX installations to be hacked and infected with malware. No detail has been given on what the vulnerability was or what, if any, other changes were made in this release. The new version does include an updated version of openXVideoAds plugin that patches a vulnerability in an earlier version. Without knowing what the issue or issues that were fixed makes it hard to determine the source of a hacking, potentially leading to new vulnerabilities that are exploited in OpenX going undiagnosed in the future if the OpenX installation hacked was running an out of date version.

OpenX lack of details of changes began with version 2.8.4, which was released in January of 2010. Beginning with that release the only information on changes that have been made is a link to https://developer.openx.org. The information about releases in this section of the website  are not complete. The listing for Version 2.8.6 list only one item that was fixed, it does not indicate that a fix for a “potentially serious SQL injection vulnerability” and bug that caused advertisers to disappear were also patched in the update. The listing for 2.8.7 only lists 13 unresolved issues.

Leave a Reply

Your email address will not be published.