OpenX takes security seriously. If ever we find an issue, we address it quickly and communicate any updates as soon as possible.
Recently we became aware of a security issue with OpenX Source v. 2.8.7 and, in response, we’ve now issued and released OpenX Source v. 2.8.8 to address it. This patch applies only to our download product, OpenX Source. It’s important to note that OpenX Enterprise, in both its 3.0 and 2.8 versions, is not affected.
It’s critical to the safe maintenance and operation of any software that you not only maintain a current version of the software, but also take steps to regularly audit accounts that have access to your system. To that end, we strongly encourage you to upgrade to the latest version if you are running OpenX Source v. 2.8.7.
To download the latest release, please click here.
Remember, if you have not done so recently, you should perform a security audit before upgrading to the latest version. In addition to the steps listed in that post, if your config file was not locked and someone was able to gain unauthorized access to your install, it is possible that they could have installed/upgraded a plugin containing malicious code. Like with any vulnerability, if you discover foreign material or scripts on your machine it is best to reinstall your OS or obtain another server from your ISP.