Over the last few weeks, there have been a number of critically important changes that we thought you ought to be aware of.
- IAB’s TCF v2 cutoff date extended
- Default banner text will be shorter
- Fix for severe security issue affecting all our plugins
We’ve outlined them in detail below.
1. Changes to IAB’s TCF v2 Timeline.
IAB has modified its timeline and extended its implementation cutoff date from June 30th to August 15th. However, as mentioned in previous emails, you can already make the switch to version 2 as over 400 vendors are v2-ready. We will, therefore, be switching all TCF users to v2 with the following schedule:
- On July 28th, if
tcfVersionis undefined, we will force it to Version 2. If you’re not ready to switch to v2 at this date, you can settcfVersionto “1” within the configurator. - On August 11th, we will force-switch all installations to TCF v2 in anticipation of IAB’s hard cutoff date.
Q: “If I want to switch before July 28th, when should I switch?”
A: You are free to switch to v2 before July 28th if you’d like to. Most vendors are expected to be compatible with v2 by June 30th, so early July is an excellent time to plan the switch to v2. More specifically, you should switch to v2 whenever the vendors that you work with have switched.
Note: Google will be officially integrating with TCF 2.0 which means that when switched to v2, separate Google ad personalization settings will no longer be supported – or needed. Any related integration should be removed. Google is expected to release its v2 support by June 30th. We will notify everyone when it happens, but you can also monitor the progress here.
2. The default (non-TCF) banner will be shorter.
We’ll be making the default banner text much shorter, in an effort to simplify communication with the end-user.
Please note that the banner text shown when the TCF is enabled, remains unchanged to continue meeting IAB’s specific requirements.
The new shortened banner text will be available to you according to the following timeline:
- Beta Channel: June 8th
- Current Channel: June 15th
- Stable Channel: July 13th
3. Critical security fix affecting all plugins.
On May 12th, we discovered a security issue affecting our plugins (WordPress, Joomla!, PrestaShop) and our cookie PHP class – with the exception of the Magento plugin, which was not affected.
The issue allowed remote code execution on systems that have the PECL module “expect” installed and active on the system. However, please note that this module is not enabled by default and, therefore, this issue was only applicable to a small number of installations.
We’re pleased to report that the issue has been fixed in the latest plugin versions. If you use one of our plugins or the PHP class, please ensure that you have the latest version of the plugin installed.
