ISPConfig 3.3.0p3 Released – Security Update

This release fixes several security issues in ISPConfig:

• Authenticated XSS issue in multiple email forms.
• Authenticated reflected XSS issue in DNS zone import tool.
• Validation failure in the language file import tool. Access to the tool requires a valid admin login.

Thank you to Dogus Demirkiran (BEND0US) for reporting the issue to us.

This release fixes also several bugs and removes the language file editor.

You can see the full changelog here:

https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/98

Please note that ISPConfig does not support Debian 13 yet due the changes introduced with Dovecot 2.4. Do not upgrade your servers to Debian 13 until support for this new Debian major version has been added. Debian 13 support will be available soon as part of the next regular ISPConfig release 3.3.1.

Known issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Bug

You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

• Debian 10 – 12 (recommended)
• Ubuntu 24.04 — LTS – 24.04 LTS (recommended)
• CentOS 7 – 8

Download ISPConfig 3.3.0p3

https://www.ispconfig.org/downloads/ISPConfig-3.3.0p3.tar.gz

The installation instructions for ISPConfig can be found here:

https://www.ispconfig.org/ispconfig-3/documentation/

How can I update to ISPConfig 3.3.0p3?

You can update to ISPConfig 3.3.0p3 by using the ispconfig_update.sh command.

Manual update instructions

In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:

Run the following commands as root user on your ISPConfig server:

cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.3.0p3.tar.gz
tar xvfz ISPConfig-3.3.0p3.tar.gz
cd ispconfig3_install/install
php -q update.php