ISPConfig 3.1.15p1 Released – Security and Bugfix Release

What’s new in ISPConfig 3.1.15p1

The ISPConfig source code has undergone an initial code review by security company RACK911 LABS. During this check several problems were found which were fixed in this patch version.

This release improves the protection against CSRF attacks. While additions and edits were already protected, deletions were not. This has now been fixed.

The hashed (CRYPT_SHA512 with salt) password was visible in the ps command output, while a shell user was added with the adduser command. This has now been changed to hide the password hash.

This release also contains some bug fixes. For details, please see the changelog.

ISPConfig 3.1.15p1 Download

The software can be downloaded here:


Known Issues

Please take a look at the bug tracker:

BUG Reporting

Please report bugs to the ISPConfig bug tracking system:

Supported Linux Distributions

– Debian 9 – 10 and Debian testing
– Ubuntu 16.04 LTS – 18.04 LTS
– OpenSuSE 11 – 13.2
– CentOS 7
– Fedora 9 – 15


The installation instructions for ISPConfig can be found here:


ISPConfig can be updated to version 3.1.15p1 by running the command:

as root user on the shell. Choose ‘stable’ as the update source.

Manual Update

In case you have any issues with updating ISPConfig trough command, then use the manual update instructions below.

To update existing ISPConfig 3 installations, run these commands in the shell:

cd /tmp
tar xvfz ISPConfig-3.1.15p1.tar.gz
cd ispconfig3_install/install
php -q update.php