ISPConfig 3.2.1 Released

What’s new in ISPConfig 3.2.1?

This release contains an important security fix that closes a privilege escalation issue. The server administrator (admin user) was able to become root user. The issue needs a valid admin login on the server or the ability to access and modify the ISPConfig MySQL database directly. Client or reseller logins are not affected. Thanks to Robert Hendriks for reporting this issue.

In addition, several minor bugs from the previous version were fixed and some new features were implemented. Here are a few highlights:


  • Added the hostname to system log emails
  • The update script now checks for conf-custom templates and offers to rename them on update
  • You can now run a forced update to reconfigure services and install variables using the –force parameter on the upgrade command
  • Fixed database compatibility issues


  • Fixed a bug which made adding new mailman lists impossible


  • The messages module can now be disabled under System -> Main Config -> Misc


  • APS can now be re-enabled through the UI under System -> Main Config. Please note that APS will be fully removed from ISPConfig in the near future because there are no more up-to-date packages available.
  • Added context to the redirect labels so it is clear to end users which option does what
  • The option to pick an SSH authentication mode has been moved from System -> Main Config -> Misc to System -> Main Config -> Sites. If you had this configured, you will have to reconfigure it.
  • Fixed an issue where old database backups weren’t deleted
  • Fixed the creation of database backups on servers that only hold the database and not the website.
  • Improved shell user path check due to security concerns


  • We need to support TLSv1 and TLSv1.1 a little longer for Postfix. We added ciphers for TLSv1 and TLSv1.1 so the protocols fully work again.
  • Fixed a bug that made configuring RBL’s through the UI impossible
  • Fixed a bug with rspamd where spam rules weren’t updated after changing editing a policy.


  • You can now enable DNSSEC when creating a zone with the wizard automatically by adding “dnssec_wanted=Y” to the template.


  • Fixed a bug where the hosts file on mirrors was changed wrong

You can see the full changelog here:

ISPConfig 3.2

Please see the changelog for 3.2 as well if you are updating from 3.1.15p3 or earlier:

Known issues

Please take a look at the bug tracker:[]=Bug

You can report bugs at

Supported Linux Distributions

  • Debian 9 – 10 and Debian testing (recommended)
  • Ubuntu 16.04 — LTS – 20.04 LTS (recommended)
  • CentOS 7 – 8

Download ISPConfig 3.2.1

The installation instructions for ISPConfig can be found here:

How can I update to the ISPConfig 3.2.1?

You can update to ISPConfig 3.2.1 by using the command. We provide a detailed update guide here:

Manual update instructions

In case you need to run the update manually without using, use the manual download procedure below:

Run the following commands as root user on your ISPConfig server:

cd /tmp
tar xvfz ISPConfig-3.2.1.tar.gz
cd ispconfig3_install/install
php -q update.php