What’s new in ISPConfig 3.2.1?
This release contains an important security fix that closes a privilege escalation issue. The server administrator (admin user) was able to become root user. The issue needs a valid admin login on the server or the ability to access and modify the ISPConfig MySQL database directly. Client or reseller logins are not affected. Thanks to Robert Hendriks for reporting this issue.
In addition, several minor bugs from the previous version were fixed and some new features were implemented. Here are a few highlights:
Global
- Added the hostname to system log emails
- The update script now checks for conf-custom templates and offers to rename them on update
- You can now run a forced update to reconfigure services and install variables using the –force parameter on the upgrade command
- Fixed database compatibility issues
Client
- Fixed a bug which made adding new mailman lists impossible
Help
- The messages module can now be disabled under System -> Main Config -> Misc
Sites
- APS can now be re-enabled through the UI under System -> Main Config. Please note that APS will be fully removed from ISPConfig in the near future because there are no more up-to-date packages available.
- Added context to the redirect labels so it is clear to end users which option does what
- The option to pick an SSH authentication mode has been moved from System -> Main Config -> Misc to System -> Main Config -> Sites. If you had this configured, you will have to reconfigure it.
- Fixed an issue where old database backups weren’t deleted
- Fixed the creation of database backups on servers that only hold the database and not the website.
- Improved shell user path check due to security concerns
Email
- We need to support TLSv1 and TLSv1.1 a little longer for Postfix. We added ciphers for TLSv1 and TLSv1.1 so the protocols fully work again.
- Fixed a bug that made configuring RBL’s through the UI impossible
- Fixed a bug with rspamd where spam rules weren’t updated after changing editing a policy.
DNS
- You can now enable DNSSEC when creating a zone with the wizard automatically by adding “dnssec_wanted=Y” to the template.
System
- Fixed a bug where the hosts file on mirrors was changed wrong
You can see the full changelog here:
https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/71
ISPConfig 3.2
Please see the changelog for 3.2 as well if you are updating from 3.1.15p3 or earlier:
https://www.ispconfig.org/blog/ispconfig-3-2-released/
Known issues
Please take a look at the bug tracker:
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Bug
You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues
Supported Linux Distributions
- Debian 9 – 10 and Debian testing (recommended)
- Ubuntu 16.04 — LTS – 20.04 LTS (recommended)
- CentOS 7 – 8
Download ISPConfig 3.2.1
http://www.ispconfig.org/downloads/ISPConfig-3.2.1.tar.gz
The installation instructions for ISPConfig can be found here:
http://www.ispconfig.org/ispconfig-3/documentation/
How can I update to the ISPConfig 3.2.1?
You can update to ISPConfig 3.2.1 by using the ispconfig_update.sh command. We provide a detailed update guide here:
https://www.howtoforge.com/updating-ispconfig-3-1-to-ispconfig-3-2/
Manual update instructions
In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:
Run the following commands as root user on your ISPConfig server:
cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.1.tar.gz
tar xvfz ISPConfig-3.2.1.tar.gz
cd ispconfig3_install/install
php -q update.php
