This release fixes several bugs in ISPConfig. The most critical problem is a stored XSS issue in the data log history detail page. Exploiting the XSS issue requires a valid login as admin user. Thank you to Daniel Jagszent for reporting the problem and providing a bugfix.
You can see the full changelog here:
https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/93
Please take a look at the bug tracker:
You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues
https://www.ispconfig.org/downloads/ISPConfig-3.2.12p1.tar.gz
The installation instructions for ISPConfig can be found here:
https://www.ispconfig.org/ispconfig-3/documentation/
You can update to ISPConfig 3.2.12p1 by using the ispconfig_update.sh command.
In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:
Run the following commands as root user on your ISPConfig server:
cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.2.12p1.tar.gz tar xvfz ISPConfig-3.2.12p1.tar.gz cd ispconfig3_install/install php -q update.php
