This release is an important security release that fixes a SQL injection issue. Please update as soon as possible! If you are not able to update, please use the ISPConfig patch tool to fix the security issue. Special thanks to Cyku Hong from DEVCORE for reporting the issue.
After installing the update or the patch, login or re-login once as admin user for security reasons!
Patch procedure in case you can’t update your server to ISPConfig 3.2.2
The patches are available for ISPConfig 3.1 (all versions >= 3.1.12) and ISPConfig 3.2. To apply the patch, run the command:
as root user on the shell. The command asks for the patch name.
For ISPConfig 3.1.12+, use: 3115_sqlinjection
For ISPConfig 3.2, use: 321_sqlinjection
Check the info that is shown on the shell and confirm with ‘y’. The patch was successful when the output does not contain the word “FAILED”. If you get an error like ‘patch not found’, then install the Linux command-line tool ‘patch’ on your system and try again.
This release fixes several minor bugs that were found in the previous version and implements some new features besides the security fix mentioned above.
In addition, several minor bugs from the previous version were fixed and some new features were implemented. Here are a few highlights:
And we fixed several security issues.
You can see the full changelog here:
Please see the changelog for 3.2 as well if you are updating from 3.1.15p3 or earlier:
Please take a look at the bug tracker:
You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues
The installation instructions for ISPConfig can be found here:
You can update to ISPConfig 3.2.2 by using the ispconfig_update.sh command. We provide a detailed update guide here:
In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:
Run the following commands as root user on your ISPConfig server:
cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.2.2.tar.gz tar xvfz ISPConfig-3.2.2.tar.gz cd ispconfig3_install/install php -q update.php