ISPConfig 3.2.2 Released – Important Security Update

This release is an important security release that fixes a SQL injection issue. Please update as soon as possible! If you are not able to update, please use the ISPConfig patch tool to fix the security issue. Special thanks to Cyku Hong from DEVCORE for reporting the issue.

After installing the update or the patch, login or re-login once as admin user for security reasons!

Patch procedure in case you can’t update your server to ISPConfig 3.2.2

The patches are available for ISPConfig 3.1 (all versions >= 3.1.12) and ISPConfig 3.2. To apply the patch, run the command:

ispconfig_patch

as root user on the shell. The command asks for the patch name.

For ISPConfig 3.1.12+, use: 3115_sqlinjection
For ISPConfig 3.2, use: 321_sqlinjection

Check the info that is shown on the shell and confirm with ‘y’. The patch was successful when the output does not contain the word “FAILED”. If you get an error like ‘patch not found’, then install the Linux command-line tool ‘patch’ on your system and try again.

What’s new in ISPConfig 3.2.2?

This release fixes several minor bugs that were found in the previous version and implements some new features besides the security fix mentioned above.

In addition, several minor bugs from the previous version were fixed and some new features were implemented. Here are a few highlights:

Global

  • Improved quota bars

Sites

  • Fixed several backup issues including the cleanup of over limit backups and manually creation of backups

Email

  • Fix a bug that caused custom login names to malfunction

DNS

  • Fixed an issue with the DNS wizard that didn’t allow to create new zones

And we fixed several security issues.

You can see the full changelog here:

https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/72

ISPConfig 3.2

Please see the changelog for 3.2 as well if you are updating from 3.1.15p3 or earlier:
https://www.ispconfig.org/blog/ispconfig-3-2-released/

Known issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Bug

You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

  • Debian 9 – 10 and Debian testing (recommended)
  • Ubuntu 16.04 — LTS – 20.04 LTS (recommended)
  • CentOS 7 – 8

Download ISPConfig 3.2.2

https://www.ispconfig.org/downloads/ISPConfig-3.2.2.tar.gz

The installation instructions for ISPConfig can be found here:

https://www.ispconfig.org/ispconfig-3/documentation/

How can I update to the ISPConfig 3.2.2?

You can update to ISPConfig 3.2.2 by using the ispconfig_update.sh command. We provide a detailed update guide here:
https://www.howtoforge.com/updating-ispconfig-3-1-to-ispconfig-3-2/

Manual update instructions

In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:

Run the following commands as root user on your ISPConfig server:

cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.2.tar.gz
tar xvfz ISPConfig-3.2.2.tar.gz
cd ispconfig3_install/install
php -q update.php