ISPConfig 3.2.12p1 Released – Security Update

This release fixes several bugs in ISPConfig. The most critical problem is a stored XSS issue in the data log history detail page. Exploiting the XSS issue requires a valid login as admin user. Thank you to Daniel Jagszent for reporting the problem and providing a bugfix.

What’s new in ISPConfig 3.2.12p1?

You can see the full changelog here:

https://git.ispconfig.org/ispconfig/ispconfig3/-/milestones/93

Known issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Bug

You can report bugs at https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

  • Debian 9 – 12 (recommended) and Debian testing
  • Ubuntu 18.04 — LTS – 24.04 LTS (recommended)
  • CentOS 7 – 8

Download ISPConfig 3.2.12p1

https://www.ispconfig.org/downloads/ISPConfig-3.2.12p1.tar.gz

The installation instructions for ISPConfig can be found here:

https://www.ispconfig.org/ispconfig-3/documentation/

How can I update to ISPConfig 3.2.12p1?

You can update to ISPConfig 3.2.12p1 by using the ispconfig_update.sh command.

Manual update instructions

In case you need to run the update manually without using ispconfig_update.sh, use the manual download procedure below:

Run the following commands as root user on your ISPConfig server:

cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.12p1.tar.gz
tar xvfz ISPConfig-3.2.12p1.tar.gz
cd ispconfig3_install/install
php -q update.php