What’s new in ISPConfig 3.0.5.4p7
This release contains a security fix against a SQL injection attack and
a new protection against CSRF attacks. A problem that the public keys of
website ssh users were not saved into the .ssh directory of the home
directory of the user has been fixed as well.
The sql injection attack requires an active and correctly authenticated
admin user session. User sessions of Resellers, Clients or Mailusers can
not be used for the attack. Servers that have “sql_scan_action=block” set
in /usr/local/ispconfig/security/security_settings.ini are most likely
not affected as the ISPConfig SQL scan engine detecs this attack successfully,
the update should be installed anyway.
The “Reconfigure services” option can be answered with “no” on servers
that run ISPConfig 3.0.5.4p5 or p6.
See changelog link below for a list of all changes that are included in this release.
Download
The software can be downloaded here:
http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p7.tar.gz
Changelog
http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=85&status[]=
Known Issues:
Please take a look at the bugtracker:
http://bugtracker.ispconfig.org
BUG Reporting
Please report bugs to the ISPConfig bugtracking system:
http://bugtracker.ispconfig.org
Supported Linux Distributions
– Debian Etch (4.0) – Jessie (8.0) and Debian testing
– Ubuntu 7.10 – 15.04
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 8
– Fedora 9 – 15
Installation
The installation instructions for ISPConfig can be found here:
http://www.ispconfig.org/ispconfig-3/documentation/
or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.
Update
To update existing ISPConfig 3 installations, run this command on the shell:
ispconfig_update.sh
Select “stable” as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.
Detailed instructions for making a backup before you update can be found here:
http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/
If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.
Manual update instructions
cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xvfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install php -q update.php
