You are currently browsing the archives for the Developer category.

Our Sponsors

Die ISPConfig Entwicklung wird unterstützt von der projektfarm GmbH Lüneburg.

Archive for the ‘Developer’ Category

ISPConfig 3 Security Advisory 2013/08/08

Donnerstag, August 8, 2013 posted by till

Summary

A security issue has been found in the sites module which allows customers to create website users
for websites which they do not own from within the ISPConfig interface. This issue requires a valid
ISPConfig client login and the manipulation of http variables. If a client would try to create a
login for a different site, his actions are recorded in the sys_datalog and can be tracked down
by the administrator even if he deletes this login again.

Affected versions

All ISPConfig 3 versions < 3.0.5.3 Mitigation

A hotfix for ISPConfig 3.0.5.2 is available at ispconfig.org:

http://www.ispconfig.org/downloads/ispconfig-hotfix-2013-08-08.zip

This hotfix needs to be applied only to servers with an ISPConfig interface; you do not need to apply this patch on slave servers without an ISPConfig interface.

Installation instructions for the hotfix:

Login to your server as root and execute the following commands:

wget http://www.ispconfig.org/downloads/ispconfig-hotfix-2013-08-08.zip
unzip ispconfig-hotfix-2013-08-08.zip
cd ispconfig-hotfix-2013-08-08/
chmod +x ispconfig-hotfix.sh
./ispconfig-hotfix.sh

Additionally to the hotfix, ISPConfig 3.0.5.3 will be released tomorrow
(August 09. 2013) which fixes this issue as well.

Credit

ISPConfig was notified of this issue by researcher Tim Mishutin ( ISPConfig forum user: Almere )
from SecureHoster (www.securehoster.nl).

Kommentare deaktiviert für ISPConfig 3 Security Advisory 2013/08/08

ISPConfig 3.0.5.2 released

Donnerstag, März 28, 2013 posted by till

ISPConfig 3.0.5.2 is available for download. This release is a bugfix release for ISPConfig 3.0.5.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=73&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.10
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.5.2 released

ISPConfig 3.0.5 final released

Montag, Februar 25, 2013 posted by till

ISPConfig 3.0.5 is available for download. This release is a major release of ISPConfig 3.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

What’s new in ISPConfig 3.0.5

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.
– IDN domains are converted automatically to / from punicode. (requires PHP idn extension from pecl)
– Mail traffic reporting for dovecot servers.

Special thanks to Marius Cramer from www.pixcept.de for his contributions to the 3.0.5 ISPConfig release.

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.10
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.5 final released

ISPConfig 3.0.5 RC 1 released for testing

Freitag, Dezember 21, 2012 posted by till

The release candidate (RC) of the upcoming ISPConfig 3.0.5 is available for download. RC versions are released for testing purposes and should not be installed on production systems.

What’s new in ISPConfig 3.0.5

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.
– Mail traffic reporting for dovecot servers.

Special thanks to Marius Cramer from www.pixcept.de for his contributions to the 3.0.5 ISPConfig release.

Detailed Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Download

http://www.ispconfig.org/downloads/ISPConfig-3.0.5-rc1.tar.gz

Update instructions

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5-rc1.tar.gz
tar xvfz ISPConfig-3.0.5-rc1.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.5 RC 1 released for testing

ISPConfig 3.0.5 Beta 1 released for testing

Donnerstag, November 1, 2012 posted by till

The first beta version of the upcoming ISPConfig 3.0.5 release is available for download. Beta versions are early versions released for testing purposes, it is not recommended to use them on production systems.

What’s new

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.
– Mail traffic reporting for dovecot servers.

Special thanks to Marius Cramer from www.pixcept.de for his contributions to the 3.0.5 ISPConfig release.

Detailed Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Download

http://www.ispconfig.org/downloads/ISPConfig-3.0.5-beta1.tar.gz

Update instructions

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5-beta1.tar.gz
tar xvfz ISPConfig-3.0.5-beta1.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.5 Beta 1 released for testing

ISPConfig 3.0.5-alpha1 available for testing

Freitag, Oktober 5, 2012 posted by till

The first alpha version of the upcoming ISPConfig 3.0.5 release is available for download. Alpha versions are very early versions released for testing purposes, it is not recommended to use them on production systems.

What’s new

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.

Detailed Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Download

http://www.ispconfig.org/downloads/ISPConfig-3.0.5-alpha1.tar.gz

Update instructions

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5-alpha1.tar.gz
tar xvfz ISPConfig-3.0.5-alpha1.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.5-alpha1 available for testing

ISPConfig 3.0.4.6 released

Montag, Juni 18, 2012 posted by till

ISPConfig 3.0.4.6 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
http://www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.6.tar.gz

Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=68&status[]=

Known Issues

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0)
– Ubuntu 7.10 – 12.04
– OpenSuSE 11 – 12.1
– CentOS 5.2 – 6.2
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.4.6 released

ISPConfig 3.0.4.6 RC1 is available for testing

Montag, Juni 11, 2012 posted by till

The first release candidate (RC1) version of the upcoming ISPConfig 3.0.4.6 is available for download. RC versions are released for testing purposes, it is not recommended to use them on production systems.

This release is a bugfix release for ISPConfig 3.0.4

Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=68&status[]=

Download

http://www.ispconfig.org/downloads/ISPConfig-3.0.4.6-rc1.tar.gz

Update instructions

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.4.6-rc1.tar.gz
tar xvfz ISPConfig-3.0.4.6-rc1.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für ISPConfig 3.0.4.6 RC1 is available for testing

Security update for ISPConfig 3 available

Freitag, Mai 11, 2012 posted by till

ISPConfig 3.0.4.5 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a security patch for an SQL injection vulnerability:

http://bugtracker.ispconfig.org/index.php?do=details&task_id=2221

It is highly recommended to install the 3.0.4.5 update immediately.
If installing the full update is not possible on your server,
then install the patch manually:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
mv -f ispconfig3_install/interface/lib/classes/listform.inc.php /usr/local/ispconfig/interface/lib/classes/

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
http://www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.5.tar.gz

Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=67&status[]=

Known Issues

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.04
– OpenSuSE 11 – 12.1
– CentOS 5.2 – 6.2
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für Security update for ISPConfig 3 available

Important security update for ISPConfig 3 available

Dienstag, April 10, 2012 posted by till

ISPConfig 3.0.4.4 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a critical security patch for webdav users:

http://bugtracker.ispconfig.org/index.php?do=details&task_id=2157

It is highly recommended to install the 3.0.4.4 update immediately.
If installing the full update is not possible on your server,
then install the patch manually:

cd /tmp
wget http://www.ispconfig.org/downloads/webdav_user_edit_php.gz
gzip -d webdav_user_edit_php.gz
mv -f webdav_user_edit_php /usr/local/ispconfig/interface/web/sites/webdav_user_edit.php

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
http://www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.4.tar.gz

Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=66&status[]=

Known Issues

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0)
– Ubuntu 7.10 – 11.10
– OpenSuSE 11 – 12.1
– CentOS 5.2 – 6.2
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Kommentare deaktiviert für Important security update for ISPConfig 3 available