What’s new in ISPConfig 3.1.11

In the past weeks, we reviewed the ISPConfig sourcecode for further XSS issues and ISPConfig was tested with professional security test tools. Thank you very much to Fábián Patrik for his efforts in testing ISPConfig. This uncovered more places where ISPConfig was vulnerable to XSS attacks. For all attacks, a valid ISPConfig login was required to exploit the XSS vulnerability. This release fixes the XSS issues that were found. Besides that, it includes several other bugfixes and new features.

The ISPConfig IDS system was extended to have different attack score levels for users and the admin, this drastically reduced the false positive rate and allowed it to enable the IDS by default now. The IDS settings can be found in the file /usr/local/ispconfig/security/security_settings.ini

A new feature has been added to change the document root directory on nginx servers to a sub folder. More: https://git.ispconfig.org/ispconfig/ispconfig3/merge_requests/698

Download

The software can be downloaded here:

http://www.ispconfig.org/downloads/ISPConfig-3.1.11.tar.gz

Changelog

https://git.ispconfig.org/dashboard/issues?milestone_title=3.1.11&state=closed

Known Issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

BUG Reporting

Please report bugs to the ISPConfig bug tracking system:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

– Debian Etch (4.0) – Stretch (9.0) and Debian testing
– Ubuntu 7.10 – 17.10
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 7
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

Update

To update existing ISPConfig 3 installations, run these commands in the shell:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.1.11.tar.gz
tar xvfz ISPConfig-3.1.11.tar.gz
cd ispconfig3_install/install
php -q update.php