Our Sponsors

Die ISPConfig Entwicklung wird unterstützt von der projektfarm GmbH Lüneburg.

ISPConfig 3.1.11 Released – Sicherheitsupdate

Donnerstag, Januar 11, 2018 posted by admin

What’s new in ISPConfig 3.1.11

In the past weeks, we reviewed the ISPConfig sourcecode for further XSS issues and ISPConfig was tested with professional security test tools. Thank you very much to Fábián Patrik for his efforts in testing ISPConfig. This uncovered more places where ISPConfig was vulnerable to XSS attacks. For all attacks, a valid ISPConfig login was required to exploit the XSS vulnerability. This release fixes the XSS issues that were found. Besides that, it includes several other bugfixes and new features.

The ISPConfig IDS system was extended to have different attack score levels for users and the admin, this drastically reduced the false positive rate and allowed it to enable the IDS by default now. The IDS settings can be found in the file /usr/local/ispconfig/security/security_settings.ini

A new feature has been added to change the document root directory on nginx servers to a sub folder. More: https://git.ispconfig.org/ispconfig/ispconfig3/merge_requests/698


The software can be downloaded here:




Known Issues

Please take a look at the bug tracker:


BUG Reporting

Please report bugs to the ISPConfig bug tracking system:


Supported Linux Distributions

– Debian Etch (4.0) – Stretch (9.0) and Debian testing
– Ubuntu 7.10 – 17.10
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 7
– Fedora 9 – 15


The installation instructions for ISPConfig can be found here:



To update existing ISPConfig 3 installations, run these commands in the shell:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.1.11.tar.gz
tar xvfz ISPConfig-3.1.11.tar.gz
cd ispconfig3_install/install
php -q update.php

Comments are closed.