# Security update for ISPConfig 3 available



## Till (11. Mai 2012)

ISPConfig 3.0.4.5 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a security patch for an SQL injection vulnerability:

FS#2221 : SQL Injection Vulnerability

It is highly recommended to install the 3.0.4.5 update immediately.
If installing the full update is not possible on your server, 
then install the patch manually:


```
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
mv -f ispconfig3_install/interface/lib/classes/listform.inc.php /usr/local/ispconfig/interface/lib/classes/
```
For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme <ft@falkotimme.com>

333 pages

The manual can be downloaded from these two links:

ISPConfig 3 Manual « ISPConfig – Hosting Control Panel
Version 1.3 Of The ISPConfig 3 Manual (Date: 10/25/2011) Available | HowtoForge - Linux Howtos and Tutorials
=====================================================

-----------------------------------------------------
- Download
-----------------------------------------------------

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.5.tar.gz

------------------------------------
- Changelog
------------------------------------

=]ISPConfig::ISPConfig 3: Tasklist

--------------------------------------
- Known Issues:
--------------------------------------

Please take a look at the bugtracker:

ISPConfig::ISPConfig 3: Tasklist

--------------------------------------
- BUG Reporting
--------------------------------------

Please report bugs to the ISPConfig bugtracking system:

ISPConfig::ISPConfig 3: Tasklist

----------------------------------------
- Supported Linux Distributions
----------------------------------------

- Debian Etch (4.0) - Squeeze (6.0) and Debian testing
- Ubuntu 7.10 - 12.04
- OpenSuSE 11 - 12.1
- CentOS 5.2 - 6.2
- Fedora 9 - 15

-----------------------------------------
- Installation
-----------------------------------------

The installation instructions for ISPConfig can be found here:

Documentation « ISPConfig – Hosting Control Panel

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

------------------------------------------
- Update
------------------------------------------

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

How to Update ISPConfig 3 « FAQforge

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

-------------------------------------------
- Manual update instructions
-------------------------------------------


```
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
```


----------



## F4RR3LL (11. Mai 2012)

Na das nenn ich flotte Behebung. Wie immer well done und ohne Probleme.
Danke!

Gruß Sven


----------



## fuXz (11. Mai 2012)

Danke für den schnellen FIX jedoch ist seit dem Update zumindest auf meiner ISPConfig Version das Problem, das nach dem Anlegen von einem neuen Kunden/Webseite die Domain nicht richtig weiterleitet bzw irgendetwas blockiert da:

*Forbidden*

 You don't have permission to access / on this server.


die Struktur ist soweit richtig auch die index.html ist im web Ordner vorhanden. Ein löschen und neuanlegen hat nicht geholfen.

In der htaccess sind auch außer einer auskommentierten Info Zeile keine Parameter vorhanden


----------



## juergen71 (13. Mai 2012)

Update ausgeführt in Multiserverumgebung, keine Probleme! Auch das Anlegen von neuen Kunden/Domains oder Weiterleitungen funktioniert bei mir, konnte keine Fehler feststellen.


----------

