What's new in ISPConfig 3.0.5.4p7 This release contains a security fix against an SQL injection attack and a protection against CSRF attacks. A problem that the publik keys of website ssh users were not saved into the .ssh directory of the home directory of the user has been fixed as well. The sql injection attack requires an active and correctly authenticated admin user session. User sessions of Resellers, Clients or Mailusers can not be used for the attack. Servers that have "sql_scan_action=block" set in /usr/local/ispconfig/security/security_settings.ini are most likely not affected as the ISPConfig SQL scan engine detecs this attack successfully, the update should be installed anyway. The "Reconfigure services" option can be answered with "no" on servers that run ISPConfig 3.0.5.4p5 or p6. See changelog link below for a list of all changes that are included in this release. Download The software can be downloaded here: http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p7.tar.gz Changelog http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=85&status[]= Known Issues: Please take a look at the bugtracker: http://bugtracker.ispconfig.org BUG Reporting Please report bugs to the ISPConfig bugtracking system: http://bugtracker.ispconfig.org Supported Linux Distributions - Debian Etch (4.0) - Jessie (8.0) and Debian testing - Ubuntu 7.10 - 15.04 - OpenSuSE 11 - 13.2 - CentOS 5.2 - 8 - Fedora 9 - 15 Installation The installation instructions for ISPConfig can be found here: http://www.ispconfig.org/ispconfig-3/documentation/ or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file. Update To update existing ISPConfig 3 installations, run this command on the shell: ispconfig_update.sh Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script. Detailed instructions for making a backup before you update can be found here: http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/ If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below. Manual update instructions Code: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xvfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install php -q update.php
@till During Update i get following: (I know it's only a Notice) Code: PHP Notice: Undefined variable: conf in /tmp/ispconfig3_install/install/update.php on line 105 Unable to resolve hostname Hostname is OK, because i only run # ispconfig_update.sh
I dont get any problems here and the code of the updater has not been changed in the past releases. The php notice means that the ISPConfig server config file /usr/local/ispconfig/server/lib/config.inc.php is missing (or does not contain any config) on your server. Regarding hostname error, run the command: hostname -f and check if it really returns the full hostname of your server.
hmmmm serious.... config.inc.php was 0 When i take a look inte logs: Code: [Thu Jun 04 17:22:31.721374 2015] [fcgid:warn] [pid 31637] [client 217.255.32.37:52387] mod_fcgid: stderr: PHP Notice: Use of undefined constant DEVSYSTEM - assumed 'DEVSYSTEM' in /usr/local/ispconfig/interface/lib/app.inc.php on line 38 [Thu Jun 04 17:22:31.721402 2015] [fcgid:warn] [pid 31637] [client 217.255.32.37:52387] mod_fcgid: stderr: PHP Fatal error: Call to a member function get_security_config() on null in /usr/local/ispconfig/interface/lib/app.inc.php on line 333 I got a white Site, when i try to login into ispconfig after update Hostname is ok and return correct hostname
Take a look into /var/backup/ folder, there should be a ispconfig backup inside. Untar this and check the config.inc.php file, restore that to the server folder and run the update again.
