ISPConfig 3.2.7 Released – Important Security Update

Discussion in 'ISPConfig Announcements' started by till, Oct 21, 2021.

Thread Status:
Not open for further replies.
  1. till

    till Super Moderator Staff Member ISPConfig Developer

    This release is an important security release that fixes an issue in the ISPConfig Remote API. Please update as soon as possible if you are actively using the Remote API in ISPConfig! Special thanks to Sam for reporting the issue. Besides the security fix, the release contains various security improvements in the API and a bug fix in the Let’s Encrypt SSL certificate handling of the ISPConfig installer.

    Release notes: https://www.ispconfig.org/blog/ispconfig-3-2-7-released-important-security-update/
     
    onastvar and ahrasis like this.
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Note: for any systems which use the remote api over the network, if you have 'Remote Access IPs / Hostnames' set for the remote user (and that is recommended in almost all cases) you will get a 'Session IP mismatch.' error and be unable to use the remote api - see #6244 and the bugfix in !1534.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This fix is now incorporated in the latest release, 3.2.7p1.
     
Thread Status:
Not open for further replies.

Share This Page