News: ISPConfig 3.1.15p1 Released (Security Updates)

Published: 29/10/2019 Back

The ISPConfig source code has undergone an initial code review by security company RACK911 LABS. During this check several problems were found which were fixed in this patch version.

This release improves the protection against CSRF attacks. While additions and edits were already protected, deletions were not. This has now been fixed.

The hashed (CRYPT_SHA512 with salt) password was visible in the ps command output, while a shell user was added with the adduser command. This has now been changed to hide the password hash.



Powered by HostBill