ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-05-03T13:31:52Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6389Mail filter not configured correctly2023-05-03T13:31:52ZThomMail filter not configured correctlyThe mailfilter is not configured correctly on install when using Rspamd, as the mail_filter variable is set incorrectly in the installer code. When updating it corrects itself, but after initial install it leaves users with a non working...The mailfilter is not configured correctly on install when using Rspamd, as the mail_filter variable is set incorrectly in the installer code. When updating it corrects itself, but after initial install it leaves users with a non working system.
See https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller/-/issues/78 as well.3.2.8p2ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6328Support PHP 8.X2022-10-20T19:42:49ZThomSupport PHP 8.XWe need to support PHP 8.X for the next Ubuntu release (22.04) - let's start gathering issues with the current code which we can look into. Please comment on this issue if you find a incompatibility.
ToDo:
- [x] `Function strftime() is ...We need to support PHP 8.X for the next Ubuntu release (22.04) - let's start gathering issues with the current code which we can look into. Please comment on this issue if you find a incompatibility.
ToDo:
- [x] `Function strftime() is deprecated in /usr/local/ispconfig/server/lib/classes/cron.inc.php` (https://www.howtoforge.com/community/threads/disable-deprecated-for-cron-on-debian10.88776/)
- [ ] `Uncaught Error: Call to undefined function mysqli_init() in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php:83` > `apt install php8.1-mysql` (need to add check for this to update script)
- [x] `stderr: thrown in /usr/local/ispconfig/interface/lib/classes/tpl.inc.php(1366) : eval()'d code on line 173`3.2.9Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/62443.2.7: remote api login fails if restricted by remote_ips2022-03-09T12:47:07ZJesse Norell3.2.7: remote api login fails if restricted by remote_ipsAfter updating to 3.2.7 I have an api client which is failing, with 'Session IP mismatch.'After updating to 3.2.7 I have an api client which is failing, with 'Session IP mismatch.'3.2.7p1Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4902Stored XSS issue in autoresponder subject field2018-01-26T09:02:00ZTill BrehmStored XSS issue in autoresponder subject fieldA stored XSS vulnerability has been found in the subject field of the email autoresponder. Exploiting this issue requires a valid ISPConfig login.
Thank you to Fábián Patrik for reporting this issue.A stored XSS vulnerability has been found in the subject field of the email autoresponder. Exploiting this issue requires a valid ISPConfig login.
Thank you to Fábián Patrik for reporting this issue.3.1.11Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4893Stored XSS issue in email name field2018-01-11T07:17:59ZTill BrehmStored XSS issue in email name fieldThere is a stored XSS problem in the email name field in ISPConfig 3 which allows an attacker to inject JS code into the database that gets displayed unfiltered in the ISPConfig dashboard of the client himself, the reseller that this cli...There is a stored XSS problem in the email name field in ISPConfig 3 which allows an attacker to inject JS code into the database that gets displayed unfiltered in the ISPConfig dashboard of the client himself, the reseller that this client belongs to and the admin.
Thank you very much to Fábián Patrik for reporting this issue.3.1.10Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4894XSS vulnerability in global search2018-01-11T07:17:59ZTill BrehmXSS vulnerability in global searchThe output of the global search function is not filtered correctly.The output of the global search function is not filtered correctly.3.1.10Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2174Auto subdomains are ignored when checking if domain is unique2017-06-20T22:34:24ZMarius BurkardAuto subdomains are ignored when checking if domain is uniqueThe unique check on saving domains/subdomains/aliasdomains ignores the auto subdomain.
If a domain mydomain.com with auto subdomain www is existing a subdomain www.mydomain.com could be created.The unique check on saving domains/subdomains/aliasdomains ignores the auto subdomain.
If a domain mydomain.com with auto subdomain www is existing a subdomain www.mydomain.com could be created.3.0.5Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2169Domain module does not check for valid selection2017-06-20T22:34:24ZMarius BurkardDomain module does not check for valid selectionIf the domain module is active, the domain list is only used for displaying the select boxes.
If you change the select value inside the html source (e.g. using firebug) you can add any domain you want, not just the ones from the domain ...If the domain module is active, the domain list is only used for displaying the select boxes.
If you change the select value inside the html source (e.g. using firebug) you can add any domain you want, not just the ones from the domain list.3.0.5Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/359Shell users are all created with the same UID2017-06-20T22:34:24ZFalko Timmef.timme@timmehosting.deShell users are all created with the same UIDShell users are all created with the same UID!Shell users are all created with the same UID!