ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2018-08-17T08:47:11Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5065Strict fcgi starter script permissions leads to a 500 server error on debian ...2018-08-17T08:47:11ZDanny WoodStrict fcgi starter script permissions leads to a 500 server error on debian wheezy## short description
Due to the permissions of the fastcgi script directories you get a 500 server error when enabling fast-cgi on a server running debian wheezy after updating to the latest ISPConfig
## correct behaviour
Sites should l...## short description
Due to the permissions of the fastcgi script directories you get a 500 server error when enabling fast-cgi on a server running debian wheezy after updating to the latest ISPConfig
## correct behaviour
Sites should load with fast cgi enabled
## environment
Server OS: Debian
Server OS version: Wheezy
ISPConfig version: 3.1.12
If it might be related to the problem
```
Server version: Apache/2.2.22 (Debian)
Server built: May 30 2018 12:49:05
```
```
PHP 5.4.45-0+deb7u14 (cli) (built: May 9 2018 18:47:17)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with Xdebug v2.2.1, Copyright (c) 2002-2012, by Derick Rethans
```
## proposed fix
The issue looks like it was introduced in this commit:
https://git.ispconfig.org/ispconfig/ispconfig3/commit/a7c4cb62af82bba43d0837a2e69e91eff9bb7a62
After debugging the changes it looks like the directory permissions need to be 555 for fastcgi to work correctly in this setup
A quick patch that makes it function correctly on our server is attached.[fcgi-scriptdir-permissions-fix.patch](/uploads/1403d5d750c143bdab88754005d42207/fcgi-scriptdir-permissions-fix.patch)3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5063Show server hostname under system > server config2018-08-27T16:12:19ZTill BrehmShow server hostname under system > server confighttps://www.howtoforge.com/community/threads/would-this-be-an-idea.79403/https://www.howtoforge.com/community/threads/would-this-be-an-idea.79403/3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4558re-implement mysql flags2018-08-07T11:39:18ZJesse Norellre-implement mysql flagsPlease implement mysql connection options, aka 'flags'. It seems this was done in the past (https://git.ispconfig.org/ispconfig/ispconfig3/issues/1513), and the flags are still defined as a setting, but not used in the connection (which...Please implement mysql connection options, aka 'flags'. It seems this was done in the past (https://git.ispconfig.org/ispconfig/ispconfig3/issues/1513), and the flags are still defined as a setting, but not used in the connection (which will require a switch to mysqli_real_connect()), I'd guess a regression from switching to mysqli_*() functions.
My use case is to enable SSL in the mysql connection from slave servers.3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5061re-creation for dkim keys fails2018-08-07T11:39:18ZFlorian Schaalre-creation for dkim keys failsunable to re-create dkim-keys / dns-records for a mail-domainunable to re-create dkim-keys / dns-records for a mail-domain3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5068mail routing configuration allows every server to be selected2018-08-07T11:39:18Zteuto.netmail routing configuration allows every server to be selected## short description
The mail routing configuration is buggy, because users are able to select every server, even DNS or webservers.
## correct behaviour
We think this should be limited to mailservers only, because theese are transporti...## short description
The mail routing configuration is buggy, because users are able to select every server, even DNS or webservers.
## correct behaviour
We think this should be limited to mailservers only, because theese are transporting mails.
## environment
Server OS: every
Server OS version: every
ISPConfig version: master
## proposed fix
merge request will be created.3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5062log rotate ispconfig error.log.1.gz2018-06-19T13:37:45ZFerenc Farkaslog rotate ispconfig error.log.1.gz## short description
/var/log/ispconfig/httpd/site/error.log.1.gz are never rotated.
## environment
Server OS: debian/buntu
Server OS version: jessie/xenial
ISPConfig version: 3.1.12
```
Server version: Apache/2.4.10 (Debian)
Serve...## short description
/var/log/ispconfig/httpd/site/error.log.1.gz are never rotated.
## environment
Server OS: debian/buntu
Server OS version: jessie/xenial
ISPConfig version: 3.1.12
```
Server version: Apache/2.4.10 (Debian)
Server built: Mar 31 2018 09:39:03
```
```
nginx version: nginx/1.10.3 (Ubuntu)
```
```
PHP 5.6.33-0+deb8u1 (cli) (built: Jan 5 2018 15:46:26)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with XCache v3.2.0, Copyright (c) 2005-2014, by mOo
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with XCache Optimizer v3.2.0, Copyright (c) 2005-2014, by mOo
with XCache Cacher v3.2.0, Copyright (c) 2005-2014, by mOo
with XCache Coverager v3.2.0, Copyright (c) 2005-2014, by mOo
```
```
PHP 7.0.30-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.30-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies
```
## proposed fix
```
while($num >= 1) {
if (is_file($error_logfile . '.' . $num . '.gz')) rename($error_logfile . '.' . $num . '.gz', $error_logfile . '.' . ($num + 1) . '.gz');
$num--;
}
```3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5099letsencrypt bug on multihost system2018-08-17T08:23:57Zkolorafaletsencrypt bug on multihost system## short description
If you accidentally enable let's encrypt on second host, it probably fail (because domain is not pointing to that server) and it will disable ssl on all host (even with valid ssl).
## correct behaviour
https://git.i...## short description
If you accidentally enable let's encrypt on second host, it probably fail (because domain is not pointing to that server) and it will disable ssl on all host (even with valid ssl).
## correct behaviour
https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/server/plugins-available/apache2_plugin.inc.php#L1224
The WHERE should only affect the currect vhost on this server, not any vhost with the same domain.
## environment
Server OS: debian
Server OS version: Jessie
ISPConfig version: git
## proposed fix
Change WHERE condition from "domain" to "domain_id"
Thanks :)3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5101Issue with DKIM key generator2018-08-17T07:58:29ZTill BrehmIssue with DKIM key generatorhttps://www.howtoforge.com/community/threads/ispconfig-stable-3-1-latest-dkim-generation-possible-problem.79752/https://www.howtoforge.com/community/threads/ispconfig-stable-3-1-latest-dkim-generation-possible-problem.79752/3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5059Issue in new vlogger from ISPConfig 3.1.122018-11-15T10:20:19ZTill BrehmIssue in new vlogger from ISPConfig 3.1.12The log shows:
Argument ""-"" isn't numeric in numeric gt (>) at /usr/local/ispconfig/server/scripts/vlogger line 514, <STDIN> line 1.The log shows:
Argument ""-"" isn't numeric in numeric gt (>) at /usr/local/ispconfig/server/scripts/vlogger line 514, <STDIN> line 1.3.1.13Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5069Ignore Ubuntu Livepatch /snap disk full alerts.2018-08-17T09:28:09ZTill BrehmIgnore Ubuntu Livepatch /snap disk full alerts.Ignore Ubuntu Livepatch /snap disk full alerts.Ignore Ubuntu Livepatch /snap disk full alerts.3.1.13https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5102Authenticated client local code inclusion issue2018-08-17T16:53:18ZTill BrehmAuthenticated client local code inclusion issueA security vulnerability has been found which allows a client to execute code under the permissions of the ispconfig user.
The following two requirements must be met for this:
- The attacker must have a valid ISPConfig login (Client, R...A security vulnerability has been found which allows a client to execute code under the permissions of the ispconfig user.
The following two requirements must be met for this:
- The attacker must have a valid ISPConfig login (Client, Reseller or Admin - username and password).
- The attacker must be able to create a website on the same server where the ISPConfig interface is hosted or he must have any other kind of local file system access that allows him to upload files to the server were the ISPConfig interface is hosted on.
Thank you very much to **Rio Sherri - 0x09AL** for finding and reporting this issue.
We highly recommend installing this update immediately.3.1.13