Fixed Product Issues

Linux

• Fixed the issue where the Configurations Troubleshooter extension would be reinstalled during the execution of the daily maintenance task. (PPP-68660)
• Fixed the issue where enabling the “Use DKIM spam protection system to sign outgoing email messages” option on a Plesk server with no DNS server installed would fail with the “This option is not supported” error. (PPP-68661)

Windows

• Fixed the issue where, under specific circumstances, logging in to Plesk would result in a HTTP 500 “count(): Argument #1 ($value) must be of type Countable

  array, false given” error. (PPP-68690)

Changes in Third-Party Components

Linux

• Updated ModSecurity to version 2.9.10.

Changes in Third-Party Components

Linux

• Updated Roundcube 1.4.15 and 1.6.10 to fix the CVE-2025-49113 vulnerability.

Fixed Product Issues

• Fixed a bug causing HTTP requests to fail because of deadlock errors caused by overload in the sessions table. (PPPM-14950)

Changes in Third-Party Components

Linux

• Updated Roundcube 1.4.15 and 1.6.10 to fix the CVE-2025-49113 vulnerability.

What’s New?

• We are excited to release the anniversary edition Plesk Obsidian 18.0.70! Huge thanks to all our loyal customers! To celebrate, we have added a little gift. Want some fun? Just type DISCO on your Plesk screen. Let’s dance!

• Improved protections against brute-force attacks on your Plesk server by rate-limiting login attempts. To configure this feature, add lines following the pattern below to the panel.ini file:

  [security]
  bruteforceProtection.enabled = true ;Enables or disables brute force protection.
  bruteforceProtection.rateLimit = 5 ;The number of failed access attempts allowed by an IP address.
  bruteforceProtection.rateLimitPeriod = 300 ;The rate limit period in seconds.
  

• (Plesk for Windows) Added a new components utility to allow users to manage server components from the CLI. To see help on the utility usage, run the following command:

  plesk bin components --help
  

• (Plesk for Linux) Updated Plesk images on Microsoft Azure, Google Cloud, DigitalOcean, Amazon Web Services (including Amazon Lightsail) from Ubuntu 22.04 to Ubuntu 24.04 LTS. See more information about available Plesk cloud images.

Feature Improvements

• Added the ability to resize interfaces and the installer up to 200% larger to improve accessibility.
• Limited how many tasks the Task Manager can query at one time and moved task cleanup jobs into batches to reduce CPU and RAM usage on high-load servers. This improves overall server performance. Also added debug messages for all Task Manager API operations.
• Improved Plesk QCOW2 images to take up less disk space on installation, scale more effectively with more storage, and contain security and packaging updates.

• Users can now configure the backup validation period by adding lines of the following pattern to the panel.ini file:

  [pmm]
  backupsValidationPeriod = 7 ;The backup validation period, in days.
  

  Note: Backup validation can be cancelled by setting backupsValidationPeriod to 0.

• (Plesk for Linux) Plesk now installs with a default secure TLS configuration.
• (Plesk for Linux) It is no longer possible to bypass the default PHP performance settings in PHP-FPM handlers using the .user.ini settings file or the PHP ini_set() command. The default PHP performance settings should be optimal for most websites, and changing the settings could impact the websites’ performance.

Deprecated and Removed Items

• (Plesk for Windows) Plesk removed support for BIND DNS due to security and maintenance risks.

  Note: If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Fixed Product Issues

• Fixed automatic MariaDB 11.4+ warnings issued in error about mysql and mysqldump being deprecated program names. (PPP-67855)
• Fixed Spamhaus false positive errors where it blocked IP addresses that were not in the blackhole list because of rate-limiting codes. (PPPM-14750)
• Fixed a UX issue where selecting a database name expanded or collapsed its interface section. (PPPM-14940)
• Fixed an issue where customer databases could not be moved to other subscriptions. (PPPM-14957)
• Fixed an issue where email configuration links provided an incorrect logo if the mailbox belonged to a reseller using custom branding. (PPPM-14953)
• Improved communication for the “Maximum message size” setting in the Mail Server Settings interface to make it clearer that setting the size to 0 removes limits on message size. (PPPM-14955)
• Fixed an issue where email configuration setup wizard links scaled custom logos improperly if they were too wide. (PPPM-14927)
• Fixed a bug causing HTTP requests to fail because of deadlock errors caused by overload in the sessions table. (PPPM-14950)
• Fixed a bug causing outgoing mail control history to disappear when a mail account was removed. (PPPM-14948)
• Fixed an issue where the repair utility did not resolve if it encountered a mail account that contained invalid characters. (PPPM-14937)
• Fixed an issue where the repair utility failed when the bounce message contained a non-ASCII character. (PPPM-14749)
• Fixed an issue where failed FTP backup messages would not close and their corrupted files would not delete. (PPPM-14928)
• Fixed an issue that did not allow users to move the cgi-bin directory. (PPPM-14915)
• Fixed an issue where a subscription’s Websites & Domains breadcrumb link did not redirect to the Websites & Domains section. (PPPM-14796)
• Fixed an issue with the mailserver.exe utility that caused the -excluded-nets option to overwrite the IPs listed under the “Use no relay restrictions for the following network settings” in the Tools & Settings > Mail Server Settings with only the newly-added IP address. (PPPM-14769)
• Fixed an issue blocking a service plan’s traffic limit from being set over 99T with the CLI. (PPPM-14033)
• Fixed an issue where the removed RKHunter feature still sent security scan emails. (EXTPLESK-8937)
• Fixed an issue where the Performance Booster setting did not recommend the latest PHP version. (EXTPLESK-5245)

Linux

• Fixed an issue where the Upgrade Tool failed to upgrade a server from Ubuntu 20 to Ubuntu 22 if an unsupported PHP version was installed. (PPPM-14933)
• Fixed an issue where the Docker extension added an invalid repository on RHEL 9 servers. (EXTPLESK-8913)
• Fixed an issue where subscriptions created by XML APIs with the “Permanent SEO-safe 301 redirect from HTTP to HTTPS” option disabled were locked into their service plans. (PPPM-14962)
• Fixed an issue where increasing the number of domains did not increase Apache and NGINX limits for the maximum number of files open, causing errors. (PPPM-14951)
• Fixed an issue blocking MariaDB 10.5+ updates on CentOS 7. (PPPM-14946)
• Fixed a race condition issue processing ActionLog events. (PPPM-14913)
• Fixed an issue where PHP did not display errors if unsupported custom options were added. (PPPM-14877)
• Fixed an issue where imunify360 caused Plesk installation to fail. (PPPM-14810)

Windows

• Fixed a bug affecting File Manager searches when virtual hosts were changed to separate drives. (PPPM-14720)
• Added modsodbsql17 package to installer to prevent installation failure on Windows 2025 based on dependency issues. (PPM-14920)
• Fixed an issue where Laravel Toolkit rewrite rules blocked pushing to local Git repositories. (PPP-68224)

Changes in Third-Party Components

Linux

• Updated ModSecurity to version 2.9.9 to fix the CVE-2025-47947 vulnerability.
• Upgraded the sw-engine PHP version to 8.4.6.
• Updated the courier-unicode version to 2.3.2.
• Updated the courier-imap version to 5.2.11.
• Updated the courier-authlib version to 0.72.4.
• Updated the libarchive version to 2.3.2.

Windows

• Updated ASP.NET Core 9.0 to version 9.0.5.
• Updated ASP.NET Core 8.0 to version 8.0.16.
• Upgraded the plesk-engine PHP version to 8.4.7.
• Updated the OWASP ModSecurity CRS version to 4.14.0.
• Updated MailEnable Standard to version 10.52.
• Updated Node.js to version 20.19.2.

Ruby 1.5.1

• Ruby 3.4.x is now supported as 3.4.4.
• Ruby 3.3.x is now supported as 3.3.8.
• Ruby 3.2.x was updated to version 3.2.8.
• Ruby 3.1.x was updated to version 3.1.7. This version is EoL.
• Ruby 3.0.x was updated to version 3.0.7. This version is EoL.
• Ruby 2.5.x was updated to version 2.5.9. This version is EoL.
• Ruby 2.4.x was updated to version 2.4.10. This version is EoL.
• Bundler shipped with Ruby 2.4-2.5 was updated to version 2.3.27.
• Bundler shipped with Ruby 2.6 was updated to version 2.4.22.

Fixed Product Issues

Linux

• Fixed the issue where, after enabling real-time updates for a website in Log Browser, accessing the website resulted in the “Unable to load list data” error. (PPPM-14936)

Windows

• Fixed the issue where opening the “Mail Accounts” page in Plesk resulted in the “Call to a member function getPackage() on null (WebmailPackage.php:59)” error for domains using Remote SmarterMail Web Client. (PPPM-14931)

Fixed Product Issues

• Fixed the issue where the phpMyAdmin button was missing from the database card in Dynamic List view after updating to Plesk Obsidian 18.0.69. (PPP-68197)

Fixed Product Issues

• Fixed the issue where, after updating to Plesk Obsidian 18.0.69, retrieving the list of databases owned by a subscription by clicking Databases in the Plesk GUI would result in the “Cannot read properties of undefined (reading ‘searchFilters’)” error if the number of databases was too high. (PPPM-14921)

What’s New?

• (Plesk for Windows) Plesk now supports Windows Server 2025.

  Note: Due to a limitation in Microsoft DNS on Windows Server 2025, it is not possible to create HTTPS and CAA DNS records in Plesk. Microsoft DNS on this version of Windows cannot load unknown record types from the zone file, which prevents support for these record types.

  Note: The ability to perform a dist-upgrade to Windows Server 2025 will be added in future Plesk releases.

• Added the “Password Reset Link”, which is now shown next to each email address on the “Email Addresses” tab. We updated the email addresses management screen to bring the most frequently used actions to the front. Since password reset is one of the most common tasks for subscription administrators, we redesigned this feature and placed it directly on the main email address management screen.
• (Plesk for Linux) Updated Plesk on Cloud DigitalOcean images from Ubuntu 22.04 to Ubuntu 24.04 LTS.

Feature Improvements

• Redesigned the way databases are displayed in Dynamic List view. The new interface is modern, robust, and user-friendly, offering smooth and fast transitions thanks to the use of drawers. This update marks a long-awaited step toward a unified experience based on Dynamic List view, paving the way for the eventual removal of the outdated Classic and Active list views.
• (Plesk for Windows) Replaced the auto-reply function developed by Plesk with native solutions provided by the supported mail servers. This improvement increases email sending and deliverability when DMARC, DKIM, and SPF are used.
  For details and recommended actions, see the Feature and Deprecation Plan.
• (Plesk for Linux)Performance Booster can now apply MySQL/MariaDB optimizations for MariaDB 11.4.

• (Plesk for Linux) Changed the GPG key used to sign Plesk packages and repositories to a stronger one. The new key prevents security warnings about weak algorithms during Plesk installations and updates. However, when installing the latest Plesk version on Ubuntu 24.04, you may still see warnings about a weak algorithm caused by the old GPG key in the following cases:

  • When Imunify extension repositories are configured, because the extension’s vendor (CloudLinux) has not yet updated their GPG key.
  • Briefly during Plesk Installer component initialization because it is required to enable all repositories to check the component availability.
  • When outdated versions of software shipped with Plesk are installed (for example, PHP versions earlier than 8.1), because they still use the old GPG key.

Deprecated and Removed Items

• The following outdated APS Catalog applications will be deprecated and removed from the Plesk APS catalog in Plesk Obsidian 18.0.71: DotNetNuke, Magento, Zen Cart, concrete5, phpList, osCommerce, Gallery, BBClone, SugarCRM, Coppermine, and SquirrelMail. For details and recommended actions, see the Feature and Deprecation Plan.
• The BIND DNS server has already been deprecated and removed from Plesk for Windows. Due to security and maintenance risks, we are taking steps to ensure that no Plesk servers continue using BIND as of Plesk Obsidian 18.0.70. If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
• Removed the Horde component from Plesk Installer. The component is no longer supported, and we recommend switching to another webmail software supported in Plesk.
• Removed RKHunter from the Watchdog extension. For details and recommended actions, see the Feature and Deprecation Plan.
• The following SDK functionality will be deprecated in Plesk Obsidian 18.0.69: implementation of the EventListener interface without the filterActions method. Starting from Plesk Obsidian 18.0.71, it will be mandatory to implement the filterActions method of the EventListener interface. See more details.

Fixed Product Issues

• Additional administrator accounts can no longer switch to Service Provider view when the “Force Power User view for additional administrator” feature is enabled. (PPP-68030)
• The version of the SOGo Webmail extension that supports PHP 8.4 no longer prevents website publishing with Web Presence Builder. (PPP-67950)
• Enabling the “Permanent SEO-safe 301 redirect from HTTP to HTTPS” option for a subscription via an XML API request now locks the subscription, as expected. (PPPM-14856)
• An incremental backup to S3-compatible storage no longer fails with the “Unable to upload a file to the storage: Checksum Type mismatch occurred” error under specific circumstances. (PPPM-14891)
• Fixed regular updates of SpamAssassin databases. (PPPM-14888)
• The Watchdog extension now shows different statuses for “Not monitored” services, distinguishing between services that are not installed on the server and those not monitored due to the user’s choice. (EXTPLESK-8798)
• The Watchdog extension now correctly shows the actual RAM usage on the “Overall” line. (EXTPLESK-8793)
• Plesk now correctly shows and allows managing Docker containers created with the --ulimit memlock=-1 parameter. (EXTPLESK-6371)
• Improved an error message shown when a user tries to restore a subscription or website from a backup, but other subscriptions with the same domain name already exist on the server. (PPPM-14908)
• The Plesk administrator can no longer create a subscription that customers cannot manage by sending an XML API request with two shared IP addresses. (PPPM-14901)
• Plesk now shows the correct website traffic information taken from the current month. (PPPM-14885)

Linux

• Plesk REST API requests to the /databases and /dbusers endpoints again require no additional parameters. (PPPM-14904)
• Updating MariaDB to version 10.11 in Plesk on AlmaLinux no longer causes issues with log rotation. (PPPM-14895)
• It is no longer possible to install an unsupported BIND package in Plesk on AlmaLinux 9. (PPPM-14897)
• It is again possible to create Plesk backups and store them in a custom location on the server via the CLI. (PPPM-14889)
• Upgrading MariaDB in Plesk on AlmaLinux 9 no longer overwrites a user’s custom settings. Plesk now detects if the /etc/my.cnf.d/mariadb-server.cnf file contains customizations and stops the upgrade, allowing the user to move their settings to a separate configuration file. (PPPM-14886)
• An in-place upgrade of Plesk from CentOS 7 to AlmaLinux 8 no longer fails if the Watchdog and/or Plesk Migrator extensions are installed. (PPPM-14883)
• Dovecot in Plesk now opens passwd.db in read-only mode for authentication. (PPPM-14865)
• It is now possible to browse logs whose lines exceed the default offset length. (PPPM-14840)
• Improved the error message shown when users try to install a PHP extension for a custom PHP handler from PECL (“Manage PECL Packages” in Tools & Settings > PHP Settings (under “General Settings”)). (PPPM-14813)
• Disabling IPv6 in Plesk on AlmaLinux 9 no longer causes issues with the Roundcube password change. (PPPM-14795)
• The dist-upgrade from Plesk on Ubuntu 20 to Ubuntu 22 no longer fails if the Watchdog extension is not installed. (PPPM-14874)
• CentOS 7 to AlmaLinux 8 and CloudLinux7 to CloudLinux 8 conversion tools no longer install Roundcube if it was not previously installed. (PPPM-14867)
• The Plesk PHP Engine on Ubuntu 24 no longer encounters frequent shutdowns that generate false-positive status emails.
• Log Browser no longer shows empty placeholders instead of the actual service statuses. (EXTPLESK-8770)
• The plesk repair fs command can now fix permissions and ownership of certain files related to the server’s mail system (for example, /var/lib/plesk/mail/handlers). (PPPM-14907)
• The time zone in the Monitoring widget on the Plesk Home page now matches the one shown in the Monitoring extension. (PPPM-14902)

Windows

• The correct webmail link is now shown in Plesk with a remote SmarterMail server. (PPP-67627)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.4.

Linux

• Updated ProFTPD to version 1.3.9.
• Updated OWASP ModSecurity CRS to version 4.12.0.
• Updated ModSecurity to version 3.0.14 (for nginx).
• Updated ModSecurity to version 2.9.8 (for Apache).
• Updated Phusion Passenger to version 6.0.26.

Windows

• Updated Python to version 3.13.2.
• Updated MailEnable Standard to version 10.51.
• Updated ASP.NET Core 9.0 to version 9.0.3.
• Updated ASP.NET Core 8.0 to version 8.0.14.
• Updated POCO to version 1.14.1.

Fixed Product Issues

Linux

• Enabling or disabling ModSecurity rule set updates no longer resets the rule IDs specified in the “Security rule IDs” textbox to their default values. (PPPM-14876)

Fixed Product Issues

• Fixed an issue with the backup rotation. (PPPM-14858)
• Fixed the issue where, after updating to Plesk Obsidian 18.0.68, logging in to Plesk could fail with the “Cannot read properties of undefined” error under specific circumstances. (PPPM-14862)

What’s New?

• (Plesk for Linux) CloudLinux 9 is now supported.

  For information on the feature, see the KB article.

• (Plesk for Linux) PHP 7.1 and 7.2 are now available in Plesk on Ubuntu 22.

• Revamped the Watchdog extension:

  • As per UserVoice request, the extension now works on modern OSes: AlmaLinux 9, Debian 11, Debian 12, Ubuntu 20, Ubuntu 22, and Ubuntu 24.
  • Overhauled the extension graphical interface to make it modern and more convenient.
  • Removed the outdated “Security” tab. For security scans, use an alternative monitoring tool such as the Imunify extension.

• As per UserVoice request, we introduce the feature that prevents the creation of domains that resolve to another server. This enhances security, especially against phishing. The feature is available in Tools & Settings > Prohibited Domain Names (under “Security”).

  To hide the feature from the Plesk interface, add the following lines to the panel.ini file:

  [domainManagement]
  features.resolutionRestriction = false
  

• Plesk administrators and partners can now customize the mail helper, which assists users with connecting their mail clients to the “Mail Accounts” page. By editing the /usr/local/psa/admin/conf/email_client_configuration_instructions.md.sample Markdown file, they can customize the helper’s text, formatting, and links to better suit their customers’ needs. Learn more about customizing the mail helper.
• It is now possible to copy and share the mail helper by clicking the “Copy the setup wizard link” in the Plesk interface. With the link, users can configure their mail clients without having a Plesk account or logging in.

Feature Improvements

• It is now possible to change a domain’s mail service from “Not configured” to “Disabled for incoming mail” via the CLI.

• Enhanced the sync mechanism between reseller plans and resellers’ hosting plans with the following improvements:

  • Added validation for resources and permissions. A reseller can no longer save a service plan if it includes resources and permissions exceeding those granted by the Plesk administrator.
  • Permissions that are not granted by the Plesk administrator are now hidden from resellers.
  • When creating a reseller, the default plan is now automatically created, with resources and permissions within the limits set by the Plesk administrator.
• Improved the view of the domain card for “Forwarding” and “No hosting” domains. The domain card no longer has tabs: all controls are now shown in one place.
• Updated the Dynamic list tour to make it consistent with a new layout of the domain card.

• Improved the password generation process:

  • The “Copy” icon now appears immediately after a password is generated.
  • You can now copy a password directly, without clicking the “Show” icon and selecting the password first.

• Refined the way Plesk handles backup tasks in unstable environments with a range of improvements:

  • An incremental backup is now created instead of a full one if the last incremental backup failed. (PPPM-14774)

  This improvement is not enabled by default. You need to enable it manually by adding the following lines to the panel.ini file:

  [pmm]
  createFullAfterInvalidBackup = false
  

  By default, the old mechanism remains in place: a full backup is created if the latest incremental backup has failed.

  • Failed backups no longer break backup rotation and will be rotated according to the schedule. (PPPM-14776)
  • Incomplete backups are now marked as failed in the Plesk interface and deleted when the backup task is closed. (PPPM-14778)
  • Non-existent backups are now deleted without errors. (PPPM-14784, PPPM-14791, PPPM-14782)
  • Backups are now validated during rotation and when incremental backups are created. Non-readable backups are marked as invalid.
  • Backup volumes are now grouped into a single backup even if the first volume is absent.
  • Improved Plesk ability to delete incomplete backups by adding two parameters to the admin\share\pmmcli\pmmcli-rc file: MAX_FILES_DELETION_PERIOD and MIN_FILES_DELETION_ATTEMPTS. Plesk will now attempt to delete an incomplete backup within the number of days specified by the MAX_FILES_DELETION_PERIOD parameter. If the backup still exists after that period, the MIN_FILES_DELETION_ATTEMPTS parameter will take effect. This means Plesk will try to delete the backup at least as many times as the MIN_FILES_DELETION_ATTEMPTS value specifies. (PPPM-14786)
  • Streamlined backup error messages by removing empty lines and limiting their length. (PPPM-14780)
• (Plesk for Linux) Improved the way Plesk handles inconsistencies in package management tools (APT and DPKG) during Plesk updates. If such inconsistencies are detected, the update is blocked and Plesk provides a link to the instruction for manual resolution. (PPPM-14765)

Deprecated and Removed Items

• (Plesk for Windows) MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.

Fixed Product Issues

• The “Traffic usage” and “Reports” tabs under statistics (Tools & Settings > Info and Statistics or Statistics in the left pane) are now accessible in Restricted mode. (PPP-67358)
• Customers and resellers can now manage mail settings even if they were changed by the Plesk administrator. (PPPM-14739)
• Backing up no longer fails with “Invalid input parameters in ‘–make-dump’ command: XML parse error” when a customer’s name contains non-printable characters. (PPPM-14725)
• The Plesk Repair utility can now fix web server issues when the Plesk database is hosted on a remote database server. (PPPM-14699)
• If the panel.ini mailQueue.serverWide setting is set to true and Postfix is stopped, emails sent with the sendmail command are no longer incorrectly displayed with the “Sent” status and the [MailQueueList.Filter.Status.maildrop] locale key, instead of the actual text, in Tools & Settings > Mail Queue. (EXTPLESK-6366)
• Watchdog email notifications now contain information about the average CPU and RAM usage. (EXTPLESK-6392)
• It is no longer possible to apply unlimited resources in a service plan under specific circumstances if they are limited in the corresponding reseller plan. (PPPM-14627)
• The File Manager button is no longer absent for domains whose subscription is suspended. (PPPM-13978)

Linux

• Enabling the free Comodo rule set in ModSecurity now applies the default security rule IDs. (PPP-67522)
• If a Plesk domain was previously migrated from cPanel, the domain’s backup is now restored without encountering the “A dedicated IPv4 address is required to set up and use anonymous FTP service” error. (PPP-67218)
• System notes in Backup Manager no longer incorrectly show that a domain backup is a part of the server backup, when it is not. (PPPM-14771)
• The mailbox size set as the “Another size” option in the Plesk interface (Websites & Domains > domain > Mail Accounts > email address) now matches the mailbox size stored in the /var/qmail/mailnames/<domain>/admin/Maildir/maildirsize file. (PPPM-14767)
• The IPv6 alias remains available when Apache listens on the localhost and nginx is disabled. (PPPM-14732)
• It is now possible to rename a domain to include uppercase letters when Webalizer is enabled. (PPPM-14565)
• The /var/log/plesk/panel.log file no longer contains the “Unable to get key: Repository is not opened” errors that were generated daily under specific circumstances. (PPP-59722)
• A reseller’s subscription no longer falls out of sync with the parent plan due to a mismatch in limits between the subscription and the plan. (PPPM-13152)
• Suspending a subscription no longer changes its scheduled task type from “Run a PHP script” to “Run a command”. (PPPM-14853)
• Updating MariaDB via the Plesk interface on AlmaLinux 9 no longer breaks WordPress websites and admin dashboard. (PPPM-14846)
• The passenger-status command no longer fails with an error in Pleks on AlmaLinux 8 when the Phusion Passenger component is installed. (PPPM-14828)
• When IPv6 is enabled, opening the “Anonymous FTP” tab no longer results in an HTTP 500 error. (PPPM-14800)
• Automatic Plesk updates no longer fail on servers managed by Ubuntu Landscape. (PPPM-14849)

Windows

• Failure to back up a single email message no longer causes the entire domain’s mail backup to fail. (PPPM-14668)
• Emails sent from a domain hosted in Plesk with remote SmarterMail and DKIM enabled now have valid DKIM signatures. (PPPM-14854)

Changes in Third-Party Components

Linux

• Updated phpMyAdmin to version 5.2.2.

Windows

• Updated PHP used by Plesk to version 8.3.17.
• Updated BIND to version 9.16.49.
• Updated libcurl to version 8.12.1.
• Updated Node.js 20 to version 20.18.2.
• Updated Node.js 18 to version 18.20.6.
• Updated MailEnable Standard to version 10.50.
• Updated Git to version 2.47.1.2.

Fixed Product Issues

• Fixed the issue where File Manager failed to open with the “Failed to load tree data” error. (PPPM-14834)
• Fixed the issue where it was not possible to set the Ruby application root for a subscription. (PPPM-14830)

Fixed Product Issues

• It is again possible to create scheduled tasks for domains in Plesk Obsidian 18.0.67 and later. (PPPM-14812)

Fixed Product Issues

• Fixed the issue where clicking the “Select Directory” button to change the home directory for an additional FTP user resulted in the “Failed to load tree data” error. (PPPM-14790)
• Fixed the issue where clicking the “Select Directory” button to specify the file when adding a “Run a PHP script” scheduled task resulted in the “Failed to load tree data” error. (PPPM-14806)

What’s New?

• PHP 8.4 is now shipped with Plesk Obsidian on all supported OSes other than CentOS 7 and CloudLinux 7.

  Note: Make sure to manually remove the E_STRICT constant from the error_reporting PHP directive when switching to PHP 8.4 from an earlier PHP version.

• (Plesk for Linux) As per UserVoice request, AVIF, one of the most commonly used image formats on the web is now supported. It provides high compression rates and efficient performance.

  Note: AVIF is not available in Ubuntu 18.04, CentOS 7, and CloudLinux 7.

• As per UserVoice request, it is now possible to secure the mail service with a separate SAN on domains with the “No Hosting” type using the SSL It! extension.
• (Plesk for Linux) Atomic rulesets for ModSecurity can now be selected on all OSes, including the most modern ones, such as Debian 11 and later, and Ubuntu 20.04 and later.
• To help you customize the Home dashboard in Service Provider View, we have developed an example extension called Custom Dashboard. With this extension, you can learn the ropes of customizing the dashboard even if you are not proficient in coding. Install the extension from the GitHub repository, follow code-along exercises, and see how that shapes your Home dashboard.
• It is now possible to use AI to get recommendations for fonts and color schemes in the Sitejet Builder extension.

Feature Improvements

• (Plesk for Linux) The Watchdog component has been converted to an extension to make it easier to update and implement new features in the future. Updating a Plesk server with the Watchdog component installed to Plesk Obsidian 18.0.67 will seamlessly replace it with the new extension.
• (Plesk for Linux) Switched Roundcube to PHP 8.3.

• Improved the Plesk UI notifications’ UX:

  • Notifications are now grouped according to their type (for example, those that belong to particular extensions or events).
  • A notification group is displayed on one line. You can expand the group and see all its extensions by clicking “Show more”. To collapse the group, click “Show less”.
  • You can dismiss the whole group of notifications with a single click on the “Remove” icon.
  • You can mark a group of notifications as favorite and then use the “Favorites” filter.
  • A notification group inherits its title and description from the most recent notification in the group.
  • If one group is expanded, an attempt to open another group will automatically collapse the first group before the second one is opened.

• Improved the look and feel of Plesk notifications on long tasks (shown as popovers in the bottom right corner of the screen):

  • Multiple notifications are now grouped into a single popover.
  • It is now possible to close groups of notifications with a single click.

Deprecated and Removed Items

• (Plesk for Linux) The ImunifyAV extension is now deprecated and no longer available for installation. Instead, we recommend that you use the new and improved Imunify extension.

  Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Fixed Product Issues

• Fixed the issue where scheduled tasks added by the WHMCS extension failed to run with the “/opt/psa/admin/bin/php: No such file or directory” error. (EXTPLESK-6298)
• Fixed the issue where, under specific circumstances, instead of the mail log entries, the “Too many SQL variables” error was shown on the “Mail” tab of the Log Browser extension. (PPPM-14714)
• Fixed the issue where, when using the .NET Toolkit extension, clicking the Restart button failed to restart the application if its application root started with the forward slash (“/”) character. (PPPM-14721)
• Fixed the issue where the files containing metadata for rotated backups in remote storage were not removed from the Plesk server. (PPPM-14641)
• Fixed the issue where failed backups showed up in the list of existing backups, but could not be deleted. (PPPM-14745)
• Fixed the issue where customers could not change the forwarding type settings for their websites if the “Hosting settings management” permission was not granted to their subscription. (PPPM-14728)
• Fixed the issue where the output of the plesk bin service_plan --info command differed from that of the plesk bin service_plan --xml-info one. (PPPM-14691)

Linux

• Fixed the issue where the description assigned via the -description option of the plesk bin ip_ban --add-trusted command would not show in the Plesk GUI. (PPPM-14755)
• Fixed the issue where temporary files would not be cleaned up after failed attempts to restore a backup from remote storage. (PPPM-14626)
• Fixed the issue where removing a forwarding email address via the plesk bin mail -forwarding-addresses command would not result in complete removal if that address was also created via the plesk bin mail -forwarding-addresses command, included one or more uppercase characters, and the address was entered in lowercase when specifying it for removal. (PPPM-14660)
• Fixed the issue where assigning an IPv6 address to a domain that already had an IPv4 address assigned and had one or more custom TXT records in its DNS zone resulted in additional TXT records from the DNS template being unnecessarily added to the domain’s DNS zone. (PPPM-14734)
• Fixed the issue where, after selecting the “Anonymize IP addresses during log rotation and collecting of web statistics” and “Force daily log rotation for all domains” checkboxes on the Tools & Settings > Server Settings page, applying the changes would sometimes fail with the “System logs: logrot_mng failed: filesystem error: cannot rename: No such file or directory” error. (PPPM-14706)

Windows

• Fixed the issue where activating or suspending a subscription with a large number of add-on domains would result in performance degradation. (PPPM-14583)
• Fixed the issue where restoring a domain from backup failed with the “The user name or password is incorrect” error if the domain’s system user’s password had been changed after the backup’s creation. (PPPM-14648)
• Fixed the issue where, when creating a virtual directory for an addon domain, browsing the file system to select the corresponding physical directory failed with the “Failed to load tree data” error. (PPPM-14715)
• Fixed the issue where adding a period character (“.”) to the end of a website’s document root resulted in the “Cannot create a file when that file already exists. (Error code 183)” error instead of a notification that such a document root is not allowed. (PPPM-14693)

Changes in Third-Party Components

Linux

• Updated ProFTPD to version 1.3.8c.

Windows

• Updated ASP.NET Core 9.0 to version 9.0.1.
• Updated ASP.NET Core 8.0 to version 8.0.12.
• ASP.NET Core 6.0 is no longer shipped with Plesk.

Fixed Product Issues

• Fixed the issue where clicking the “My Profile”, “Back Up Websites”, and “Additional Services” buttons failed to produce a response when logged in as a customer. (PPPM-14752)

Fixed Product Issues

• Updating to Plesk Obsidian 18.0.66 no longer removes custom buttons from the Tools & Settings screen. (PPPM-14736)
• The Updates page in Tools & Settings is now again opened in a new tab. (PPP-67004)

What’s New?

• Added the ability to launch a Portainer container with a click to the Docker extension. Portainer is container management software that makes it easier to deploy containers and stacks, view a container’s status and logs, create users and teams, secure your environments, and more! Learn more about Portainer.

  To get started, simply click the Install Portainer button on the “Containers” tab.

  The feature is currently in beta. It was added based on the UserVoice feedback. If you would like to see a feature added to Plesk, be sure to add or vote for the corresponding request on the Plesk UserVoice page!

• Added the ability to create a new stack from a docker-compose file stored inside a website’s Home directory to the Docker extension. This makes it possible to declare and build entirely custom containers. Any artefacts created during the build process will be placed inside the website’s Home directory.

• (Plesk for Linux) Added the ability to stop accepting mail sent to preconfigured aliases such as root, postmaster, or anonymous on Plesk servers using Postfix or qmail as the mail server. By default, such emails are delivered to the Plesk administrator’s mailbox.

  To allow accepting mail sent to one or more specific aliases, add the following lines to the panel.ini file, listing the desired aliases:

  [mail]
  adminAliases = alias1 alias2 .. aliasN
  

  Mail sent to aliases that are not listed will no longer be delivered to the Plesk administrator’s mailbox. For example, to allow accepting mail sent to the root and postmaster aliases, but not to any others, add the following:

  [mail]
  adminAliases = root postmaster
  

  and then run the following command:

  plesk repair mail -y
  

  This feature was added based on the UserVoice feedback. If you would like to see a feature added to Plesk, be sure to add or vote for the corresponding request on the Plesk UserVoice page!

• (Plesk for Windows) ASP.NET Core 9.0 is now supported.
• (Plesk for Linux) The Imunify extension now replaces both the Imunify360 and ImunifyAV/AV+ extensions. The extension is included in the “Recommended” preset and is installed by default.
• The “Statistics” section on the Tools & Settings page has been removed due to low popularity. The contents of the section have been moved to the new Statistics page available in the Navigation Pane.

• We are glad to announce that the WHMCS Installer extension is no longer in beta! The extension makes installing and configuring WHMCS in Plesk a breeze!

  We thank everyone who tried the beta version for their participation and feedback.

Feature Improvements

• Improved the Plesk pages’ loading speed by up to 70%.

• Added support for the WebAuthn protocol to the Social Login extension. This makes it possible to authenticate to Plesk using passkeys, hardware tokens, and more. Learn more about WebAuthn support in Plesk.

  This feature was added based on the UserVoice feedback. If you would like to see a feature added to Plesk, be sure to add or vote for the corresponding request on the Plesk UserVoice page!

• Improved the way search works on the “Mail” tab of the Log Browser extension. Learn more about the way search on the “Mail” tab works now.
• Added the option to also remove the attached volumes when removing a container in the Docker extension. (EXTPLESK-5853)

Fixed Product Issues

• Fixed the issue where viewing a Docker container’s “Overview” tab could freeze or crash the browser if the log files shown in the “Console Log” window had grown to a large size. (EXTPLESK-5826)
• Fixed the issue where a Docker container’s logs on the “Logs” tab failed to load with the “Allowed memory size exhausted” error if the log files had grown to a large size. (PPPM-5094)
• Fixed the issue where configuring the Thunderbird or K-9 Mail clients running on an Android-based mobile device to work with a domain in Plesk using the autodiscover feature failed with the “400 Bad Request” error. (PPP-66589)
• Clarified the misleading UI text for the hint accompanying the “Custom domain name” field for the mail autodiscover feature. (PPP-64266)
• Fixed the issue where running the plesk repair all -y command to fix an add-on domain failed with the “Webspace does not exist” error. (PPPM-14696)
• Fixed the issue where the contents of the “Accounts” tab of the Multi-Factor Authentication (MFA) extension would fail to load under specific circumstances. (EXTPLESK-6144)
• Fixed the issue where, on servers with the Docker extension installed, backup creation would fail if only remote docker nodes’ management was supported by the extension. (EXTPLESK-6106)
• Fixed the issue where Plesk customers could create custom buttons in areas inaccessible to them, such as the administrator’s Home page or a reseller’s Tools & Utilities page. (PPP-66608)
• Fixed the issue where the “Additional Services” button was missing for subscriptions owned by the administrator or any reseller. (PPP-66607)
• Fixed the issue where clicking “Show more records” in Log Browser showed an error instead of redirecting the uses to the Plesk login page if the user’s Plesk session had expired. (EXTPLESK-6117)

Linux

• Fixed the issue where DKIM could fail to be enabled under specific circumstances. (PPPM-14689)
• Fixed the issue where, on servers with the Plesk Email Security extension installed, the “Settings” link added by the extension for each mailbox disappeared from the Plesk interface after updating to Plesk Obsidian 18.0.65. (PPP-66764)
• Fixed the issue where, on Debian 10 servers, updating MariaDB from version 10.3 to version 10.11 failed with the “404 Not Found” error. (PPPM-14702)
• Fixed the issue where the “Apply individual settings to spam filtering” checkbox on the Tools & Settings > Spam Filter page could be selected even if SpamAssassin was not installed. (PPPM-14701)
• Fixed the issue where, after applying the “Hour Ago” filter in Log Browser, log entries for the wrong time period were shown. (PPPM-14683)
• Fixed the issue where, on servers with ModSecurity enabled, Apache child processes could crash due to segmentation faults under specific circumstances. (PPPM-14671)
• Fixed the issue where, on AlmaLinux 8 and 9 servers with SELinux enabled, downloading or opening a website’s log files when logged in via FTP as the website’s system user failed with the “550 Permission denied” error. (PPP-66647)

Windows

• Fixed the issue where an unnecessary and confusing “There is no active configuration” error message was shown after opening the Docker extension’s interface. (EXTPLESK-6083)
• Fixed the issue where, on servers using MailEnable as the mail server, updating the SSL/TLS certificate securing the mail service would result in the additional port settings being changed as well. (PPPM-14666)
• Fixed the issue where iisnode was not uninstalled properly after removing the Node.js Toolkit extension. (PPPM-14657)

Changes in Third-Party Components

• Updated libcurl used by Plesk and Plesk Installer to version 8.11.0.
• Updated nghttp2 to version 1.64.0.

Linux

• Updated PHP used by Plesk to version 8.3.14.

Windows

• Updated ASP.NET Core 8.0 to version 8.0.11.
• Updated ASP.NET Core 6.0 to version 6.0.36.
• Updated MariaDB for the Plesk database to version 11.4.4 (on Windows Server 2019 and later).
• Updated Python to version 3.13.0.
• Updated SQLite to version 3.47.0.
• Updated Microsoft.SqlServer.SqlManagementObjects to version 171.30.0.
• Updated OWASP ModSecurity CRS to version 3.3.7.
• Updated MailEnable Standard to version 10.49.

Fixed Product Issues

• Fixed the issue where uncompressed backups in remote storage could not be validated under specific circumstances. (PPPM-14652)
• Fixed the issue where the SRV records of domains hosted in Plesk could not be validated by the Plesk mail account configuration wizard if the hosted domains’ DNS service was remote and not local. (PPP-66770)

Linux

• Fixed the issue where, on Red Hat Enterprise Linux 9 servers, creating a backup in via the CLI failed with the “Unable to create the remote backup: Cannot update digest: error:030000BD:digital envelope routines::update error” error. (PPPM-14674)

Windows

• Fixed the issue where the creation of a backup in FTP storage could get stuck under specific circumstances.(PPPM-14654)

Fixed Product Issues

Linux

• Fixed the issue where, on Plesk servers with the “Outgoing Mail Control” and/or “Fix Incorrectly Set Sender for Outgoing Mails” features enabled, special characters (such as umlauts or accents) in multi-part messages could be replaced with other characters, such as “�”. (PPPM-14661)

What’s New?

• This release, we invested a lot of resources into improving Docker support in Plesk. We overhauled the Docker extension graphical interface to make it modern and more convenient, added Docker Compose support, fixed many pesky bugs, and more! Here are some of the highlights:

  • As per UserVoice request, it is now possible to deploy Docker Compose YAML files (but not Dockerfiles or any other files required by an application), and also to modify and update the stacks from the new “Stacks” tab. Use copy and paste, or upload them from local storage. Typical operations on stacks are supported, such as: up (including pull and force-recreate), stop, and down.
  • The main Docker page was split into the “Containers” and “Images” tabs.
  • The “Configurations” page is now the “Environments” tab.
  • The ability to pull images was added to the extension’s interface.
  • As per UserVoice request, Docker containers’ configuration (but not data in Docker volumes) is now included in Plesk backups.

  To enable these features, add the following lines to the panel.ini file:

  [ext-docker]
  newUI = on
  

• Added a helper to assist users with connecting their mail clients to the “Mail Accounts” page. The Configure Mail Clients button helps users turn on autodiscover, and also provides concise instructions on how to connect their Mozilla Thunderbird, Gmail on Android, iOS Mail, or Outlook 2016 or earlier client to their Plesk mailboxes.

• As per UserVoice request, added the ability to quickly empty mailboxes of all mail to the “Mail Accounts” page. The Empty Mailbox button enables users to remove all mail, both incoming and outgoing, from one or more mailboxes with a click.

  To disable this feature, add the following lines to the panel.ini file:

  [mail]
  canClearMailbox = false
  

• A new version of the Multi-Factor Authentication extension will be released together with Plesk Obsidian 18.0.65. Here are some of the highlights:

  • The “Accounts” tab was added. It lists all Plesk user accounts and their MFA statuses.
  • The ability to deactivate MFA for dependent users was added.
  • The MFA secret key is now regenerated when the MFA feature is reactivated for a user.

• We are glad to introduce the beta version of the WHMCS Installer extension. The extension helps you install and configure WHMCS by guiding you through the essential steps: installing PHP and ionCube Loader, configuring and installing WHMCS, creating the database, and securing the system.

  We would love to hear your feedback about this extension at beta-extensions@plesk.com.

• (Plesk for Windows) MariaDB 11.4 is now supported. It is the latest “long-term support” version from the vendor. Support for MariaDB 11.4 in Plesk for Linux was added in Plesk Obsidian 18.0.64.

Feature Improvements

• (Plesk for Linux) The Performance Booster feature will be rolled out to all supported Plesk Obsidian installations. The feature enables Plesk administrators to tweak PHP, web server, and database server settings to significantly improve the hosted websites’ performance.

  To disable the feature, add the following lines to the panel.ini file:

  [ext-performance-booster]
  enabled=false
  

• Thirteen various bugs were fixed to improve the CentOS 7 to AlmaLinux 8 conversion tool.
• Improved the look of the subscription creation progress drawer when creating a subscription with a long name.
• Added the ability to copy the DNS records values shown in the “How to configure external DNS” pop-up window with a click. (PPPM-14594)
• Added the separate /usr/share/psa-roundcube/config/config.local.php file to the Roundcube webmail configuration. This file can be used to store customer’s customizations, so that they would not be lost when updating Roundcube. (PPPM-14193)

Fixed Product Issues

• The “last modified” timestamps on the users’ files restored from backup (including mail) are no longer reset to the current date upon restoration. This also prevents files restored from backup from being unnecessarily included in incremental backups. (PPPM-6333, PPPM-10282)
• Fixed the issue where the Log Browser extension’s database would keep growing indefinitely. (EXTPLESK-5717)
• Fixed the issue where the subscription creation progress drawer was malformed when creating a subscription with a long name.(UILIB-1535)
• It is no longer possible to create a website named “gmail.com” in Plesk if the “Prohibited Domain Names” feature is enabled. (PPP-66467)
• Fixed the issue where clicking a DNS record of a domain alias to edit it resulted in the “500 Error Call to a member function setOption() on false Type Error Message Call to a member function setOption() on false File Https.php Line 60” error. (PPPM-14633)
• Disabled and suspended websites are no longer counted when calculating IP addresses’ usage statistics. (PPPM-14608)
• Fixed the issue where configuring FTP storage on a Microsoft FTP server failed with the “Unable to upload the file to the storage” error if FTPS was enabled. (PPP-66466, PPP-66468)

Linux

• Fixed the issue where, in the Log Browser extension interface, the “Processed” counter kept increasing for bounced emails even when they were no longer being processed by the Plesk mail server. (EXTPLESK-5791)
• Fixed the issue where, on AlmaLinux 9 servers, disabling PHP for a domain switched the domain’s PHP handler to the php-fpm used by Plesk instead of disabling PHP support completely. (PPP-66389)
• Fixed the issue where emails containing certain characters could not be sent if the “Limitations on outgoing email messages” feature was enabled in Plesk. (PPPM-14624)
• Fixed the issue where, under specific circumstances, log rotation could fail due to the incorrect umask settings. (PPPM-14621)
• Fixed the issue where, after a failed domain name change attempt, certain services for the website were no longer operational. (PPPM-14571)
• Fixed the issue where, after changing the default mailbox size for a subscription, the mailboxes owned by the subscription whose size was customized would have their size changed to the new default value if it was greater than the specified custom mailbox size. (PPPM-14557)
• Fixed the issue where installing an additional license key not associated with any Plesk license key via Tools & Settings > License information > Install Key would fail with the “Parent key not provided (Error code: 2)” error. (PPPM-14527)
• Fixed the issue where sending mail via the sendmail utility could fail during periods of high write load on the database server. (PPPM-14464)
• Fixed the issue where, when being logged in to the Plesk graphical interface via port 443, changing any ModSecurity settings would result in the operation hanging indefinitely and failing to finish. (PPPM-14448)
• Fixed the issue where, on CentOS 7 servers with Plesk installed, running the plesk sbin fsmng --check-plesk-packages command could produce unnecessary and misleading errors related to certain installed packages. (PPPM-14586)
• Fixed the issue where running the CentOS 7 to AlmaLinux 8 conversion tool (centos2alma) on a server with curl 8 installed would result in a failure during the preupgrade stage, and also in yum and dnf being unable to run. (PAUX-6474)
• Fixed the issue where running the CentOS 7 to AlmaLinux 8 conversion tool (centos2alma) or the CloudLinux 7 to CloudLinux 8 conversion tool (cloudlinux7to8) would result in a failure to adopt repositories under specific circumstances. (PAUX-6470)
• Fixed the issue where it was not possible to install IonCube PHP Loader via the Plesk graphical interface. (PPPM-14640)
• Fixed the issue where, on Debian 11 servers with Plesk installed, signing up to a Mailman 3 mail list using a Google Mail email account (*@gmail.com) would not result in the signup email being delivered to the *@gmail.com mailbox. (PPPM-14619)

Windows

• Fixed the issue where, under specific circumstances, operations on Microsoft SQL databases could hang indefinitely while consuming large amounts of RAM. (PPPM-14607)
• Fixed the issue where, under specific circumstances, an invalid backup could be created with no errors, but could not be restored from. (PPPM-14605)
• Unnecessary utility calls are no longer logged to the php_error.log when a subscription is suspended or activated. (PPPM-14583)
• Fixed the issue where running the plesk repair mssql command would not restore Microsoft SQL database users present in Plesk, but missing from the Microsoft SQL database server. (PPPM-14431)

Changes in Third-Party Components

• Updated libcurl used by Plesk and Plesk Installer to version 8.10.1.

Linux

• Updated php-redis to version 6.1.0, with CentOS 7 compatibility patch.

Windows

• Updated ASP.NET Core 8.0 to version 8.0.10.
• Updated ASP.NET Core 6.0 to version 6.0.35.
• Updated Microsoft Visual C++ 2017 Redistributable to version 14.40.33816.
• Updated OpenSSL used by Plesk and Plesk Installer to version 3.0.15.

• Internal improvements.
• It is again possible to restore a backup of a subscription which has a dedicated IP address if there are no free IP addresses on the server. (PPP-66418)

What’s New?

• We are excited to announce the launch of our updated “What’s New” page for Plesk! The page highlights the key features and major benefits of Plesk Obsidian helping you to gain a deeper understanding of our product. Explore it now at What’s New in Plesk Obsidian.
• As per UserVoice request, it is now possible to configure a smarthost or relayhost in Plesk on the server level. For details, refer to the following topic.
• (Plesk for Linux) MariaDB 11.4 is now supported. It is the latest “long-term support” version from the vendor.
• (Plesk for Linux) The Website Log Check feature will be gradually rolled out to all Plesk Obsidian installations version 18.0.64 and later. The feature helps to troubleshoot a website’s availability issues by scanning the web server logs for common issues and suggesting ways to resolve them. Learn more about Website Log Check.

• The new customizable Home dashboard in Service Provider View is now enabled by default on all Plesk Obsidian servers. It helps you to keep track of your server and your business by adding, removing, and rearranging informational blocks showing all sorts of data. To disable the feature, add the following lines to the panel.ini file:

  [navigation]
  newHomeView.enabled = false
  

• As per UserVoice request, to the Docker extension, added support for AlmaLinux 9 and support for websocket traffic on Docker Proxy Rules.

• Improved the dist-upgrade procedure and migration:

  • From Plesk on Ubuntu 20 by introducing PHP 7.3 provided by Plesk.
  • From Plesk on Ubuntu 22 by introducing PHP 7.0 provided by Plesk.
  • From Plesk on Debian 11 by introducing PHP 7.2 provided by Plesk.

  Websites after migration or dist-upgrade now seamlessly adopt a new PHP version without additional manual patches.

  Note: PHP versions 7.0 - 7.3 are outdated and no longer supported by the vendor (PHP Group), so they will receive no security updates. We recommend that you use these old PHP versions only for the dist-upgrade or migration purposes, and then switch to a newer supported PHP version.

• With the upgrade to Plesk Obsidian 18.0.64, Kaspersky Anti-Virus for Servers will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers. It is fully integrated with Plesk for both Linux and Windows, and also included in Power Pack and Hosting Pack.
• The CloudLinux team extended the Imunify360 extension with the improved ImunifyAV/AV+ and renamed the Imunify360 extension to Imunify. Existing users of the free and paid ImunifyAV extension (the revisium-antivirus ID) can upgrade to the new ImunifyAV/AV+ at no additional cost. Learn more about benefits of the revamped Imunify and how to upgrade to it.

Feature Improvements

• The Plesk Repair feature in the UI can now fix MariaDB/MySQL server permissions.

• Revamped the Disk Space section in the Repair Kit extension:

  • Disk and Plesk directories are now shown in the Disk Space section.
  • Warnings and alerts are now shown only for disks that contain the directories mentioned above.
  • Added a message with general recommendations on what to do if the disk space is not sufficient.

• Improved the Track Email Delivery feature in Websites & Domains > domain > the “Mail” tab. If there are one or more delayed emails in the queue, an orange circle is now shown next to the “Mail” tab name.

  To disable this feature, add the following lines to the panel.ini file:

  [ext-log-browser]
  showEmailBadge = false
  

• As per UserVoice request, in the Plesk DNSSEC extension, introduced CLI commands to sign, unsign, and show the current settings of a DNS zone. See the examples of use below:

  • To sign a domain with default settings:

    plesk ext dnssec sign –domain-name example.com

  • To view DNSSEC information for a domain:

    plesk ext dnssec info –domain-name example.com

  • To unsign a domain:

    plesk ext dnssec unsign –domain-name example.com

• Added the following options to the ModSecurity CLI: -waf-rule-filter-ids, -waf-filter-by-tags, -waf-filter-by-regexp, and -waf-additional-settings. For details, see the CLI guides for Linux and Windows.
• Unified and updated the messages shown when Plesk license limits are reached. The messages about upgrading a Plesk license to a higher version are now more helpful, clear, and informative.
• The Node.js Toolkit now supports JavaScript modules (MJS files).
• It is now possible to use the “Forgot password” feature via the CLI: the plesk bin admin --send-reset-link command with the -user or -email options generates a password reset link for the specified user and sends it via email.

Future Plans

• Starting from Plesk Obsidian 18.0.65, the ImunifyAV extension will be removed from the Recommended and Full presets. Instead, the Imunify extension (former Imunify360) will be installed by default on all new Plesk installations. If, for some reason, you want to disable the extension, add the following lines to the panel.ini file:

  [extensions]
  blacklist = imunify360
  

• The Horde webmail has been deprecated. Its complete removal is scheduled on April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Fixed Product Issues

• The “Track Email Delivery” tab in Log Browser now correctly shows the time spent on processing an email. (EXTPLESK-5765)
• Returned the yellow highlight for the status of delayed emails in Websites & Domains > domain > the “Mail” tab > Track Email Delivery. The highlight went missing in Plesk Obsidian 18.0.63 and earlier. (EXTPLESK-5762)
• Search in Users can now find users with empty contact names (when only a user’s email address was provided). (PPPM-14595)
• Mass email messages are no longer sent to excluded customers. (PPPM-14580)
• Restoring a backup from S3-compatible storage no longer leaves already imported files if the restoration was stopped. (PPPM-14578)
• When restoring a subscription from a server backup, the state of the “Redirect visitors from HTTP to HTTPS via a SEO friendly 301 redirect” option is now preserved. (PPPM-14569)
• Restoring selected objects (“Files of domains”) from a backup can no longer remove configured scheduled tasks. (PPPM-14531)
• Restoring a subscription no longer restores the first uploaded SSL/TLS certificate instead of the selected one if both certificates were generated using the same private key. (PPP-34102)
• The plesk bin statistics --calculate-list command with the domain-names or domain-ids options again calculates statistics only for the specified domains. (PPPM-14562)
• Lack of disk space in configured remote storage no longer causes failure of local scheduled backups. (PPPM-14549)
• Subscriptions > subscription is now opened on mobile devices if the limits for the subscription’s domains, subdomains, and aliases are set to 1, 0, and 0, respectively. (PPPM-14548)
• Running the plesk bin subscription --update-php-settings command now preserves custom PHP settings of websites. (PPPM-14364)

Linux

• The domain card is now opened if the server MySQL/MariaDB configuration is modified and an APS application is installed. (PPPM-14574)
• The underscore character is now shown in the SSH Terminal extension opened in Firefox. (PPPM-14573)
• It is again possible to remove IP addresses of resellers. (PPPM-14567)
• Mail Server Repair of the Plesk Repair feature in the UI no longer applies incorrect permissions to /etc/domainkeys/example.com/default. (PPPM-14546)
• The SSH Terminal extension can now connect to Plesk on Ubuntu 24. (PPPM-14544)
• If the vhosts_blkio feature is not available, the Disk Read/Write limits are now hidden in the Cgroups Manager interface. (PPPM-14526)
• Restoring a backup in Plesk with Mailman 3 no longer sends welcome emails to all subscribers in all mailing lists. (PPPM-14515)
• HTTP/3 now works in nginx if the value of worker_processes in the /etc/nginx/nginx.conf file is greater than 1. (PPPM-14480)
• PHP session cleaner no longer sends false positive error notifications under certain circumstances. (PPPM-14472)
• The dnf update command now works in Plesk on AlmaLinux 8 with the SOGo Webmail extension installed if it was updated to 1.1.3 from version 1.1.1 or earlier. (EXTPLESK-5529)

Windows

• Selecting the preferred domain for a subscription now creates the corresponding rewrite rule “SEO-safe 301 redirect” in IIS. (PPPM-14543)

Changes in Third-Party Components

Linux

• Updated PHP used by Plesk to version 8.3.10.
• Updated nginx to version 1.26.2.
• Updated Phusion Passenger to version 6.0.23.
• Updated OWASP ModSecurity CRS to version 4.5.0.

Windows

• Updated PHP used by Plesk to version 8.3.11.
• Updated ASP.NET Core 8.0 to version 8.0.8.
• Updated ASP.NET Core 6.0 to version 6.0.33.
• Updated SpamAssassin to version 4.0.1.

Fixed Product Issues

• Fixed the issue where the “Exception: PHP Warning: Undefined array key “description”” error was shown under specific circumstances. (PPP-66058)

Linux

• Fixed the issue where a BIND DNS server did not start when the limit of resource records in a DNS zone was exceeded. (PPP-66001)
• Repairing InnoDB corruptions in the /var/lib/mysql/ibdata1 system tablespace file or in the mysql database no longer crashes the MariaDB server. (PPP-66131)
• Updating MariaDB to a newer version no longer fails in Plesk running on Ubuntu 20.04. (PPP-66132)

Fixed Product Issues

• Fixed the issue where the “Exception: PHP Warning: Undefined array key “description”” error was shown under specific circumstances. (PPP-66058)

Linux

• After updating to Plesk Obsidian 18.0.63, opening the Fail2ban page no longer fails with the “Server Error 500 PleskUtilException” error message. (PPP-66006)
• Fixed the issue where, on Debian servers, Plesk Update Manager failed to update system packages to the latest version. (PPPM-14558)

Fixed Product Issues

Linux

• Fixed the issue where Courier IMAP did not start after updating to Plesk Obsidian 18.0.63. (PPPM-14541)

Changes in Third-Party Components

Linux

• Updated Roundcube to version 1.6.8.
• Updated Roundcube 1.4.15 to fix the CVE-2024-42008, CVE-2024-42009 and CVE-2024-42010 vulnerabilities.

What’s New?

• (Plesk for Linux) We are glad to present the “InnoDB repair” tool you can use to check for and attempt to automatically fix InnoDB corruption in MariaDB databases. InnoDB corruption is a serious issue, preventing the database server from working properly. Fixing it by hand requires time and expertise.

  You can access the tool by browsing https://:8443/repair/ and authenticating with the Plesk administrator credentials.

• Re-worked the “Mail Queue” menu to make it easier to track the status of messages and identify and resolve issues.

  To enable this feature, add the following lines to the panel.ini file:

  [ext-log-browser]
  mailQueue.serverWide = true
  

• If you plan to use a domain for mail hosting only, you can now select the new “Mail Hosting” option in the “Add Domain” wizard.
• We are glad to present a tool to convert your CloudLinux 7 servers to CloudLinux 8! The ready to use CLI tool is available in our GitHub repository.

• Plesk Obsidian on Ubuntu 20.04, AlmaLinux 8, and AlmaLinux 9 now comes with PHP 7.0 support. PHP 7.0 can be installed via Plesk Installer.

  This should make updating servers running an earlier OS version smoother. However, keep in mind that PHP 7.0 is outdated, and no longer receives security updates. We recommend updating web applications that require PHP 7.0 to use up-to-date PHP versions.

• You can now resell Sitejet Commerce. To do so, add the following lines to the panel.ini file:

  [ext-plesk-sitejet]
  commerceEnabled=true
  commerceBuyUrl=https://example.com/link-to-the-commerce-product-in-your-store
  

• Implemented a feature in Sitejet that enables users to seamlessly substitute a missing logo with text (and switch back to a logo if necessary).
• The Hungarian language is now available for the Sitejet Website Builder interface
• New Sitejet website template: Eco-Con.
• New Sitejet website template: WePaint.

Feature Improvements

• On Plesk Obsidian servers with a custom DNS backend enabled, Plesk now sends the following messages to the custom integration script:

  • A “create” message when a domain is created.
  • A “delete” message when a domain is removed.
  • An “update” message when a domain is suspended, disabled, or enabled, or when a domain’s DNS service is enabled or disabled, or when the Plesk DNS service for a domain is switched from primary to secondary, or vice versa.

  To enable this feature, add the following lines to the panel.ini file:

  [dns]
  newEvents = true
  

• Added a tooltip to the domain-level “Track Email Delivery” pages explaining why it is not possible to resend or remove sent, rejected, and bounced emails.
• Added a tooltip to the domain-level “Track Email Delivery” pages advising to select one or more deferred emails when attempting to click Resend with no deferred emails selected.
• The support for DNS HTTPS records is now enabled by default on all Plesk Obsidian servers.
• The pre-configured firewall rules in Plesk cloud images were updated to enable HTTP/3 to work out of the box.
• The “CPU usage” and “Memory usage” informational blocks on the new Home dashboard no longer take a long time to load the data. In addition, the “Memory usage” informational block now shows the total amount of RAM on the server.
• The Performance Booster extension now regularly checks the current database server settings and notifies the Plesk administrator when a noticeable improvement in performance can be achieved by applying the recommended settings.
• Increased the size of the input window when creating a “Fetch a URL” type scheduled task to make working with a long URL more convenient.

• It is now possible to manually configure the maximum age of mail log entries to be processed by the Log Browser extension (in seconds). To do so, add the following lines to the panel.ini file:

  [ext-log-browser]
  mailQueue.firstEntryOffset = <value in seconds>
  

Linux

• The Fail2ban bad bots list has been updated.
• Added the ability to manually add IP addresses to the Fail2ban banned IP addresses list, both temporarily and permanently.
• Pseudo-devices with constant 100% disk usage (such as /dev/loop devices) are no longer shown in Tools & Settings > Server Information to avoid unnecessary confusion.
• Added support for the Atomic ModSecurity rule sets in Plesk on AlmaLinux 9.

Future Plans

• Kaspersky Anti-Virus for Servers has been deprecated and is no longer available for installation. Starting from Plesk Obsidian 18.0.64, the extension will be automatically removed from the servers it is installed on. For details and recommended actions, see the Feature and Deprecation Plan and the deprecation FAQ.

Fixed Product Issues

• Fixed the issue where, on Ubuntu 24.04 servers, log entries about emails present in the server-wide mail log were absent from the domain-level “Track Email Delivery” pages. (EXTPLESK-5616)
• Fixed the issue where emails sometimes showed the confusing “MailQueueList.Filter.Status.null” status on the domain-level “Track Email Delivery” pages. (EXTPLESK-5612)
• Fixed the issue where the Log Browser extension got stuck trying to process logs with an excessively large number of entries. (EXTPLESK-5686)
• The Action Log now records changes made to the Action Log settings, including changing what actions are included in or excluded from the log, and also changing the log rotation settings. (PPP-65724)
• Fixed the issue where customers could see actions performed by other customers in the Action Log. (EXTPLESK-5654)
• Added a note clarifying that PHP settings may be overwritten by those specified in the .htaccess, php.ini, and .user.ini files to the “PHP Settings” page. (PPPM-14505)
• Fixed the issue where the new Home dashboard page crashed on iOS devices with the “Minified React error #185” error. (PPPM-14497)
• Fixed the issue where the UI text disappeared from the buttons on the domain-level “Action Log” pages. (EXTPLESK-5601)
• Fixed the issue where setting the mail server priority value of an MX DNS record failed with the “String cannot represent a non string value” error. (PPPM-14523)
• Fixed the issue where, on Plesk servers behind NAT, resetting the DNS zone for a subdomain to default resulted in the subdomain’s A record pointing to the private IP address instead of the public one. (PPPM-14509)
• Fixed the issue where the default resellers’ service plan was included in the total number of service plans on Plesk servers with a Web Admin or a Web Pro license. (PPPM-14491)

Linux

• Fixed the issue where Plesk and 360 Monitoring showed differing free disk space values. (PPP-64645)
• Corrected a misleading UI text string in the Sophos Anti-Virus for Servers extension. (PPPM-14507)
• Fixed the issue where a domain’s DNS zone could not be updated under specific circumstances. (PPPM-14503)
• Fixed the issue where a main account’s settings could not be updated under specific circumstances.(PPPM-14501)
• Fixed the issue where restoring one or more domains with DKIM enabled from backup on a Plesk Obsidian server with DKIM disabled in server-wide mail server settings failed with the “Unable to restore domain keys” error. (PPPM-14499)
• Fixed the issue where the $ character could be used in the names of protected directories, which resulted in broken nginx configuration. (PPPM-14485)
• Fixed the issue where selecting an SSL/TLS certificate for a domain removed the “Not selected” option from the “Certificate” drop-down menu, making it impossible to unassign the certificate. (PPPM-14481)
• Fixed the issue where additional administrator accounts had access to Mail server settings and Spam filter in Tools & Settings even if Restricted Mode with default settings was in effect. (PPPM-14478)
• Fixed the issue where setting a new default SSL/TLS certificate in Tools & Settings > SSL/TLS certificates resulted in the IPv6 address being removed from Apache and nginx configuration files for webmail. (PPPM-14323)
• Fixed the issue where the utility sanitizing the content of technical reports could fail under specific circumstances. (PPPM-14522)
• Fixed the issue where renaming a domain using PHP version 8.0.30 with the “Dedicated FPM application served by nginx/apache” handler resulted in the PHP worker process for that domain being unable to start. (PPPM-14513)
• Fixed the issue where, on AlmaLinux 8 servers, scanning the server with Rootkit Hunter resulted in unnecessary and misleading errors in the /var/log/rkhunter.log file. (PPPM-14494)
• Fixed the issue where, on Ubuntu 24.04 servers, the “Customer account creation” notification would be sent to the Plesk administrator despite not being enabled. (PPPM-14492)

Windows

• Fixed the issue where a weak password would sometimes be generated for SmarterMail primary domain administrator users. (PPPM-14487)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.3.9.
• LSAPI 8.1 is now supported in all PHP versions shipped with Plesk.

Linux

• Updated Courier-IMAP to version 5.2.7.
• Updated collectd to version 5.12.0.
• Updated Fail2ban to version 1.1.0.

Windows

• Node.js 20 is now supported.
• Node.js version 20.15.1 is now shipped with Plesk.
• Updated ASP.NET Core 8.0 to version 8.0.7.
• Updated ASP.NET Core 6.0 to version 6.0.32.
• ASP.NET Core 7.0 is no longer shipped with Plesk.
• Updated Node.js 18 to version 18.20.4.
• Node.js 16 is no longer shipped with Plesk.
• Updated Perl to version 5.40.0.
• Updated MariaDB 10.11 to version 10.11.8.
• Updated MariaDB 10.6 to version 10.6.18.
• Updated MariaDB 10.5 to version 10.5.25.

Fixed Product Issues

• Fixed the issue where the new Home screen page would sometimes crash with the “Minified React error #185” error. (PPPM-14497)

Linux

• Fixed the issue where, on servers running on Ubuntu 20.04, no DNS-related operations resulted in changes being made to the DNS zone files. (PPP-65747)

What’s New?

• (Plesk for Linux) Introducing the “TuxCare Extended Lifecycle Support” extension for Plesk servers running on Ubuntu 18.04 or CentOS 7 that have reached end of life. The extension configures TuxCare ELS system package manager repositories, from which your Plesk Obsidian server will be receiving security updates, system enhancement patches, and bug fixes.

Fixed Product Issues

• (Plesk for Linux) Switched the CentOS 7 yum repositories to vault.centos.org because the OS has reached end of life. That way it will still be possible to install system packages on Plesk servers running on CentOS 7. (PPP-65508)

  Note: This change does not affect custom mirrors for CentOS 7 yum repositories.

Fixed Product Issues

• (Plesk for Linux) Switched the CentOS 7 yum repositories to vault.centos.org because the OS has reached end of life. That way it will still be possible to install system packages on Plesk servers running on CentOS 7. (PPP-65508)

  Note: This change does not affect custom mirrors for CentOS 7 yum repositories.

What’s New?

• Introducing the Extended Lifecycle Support (ELS) program designed to give you more time and a peace of mind before migrating your Plesk server from an EOL operating system to a supported one. This program will run:

  • CentOS 7 & CloudLinux 7 – until January 1, 2026 (vendor EOL date - June 2, 2024)
  • Ubuntu 18.04 & Debian 10 – until July 1, 2025 (vendor EOL dates - September 2024 for Ubuntu 18.04, June 2, 2024 for Debian 10)

  Plesk will continue releasing updates and providing technical support for these OSes beyond the vendor EOL dates, until the dates specified. Supporting EOL OSes incurs additional development and maintenance costs, and so taking advantage of this offer will cost extra. We strongly recommend migrating or dist-upgrading to supported OSes.

• We are happy to introduce the new 1.8.0 version of the Log Browser extension. In the new version, Plesk customers (as well as Plesk administrators) can track email delivery and manage deferred emails right in the domain card (under the “Mail” tab).

  The feature is available only in Plesk for Linux (except for Ubuntu 24.04) with Postfix used as an MTA.

  We will gradually enable the feature on Plesk servers starting from June 24, 2024. You can enable the feature manually in advance by adding the following lines to the panel.ini file:

  [ext-log-browser] 
  mailQueue.customerAccess = true
  

  By default, information about emails with the “Rejected” status is removed from the extension’s database after 48 hours to prevent rapid growth of the database. If you need to set another period for storing this information, you can always add the following lines to the panel.ini file:

  [ext-log-browser] 
  mailQueue.rejectedRemovalPeriod = 172800 ; in seconds
  

  Note: The feature works on top of the journald service and follows the server-wide log configuration. If the logs are rotated or removed, information about the emails will also be unavailable. Processing the logs for the first time may consume extra server resources. Afterward, the extension will process only changed data every hour.

• Plesk is now fully compatible with the security.txt standard, which defines the way both independent security researchers and your clients can get in touch with you about security concerns and vulnerabilities they have found in Plesk domains.

  With the new Native security.txt compliance extension, you can generate one common security.txt file for all domains hosted on your Plesk server. Once you generate the file and enable the feature, Plesk will continuously maintain it. Learn how to enable the feature and generate the file in our documentation.

  Note: In case you need more flexibility in configuring the file's content, you can use the extension created by LJPc solutions.

• Added the new tile blocks and improvements to our New Home Dashboard:

  • Added the SSL It! block that contains the consolidated status of certificates on your Plesk server to help you avoid their sudden expiration.
  • Added the block for the “Advisor” extension that helps you monitor the state of your Plesk server.

• Added support for HTTPS DNS records as an alternative to CNAME records. For example, you can use HTTPS records for naked domains, for which CNAME records are not supported.

  The feature can be managed in the Plesk user interface, using the plesk bin dns CLI commands, or using API requests.

  In Plesk Obsidian 18.0.62, the feature is disabled by default. You can manually enable it by adding the following lines to the panel.ini file:

  [dns]
  records.https.enabled = true
  

Linux

• Added an ability to install and remove PHP 5.6 from Plesk servers running on AlmaLinux 8 and 9 via Plesk Installer. That way you do not have to switch websites running on PHP 5.6 to a supported PHP version before the migration and thus avoid possible errors.

  Note: PHP 5.6 is EOL and does not receive important security fixes. We do recommend that you switch your websites to a supported PHP version after migration.

Feature Improvements

• Navigation between most-used pages in Plesk has become 3 times faster.
• On the “Serverwide” tab of Performance Booster, it is now possible to apply one or several database server improvements instead of applying them all together.

• Introduced the following improvements to the SFTP Backup extension:

  • Added the ability to use the Ed25519 public-key authentication and custom SSH keys.
  • Added the ability to update SSH keys.

• Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Since the curl commands send the “Content-Type: application/x-www-form-urlencoded” header by default, you need to add the --header "Content-Type: application/json" option to such commands to keep them working correctly.

  We strongly recommend that you check your existing integrations that use cURL for compliance with this change and update them if necessary. Failure to do so may result in any such integrations ceasing to work after updating to Plesk Obsidian 18.0.62.

Windows

• Added the Log Browser extension to the Recommended and Full presets.

Fixed Product Issues

• Fixed the following issues in the Multi-Factor Authentication extension:

  • The extension once again correctly remembers a device and no longer asks for authentication if the “Remember this device for 30 days” checkbox was selected before. (EXTPLESK-5556)
  • The plesk ext mfa config info CLI command now works with accounts of additional administrators and SMB users. (EXTPLESK-5559)
• Fixed the issue where the “Spam filter sensitivity” field in the domain email's settings was empty if the “0” value was specified during creation of the email address. (PPPM-14470)
• Customers no longer can change the hosting type of their subscriptions without corresponding permissions. (PPPM-14466)
• Switching between views in Plesk on mobile devices once again works correctly. (PPPM-14450)
• Resellers can once again create custom buttons. (PPPM-14441)
• Changing the admin user's password is once again properly logged. (PPPM-14428)
• Calculating statistics of a domain's database with the dash symbol in its name no longer fails with an error. (PPPM-14420)
• Wappspector no longer creates a clickable WP Toolkit icon for a domain, whose service plan has the WP Toolkit permissions disabled. (PPPM-14347)
• Fixed the issue where the Log Browser extension was logging the “PHP Warning: Undefined array key “Extension Version” error by mistake under specific circumstances. (EXTPLESK-5376)
• Resellers can once again create hosting of domains. Previously the issue occurred because the “Username” field on the “Hosting Settings” page of a domain became unavailable if the “Customers can change the name of their system users” option was set to “Never”. (PPPM-14468)

Linux

• When an email template is used in Mailman 3, emails are once again delivered to email addresses from a mailing list. (PPPM-14370)
• Updating the GeoIP data has become more safe because the old data will now be used if any errors occur during the update. (PPPM-14454)
• When the email sender's address contains the < and/or > symbols, it is once again displayed correctly in the “From” field of a forwarded email. (PPPM-14438)
• We increased the limit of text that one can paste in SSH Terminal from 512 bytes to 4 kilobytes so that this no longer breaks the connection. (PPPM-14422)
• In Plesk on AlmaLinux 9, the /var/log/maillog log file is no longer rotated to prevent collecting incorrect statistics. (PPPM-14415)
• If a sub-directory is protected with its own password and Apache is disabled for the domain, it is no longer possible to access that sub-directory using the password for the parent directory. (PPPM-14410)
• The removed old IP address of a Plesk server is no longer restored in the /etc/hosts file after assigning a new IP address and changing the hostname. (PPPM-14405)
• To prevent overuse of server resources, the number of concurrent sw-engine requests when opening the “Domains” page is limited to 12. (PPPM-14400)
• Fixed incorrect logging of DNS-related events under specific circumstances. (PPPM-14342)
• The Plesk repair utility once again warns if the last Plesk upgrade has failed for some reason. (PPPM-14177)

Windows

• The same permissions are once again assigned to the \MySQL\my.ini file both when a custom or default path for storing user data is specified during the Plesk installation. (PPPM-14460)
• Fixed the issue where it was impossible to secure a domain using the SSL/TLS certificate if the MailEnable service was running under a user account with insufficient privileges. (PPPM-14458)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.3.8

Linux

• Updated Phusion Passenger to version 6.0.22.

Windows

• Updated ASP.NET Core 8.0 to version 8.0.6.
• Updated ASP.NET Core 8.0 to version 7.0.20.
• Updated ASP.NET Core 8.0 to version 6.0.31.
• Updated Git to version 2.45.1.

Changes in Third-Party Components

• (Plesk for Linux) Updated nginx to version 1.26.1.

Fixed Product Issues

• Fixed the issue where certain inconsistencies in the Plesk database resulted in the “TypeError: Cannot read properties of null (reading ‘map’)” error when accessing the new Home screen. (PPPM-14429)
• Fixed the issue where accessing the Plesk web interface after updating to Plesk Obsidian 18.0.61 resulted in the “array_key_exists(): Argument #2 ($array) must be of type array, false given” error if one or more custom buttons pointing to an email address existed in Plesk prior to the update. (PPPM-14444)

Linux

• The MariaDB upgrade tool can no longer be used to upgrade the database server on servers running outdated Linux kernel versions, which resulted in the database server failing to start after the upgrade. (PPP-65096)

Changes in Third-Party Components

Linux

• Updated Roundcube to version 1.6.7.

• (Plesk for Linux) To resolve certain issues related to HTTP/3 support, the following changes have been made:

  • For the time being, HTTP/3 support for the Plesk panel itself (but not the hosted websites) is disabled. All aspects of HTTP/3 support are to be treated as experimental until further notice.
  • Installing this update will disable HTTP/3 support for your the Plesk panel if it has been enabled previously.
  • On newly installed Plesk Obsidian servers, HTTP/3 support is no longer enabled automatically for hosted websites, but can still be enabled manually.

Fixed Product Issues

• Clicking on the count of resellers in Tools & Settings > IP Addresses no longer results in an error. (PPPM-14426)

Linux

• Enabling HTTP3 no longer crashes the Plesk panel if Plesk Premium Antivirus was enabled. (PPPM-14424)
• To prevent possible errors, HTTP3 is no longer automatically enabled on new Plesk installations. (PPP-65006)
• Fail2ban 1.0.2 now works correctly in Plesk on Ubuntu 24. (PPPM-14423)

Fixed Product Issues

• (Plesk for Linux) Logging in to Plesk via the TCP port 443 no longer results in an unwanted redirect to the port 8880 and the “This site can’t provide a secure connection” error. (PPP-64958)

What’s New?

• (Plesk for Linux) Ubuntu 24.04 is now supported on x86-64 architecture, with certain limitations. Learn more about the Ubuntu 24.04 support limitations.

  ARM-based servers are not supported at the moment.

• (Plesk for Linux) HTTP/3 (nginx) is now supported for hosted websites. Learn more about HTTP/3 support in Plesk.

  Note: HTTP/3 is not supported on CentOS 7 and Ubuntu 18.

• We are glad to announce the new Multi-Factor Authentication (MFA) extension, coming to Plesk Obsidian 18.0.61 and later. The new extension is meant to offer seamless 2FA authentication to all Plesk users, and comes with the following benefits:

  • Multi-factor authentication can now be configured in the profile settings for users of all levels (administrators, additional administrators, resellers, customers, and subscription users).
  • Plesk administrators can now make multi-factor authentication mandatory for all Plesk users on a server. Learn more about making multi-factor authentication mandatory.
  • The Multi-Factor Authentication (MFA) extension is added to the Recommended preset.

• We are glad to announce the fully revamped, customizable Home dashboard in Service Provider View. Keep track of your server and your business by adding, removing, and rearranging informational blocks showing all sorts of data. At the moment, the following blocks are available:

  • Plesk version - Plesk version and information about any available updates.
  • Server Information - Server hostname, IP address, OS, and uptime.
  • Last server backup - The status of server backup and backup schedule.
  • Performance Booster - Available server and website performance optimizations.
  • What’s New - Latest entries from the Plesk changelog.
  • IP Address Banning - The status of the Fail2Ban service.
  • Mail Queue - The status of the email queue (Postfix only).
  • Promo - Information about possible customizations and additional features.
  • CPU usage - Daily CPU usage information.
  • Memory usage - Daily memory usage information.
  • Subscriptions with overuse - The list of subscriptions with resource overuse.
  • My subscription - Subscriptions owned by the administrator.
  • Custom Buttons - display custom buttons added by the administrator.

  The feature is currently in beta. To enable it, add the following lines to the panel.ini file:

  [navigation]
  newHomeView.enabled = true
  

  We would love to hear your feedback about the new Home page at feedback@plesk.com.

• The WordPress single-site management operations from WP Toolkit are now fully integrated into the Dynamic list and shown by default for WordPress websites. If you want to continue managing your WordPress websites from WP Toolkit, you can disable this feature by adding the following lines to the panel.ini file:

  [ext-wp-toolkit]
  appModeFeature = off
  

• (Plesk for Windows) It is now possible to in-place upgrade Windows Server 2012 R2 servers running Plesk to Windows Server 2019. Learn more about in-place upgrading Windows Server 2012 R2 servers.

Feature Improvements

• Added the ability to manage the settings of scheduled backups (both server-wide and at the subscription level) via the CLI. Learn more about managing scheduled backups via the CLI.
• Added the ability to manage the settings of scheduled tasks (both server-wide and at the subscription level) via the CLI.
• Added PHP 8.3 to the Recommended preset. Also, removed PHP 8.1 from the Recommended preset.
• Improved error reporting in certain places of the Plesk GUI. Now, when there is an error, the browser screen is automatically scrolled to the top of the page, where a more detailed informational message is shown instead of a generic “Internal server error” one.

Future Plans

• Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Since the curl commands send the “Content-Type: application/x-www-form-urlencoded” header by default, you need to add the --header "Content-Type: application/json" option to such commands to keep them working correctly.

  We strongly recommend that you check your existing integrations that use cURL for compliance with this change and update them if necessary. Failure to do so may result in any such integrations ceasing to work after updating to Plesk Obsidian 18.0.62.

• Introducing Extended Lifecycle Support (ELS). We understand that migrating to a new operating system can be a complex process. To give you more time and a peace of mind, we’re introducing the Extended Lifecycle Support (ELS) program. This program will run:

  • CentOS 7 & CloudLinux 7 – until January 1, 2026 (vendor EOL date - June 2, 2024)
  • Ubuntu 18.04 & Debian 10 – until July 1, 2025 (vendor EOL dates - September 2024 for Ubuntu 18.04, June 2, 2024 for Debian 10)

  Plesk will continue releasing updates and providing technical support for these OSes beyond the vendor EOL dates, until the dates specified. Supporting EOL OSes incurs additional development and maintenance costs, and so taking advantage of this offer will cost extra. We strongly recommend migrating or dist-upgrading to supported OSes.

Fixed Product Issues

• Fixed the issue where changing a subscription’s IP address via the plesk bin subscription command failed for domains that had their hosting type set to “no web hosting”. (PPPM-14343)
• Fixed the issue where the “Create Website” button was shown for domains that had no access to any of the website creation tools in Plesk. (PPPM-14380)
• Fixed the issue where creating a MySQL database via the plesk bin database command while passing an encrypted database user password to it via the PSA_CRYPTED_PASSWORD environment variable failed with the “Syntax error or access violation” error. (PPPM-14384)
• Fixed the issue where viewing Action Log entries for a domain showed the entire contents of the log instead of filtering out entries not related to the domain. (EXTPLESK-5377)

Linux

• Fixed the issue where renaming a subscription’s system user on a Plesk server with the Cgroups Manager extension installed failed with the “usermod: user xxx is currently used by process xxxxx” error. (PPPM-14291)

• Fixed the issue where reading or rereading IP addresses on a server connected to OpenVPN added the IP addresses of TUN interfaces to the list of IP addresses available in Plesk. (PPPM-7965)

  Implementing the fix requires adding the following lines to the panel.ini file:

  [networkInterfaces]
  blacklist = tun*,tap*
  

• Fixed the issue where restoring from a corrupted backup file produced the unclear “Perhaps /usr/local/psa/admin/bin/deployer application missing, has incorrect permissions or unexpectedly terminated” error after failing. (PPPM-14118)
• Fixed the issue where running the plesk repair web command added the IP addresses of running Docker Compose containers to the Plesk nginx configuration files. (PPPM-14337)
• Fixed the issue where Plesk installation failed if an RDS Aurora MySQL instance was specified as the Plesk database server. (PPPM-14354)
• Fixed the issue where updating Plesk on a server hosting a large number of websites produced an unnecessary and misleading “Nginx has not restarted during upgrade due to failure of configuration test” warning. (PPP-64510)
• Fixed the issue where a custom Plesk installation produced an unnecessary and misleading “Failed to restart mailman3.service: Unit mailman3.service not found.” warning in the installer log file. (PPPM-14377)
• Fixed the issue where restoring individual objects (for example, files) from a backup resulted in old cronjobs being restored as well. (PPPM-14387)
• Fixed the issue where running the plesk repair web command did not restore the PHP-FPM configuration. (PPP-64844)
• Fixed the issue where renaming subscription system users and additional FTP users could sometimes fail with the “user xxx is currently used by process xxxxx” error. (PPPM-10717)
• Fixed the issue where, after renaming a subscription’s system user failed, the domain’s PHP FPM handler’s pool became corrupted, and no new domains using the same PHP handler could be created. (PPP-63258)
• Fixed the issue where .NET applications failed to work if SELinux was enabled on the server. (PPPM-14378)

Windows

• Fixed the issue where accessing a symlink in File Manager resulted in the “Unable to open the directory: Symlinks out of webspace are prohibited” error. (PPPM-14399)
• Fixed the issue where the custom “open_basedir” value failed to take effect for websites with a custom document root. (PPPM-14390)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.3.

Linux

• Updated OWASP ModSecurity CRS to version 4.2.0.
• Updated nginx and the sw-cp-server service to version 1.26.0.

Windows

• Updated ASP.NET Core 8.0 to version 8.0.4.
• Updated ASP.NET Core 7.0 to version 7.0.18.
• Updated ASP.NET Core 6.0 to version 6.0.29.
• Updated MailEnable Standard to version 10.48.
• Updated Microsoft ODBC Driver 17 for SQL Server to version 17.10.6.1.

Fixed Product Issues

• It is again possible to upgrade Plesk Onyx to Plesk Obsidian. (PPPM-14396)

What’s New?

• To help Plesk users comply with the NIS2 directive, and also to improve the security of Plesk in general, the NIS2 compliance mode makes a number of changes to what is logged to the Plesk Action Log. Learn more about NIS2 compliance mode.

  To enable NIS2 compliance mode, add the following lines to the panel.ini file:

  [actionLog]
  nis2compliant = true
  

  Once you have done so, the following changes take effect:

  • API requests are now logged to the Action Log. To also log API requests that only get information from Plesk and do not result in any changes being made, add the following line to the [actionLog] section:

    api.includeImmutable = true
    

  • Changes to DNS records are now logged to the Action Log, including the specifics (such as what record was added or removed, or what changes were made to an existing record), as well as the GUID of the user who made the change.

  • Action Log is now included in Plesk backups if the “User files” checkbox is selected when creating a backup, and the “Exclude log files” one is not. Customer or reseller level backups only include information pertinent to that customer/reseller.

    Action Log is stored in a separate file with the backup_action-log prefix. Learn how to extract files from a Plesk backup.

• (Plesk for Linux) We are glad to announce that the ability to upgrade MariaDB database servers to the latest version in the LTS branch via the Plesk interface is no longer in beta! We thank everyone who tried the beta version for their participation and feedback.

  To access this feature, go to Tools & Settings > Database Servers (under “Applications & Databases”), and then click Upgrade Now next to an eligible MariaDB database server.

  The feature is being gradually rolled out to Plesk servers around the world. If you do not see the Upgrade Now button, you can enable the feature manually by adding the following lines to the panel.ini file:

  [databaseManagement]
  features.canBeUpgraded = true
  

• Plesk customers can now get access to Plesk Action Log events related to their subscriptions to monitor changes applied to them. The feature works only together with the Log Browser extension and will be enabled gradually after the release of Plesk Obsidian 18.0.60. The link to Action Log will appear in the right menu near the domain card.

  We consider the feature to be a mandatory requirement for Plesk to comply with the NIS2 directive. According to the directive, customers must have an ability to monitor changes related to their domains.

  To enable the feature before its official release in Plesk Obsidian 18.0.60, add the following lines to the panel.ini file:

  [actionLog]
  actionLogForEndUsers = true
  

  Note: If you have already enabled the nis2complience setting in the panel.ini file, no need to enable actionLogForEndUsers as well. nis2complience enables all features related to compliance with the NIS2 directive.

• Full-featured integration of WP Toolkit into Plesk Dynamic list is now available.

  To enable this feature, add the following lines to the panel.ini file:

  [ext-wp-toolkit]
  appModeFeature = on
  

  Once you have done so, most WP Toolkit features (except for mass management operations) become accessible directly from Dynamic list in Plesk without having to open WP Toolkit.

• Added the “Get Started” tab to domain cards in Dynamic List view to make it easier for new users to build websites quickly. It offers many options for creating a website with just one click (like Sitejet, WordPress, Laravel, Node.js, and more). The tab appears when opening a newly created domain’s card for the first time, and remains accessible but nonintrusive once closed. The tab replaces both the previously available “Welcome” panel and the “Create website” button.
• It is now possible to buy Plesk licenses straight from the DigitalOcean Marketplace interface and attach them to new and existing droplets.
• With the new paid Sitejet Commerce feature that supports integration with Ecwid, you can now have an eCommerce store on your Sitejet-based website.
• Sophos Anti-Virus for Servers can now be installed via Plesk Installer on both Plesk for Linux and Plesk for Windows servers. You can find it in the “Mail hosting” section in Plesk for Linux, and in the “Anti-Virus features” section in Plesk for Windows.
• The latest 30 entries from the Plesk Obsidian changelog are now available in an RSS feed. You can find the feed here.

Feature Improvements

• The “Scheduled Backups List” extension has been localized into 31 languages: Arabic, Catalan, Chinese Simplified, Chinese Traditional, Czech, Danish, Dutch, Filipino, Finnish, French, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Malay, Norwegian Bokmal, Polish, Portuguese, Portuguese, Brazilian, Romanian, Russian, Spanish, Swedish, Thai, Turkish, Ukrainian, and Vietnamese.
• The Plesk interface and documentation now mention both MariaDB and MySQL where only MySQL was mentioned before.

Linux

• Plesk now shows the exact amount of physical memory installed on the server. To access this information, go to Tools & Settings > Server Information (under “Server Management”), scroll down to “Memory Usage”, and look for the “Hardware” column.
• When trying to update Plesk on a server that does not have enough free disk space, Plesk Installer automatically cleans up unnecessary temporary files, then tries again.
• The “NTP Timesync” extension is now included in the “Recommended” preset.
• A separate branch of the “NTP Timesync” extension was created so that the extension could still be installed on Red Hat Enterprise Linux 6.x. Future versions of the “NTP Timesync” extension’s main branch will no longer be compatible with Red Hat Enterprise Linux 6.x.
• The “NTP Timesync” extension has been localized into 30 languages: Arabic, Catalan, Chinese Simplified, Chinese Traditional, Czech, Danish, Dutch, Finnish, French, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Norwegian Bokmal, Polish, Portuguese, Portuguese, Brazilian, Romanian, Russian, Spanish, Swedish, Thai, Turkish, Ukrainian, and Vietnamese.
• Added a message in Tools & Settings > Mail Server Settings advising to set the value of the “Maximum message size” parameter to 135-140% of the maximum allowable attachment size.

Windows

• It is now possible to install and use the Log Browser extension in Plesk for Windows. The extension also provides access to Action Log events for customers the same way it is done in Plesk for Linux.

Future Plans

• (For developers of extensions) Starting from Plesk Obsidian 18.0.61, we plan to switch PHP used by Plesk to PHP 8.3. If you are running any custom extensions, you will need to update them to support PHP 8.3 to avoid potential issues.

  You can install Plesk Obsidian 18.0.60 running on PHP 8.3 for testing purposes only by running the following command:

  wget https://autoinstall.plesk.com/plesk-installer && bash ./plesk-installer install plesk 18.0.60 --source http://autoinstall.plesk.com/plesk-php8.3
  

• Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Since the curl commands send the “Content-Type: application/x-www-form-urlencoded” header by default, you need to add the --header "Content-Type: application/json" option to such commands to keep them working correctly.

Deprecated and Removed Items

• Starting from Plesk Obsidian 18.0.60, the ability to use Active List view will be removed. All customers will be automatically switched to Dynamic List view.

Windows

• Starting from Plesk Obsidian for Windows 18.0.60, it will no longer be possible to install the BIND DNS server, or to select it as the default DNS server in Tools & Settings > Server Components. Our support team will also no longer provide answers to questions related to the BIND DNS server in Plesk for Windows.

  We strongly recommend that you switch to Microsoft DNS.

Fixed Product Issues

• Installing the “NTP Timesync” Plesk extension now correctly results in the Network Time Synchronization button appearing in the Tools & Settings menu (under “Tools & Resources”). (EXTPLESK-2112)
• Fixed the issue where removing a subscription with one or more backups in remote storage and then restoring only the subscription resulted in the backup file(s) being transferred to the server’s file system, but those backups could not be found in (or removed via) Backup Manager. (PPPM-14306)
• Fixed the issue where restoring a subscription with one or more add-on domains from a backup created in Plesk Obsidian 18.0.54 or earlier resulted in domain keys not being configured for the add-on domains. (PPPM-14299)
• Fixed the issue where restoring from a backup in remote storage resulted in the creation of that backup in local storage. That backup counted against the subscription’s disk space limit, but could not be seen in Backup Manager if the subscription lacked the permission to manage local backups. (PPPM-14287)
• Fixed the issue where trying to optimize PHP Settings for a domain with one or more disabled and/or broken PHP handlers resulted in the “Failed to update the optimal settings: [[app.conflicts.app.conflicts.Overview]]” error. (PPPM-14348)
• Fixed the issue where adding a valid IPv6 address in Tools & Settings > IP Addresses could fail with the “does not appear to be a valid IP address or it belongs to a wrong type” error. (PPPM-14373)
• Fixed the issue where trying to create or migrate a subdomain whose name matched a part of the name of a different subdomain already present on the server (for example, trying to create “subdomain.example.com” when “subdomain.example.com.example.com” already existed) failed with the “A domain with such a name already exists” error. (PPPM-14371)
• Fixed the issue where entering the words “background”, “login page”, or “custom” into the search field in the Plesk interface did not suggest the Tools & Settings > Branding page, as expected. (PPP-64307)
• Fixed the issue where the “{{ disk_usage }}”, “{{ disk_space_limit }}”, “{{ traffic }}”, “{{ traffic_limit }}”, and “{{ limit_name }}” placeholders were not replaced with actual numbers in email notifications sent to resellers. (PPPM-14333)
• Fixed the issue where it was possible to create aliases and subdomains for other subdomains via the XML API. (PPPM-14328)
• Fixed the issue where the panel in the Plesk interface added by the Help Center extension could not be shown correctly when logged in under a reseller account. (PPPM-14302)

Linux

• On servers running Red Hat Enterprise Linux or one of its derivatives, when trying to upgrade the MariaDB database server via the Plesk interface, the upgrade tool now verifies the configured repositories before starting and notifies the user if any of them must be commented out or removed for the upgrade to succeed. (PPP-64366)
• Fixed the issue where running the plesk bin ipmanage --remap command resulted in one or more lines in the map file being ignored if one or more target IP addresses already existed on the target network interface. (PPPM-14353)
• Fixed the issue where the plesk repair fs command was looking for the /etc/domainkeys directory even if no mail server was installed. (PPPM-14336)
• Fixed the issue where performing a dist-upgrade from Debian 10 to Debian 11 on a server with Mailman 2 installed caused issues when accessing existing mail lists after the dist-upgrade. (PPPM-14338)
• PHP 7.4 is now correctly marked with the “Outdated” tag in the Plesk Installer interface. (PPPM-14263)
• When installing Plesk on Debian or Ubuntu, “Recommended” dependencies (including the sa-compile package) are no longer installed. (PPPM-14367)
• Fixed the issue where, after registering a custom DNS backend via the plesk bin server_dns --enable-custom-backend command, adding a DNS record in Plesk did not result in the record’s TTL value being passed to the custom backend. (PPPM-14366)
• Fixed the issue where SSH access was shown as “Forbidden” on a domain’s Hosting page if the hosting plan the domain’s subscription was based on had the “SSH access to the server shell under the subscription’s system user” parameter set to /bin/bash and the “Management of access to the server over SSH” permission to “Not allowed”. (PPPM-14360)
• Fixed the issue where, if the permissions on the /etc/domainkeys directory were wrong, running the the plesk repair fs command produced the “Class “Plesk\Repair\Fs\PleskUserException” not found” error instead of fixing them. (PPPM-14358)
• Fixed the issue where, if outgoing mail control was enabled, emails using the “windows-1253” character set were delivered with malformed contents. (PPPM-14355)
• Fixed the issue where running the plesk repair web --php-handlers command to fix missing PHP handlers assigned to service plans failed to remove the “The following PHP version(s) are not installed” error shown on the Tools & Settings > PHP Settings page. (PPPM-14350)
• Fixed the issue where running the plesk repair mail command did not fix the DKIM configuration. (PPPM-14299)
• Editing a symlink to a file in File Manager now correctly saves the changes in the file the symlink is pointing to. (PPPM-14345)
• Fixed the issue where trying to set an image in the SVG format as the custom login screen background failed with the “Some fields are empty or contain an improper value” error. (PPPM-14341)
• Fixed the issue where removing a subscription failed to also remove the DKIM configuration files of domain aliases owned by the removed subscription. (PPPM-14324)
• Fixed the issue where the Backup Telemetry extension did not show the “Open telemetry” icon for backups whose contents could not be read by the psaadm user in their entirety. (PPPM-14303)
• Fixed the issue where changing the primary name server for a domain failed to update the primary name server for the domain’s aliases even if the “Synchronize DNS zone with the primary domain” checkbox was selected. (PPPM-14275)
• Fixed the issue where log rotation failed for files with two or more hard links. (PPPM-13562)
• Plesk auto-reply now uses the encoding from an incoming email’s subject for the subject of the automated response email. (PPPM-13543)
• After converting a CentOS 7 server with Plesk to AlmaLinux, the /etc/logrotate.d/syslog.bak file is now moved to /usr/local/psa/var/centos2alma/syslog.logrotate.bak. (PAUX-6180)
• Fixed the issue where, after converting a CentOS 7 server with Plesk to AlmaLinux, the AWStats configuration files were not recreated. (PAUX-6178)

Windows

• Fixed the issue where switching the default spam filter to SmarterMail SpamAssassin resulted in the “The system cannot find the path specified.” error if SmarterMail Build 8747 or later was installed and set as the default mail server. (PPP-64302)
• Fixed the issue where using Plesk Reconfigurator to change the MySQL data location to that on a different disk drive resulted in the “Failed to seek the actual end of file data stream” error. (PPPM-14335)
• Fixed the issue where using Plesk Reconfigurator to verify and fix Plesk virtual hosts’ security resulted in unnecessary empty directories being created in the Plesk virtual hosts’ directory. (PPPM-14320)
• Fixed the issue where running the plesk sbin statistics command could result in unnecessary and confusing warnings. (PPPM-14374)

Changes in Third-Party Components

Linux

• Updated Postfix to version 3.5.25.

Windows

• Updated ASP.NET Core 8.0 to version 8.0.3.
• Updated ASP.NET Core 7.0 to version 7.0.17.
• Updated ASP.NET Core 6.0 to version 6.0.28.
• Updated OpenSSL used by Plesk and Plesk Installer to version 3.0.13.
• Updated BIND to version 9.16.48.
• Updated MariaDB 10 to version 10.11.7.

Fixed Product Issues

• Registering a Plesk Obsidian 18.0.59 server in Platform360 via the CLI no longer fails with the “Return value must be of type ?string, array returned” error. (PPP-64309)

Fixed Product Issues

• (Plesk for Linux) PHP once again works correctly in password-protected directories. (PPPM-14334)

  After the update, reconfigure the web server configuration files to apply the latest changes. To do so, go to Tools & Settings > Webserver Configurations Troubleshooter (under “Assistance and Troubleshooting”), click Rebuild, and then click All in the drop-down menu.

What’s New?

• Plesk administrators can now configure the appearance of the Plesk login page by setting a custom background image or color. Note that a number of limitations exist.

• Introduced the following improvements for the Sitejet Builder extension:

  • Added a feature to replace or append files in website elements using drag and drop.
  • Added Polish as a new language to Sitejet Builder.
  • Added a feature to sort by custom fields in Collections Manager.
  • Added Collections to website backups.
  • Added an optional feature to automatically clean up unused CSS code.
  • Added the Sticky Column feature that allows for sticky content while scrolling through the website.
  • New website template: Green Change.
  • New website template: Pets Care.
  • New website template: Podcaster.
  • New website template: The Beauty Temple.
• Any changes related to DNS are now logged with the date and time, user, token, ID, and so on.
• Authorization requests and requests that change the Plesk or system configuration are logged using the system log service.

• Added the ability to duplicate the Plesk action log records to syslog (Linux) or Event Log (Windows). To enable the feature, add the following lines to the panel.ini file:

  [actionLog]
  syslog = <false|true>
  

  Note: We will prepare documentation for NIS2 compliance mode with the Plesk Obsidian 18.0.60 release.

• Prepared a script to automate dist-upgrade from Ubuntu 20 to Ubuntu 22.

  Learn how to dist-upgrade to Ubuntu 22.

• (Plesk for Linux) We are happy to announce the support for Mailman 3 in Plesk on Debian 11 and Debian 12. Read more about Mailman 3 in Plesk.
• (Plesk for Windows) We are happy to introduce the new PowerShell Terminal extension in Plesk for Windows that allows connecting to PowerShell right in the Plesk user interface without having to use RDP connection to the server.
• The Plesk GUI now supports HTTP/2, which improves web performance, optimize resource use, and reduces browsing latency.

• In Service Provider view, we added the count of customers, resellers, domains, subscriptions, and service plans to the left menu. That way you can quickly see how many business items exist on the server. You can disable the feature by adding the following lines to the panel.ini file:

  [navigation]
  showStatisticsInMenu = false
  

• Added support for the Drupal 10 application installation to the Application Catalog.

Linux

• Added support for MySQL Community Edition 8.2 and 8.3.
• Introduced the permission for Restricted Mode to the SSH Terminal extension.
• In the Log Browser extension, notifications about rebooting now contain the reboot date. (EXTPLESK-4170)
• Added support for Joomla! 5.x to the Joomla! Toolkit extension. This version requires the Plesk PHP 8.1 handler for the management calls. (EXTCERT-5096)

Feature Improvements

• Significantly improved the performance of Dynamic List view on configurations with many domains. Our tests on configurations with 100 domains within one subscription shows a fourfold improvement in the page loading speed. It is now possible to interact with loaded elements without having to wait for the entire page to load, which means no more freezing.

  We have also significantly improved the domain search speed.

• We introduced a new option that prevents changes only to Restricted Mode without affecting the ability to switch between Power User and Service Provider views. To enable the feature, run the following CLI command:

  plesk bin poweruser –off -simple true -lock-simple-mode true
  

• Laravel Toolkit is now fully compatible with Laravel 10.
• Excluded Web Presence Builder from the “Full Installation” preset. The component is shown if it was already installed or the --show-hidden-components option is used.

• Improved the usability of the measurement feature of Performance Booster in domain cards:

  • Added the “Measurement” section to the Performance Booster drawer in a domain card.
  • The Performance Booster button in the domain card now displays the optimization status.

Linux

• In the Docker extension, it is now possible to create a private container by manually port mapping to localhost so the container will be unavailable outside of the host.

Deprecated and Removed Items

• (Plesk for Windows) In March 2024, Internet Systems Consortium (ISC) drops support for BIND for Windows. Starting from Plesk Obsidian 18.0.60, we will stop developing new features for BIND and stop testing BIND DNS. It means that we will not guarantee backward compatibility for such configurations. Our support team will also no longer provide answers to questions related to BIND DNS.

  We strongly recommend that you switch to Microsoft DNS.

Fixed Product Issues

• DNS records of subdomains created using third-party extensions are now stored in their parent domains’ zones if Plesk is configured accordingly. (PPPM-14316)
• Trailing spaces are now automatically removed from license activation codes. That helps reduce the number of failing activation attempts. (PPP-63917)
• When creating a mail account in the Plesk user interface, the GUIDs for a domain and client are added correctly again. (PPPM-14314)

Linux

• 1024-bit DKIM keys are once again generated correctly. (PPPM-14250)
• The arc-sign mail handler no longer produces errors when Authenticated Received Chain (ARC) is enabled in Plesk. (PPPM-14305)
• ARC verification of forwarded emails no longer fails. (PPPM-14310)
• The database content is no longer counted twice on old database servers. (PPPM-14271)
• AppArmor does not falsely trigger on operations in /var/named/run-root/. (PPPM-14270)
• In Dynamic List view, added the missing “Compatibility mode for the legacy option ‘Separate SSL/TLS and non-SSL/TLS content’” option to the “Hosting” page of domains. (PPPM-14258)
• Forwarded emails with attachments once again pass DKIM checks and are no longer marked as spam. (PPPM-14166)

Windows

• The Web Deploy feature can once again be switched off correctly. (PPPM-14309)
• Plesk can once again detect the virtualization type of virtual machines on Windows in VirtualBox. (PPPM-14289)
• The -mail-service-ip flag option now works correctly again. (PPPM-14243)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.2.15.

Linux

• Updated courier-authlib and courier-unicode to versions 0.72.1 and 2.3.0, respectively.
• Updated ModSecurity to version 3.0.12.
• Updated Postfix to version 3.5.24.
• Updated Phusion Passenger to version 6.0.20.
• Updated Roundcube to version 1.6.6.
• Updated ProFTPD to version 1.3.8b.
• Updated brotli to version 1.1.0.

Windows

• Microsoft Drivers for PHP for SQL Server are now shipped with PHP 8.3.
• Updated ASP.NET Core 8.0 to version 8.0.1.
• Updated ASP.NET Core 7.0 to version 7.0.15.
• Updated ASP.NET Core 6.0 to version 6.0.26.
• Updated MariaDB to versions 10.11.6, 10.6.16, and 10.5.23 to fix the CVE-2023-22084 vulnerability.
• Updated MariaDB 7.0 to version 7.0.15.
• Updated MariaDB 6.0 to version 6.0.26.
• Updated MariaDB Connector/C to version 3.3.8.

Fixed Product Issues

Linux

• Fixed the issue where upgrading the MariaDB database server failed with the “The storage engine for the table doesn’t support check” error. (PPP-63936)

Feature Improvements

• In Dynamic List view, you can now set any tab in the domain card as default using SDK.

• (Plesk for Linux) Updated the default Plesk configuration to fix the CVE-2023-51764 vulnerability.

  We strongly recommend that you update Plesk.

Fixed Product Issues

• Backing up to FTP storage no longer fails with the “Unable to create the remote backup: Transport error: Unable to resume an interrupted upload: Requested data is out of the cached data” error. (PPPM-14267)
• In Dynamic List view, the footer is now again shown in the cards of subdomains and domain forwarders. (PPP-63774)
• It is now again possible to sort the list of registered IP addresses. (PPP-63824)

Linux

• Fixed the issue where emails could be rendered incorrectly in Microsoft Outlook under specific circumstances. (PPPM-14272)
• Updating a Plesk server on AlmaLinux 9 to version 18.0.58 no longer fails with the “error: find: /etc/domainkeys/: No such file or director” error. (PPPM-14274)
• After updating MariaDB to version 10.11, it is now again possible to access WordPress websites in the Plesk interface. (PPP-63841)

Changes in Third-Party Components

• (Plesk for Linux) Updated Postfix to version 3.5.23.

What’s New?

Linux

• Authenticated Received Chain (ARC) support was added for Postfix and qmail.

• Added the ability to upgrade MariaDB database servers to the latest version in the LTS branch via the Plesk interface. The feature is currently in beta. To enable it, add the following lines to the panel.ini file:

     [databaseManagement]
     features.canBeUpgraded = 1
  

• Prepared a script to automate dist-upgrade from Debian 11 to Debian 12.

  Learn how to dist-upgrade to Debian 12.

• PostgreSQL 15 is now supported.
• .NET 8.0 is now supported.

Feature Improvements

• When creating a subscription in Service Provider view, users are no longer redirected to the domain card of the newly created subscription’s main domain, and remain on the “Subscriptions” screen instead.
• Added the ability to apply filters to the list of domains on the “Websites & Domains” page in Power User view.
• SSH Terminal is now available from the Repair Kit interface.
• The Plesk Installer web interface can now be accessed on Plesk servers that have the TCP port 8447 blocked.
• The daily, hourly, weekly, and monthly maintenance tasks now run asynchronously. This prevents issues that could be caused by a new task starting before an existing task could finish running.
• Updated the design of the “Tools & Settings” > “Performance Booster” > “Serverwide” tab to make it better match the rest of the Plesk interface, and also to increase its readability.

Deprecated and Removed Items

• Starting from Plesk Obsidian 18.0.59, all users will be automatically switched to Dynamic List view. The ability to select a different view will be removed. Learn why Dynamic List view is the better option.

Fixed Product Issues

• Fixed the issue where restoring a server backup containing one or more custom service plans resulted in the “Wrong syntax for command’s ‘-php_handler_type’ parameter. ‘’ does not match the pattern” error. (PPP-63417)
• Fixed the issue where opening the “Domains” page resulted in the “Cannot read properties of undefined (reading ‘state’)” or “Db_Table_Exception: Unable to find row with id in domain_aliases table.” errors when one or more add-on domains and/or domain aliases existed in Plesk. (PPPM-14216)
• It is no longer possible to enable SSL/TLS support for a domain that does not allow that option (for example, because the option is disabled in subscription or service plan settings) in Dynamic List view. (PPPM-14209)
• Fixed the issue where email notifications regarding issues during the creation of a backup were failing SPF checks because they were not being sent on behalf of the admin user by default. (PPPM-12518)
• The ampersand (“&”) character is no longer rendered as “&” on the Plesk login page when a custom title containing one or more ampersand characters is configured. (PPPM-14237)
• Applying the suggested settings in Performance Booster no longer results in the number of files opened by MySQL/MariaDB processes increasing greatly. (PPPM-14207)

Linux

• Fixed the issue where clicking Check configuration in Webserver Configurations Troubleshooter resulted in the “Call to private method PleskInstallation::isInstalled() from scope WebserverConfigurationKnownIssues” error. (PPPM-14219)
• Event handlers for the “Mail account updated” event are no longer executed multiple times when triggered. (PPPM-14204)
• When updating the default SSL/TLS certificate, the success message is now shown only once the process has finished. This is to help clear up confusion that could occur when updating the default SSL/TLS certificate on servers hosting large numbers of domains (the operation was shown as completed in the Plesk interface, but the actual updating of configuration files continued in background). (PPPM-12005)
• Fixed the issue where domain aliases had incorrect ownership set on the file necessary for DKIM protection to work correctly. (PPPM-14248)
• On ARM-based Ubuntu 22.04 servers, unsupported antivirus products are no longer recommended on mailboxes’ “Antivirus” tab. (PPPM-14246)
• Adding a malformed TXT DNS record now correctly results in an error. (PPPM-14244)
• Migrating from a Plesk server no longer fails with the “Can not find IP addresses for owner” error if that server’s administrator account has a username other than “admin”. (PPPM-14240)
• The mail log is now rotated properly on Plesk servers where the mail server has been replaced with MSMTP. (PPPM-14223)

Windows

• Fixed the issue where creating a full backup of a domain imported from a different Plesk for Windows server resulted in the “The ‘statusCode’ attribute is invalid. Not a valid unsigned integer.” error. (PPP-63514)
• Fixed the issue where saving any changes to hosting settings for a domain owned by a customer resulted in the “Permission denied” error if the customer’s subscription was missing the “Hosting settings management” permission. (PPPM-14259)
• The “Domain name” field is no longer missing when adding a TLSA DNS record. (PPPM-14256)
• Securing the mail service with an SSL/TLS certificate no longer fails with the “not an array” error on Plesk servers using SmarterMail build 8747 and later. (PPPM-14249)

Changes in Third-Party Components

• Updated PHP used by Plesk to version 8.2.13.

Linux

• Updated ModSecurity to version 3.0.11.

Fixed Product Issues

• The contents of the “Domains” page no longer take a very long time to load on servers hosting a large number of domains when the number of domains per page is set to “All”. (PPPM-14232)

Fixed Product Issues

• Disabling one or more domains from the list of domains owned by a single customer no longer results in domains that were not selected getting disabled. (PPPM-14238)
• When a customer tries to remove domains, the confirmation window again shows the correct number of domains for removal. (PPPM-14239)

Fixed Product Issues

Linux

• Calculation of domain statistics no longer fails with the “Internal error during processing statistic for service node #1[local]:SQLSTATE[HY000] [2002] Connection refused” error. (PPPM-14226)
• The status of the Ubuntu Pro subcription is now checked correctly for Plesk running on Ubuntu. (PPPM-14229)

Fixed Product Issues

• The website preview thumbnail now gets rendered correctly. (PPPM-14221)
• Backing up a domain with no hosting no longer completes with the “Unable to back up domain keys. Error: Unable to find service node for web service on domain with id=4” error. (PPP-63365)

Linux

• ModSecurity no longer automatically updates the “Atomic Standard” and “Atomic Advanced” rule sets ignoring the Plesk settings. (PPPM-14222)
• The System Updates tool can now be used on Plesk running on Ubuntu 18.04 with Ubuntu Pro. (PPP-63371)
• Improved detection of the KVM hypervisor. (PPP-63387)

Fixed Product Issues

• The “Websites & Domains” screen now opens again when an add-on domain has an alias. (PPPM-14216)

Linux

• Checking configurations using Webserver Configuration Troubleshooter no longer fails. (PPPM-14219)

What’s New?

• It is now possible to change the Plesk Administrator username.
• The Sitejet Builder, Node.js Toolkit, and Laravel Toolkit extensions are now shipped with Plesk by default.

• Added the Welcome Panel to make it easier for new users to quickly build websites. It offers many choices to create a website with just one click (like Sitejet, WordPress, Laravel, Node.js, and more). The panel pops up for users who just got hosting with a ready-to-use domain or picked Blank website or Upload files when creating a website. If they close the Welcome Panel, they can still find all the website-making options under the Create Website button on the domain card.

• The latest update of the DNS integration for Cloudflare extension got the following new features:

  • Added the ability to remove a domain from Cloudflare when removing it from Plesk.
  • Added the option to enable/disable export of NS records from Plesk to Cloudflare.

Linux

• Plesk will now compare and show Time To First Byte (TTFB) before and after optimizations made by Performance Booster (Tools & Settings > Performance Booster (under “General Settings”)). The TTFB comparison helps to estimate the achieved performance speedup for a website.
• Debian 12 is now supported.

• Until September 2024 (the Extended Support end date), Plesk continues to deliver new versions of Plesk Obsidian for Ubuntu 18.04. It includes delivering new features and security updates if they do not contradict the software delivered by the OS vendor.

  We strongly recommend using Extended Support from the OS vendor, which is called Ubuntu Pro, until you upgrade to Ubuntu 20.04 or migrate to another supported OS.

  Note: If Ubuntu Pro is not used, Plesk is not responsible for any functional or security issues caused by the outdated software from the OS vendor.

• Prepared a script to automate dist-upgrade from Ubuntu 18 to Ubuntu 20.

  Learn how to dist-upgrade to Ubuntu 20.

Windows

• Remote PostgreSQL database servers are now supported. It is now possible to use them to manage, back up, and restore databases.

  Note: The size of remote PostgreSQL databases is now calculated and added to the disk usage statistics.

• .NET 8.0 is now supported.

Feature Improvements

• Buttons on the “Adding New Domain” and “Install an Application” drawers now support the Vimium Chrome extension. This improvement makes it possible to create a website with a desired appication using only a keyboard and hotkeys.

• Aligned the view and layout of the domain list in Service Provider view with that of Dynamic List in Power User view:

  • The “Domain” column now shows favicons, the “Copy domain name” links, and reflects domains’ hosting types (“forwarding” or “no hosting”).
  • Added the “Status” column, which shows a domain’s status (active, suspended, or disabled).
  • Added the “File Manager”, “Mail Accounts”, “Databases”, and “Hosting Settings” buttons. These buttons provide quick access to the corresponding menus. The exact set of buttons depend on a domain’s configuration.

  • The “Setup Date”, “Expiration Date”, and “Rank Tracker” (the SEO Toolkit extension feature) columns are now hidden by default. To show them on the domain list, add the following lines to the panel.ini file:

    [domainManagement]
    showColumnSetupDate = true ; shows the "Setup Date" column
    showColumnExpirationDate = true ; shows the "Expiration Date" column
    showExtensionsColumns = true ; shows the "Rank Tracker" column 
    

• Added the “Disk Usage” and “Traffic” columns to Dynamic List in Power User view. Using the columns, it is also possible to sort domains by used disk space and generated traffic.
• The dropdown menu with a domain status (active, suspended, or disabled) now shows a hint with a link to the documentation, which describes these statuses.

• The latest update of the Sitejet Builder extension got the following improvements and new features:

  • In the domain card a comment now explains when a website has been published the last time.
  • New Website Template: https://www.template-estator.de.rs/.
  • New Website Template: Johanna James.
  • We updated the Icon Library, offering hundreds of new icons including icons for X (formerly Twitter).
  • The Collections Manager was completely redesigned for a better experience.
  • We added many more languages to translate websites.
• In the latest update of the Node.js Toolkit, the Passenger module for nginx and Apache is now disabled by default and will be enabled on the first activation of a Node.js application.

Windows

• Revoked the db_backupoperator Microsoft SQL Server role from database users created in Plesk. Learn how to bring back the role to database users created in Plesk.

Deprecated and Removed Items

• PHP 8.0 reaches end of life on November 26, 2023. Made the following changes to stay on track with the schedule:

  • Switched Roundcube to PHP 8.2.
  • Marked PHP 8.0 as deprecated in Plesk Autoinstaller and the Plesk interface.
  • Removed PHP 8.0 from the Recommended and Full presets in Plesk Autoinstaller.
  • Added PHP 8.1 and 8.2 to the Recommended preset.

Windows

• Dropped support for Windows Server 2012 and Windows Server 2012 R2:

  • Plesk can no longer be installed on Windows Server 2012 or Windows Server 2012 R2.

  • If you have a previous version of Plesk installed on Windows Server 2012 or Windows Server 2012 R2, you cannot upgrade to the latest Plesk version.

    Either migrate to a supported OS using Plesk Migrator or perform an in-place OS upgrade.

Fixed Product Issues

• It is now possible to store backups in FTP storage points whose number of connections is limited to 1 or 2. (PPPM-8749)
• When the “Apply individual settings to spam filtering” setting is disabled in Tools & Settings > Spam Filter (under “Mail”) and an email address is blacklisted on the server level, mail from the email address is rejected or sent to spam as expected. (PPPM-13601, PPPM-14040, PPPM-10722)
• The Reset Search button in Websites & Domains > domain > Password-Protected Directories again works. (PPPM-14192)
• Plesk can again generate DKIM and DNS record if the BIND DNS server component is not installed. (PPPM-14176)
• Items in rows shown on the Domains screen in Service Provider view are now horizontally aligned. (PPP-62830)
• Log rotation is again unavailable on the domain level when the server-wide “Force daily log rotation for all domains” setting is enabled. (PPPM-14157)
• Changing a domain name or the document root name to those with trailing spaces no longer produces errors. (PPPM-14155)
• Autofill for the document root now works when a domain is being added to a subscription that has an international domain name (IDN). (PPP-60070)
• Autofill for the document root now works when a subdomain is being added to an IDN domain. (PPP-60070)
• Password reset and activation emails are no longer sent from the default email address if a custom one is specified in the senderAddress setting of the panel.ini file. (PPPM-14183)

Linux

• The SpamAssassin spam filter no longer writes unclear error messages to panel.log. (PPPM-14174)
• Setting “Default limit on outgoing messages from a subscription (per hour)” in Tools & Settings > Mail Server Settings (under “Mail”) no longer triggers false-positive warnings in the Plesk interface about exceeding the default limits on outgoing messages from a mailbox and a domain. (PPPM-14168)
• Installing WordPress on a blank website no longer fails under specific circumstances if the following installation method is used: domain > Create Website > More Apps > “Featured Applications” > the arrow icon next to Install next to WordPress > Install Version > . (PPPM-14094)
• It is no longer possible to set the nginx cache size to 0, which caused issues with the permanent clearance of the cache. (PPPM-14201)
• It is no longer possible to add a DNS record with the asterisk * character in the middle of it (for example, webmail.*.example.com.) because it does not work as a wildcard DNS record and breaks BIND. (PPPM-14186)

Windows

• If a folder name contains whitespace characters, it no longer makes the corresponding folder in Virtual Directories unaccessible. (PPPM-14129)
• If Plesk has Microsoft SQL Server and a locally installed MariaDB 10.6 as an external database server with the localhost as its hostname, it is now possible to select MariaDB (localhost) from a dropdown menu when creating a database. (PPPM-14077)
• It is again possible to enable “Redirect to an external mail server with the IP address” for a domain. (PPPM-14200)
• Plesk now detects the server virtual environment even if the zvutil64.exe utility is missing. (PPPM-14199)
• It is again possible to change the password of the database user account with administrative rights for Microsoft SQL Server. (PPPM-14197)
• Renamed the “log files and statistic reports” checkbox in Tools & Settings > Server Settings (under “General Settings”) to “log files” because only they can be excluded from the disk space usage calculation. (PPPM-14191)

Changes in Third-Party Components

Linux

• Updated ProFTPD to version 1.3.8a.
• Updated libcurl to version 8.4.0.

Windows

• Updated Git to version 2.42.0.2.
• Updated Node.js 18 to version 18.18.2.
• Updated Node.js 16 to version 16.20.2.
• Updated ASP.NET Core 7.0 to version 7.0.13.
• Updated ASP.NET Core 6.0 to version 6.0.24.

Changes in Third-Party Components

Linux

• Updated Roundcube to version 1.6.5.

Fixed Product Issues

• The “Backup to Cloud Pro” banner no longer mistakenly appears when the Plesk administrator tries to create a scheduled server backup in remote storage. The issue was spotted in Plesk Obsidian 18.0.56. (PPPM-14179)

Linux

• In Plesk Obsidian 18.0.56 (including Updates 1 and 2), changing Apache from listening on localhost to listening on the server IP address no longer breaks nginx when its “Proxy mode” is on. (PPPM-14178)

  Note: To fix the issue if you were affected by it, update your Plesk to version 18.0.56 Update 3, and then run the following command: plesk bin apache --listen-on-localhost false or plesk bin apache --listen-on-localhost true.

• If you have Plesk Obsidian 18.0.56 (including Updates 1 and 2) that is not running on CentOS 7 or does not use the FastCGI PHP handler, enabling Apache to listen on localhost no longer breaks PHP scripts that use the $_SERVER["SERVER_ADDR"] PHP variable. (PPPM-14184)

  Note: To fix the issue if you were affected by it, update your Plesk to version 18.0.56 Update 3, and then run the plesk bin apache --listen-on-localhost true command.

Fixed Product Issues

Linux

• Websites and web applications that analyze client IP addresses now work properly again when Apache is listening to localhost. (PPPM-14170)

  To update the malfunctioning configuration, run the following command:

  plesk bin apache --listen-on-localhost true
  
  grep RemoteIPInternalProxy /etc/httpd/conf/plesk.conf.d/server.conf
  
  RemoteIPInternalProxy 127.0.0.1
  

• Private DKIM keys are now preserved when disabling DKIM signing for a domain. (PPP-62757)
• For security reasons, it is no longer possible to manage WP Toolkit settings when logged in to Plesk using the mail credentials of an additional user. (PPPM-14172)

Changes in Third-Party Components

Linux

• Updated Roundcube to version 1.6.4.
• Updated Roundcube to version 1.4.15.

Fixed Product Issues

Linux

• Restoring a backup created in Plesk Obsidian 18.0.55 or earlier on a Plesk Obsidian 18.0.56 server no longer fails with the “Incorrect format of the backup file. Dump has critical errors.” error. (PPPM-14162)
• Clicking Ok on the “Tools & Settings” > “Spam Filter” screen no longer results in the “Variable “$input” got invalid value N at “input.requiredHits”; String cannot represent a non string value: N” error. (PPPM-14163)