Plesk Obsidian 18.0.78 Enhances Security and Usability Features
Plesk has released version 18.0.78 of its Obsidian platform, introducing significant enhancements aimed at improving security and user experience for server administrators. The update features smarter SSL/TLS management, more flexible multi-factor authentication (MFA) workflows, and improved usability for GoAccess, among other updates. These changes are designed to streamline operations and bolster security for both Linux and Windows environments.
Smarter SSL/TLS Management
The latest update automates the process of securing newly deployed servers with SSL/TLS certificates, a critical step in ensuring secure communications. When a new Plesk server is set up with the Let’s Encrypt extension, it will now automatically secure the mail server with a free Let’s Encrypt SSL/TLS certificate alongside the Plesk web interface. This feature simplifies certificate management from the outset.
Additionally, Plesk has enhanced integration between its SSL It! and ACME SSL extensions. Users can now request certificates from ACME-compatible certificate authorities directly through the SSL It! extension card, providing an option to install a free Let’s Encrypt certificate as well. These improvements not only simplify certificate management but also ensure secure defaults right from the start.
More Flexible MFA Workflows
With version 18.0.78, organizations utilizing session token authentication can configure their multi-factor authentication settings with greater flexibility. Plesk allows administrators to skip MFA verification for users logging in via session tokens, streamlining access while maintaining security protocols. This adjustment can be easily enabled by modifying the panel.ini configuration file.
This flexibility is particularly beneficial for larger organizations where user management is crucial, allowing for a balance between security measures and user convenience.
Improved GoAccess Experience
The update also brings several enhancements to GoAccess, a web log analyzer that provides real-time insights into web traffic statistics. Notably, the GoAccess interface now automatically matches the language selected in Plesk, creating a more cohesive experience across the platform.
- The website name is now prominently displayed on the GoAccess web statistics page, making it easier for administrators to identify statistics related to individual websites.
These usability improvements are particularly valuable for administrators managing multiple websites on shared servers, enhancing navigation through web analytics.
Joomla! Toolkit Improvements
Plesk has refined its Joomla! Toolkit to better align with existing hosting configurations. When creating new Joomla! instances through this toolkit, the PHP version configured for the hosting domain will be selected by default rather than automatically opting for the latest available PHP version. This change ensures greater consistency between newly deployed Joomla! websites and their respective hosting environments.
Deprecated and Removed Items
APS Catalog Applications Removed
The deprecation of the APS Catalog in version 18.0.77 has led to the removal of certain applications from this catalog; however, previously installed applications will continue to function normally.
AWStats Deprecation
AWSStats is now clearly marked as deprecated within both the Plesk interface and Installer, signaling users to consider alternatives moving forward.
AtMail Upgrade Restriction
Servers still utilizing AtMail as their webmail client cannot be upgraded to Plesk Obsidian 18.0.78 due to security risks associated with this unsupported software. Users are advised to transition all affected domains to supported webmail clients before proceeding with upgrades.
Important Fixes and Stability Improvements
This release includes numerous fixes across various components such as SSL/TLS management, hosting plans, mail security, Joomla! Toolkit functionality, database management, and server administration tasks.
- An issue causing repeated appearances of the “Welcome to Plesk” survey after login has been resolved.
- The system now ensures that SSL/TLS certificates linked to removed websites are deleted from the file system.
- Service plan import failures under specific mail configuration settings have been addressed.
- Update notification reliability on the Home page has been improved.
- Issues affecting Preferred Domain settings across different server configurations have been fixed.
- PostgreSQL detection problems after reinstalling the database server have been resolved.
- The reliability of DMARC enforcement when using Plesk Email Security has been enhanced.
Updated Third-Party Components
Plesk Obsidian 18.0.78 also updates several third-party components across both Linux and Windows environments:
Linux Updates
- Nginx and sw-cp-server updated to versions 1.30.2
- Dovecot and Pigeonhole updated to 2.4.3
- ProFTPD updated to 1.3.9a
- libcurl updated to 8.19.0
- Roundcube updated to 1.6.16; Roundcube 1.4.15 also received backported fixes from version 1.6.16
Windows Updates
- .NET updated to versions 10.0.7, 9.0.15, and 8.0.26
- MailEnable Standard updated to 10.57
- Git for Windows updated to 2.53.0.3
- libcurl updated to 8.20.0
- OpenSSL updated to 3.0.20
- Python updated to 3.14.4
Update Recommended
Plesk recommends keeping servers up-to-date with this latest release to ensure optimal security, stability, and performance levels are maintained across platforms—available through the Plesk Installer process.
What This Means for Users
The enhancements introduced in Plesk Obsidian 18.0.78 provide significant benefits in terms of security automation and user experience improvements that can help administrators manage their servers more effectively while reducing potential vulnerabilities associated with outdated software or misconfigurations.
<|vq_12131|>
For more information, read the original report here.
