Facebook
Twitter- Server operating system version
- Windows Server 2019
- Plesk version and microupdate number
- Plesk Obsidian 18.0.70 Update #4
Hello Plesk Community,
I am running a Plesk server on Windows OS and hosting a web application built with Next.js / React. I would like guidance on how to properly detect, verify, and mitigate potential security vulnerabilities related to these frameworks.
Specifically, I would appreciate help with the following points:
On a Windows Plesk server:
Example:
Is this the correct and safe approach on a live Plesk-hosted site?
Any best practices, documentation links, or real-world experiences would be greatly appreciated.
Thank you in advance for your support.
Best regards,
I am running a Plesk server on Windows OS and hosting a web application built with Next.js / React. I would like guidance on how to properly detect, verify, and mitigate potential security vulnerabilities related to these frameworks.
Specifically, I would appreciate help with the following points:
1. How can I detect if my application is affected by a Next.js / React vulnerability?
- Are there recommended tools or commands to scan for known vulnerabilities (e.g. CVEs)?
- Can this be done directly from the Plesk interface or via command line on Windows?
- Are there Plesk extensions or security scanners that can help identify vulnerable JavaScript dependencies?
2. How can I check the installed Next.js and React versions?
On a Windows Plesk server:
- Which files should I check to confirm the exact versions (e.g. package.json, package-lock.json, node_modules)?
- Are there recommended Node.js or npm commands to safely retrieve version information in a production environment?
Example:
- npm list next
- npm list react
Is this the correct and safe approach on a live Plesk-hosted site?
3. How should I update Next.js / React securely?
- What is the recommended upgrade path for Next.js and React on a Windows server?
- Should the update be performed locally and then redeployed, or directly on the server?
- Are there best practices to avoid downtime when updating JavaScript frameworks on Plesk?
4. Plesk & Windows-specific considerations
- Are there any Windows-specific limitations or known issues when running Next.js applications on Plesk?
- Does Plesk provide official guidance for securing Node.js applications against known vulnerabilities?
5. Logging and monitoring
- Where can I find logs related to Node.js / Next.js execution in Plesk on Windows?
- How can I monitor suspicious behavior that may indicate exploitation attempts?
Any best practices, documentation links, or real-world experiences would be greatly appreciated.
Thank you in advance for your support.
Best regards,
