Hi everyone,
As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general.
In response to this security vulnerability we've released 3 updates:
Plesk 12.0 MU #88 - updates PHP packaged by Plesk team
Plesk 12.5 MU #41 - updates PHP packaged by Plesk team
Plesk 12.5 MU #42 - fixes the issues with IIS, FPM applications served by nginx and Plesk itself.
Apache updates have already been released by OS vendors, be sure to install them as well.
Obviously, we strongly recommend installing Plesk updates ASAP. We've also prepared a KB article that explains the vulnerability in details, explains how to update Apache, and, most importantly, lists the workarounds available for you if you cannot install the MUs. Here's the KB: https://kb.plesk.com/en/129391
Stay safe!
As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general.
In response to this security vulnerability we've released 3 updates:
Plesk 12.0 MU #88 - updates PHP packaged by Plesk team
Plesk 12.5 MU #41 - updates PHP packaged by Plesk team
Plesk 12.5 MU #42 - fixes the issues with IIS, FPM applications served by nginx and Plesk itself.
Apache updates have already been released by OS vendors, be sure to install them as well.
Obviously, we strongly recommend installing Plesk updates ASAP. We've also prepared a KB article that explains the vulnerability in details, explains how to update Apache, and, most importantly, lists the workarounds available for you if you cannot install the MUs. Here's the KB: https://kb.plesk.com/en/129391
Stay safe!