Input Plesk Obsidian 18.0.59 - stable enough for live deployment?

[Hangover2]

Server operating system version

Debian 11

Plesk version and microupdate number

18.0.59

Hello,

I did open this thread to provide and get information, if the current Plesk Obsidian 18.0.59 release is stable enough to deploy it on live systems with hundreds of clients.
To make sure everything runs smoothly and risks are minimized we already have a 3-step roll-out plan, when Plesk releases new versions.
At the moment we are checking the new release only on our development servers (step 1), that are under heavy usage of our dev team.

Critical issues, that are blocking the upgrade for us:

[x] fixed in 18.0.59 #1 - PHP once again works correctly in password-protected directories. (PPPM-14334)

Problems / changes that need to be considered in the upgrade process besides the official changelog:

[x] As described in this Thread, the password protection for Nginx did not work at all for at least Plesk versions 18.0.57 and 18.0.58. As a side effect e.g. the backends of Shopware 6 systems did work without any trouble using the built-in password protected directories (just some extra rules for the Apache .htaccess file were needed). The backends of those websites will not work anymore after switching to 18.0.59 #1. You need to deactivate the protection in the Plesk hosting panel and include a proper user restriction via .htaccess rules.
[x] The missing password protection in the older versions under specific circumstances for static files and the source code file download bug in the 18.0.59 #0 release could also lead to a "Personal Data Breach". Depending on your server / business location you should check if you were maybe affected by it. According to Article 33 Para. 1 GDPR, the person responsible is obliged to report a “personal data breach” to the responsible data protection authority within 72 hours of becoming aware of the incident.

Feel free to share bugs or problems, that should be considered when upgrading to this new version of Plesk to make the life of our clients and so also our admin life more relaxed.
Thanks in advance to everyone who is contributing!

 

[Kaspar]

I consider 18.0.59 just as stable as any of the (recent) previous Plesk versions. But whether or not it is stable enough, would depend on how (and for what exact purpose) you use your server imo.

I am not a big fan of the fast paced monthly release cycle of Plesk. To avoid issues I've disabled automatic updates and only run those manually. I try to judge whether I want to update Plesk on my servers to a new version right before the next release is secluded based on issues reported here on the forums and whether a new version has new major changes or functionality added. Sometimes I skip a version. Not because I feel that Plesk is unstable, but because I don't feel confident enough that Plesk is able to deliver bug free updates. So to save my self from some hassle I run updates manually and sometimes skip new versions.

For example I skipped 18.0.57 because it enabled the Sitejet Builder, Node.js Toolkit, and Laravel Toolkit extensions by default (I wanted to wait see how that played out) and I skipped 18.0.58 because of the added support for ARC (I wasn't feeling comfortable that ARC support would work properly right out of the box). With the caveat that I had to live a little longer without the Postfix SMTP smuggling vulnerability fix (which I did address manually).

Plesk's track record for password protected directories is a bit questionable too. I feel the way password protected directories are implemented into Plesk is to fragile and prone to errors. As it relies on a database for storing authentication details (instead of just files) and because the authentication is configured in the domain's main web server configuration file. So any updates Plesk makes to the web server configuration template may cause password protected directories to break. (As it has done a couple of times in the past).

Now, it may look like I am hating on Plesk. I am not, I like Plesk. But it isn't all roses and rainbows.

Hope my insights helps you a little.

 

[Hangover2]

Hello @Kaspar , thanks for you annotations. The problem with the "bug free updates" we also see since over one year. In the past we did update our servers immediately - we did even activate the auto-updates option till we had some serious business incidents with our clients and broken systems or functionalities. Since then the auto-updates are a no go on our live systems. We wait at least for the first or second patch release. On top we added an extensive own testing procedure.

The new .59 release did bring 21 new features or feature improvements but only 13 fixed product issues. Those numbers are in some way disappointing. We would like to have releases with 30 fixed product issues and 3 feature improvements. When we see the amount of open bugs here in the forum we would even love to have bug fix only releases for the next months.

But back to the topic. This thread shall help to decide, if the .59 release reached a safe level, to upgrade live servers without too much trouble. In our case with have 99% business clients. If we would have released the 18.0.59 #0 last week, our support ticket system would overheat.

With the patch of #1 and based on our own testing we are close to release this version to the first small live systems with low priority services or less clients.

But maybe some more forum users have already tested the new version and can tell about any tripping hazards.

And last but not least: we also like Plesk a lot. This thread shall only help to make it even better.

 

[Peter Debik]

@Hangover I'll take the idea "we would even love to have bug fix only releases for the next months." into a meeting and also suggest to bring back a "late adopter" version that once existed. You can vote for it here: https://plesk.uservoice.com/forums/...ns/48076007-bring-back-a-late-adopter-version

 

[Hangover2]

As feedback for anyone who did also wait with the rollout of this version. We did reach phase 3 by deploying 18.0.59 #2 to our live servers with hundreds of clients. So far all looks good. No negative feedback of clients in our ticket system.

 

[Bod]

As feedback for anyone who did also wait with the rollout of this version. We did reach phase 3 by deploying 18.0.59 #2 to our live servers with hundreds of clients. So far all looks good. No negative feedback of clients in our ticket system.

Thanks for the update...
I'm new to Plesk and currently moving sites to a staging area on a dev server running 18.0.59 #2 - your update is helpful