Important Plesk Obsidian Releases

[dash]

Hi all,

We are excited to release the anniversary edition Plesk Obsidian 18.0.70! Huge thanks to all our loyal customers! To celebrate, we have added a little gift. Want some fun? Just type DISCO on your Plesk screen. Let’s dance!
Release Notes: Plesk Obsidian 18.0.70

Panel and Hosting improvements​

Improved protections against brute-force and DDoS attacks on your Plesk server by rate-limiting login attempts.
The protection is enabled by default, to configure it, use the following options in panel.ini file:

[security]
bruteforceProtection.enabled ; Enables or disables brute force protection.
bruteforceProtection.rateLimit ; The number of failed access attempts allowed by an IP address.
bruteforceProtection.rateLimitPeriod ; The rate limit period in seconds.

(Plesk for Windows) Added a new 'components' CLI utility to allow users to manage server components. To see help on the utility usage, run the following command:

plesk bin components --help

Updated Plesk images on Microsoft Azure, Google Cloud, DigitalOcean, Amazon Web Services (including Amazon Lightsail) from Ubuntu 22.04 to Ubuntu 24.04 LTS. See more information about available Plesk cloud images.

Small Improvements​

Added the ability to resize interfaces and the installer up to 200% larger to improve accessibility.

Limited how many of tasks the Task Manager can query at one time and moved task cleanup jobs into batches to reduce CPU and RAM usage on high-load servers. This improves overall server performance. Also added debug messages for all Task Manager API operations.

Improved Plesk QCOW2 images to take up less disk space on installation, scale more effectively with more storage, and contain security and packaging updates.

Users can now configure the backup validation period by adding lines of the following pattern to the panel.ini file:

[pmm]
backupsValidationPeriod = 7 ;The backup validation period, in days.

Note: Backup validation can be cancelled by setting backupsValidationPeriod to 0.

(Plesk for Linux) Plesk now installs with a default secure TLS configuration.

(Plesk for Linux) It is no longer possible to bypass the default PHP performance settings in PHP-FPM handlers using the .user.ini settings file or the PHP ini_set() command. The default PHP performance settings should be optimal for most websites, and changing the settings could impact the websites’ performance.

Deployment changes, deprecations, and removals​

• (Plesk for Windows) Plesk removed support for BIND DNS due to security and maintenance risks.
  Note: If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Plesk Obsidian Stability​

• Dozens of Bug fixes based on our customer's reports.

Security and Third-party Components updates and drops​

Plesk continues to deliver fresh and modern versions of supplied and supported third-party software.
We strongly recommend staying up2date with Plesk!

Linux​

• Updated ModSecurity to version 2.9.9 to fix the CVE-2025-47947 vulnerability.
• Upgraded the sw-engine PHP version to 8.4.6.
• Updated the courier-unicode version to 2.3.2.
• Updated the courier-imap version to 5.2.11.
• Updated the courier-authlib version to 0.72.4.
• Updated the libarchive version to 2.3.2.

Windows​

• Updated ASP.NET Core 9.0 to version 9.0.5.
• Updated ASP.NET Core 8.0 to version 8.0.16.
• Upgraded the plesk-engine PHP version to 8.4.7.
• Updated the OWASP ModSecurity CRS version to 4.14.0.
• Updated MailEnable Standard to version 10.52.
• Updated Node.js to version 20.19.2.

 

[dash]

Hi all,
I'm glad to inform you that Plesk Obsidian 18.0.71 is Available!
Release Notes: Plesk Obsidian 18.0.71

Highlights for the current build​

Panel and Hosting improvements​

Improved server-wide settings Migration
A set of improvements in the Migrator simplifies server migration. The interface now allows you to additionally select automatic installation of extensions on the target server, migration of mail settings, and the administrator profile. We will continue to enhance the server/VPS migration flow in the future.

Enabling HTTP/3 on a per-site basis
On Plesk Obsidian servers with HTTP/3 support enabled, it is now possible to enable or disable HTTP/3 support on a per-site basis. The “HTTP/3 support” checkbox can be found on any domain’s “Apache & nginx” page.

Improved the Restricted Mode feature
It is now possible to restrict the visibility of the following features in the interface:

• phpMyAdmin management, Mail bounce controls, Hostname management, Customize Plesk URL, Allow local FTP backups, Website Log Check, Forum, Help Center. In addition, the Support SSH Access, Advisor, Repair Kit, Log Browser, and Webserver Configurations Troubleshooter options restrict access to the corresponding extensions by hiding all related UI elements and restricting access via the URL.

Small Improvements​

Added the following improvements to the SSL It! extension:

• The extension now offers the option to secure the “mail” subdomain (for example, “mail.example.com”) when issuing an SSL/TLS certificate for domains with physical hosting (the “Website” and “Forwarding” hosting types).
• Components that cannot be secured under the current configuration will not appear in the list of components to secure, even if they were secured previously.
• The “Autorenew” feature no longer leaves an order unprocessed when a suitable certificate from storage is successfully assigned to the domain.

The ability to upgrade MariaDB to version 11.4 via the Plesk GUI is now enabled on all Plesk Obsidian servers.

(Plesk for Linux) mod_sftp is now shipped as a part of the Plesk proftpd package as a shared module. Users can now manually configure their SFTP access. The ability to configure it via the Plesk interface will be introduced in future Plesk releases.

Added instructions to the mail helper on how to connect the Outlook for Microsoft 365 mail client.

Removing a domain in Plesk no longer triggers updating its DNS zone.

Made Plesk Installer more accessible by adding clearly visible focus indicators and making sure that Installer can be operated via keyboard only.

Deprecated and Removed Items​

• Plesk UserVoice will be deprecated by October 2025. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform, Plesk Productboard. To continue sharing your ideas and feedback, visit features.plesk.com.
• A number of APS applications have been deprecated and removed from the Plesk APS catalog. They are no longer available for installation from the APS catalog. Already installed applications are not affected.
  You can still install applications from the list using their official installation documentation.
• The following SDK functionality was deprecated in Plesk Obsidian 18.0.69: implementation of the EventListener interface without the filterActions method. Starting from Plesk Obsidian 18.0.71, it will be mandatory to implement the filterActions method of the EventListener interface. See more details.

Plesk Obsidian Stability​

• Dozens of Bug fixes based on our customer's reports.

Security and Third-party Components updates and drops​

Plesk continues to deliver fresh and modern versions of supplied and supported third-party software.
We strongly recommend staying up2date with Plesk!

Linux​

• Updated nginx to version 1.28.0.
• Updated msmtp to version 1.8.30.
• Updated Roundcube to version 1.6.11.
• Updated OWASP ModSecurity CRS to version to 4.15.0.
• Updated Phusion Passenger to version 6.0.27.
• Updated libcurl to version 8.14.1.
• Updated libarchive to version to 3.8.0.
• Updated nghttp2 to version 1.65.0.
• Updated Sophos Anti-Virus engine to version 3.94.3.

Windows​

• Updated ASP.NET Core 9.0 to version 9.0.6.
• Updated ASP.NET Core 8.0 to version 8.0.17.
• Updated Python to version 3.13.4.
• Updated libcurl to version 8.14.1.
• Updated PHP used by plesk-engine to version 8.4.8.
• Updated MariaDB for the Plesk database to version 11.4.7 (on Windows Server 2019 and later).
• Updated MariaDB for the Plesk database to version 10.11.13 (on Windows Server 2016).
• Updated MariaDB 11.4 to version 11.4.7.
• Updated MariaDB 10.11 to version 10.11.13.
• Updated MariaDB 10.6 to version 10.6.22.
• Updated MariaDB 10.5 to version 10.5.29.
• Updated Microsoft Graph SDK to version 2.x.

 

[dash]

Hi all,
I'm glad to inform you that Plesk Obsidian 18.0.72 is Available!
Release Notes: Plesk Obsidian 18.0.72

Check out all highlights for Plesk Obsidian's key features and major benefits, helping you gain a deeper understanding of our product: What's New in Plesk Obsidian

Highlights for the current build​

Panel and Hosting improvements​

AI-Powered Website Creation
We are excited to introduce the Sitejet AI Website Generator. This new feature allows you to build websites in a matter of seconds by giving the built-in AI tool information about your business or organization. The Sitejet AI Website Generator creates clean, responsive websites that you can edit and launch from an integrated panel in the Sitejet Builder extension.

AlmaLinux 10 Support by Plesk
The new version AlmaLinux OS 10 has been declared Stable since June 2025, with security support until 2035 — an excellent choice for a long and secure server lifecycle. We recommend always using the latest versions for new installations. Check details here.

Hashing for mail account passwords
You now have the option to use hashing for mail account passwords instead of symmetric encryption. Learn how to enable mail password hashing.
To remove the ability to switch between password hashing and symmetric encryption from the Plesk interface, add the following lines to the panel.ini file:

[passwordManagement]features.allowEmailPasswordHashing = false

Changed File Editor in Plesk
The Jodit Editor has replaced the SPAW editor in File Manager. Jodit is a full-page WYSIWYG HTML editor that provides a broad set of text formatting, styling, and alignment tools for visual editing.
Note: This version of Jodit was provided as a BETA version due to a number of limitations that will be fixed in an upcoming version.

Deployment changes​

Extended Lifecycle Support (ELS) support for Ubuntu 20.04 is now available until December 31, 2027 (vendor EOL date - April 2025). Plesk will continue to release updates and provide technical support for Ubuntu 20.04 beyond the vendor EOL date until the date specified.
Supporting EOL operating systems incurs additional development and maintenance costs, so taking advantage of this offer will cost extra since January 01, 2026.
We strongly recommend to check all details regarding ELS in the Plesk FAQ and scheduling a dist-upgrade or migration to a modern OS.

PHP 8.4 is now part of the Recommended preset, and it is also the default version for Service Plans. PHP 8.1 is no longer a part of the Recommended preset.

(Plesk for Windows) You can now perform in-place upgrades from Windows Server 2019 to Windows Server 2025. To avoid OS-specific issues, we strongly recommend that you take a server snapshot before you perform an upgrade.

The Plesk Alibaba Cloud platforms now run on Ubuntu 24.04. Previously, they ran on Ubuntu 22.04.

Small Improvements​

(Plesk for Linux) On Plesk Obsidian servers with HTTP/3 support enabled, you can now enable or disable HTTP/3 support server-wide via the “HTTP/3 support” checkbox on the “Tools & Settings” > “Apache & Nginx Settings” page.

Plesk Backup and Migrator can now back up, restore, and migrate admin aliases.

A deployment-progress window now appears for the Plesk customer user in the Laravel Toolkit application.

Removing a domain in Plesk no longer triggers updating its DNS zone.

Made Plesk Installer more accessible by adding clearly visible focus indicators and making sure that Installer can be operated via keyboard only.

Deprecated and Removed Items​

• Plesk UserVoice will be deprecated by October 2025. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform, Plesk Productboard. To continue sharing your ideas and feedback, visit features.plesk.com.

Plesk Obsidian Stability​

• Dozens of Bug fixes based on our customer's reports.

Security and Third-party Components updates and drops​

Plesk continues to deliver fresh and modern versions of supplied and supported third-party software.

We strongly recommend staying up2date with Plesk!

Linux​

• Updated ModSecurity® to version 2.9.12.
• Updated mariadb-connector-odbc to version 3.2.6.
• Updated the PEAR Archive_Tar module to version 1.6.0.
• Updated libwebp to version 1.6.0 for PHP versions 8.1-8.4.
• Updated PostgreSQL to version 17.5.
• Updated Sophos to version 3.95.0.
• Updated the Golang compiler to version 1.24.5.

Windows​

• Updated ModSecurity to version 2.9.12.
• Updated plesk-engine and sw-engine PHP to version 8.4.11.
• Updated SQLite to version 3.50.3.
• Updated Git™ for Windows to version 2.50.1.
• Updated MailEnable Standard to version 10.53.
• Updated Node.js to version 22.17.1 and made it the default Node.js version.
• Removed Node.js version 18. If Node.js version 18 is already installed, it will be marked as outdated in the Plesk installer.
• Updated the Dr.Web MSM module to version 12.0.1.