Important Plesk Obsidian Releases

[dash]

Hi all,

We are excited to release the anniversary edition Plesk Obsidian 18.0.70! Huge thanks to all our loyal customers! To celebrate, we have added a little gift. Want some fun? Just type DISCO on your Plesk screen. Let’s dance!
Release Notes: Plesk Obsidian 18.0.70

Panel and Hosting improvements​

Improved protections against brute-force and DDoS attacks on your Plesk server by rate-limiting login attempts.
The protection is enabled by default, to configure it, use the following options in panel.ini file:

[security]
bruteforceProtection.enabled ; Enables or disables brute force protection.
bruteforceProtection.rateLimit ; The number of failed access attempts allowed by an IP address.
bruteforceProtection.rateLimitPeriod ; The rate limit period in seconds.

(Plesk for Windows) Added a new 'components' CLI utility to allow users to manage server components. To see help on the utility usage, run the following command:

plesk bin components --help

Updated Plesk images on Microsoft Azure, Google Cloud, DigitalOcean, Amazon Web Services (including Amazon Lightsail) from Ubuntu 22.04 to Ubuntu 24.04 LTS. See more information about available Plesk cloud images.

Small Improvements​

Added the ability to resize interfaces and the installer up to 200% larger to improve accessibility.

Limited how many of tasks the Task Manager can query at one time and moved task cleanup jobs into batches to reduce CPU and RAM usage on high-load servers. This improves overall server performance. Also added debug messages for all Task Manager API operations.

Improved Plesk QCOW2 images to take up less disk space on installation, scale more effectively with more storage, and contain security and packaging updates.

Users can now configure the backup validation period by adding lines of the following pattern to the panel.ini file:

[pmm]
backupsValidationPeriod = 7 ;The backup validation period, in days.

Note: Backup validation can be cancelled by setting backupsValidationPeriod to 0.

(Plesk for Linux) Plesk now installs with a default secure TLS configuration.

(Plesk for Linux) It is no longer possible to bypass the default PHP performance settings in PHP-FPM handlers using the .user.ini settings file or the PHP ini_set() command. The default PHP performance settings should be optimal for most websites, and changing the settings could impact the websites’ performance.

Deployment changes, deprecations, and removals​

• (Plesk for Windows) Plesk removed support for BIND DNS due to security and maintenance risks.
  Note: If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Plesk Obsidian Stability​

• Dozens of Bug fixes based on our customer's reports.

Security and Third-party Components updates and drops​

Plesk continues to deliver fresh and modern versions of supplied and supported third-party software.
We strongly recommend staying up2date with Plesk!

Linux​

• Updated ModSecurity to version 2.9.9 to fix the CVE-2025-47947 vulnerability.
• Upgraded the sw-engine PHP version to 8.4.6.
• Updated the courier-unicode version to 2.3.2.
• Updated the courier-imap version to 5.2.11.
• Updated the courier-authlib version to 0.72.4.
• Updated the libarchive version to 2.3.2.

Windows​

• Updated ASP.NET Core 9.0 to version 9.0.5.
• Updated ASP.NET Core 8.0 to version 8.0.16.
• Upgraded the plesk-engine PHP version to 8.4.7.
• Updated the OWASP ModSecurity CRS version to 4.14.0.
• Updated MailEnable Standard to version 10.52.
• Updated Node.js to version 20.19.2.

 

[dash]

Hi all,
I'm glad to inform you that Plesk Obsidian 18.0.71 is Available!
Release Notes: Plesk Obsidian 18.0.71

Highlights for the current build​

Panel and Hosting improvements​

Improved server-wide settings Migration
A set of improvements in the Migrator simplifies server migration. The interface now allows you to additionally select automatic installation of extensions on the target server, migration of mail settings, and the administrator profile. We will continue to enhance the server/VPS migration flow in the future.

Enabling HTTP/3 on a per-site basis
On Plesk Obsidian servers with HTTP/3 support enabled, it is now possible to enable or disable HTTP/3 support on a per-site basis. The “HTTP/3 support” checkbox can be found on any domain’s “Apache & nginx” page.

Improved the Restricted Mode feature
It is now possible to restrict the visibility of the following features in the interface:

• phpMyAdmin management, Mail bounce controls, Hostname management, Customize Plesk URL, Allow local FTP backups, Website Log Check, Forum, Help Center. In addition, the Support SSH Access, Advisor, Repair Kit, Log Browser, and Webserver Configurations Troubleshooter options restrict access to the corresponding extensions by hiding all related UI elements and restricting access via the URL.

Small Improvements​

Added the following improvements to the SSL It! extension:

• The extension now offers the option to secure the “mail” subdomain (for example, “mail.example.com”) when issuing an SSL/TLS certificate for domains with physical hosting (the “Website” and “Forwarding” hosting types).
• Components that cannot be secured under the current configuration will not appear in the list of components to secure, even if they were secured previously.
• The “Autorenew” feature no longer leaves an order unprocessed when a suitable certificate from storage is successfully assigned to the domain.

The ability to upgrade MariaDB to version 11.4 via the Plesk GUI is now enabled on all Plesk Obsidian servers.

(Plesk for Linux) mod_sftp is now shipped as a part of the Plesk proftpd package as a shared module. Users can now manually configure their SFTP access. The ability to configure it via the Plesk interface will be introduced in future Plesk releases.

Added instructions to the mail helper on how to connect the Outlook for Microsoft 365 mail client.

Removing a domain in Plesk no longer triggers updating its DNS zone.

Made Plesk Installer more accessible by adding clearly visible focus indicators and making sure that Installer can be operated via keyboard only.

Deprecated and Removed Items​

• Plesk UserVoice will be deprecated by October 2025. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform, Plesk Productboard. To continue sharing your ideas and feedback, visit features.plesk.com.
• A number of APS applications have been deprecated and removed from the Plesk APS catalog. They are no longer available for installation from the APS catalog. Already installed applications are not affected.
  You can still install applications from the list using their official installation documentation.
• The following SDK functionality was deprecated in Plesk Obsidian 18.0.69: implementation of the EventListener interface without the filterActions method. Starting from Plesk Obsidian 18.0.71, it will be mandatory to implement the filterActions method of the EventListener interface. See more details.

Plesk Obsidian Stability​

• Dozens of Bug fixes based on our customer's reports.

Security and Third-party Components updates and drops​

Plesk continues to deliver fresh and modern versions of supplied and supported third-party software.
We strongly recommend staying up2date with Plesk!

Linux​

• Updated nginx to version 1.28.0.
• Updated msmtp to version 1.8.30.
• Updated Roundcube to version 1.6.11.
• Updated OWASP ModSecurity CRS to version to 4.15.0.
• Updated Phusion Passenger to version 6.0.27.
• Updated libcurl to version 8.14.1.
• Updated libarchive to version to 3.8.0.
• Updated nghttp2 to version 1.65.0.
• Updated Sophos Anti-Virus engine to version 3.94.3.

Windows​

• Updated ASP.NET Core 9.0 to version 9.0.6.
• Updated ASP.NET Core 8.0 to version 8.0.17.
• Updated Python to version 3.13.4.
• Updated libcurl to version 8.14.1.
• Updated PHP used by plesk-engine to version 8.4.8.
• Updated MariaDB for the Plesk database to version 11.4.7 (on Windows Server 2019 and later).
• Updated MariaDB for the Plesk database to version 10.11.13 (on Windows Server 2016).
• Updated MariaDB 11.4 to version 11.4.7.
• Updated MariaDB 10.11 to version 10.11.13.
• Updated MariaDB 10.6 to version 10.6.22.
• Updated MariaDB 10.5 to version 10.5.29.
• Updated Microsoft Graph SDK to version 2.x.