Hello Hostasaurus.Com. Thank you so much for your reply.
Yes, we should provide compatibility list. Will do.
OK. We are going to sart using native package manager (yum) on CentOS, RHEL and Fedora.
OK. Got you.
It does not matter "why". It's obvious that it was a mistake. Will fix.
1) First and foremost, Parallels has no compatibility list that I've ever seen other than the base operating system name and version, such as CentOS 5, RedHat Enterprise 4. Are you saying one exists that actually states "Plesk Panel 9.x on RedHat Enterprise 5 REQUIRES OpenSSL RPM version 0.9.8e-12.el5_4.1 and will NOT function with version 0.9.8e-12.el5_4.6"? I doubt it does, but even if there were such a list, I would doubt it would be updated quickly enough for server operators to sit around on a known security issue waiting for someone from Parallels to tell us if we can patch our servers.
Yes, we should provide compatibility list. Will do.
2) Because in the past this has not been an issue, which is why Plesk 8.x runs just fine with the new OpenSSL patch. It's only the poorly written version 9.x that has an issue with a minor version change. In fact, the whole point of using an operating system like RedHat Enterprise is because they keep the major version the same and apply later patches to software into their stable version so that compatibility issues are minimized. Of course, if Parallels hard codes Plesk Panel 9.x to expect and rely on a specific version, all the work of RedHat to keep things working is wasted.
OK. We are going to sart using native package manager (yum) on CentOS, RHEL and Fedora.
3) Because some of us have servers hosting customers' businesses, i.e. in many cases we host someone's sole form of income, they rely on us to keep their business running, we rely on RedHat to immediately release patches to issues that could jeopardize our customers' businesses, which a remotely exploitable ssl-related vulnerability could very well do. So when an update comes out for something the RedHat advises could *potentially* contain a remotely exploitable issue allowing the execution of arbitrary code, you better believe I'm going to apply the update whether Parallels says it's ok or not.
OK. Got you.
So, with that being said, can you answer me one little question; why is Plesk 9.x hard coded to a specific version of openssl when 8.x didn't seem to need that?
It does not matter "why". It's obvious that it was a mistake. Will fix.