• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Why did the security update for webp come so late from plesk?

Azurel

Azurel

Silver Pleskian
Server operating system version
AlmaLinux 8.8 (Sapphire Caracal)
Plesk version and microupdate number
18.0.56 Update 2
There was a lot in the media that the image format Webp has a security vulnerability that affects virtually everyone (browser, apps, servers) who uses Webp. Since mid-September there are also various bug fixes for this, also for libwebp. Maybe I missed something, but why is this important update at Plesk more than a month late (see plesk changelog), although the bugfix already existed?

It would be interesting and important to know how quickly Plesk reacts to such security problems. Seems to me now for the time being extremely slow, about a month to leave the server with the security gap.
 
The server part of this particular vulnerability mainly concerns the libwebp package. Which isn't managed by Plesk, but by the OS vendors. So the OS vendors (Ubuntu, RHEL, ect) are distributing the updates that fixes this vulnerability. Hence it is not listed in the Plesk change log. If your server is up to date, then the issue is probably already solved on your server.
 
Last edited:
You are right. Libwebp does get distributed by Plesk.
 
Last edited by a moderator:
Wrong forum? I am still interested in an answer. Am I the only one who finds it strange that such an important security fix comes so late?
 
@Azural Your question is not a question, it is a critical statement that you are dissatisified that this in your opinion critical security update was not delivered fast enough. No matter what the answer to your question is, it makes absolutely no difference, because your intention with this thread is not to get an answer, your intention is to stir up public critique and to involve others to confirm your opinion. The sole purpose of the question are to be an ego shooter and to create a negative image of Plesk. Anyone who reads the headline of this thread is already framed to the thought that Plesk developers are slow, don't care for users etc. Which is not true, but the way your critique is presented leave uninformed users no choice but to follow this path of thinking.

For that reason I do not intend to answer your question.

It's not a question, it is a statement, and I do not like this way. Your critique has been heard, but please do not expect my sympathy for the the way it has been presented. The way this update was done was perfectly right and timely. Did you experience any negative impact on your systems? No. So what is the point?

Here is a popular story that comes to my mind when I see threads like this one:

A math professor wrote the following on the blackboard:
9x 1= 9
9x 2=18
9x 3=27
9x 4=36
9x 5=45
9x 6=54
9x 7=63
9x 8=72
9x 9=81
9×10=91

Many taunts were made in the lecture hall because the professor had made a mistake.
9×10=91!
The whole room laughed at him. The professor waited until everyone was quiet again, then he said:

"This is how you are seen in the world. I made that mistake on purpose to show you how the world behaves in the face of a single mistake. None of you congratulated me for doing everything right nine times and being right.
None who saw you do the right thing and praised you for it. But all the people hurt you, blasphemed you and humiliated you because you were wrong just once. That's life! We have to learn to appreciate people for "their successes".
There are people who do much more that is right than wrong, and - end up being judged by one mistake, - and are not judged by the other nine hits. That works for all of us. More praise and less criticism. More love and affection and less hate and cruelty. Let's learn to appreciate each other instead of destroying each other."
 
How/where else should I ask this question? Just silently accept it?

Instead of accusing me of such nonsense, please tell me how the issue is being resolved. I use Plesk and love it for its simplicity, but when such important security fixes come so late, I'm legitimately worried for several reasons and would have liked to have them allayed.
 
You must log in or register to reply here.

Similar threads

E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
E
5 Excellent WordPress Backup Solutions
Replies
14
Views
4K
MiAn
M
L
Migrate to Plesk on AWS from Plesk, cPanel or DirectAdmin
Replies
0
Views
5K
Lukas Hertig
L
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
3K
Joerg Strotmann
J
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
3K
joerg
J
Back
Top