PFSI-61276 security fix

Follow

Comments

6 comments

  • Avatar
    R Broersma

    This security issue is not mentioned in the Plesk ChangeLog. Is this issue fixed in the current latest version? 17.8.11 update 49?

     

  • Avatar
    Denis Bykov

    @R Broersma

    I added the list of versions which are confirmed to have the issue fixed. Using those or newer update versions guarantees that Plesk installation is not affected.

  • Avatar
    Jeff Hanes

    Is it sure that older Plesk versions (10.x, 11.x and 11.5.x) are not affected?

  • Avatar
    Ivan Postnikov

    Hi @Jef,

    While investigating a vulnerability, the development team responsible for security does not check if unsupported (including EoLed) Plesk versions are affected by the vulnerability or not.

    One should believe that a version becomes insecure as soon as it reaches the end of life (stops receiving security updates).

    So, in case you are still using EoL Plesk versions, the recommendation is to migrate domains on another server with supported Plesk version or upgrade Plesk in place if the used OS is supported by newer Plesk versions.

  • Avatar
    Jeff Hanes

    Hi Ivan, I see. Does Plesk Support Team undertake such upgrades (I mean paid upgrades) or at least would it support me if I upgrade to Plesk Onyx and I run into one or multiple issues? 

  • Avatar
    Ivan Postnikov

    Hello @Jeff,

    You may start an upgrade on your own and in case of an issue during the upgrade you may contact us directly or one of our partner (if Plesk license was purchased from them).

    The same for any other issues with all versions of Plesk Onyx.

    An upgrade may be also made for you on a paid basis by Plesk Professional Services

Please sign in to leave a comment.

Have more questions? Submit a request