Ike.ninja

What’s Changed

[*] Major security enhancements.

Plesk Panel 11.0.9 MU#13 for Linux and Windows – Security fixes – is available since September 6th, 2012 through the Parallels Autoinstaller.

Key features, the release introduces, are CentOS/RHEL 6 on service node, Plesk 10.x/11.x transfer to PPA, migration from Plesk Expand, upgrade from PPA Preview #4 as well as a few functional enhancements.

Plesk Automation team is pleased to introduce an improved Installation Script of the PPA. Thanks to all for feedback!

The 11.0.9 MU#9 update is recommended for all Plesk users and includes general functionality fixes that improve the stability, compatibility, and security of your Plesk server.
Parallels strongly recommends to ensure optimal server reliability and security to keep your operating system up to date as well as Plesk software.

The following bugs have been fixed:
[*] Minor security enhancements.
[-] PHP pages redirect to port 7080 or 7081 if Nginx is enabled.

The Plesk Service team is pleased to announce that Plesk 11.0 has entered into the Stable state. Thanks to all who helped us in identifying Plesk bugs and drawbacks.

To get Plesk 11.0 in Stable you have to install the 11.0.9 MU#8 (or later) which delivers more than 50 fixes in total.

Plesk Service Team is pleased to introduce you our new MicroUpdate #8 for Plesk 11 with CentOS 6.3 support

Plesk Service Team is pleased to introduce you Plesk 10.4.4 with CentOS/RedHat 6.3 support

Plesk Service Team is pleased to introduce to you our new MicroUpdate #41 for Plesk 10.4.4.

Plesk Service Team is pleased to introduce to you our new MicroUpdate #41 for Plesk 10.4.4.

The following bugs have been fixed:
[-]  Panel users failed to send e-mail through qmail if the IPv6 support was turned off on the Panel server and turned on on the receiving server. The mail log /usr/local/psa/var/log/maillog contained the error "System_resources_temporarily_unavailable".
[-]  Panel always used the /tmp directory for storing backup temporary files during the backup download regardless of the DUMP_TMP_D value in /etc/psa/psa.conf. Panel users got the error "No space left on device" when downloading their backups if there was not enough space on the disk used by /tmp.
[-]  Panel users saw wrongly encoded messages on the password retrieval page if the Panel language was set to Russian.
[-]  Administarators were unable to simultaneously run multiple restoration processes of the same backup file using the pleskrestore utility.

PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 11.0.9 for Windows

[*] phpMyAdmin has been updated to version 3.4.10.2
[-] Includes functional fixes, stability improvements, and security updates – including for third-party products.

Parallels has become aware of yet unsubstantiated claims of a Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier. The goal of this communication is to make you aware of the situation.

Impact
Some recent vulnerability claims seem to be based on old vulnerabilities that already have been patched –but possibly where Passwords were not completely reset or where Customers changed back to old and vulnerable passwords.  We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated and we are unable to confirm this vulnerability and cannot confirm that this vulnerability is limited to any specific operating system.

As always, Parallels strongly recommends you to keep your software up-to date and upgrade to the latest version of Parallels Plesk Panel. Security has been one of the key areas of focus for Parallels Plesk Panel 11 released in June and we will diligently continue to work on security going forward.

We will update the article http://kb.parallels.com/114330 as we learn more.

The following bugs have been fixed:

[-] Password strength policy does not work for the admin on the initial setup page (112284)
[-] Migrating of single subscription from Plesk 10/11 to Plesk 11 end with error “Line 48 error: Element ‘template-item’: This element is not expected”.
[-] (Linux only) Mailbox can’t be created on Ubuntu 10.04 (112282)
[-] (Linux only) Reseller’s plans are not migrating to Plesk 11
[-] (Linux only) Web server switching from apache to apache with SNI fails because of wrong apr-devel package
[-] (Linux only) Error “Error: unable to open ‘/etc/httpd/conf/includes/errordocument.conf’: No such file or directory” messages appears after migration from cPanel
[-] (Linux only) Error “Error occurred during /bin/mkdir command.” messages appears at migration of protected directories from Plesk 9.5.4
[-] (Linux only) Maillists are not migrating from cPanel
[-] (Linux only) Anonymous FTP accounts are not migrating from cPanel
[-] (Linux only) Autoinstaller doesn’t treat repositories “cloudlinux-base”, “cloudlinux-updates”, “cloudlinux-x86_64-*”, cloudlinux-i386-*” as third-party repositories on CloudLinux and doesn’t warn user about absence of “base” and “updates” repositories if “cloudlinux-x86_64-*”, cloudlinux-i386-*” repositories are defined.