[releasenotice] Plesk Panel 8.6.0 MU#1 for Linux – security fixes – is available since June 23, 2011 through the Autoinstaller
[-] Horde XSS injection
[-] Multiple XSS vulnerabilities in Plesk Panel
Archive for Plesk
[releasenotice] Plesk Panel 9.3.0 MU#10 for Linux – security fixes – is available since June 22, 2011 through the Autoinstaller
[-] Horde XSS injection
[-] Multiple XSS vulnerabilities in Plesk Panel
Plesk Panel 10.0.1 MU#7 for Linux and Windows – security fixes – is available since June 9, 2011 through the Autoinstaller
[-] phpMyAdmin XSS vulnerability http://www.securityfocus.com/bid/47945/info.
[-] SQL injection at subscription’s owner changing in Plesk Panel.
[-] Horde XSS injection.
[-] Multiple XSS vulnerabilities in Plesk Panel.
[-] sw-cp-server can be crashed by client certificate.
Plesk Panel 10.1.1 MU#15 for Linux and Windows – security fixes – is available since June 9, 2011 through the Autoinstaller
[-] phpMyAdmin XSS vulnerability http://www.securityfocus.com/bid/47945/info.
[-] SQL injection at subscription’s owner changing in Plesk Panel.
[-] Horde XSS injection.
[-] Multiple XSS vulnerabilities in Plesk Panel.
[-] sw-cp-server can be crashed by client certificate.
Plesk Panel 10.2 EZ templates for SuSE 11.4 – is available since May 26, 2011
major
http://download1.parallels.com/Plesk/PP10/10.2.0/SuSE11.4/vztemplates/pp10-suse-11.4-x86-ez.tar.gz
http://download1.parallels.com/Plesk/PP10/10.2.0/SuSE11.4/vztemplates/pp10-suse-11.4-x86_64-ez.tar.gz
fixed
http://download1.parallels.com/Plesk/PP10/10.2.0/SuSE11.4/vztemplates/pp10.2.0-suse-11.4-x86-ez.tar.gz
http://download1.parallels.com/Plesk/PP10/10.2.0/SuSE11.4/vztemplates/pp10.2.0-suse-11.4-x86_64-ez.tar.gz
Plesk Panel 10.2 MU#2 for Linux and Windows – Product functional fixes – is available since Apr 14, 2011 through the Autoinstaller
[-] The coupon usage count did not increase if the coupon was applied in online stores.
[-] The form for entering SSL certificate details was not displayed in online stores if a customer ordered a domain name first, then clicked to continue shopping, and finally added an SSL certificate to the order.
[-] Customers failed to apply coupons with the percentage discount to add-ons in cart; instead of a store page, Business Manager displayed the “Store temporary unavailable” page.
[-] Fixed taxes were displayed as applied twice in online stores.
[-] The ordering procedure was successfully completed for customers with prohibited e-mail addresses even if the option “Deny subscriptions from ‘free’ e-mail addresses” was selected.
[-] The e-mail that informed a customer to provide additional details for SSL certificate issuing was sent only once.
[-] The header layout in online store was broken under Internet Explorer 7.
[-] The “State” field in the contact information form was required to fill in online stores even for countries that did not have states.
[-] Custom questions were not displayed in online stores.
[-] Customers could skip attaching add-ons even if the “None”option in the add-ons list was unavailable.
[-] The form for entering domain contacts information was not displayed if a customer added a new domain name from the order confirmation page.
[-] All hosting plans were marked as “Not for sale” if the only accepted way to add domain names was the domain transfer.
Plesk Panel 9.5.4 for RedHat Enterprise Linux 6.0 – is available through the Autoinstaller.
http://www.parallels.com/download/plesk9/#redhat
[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02
[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02
[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02
[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02
[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02
Parallels Plesk Panel 10.2 is now available for downloads and through Autoinstaller.
http://download1.parallels.com/Plesk/PP10/10.2.0/release-notes/parallels-plesk-panel-10.2.0-for-linux-based-os.html
http://download1.parallels.com/Plesk/PP10/10.2.0/release-notes/parallels-plesk-panel-10.2.0-for-windows-based-os.html
http://www.parallels.com/download/plesk10.2/
http://www.parallels.com/download/plesk/products/
http://www.parallels.com/products/plesk/requirements/
http://www.parallels.com/products/plesk/documentation/
Plesk Panel 10.1.1 MU#13 for Windows and Linux – Product functional fixes – is available since Mar 17, 2011 through the Autoinstaller.
[-] Custom log rotation settings were not applied when upgrading Panel from 9.5.3 to 10 (default Plesk 9.5.3 settings were set).
[-] The order of CSS files for Panel top and left frames is changed; now Panel loads layout.css first.
[-] (Only for Ubuntu 8.04 and 10.04) mysqld service failed to stop after changing the administrator’s password by utility ch_admin_passwd.
[-] Panel users failed to recover their password with error PleskPermissionDeniedException.
[-] Unable to rename domains after mail data location was changed by Plesk Reconfigurator utility.
Plesk Panel 10.0.1 MU#5 for Windows – Product functional fixes – is available since Mar 16, 2011 through the Autoinstaller.
The update delivers next bug fixes:
[-] Fixed problem with upgrade from 10.0.1 to 10.1.1
[-] Fixed problem with log files rotation
[-] Fixed problem with calculating statistics for domain if same domain with "www" prefix
Plesk Panel 10.1.1 MU#12 – Product functional fixes – is available since Mar 10, 2011 through the Autoinstaller.
The update delivers next bug fixes:
[-] phpMyAdmin works incorrectly on Plesk for Windows with MSSQL selected as a Panel DB provider
[-] At changing password via Horde’s GUI it doesn’t synchronized with plesk’s user
[-] System user(FTP user) name on Plesk for Windows account cannot contains dots
[-] Unable to change password via Horde’s GUI
Plesk Panel 10.1.1 MU#11 – Product functional fixes – is available since Mar 4, 2011 through the Autoinstaller.
The update delivers following bug fixes:
[-] Underscore not accepted in DNS TXT records
[-] Plesk breaks Windows Firewall rules on Windows 2008
Plesk Panel 10.1.1 MU#4 – Product functional fixes – is available since Feb 24, 2011 through the Autoinstaller.
The update delivers following bug fixes:
[-] Application Catalog displayed button Buy Now next to free applications .
[-] It was impossible to confirm EULA through CLI utility init_conf, option -license_agreed.
[-] Application Catalog displayed button Buy Now next to free non-APS applications.
[-] Backups of mobile websites were corrupted.
[-] The Panel failed to display page Settings > Manage Firewall if several firewall profiles were active.
[-] The Panel failed to display the Health Monitor page if the server had 16 CPUs or more.
[-] Firewall rules that target all ports were not recognized.
[-] Services Management page displayed an alarm when the Internet Connection Sharing service was stopped (and disabled).