We have published Security Update #3 for Parallels Plesk Panel 9.3.0 that fixes PHP fasCGI vulnerability:
[-] An unauthenticated remote attacker being able to compromise the system and gain control over it security issues were resolved.
Parallels Plesk Panel 9.5.2 for CentOS/RHEL 5.5 is available for downloads and installation through Autoinstaller since 7th June.
Parallels Plesk Panel 9.5.2 is available for downloads and installation through Autoinstaller since 7th May.
Unix-specific change log:
1. [-] Migrating Java applications fails bug is fixed.
2. [-] In some cases after upgrade, the old version of Horde remains registered in Plesk when actually Horde was successfully upgraded bug is fixed.
3. [-] Impossible to change mail account password from Horde webmail interface bug is fixed.
4. [-] After upgrade, Horde stops accepting short usernames (without the “@doman” part) bug is fixed.
5. [-] After upgrade, Horde Kronolith calendar works with errors and fails to create events bug is fixed.
6. [-] After upgrade, mobile browsers return the Not Found error when trying to access Horde webmail bug is fixed.
7. [-] Browser returns error when trying to access an Address Book on Horde webmail after upgrade bug is fixed.
8. [-] When migrating to CentOS 5 under Parallels Virtuozzo Containers, Migration Manager returns “internal server error” upon migration of some mail accounts, while the accounts seem to be migrated properly bug is fixed.
9. [-] Migration Manager reports that dump validation failed due to invalid value of the “enabled” attribute of mail redirects for some mail accounts where mail redirection is set up but disabled bug is fixed.
10. [-] When upgrading from Plesk versions earlier than 8.6, serial number of DNS zone was set to “0” bug is fixed.
11. [-] After migration from Plesk versions earlier than 8.6, site applications are not shown in the Panel if the APS package release on target host differs from that on the source while the app version is the same bug is fixed.
12. [-] After upgrade, installation of site applications fails on domains where files/folders permissions were set to wrong values bug is fixed.
Windows-specific change log:
1. [-] On Windows Server 2008, PHP handler for a virtual directory is automatically set to CGI even if PHP is set to run as FastCGI module on the domain level bug is fixed.
2. [-] PHP handler is changed from FastCGI to CGI automatically upon any actions with Web Directories in Plesk bug is fixed.
3. [-] Migration Manager reports that dump validation failed due to invalid value of the “enabled” attribute of mail redirects for some mail accounts where mail redirection is set up but disabled bug is fixed.
50 queries. 8.75 mb Memory usage. 0.267 seconds.