The post “Cybersecurity is changing; We need new protection strategies” – Say CloudLinux (Imunify360) appeared first on Plesk.
The post #6 reasons why you need to update Plesk now appeared first on Plesk.
The cPanel backup system provides lots of flexibility, and one of its awesome features is the ability to create custom backup transports. In cPanel, a backup transport or destination is a method to move backups to a secondary/remote server for safe keeping. The custom backup transport feature allows you to specify a script which the backup system will pass arguments to; arguments common with uploading files in FTP, e.g. ‘put $filename’. Reading over the documentation, …
The following improvement has been made:
[*] Administrators can now set a server-wide limit on the number of scheduled backups that can be stored in one repository. The limits of all subscriptions and accounts are reduced to the server-wide value, if such a value is specified. The newly created subscriptions and accounts will have the specified limit by default. Users cannot set a greater limit than the server-wide one. (PPP-10831)
The following issues have been resolved:
[-] If users logged in using rsession, the Plesk interface language was English, even if these users previously selected another language in Interface Settings. (PPP-11069)
[-] (Linux) In Plesk 12.0, temporary backup files were stored in /tmp by default. This could cause the server not to respond if the size of backup files was bigger than the size of the directory. Temporary backup files are now stored in /usr/local/psa/PMM/tmp. (PPP-11008)
[-] (Linux) After the user had enabled the Atomic rule set for ModSecurity (web application firewall), ModSecurity (web application firewall) stopped working. (PPP-11007)
[-] Users could not restore the default DNS zone settings for domain aliases. The Restore the DNS Zone form did not appear. (PPP-10974)
[-] (Linux) Plesk installed on OpenVZ containers could not be configured after the upgrade to 12.0 because of the missing directory /dev/shm. (PPP-10830, PPPM-1655)
[-] (Linux) The Awstats statistics of the last day of the month was calculated incorrectly. (PPP-8850, PPPM-1486)
Plesk 12 preview w/ Fail2Ban, ModSecurity, WordPress Toolkit & Outgoing Antispam available: https://sp.parallelsnetwork.com/plesk-12-preview Tell us what you think!
Besides these groundbreaking features you can also play with mobile-ready UI for Power User and Customer views, latest version of Web Presence Builder with great new website designs among other features, granular restoration of backup files, and many other improvements. Your feedback can make all the difference, so let your voice be heard!
The following issues were resolved:
[-] Users could not add a CNAME record of a subdomain to the DNS zone of the main domain. ( PPPM-1009)
[-] IIS sites remained inactive after completion of server backup with the option “Suspend domains until backup task is completed”. (PPPM-718, PPPM-46)
[-] Users could not create a subscription for a domain name that coincided with the Plesk server’s host name. (PPPM-1462)
The following feature has been added:
[+] Backup signing. Panel signs backup files when they are downloaded or exported to external FTP repositories. The signature lets administrators distinguish trustworthy backups in the list of backups available for restoration. Learn more at http://kb.parallels.com/118188.
The following bug has been fixed:
[-] Panel did not display images in text widgets on websites that were reverted from a snapshot made on another domain. (142049, PPPM-992)
The following feature has been added:
[+] Backup signing. Panel signs backup files when they are downloaded or exported to external FTP repositories. The signature lets administrators distinguish trustworthy backups in the list of backups available for restoration. Learn more at http://kb.parallels.com/118188.
The following issues have been fixed:
[-] (Linux only) Panel displayed confusing error messages when restoring backups created by Panel 9.5.4. (69420)
[-] After upgrading from Plesk 8.x or 9.x, mail users of a customer’s subscription could access other subscriptions of the same customer. (72902)
[-] Panel sent summary reports (Home > Tools & Settings > Summary Report) by email in plain text although they were supposed to be HTML pages. (139652)
[-] Administrators could not include domain names in the files of the default virtual host template using the @domain_name@ variable. (140092)
[-] (Linux only) Administrators could not create more user accounts after a successful creation of a large number of accounts (over 3000) because the allowed memory size was exhausted. (140167)
[-] Panel failed to save personal FTP repository settings if users specified a Directory for backup files storage that starts with ‘/’. (140209)
[-] Resellers could set resource limits of their customer’s subscriptions so that these limits would exceed the limits of resources available to the resellers. (140389)
[-] Customers could change their Preferred domain even if they did not have the Domain management permission. (140480)
[-] (Linux only) When administrator ran vzpkg update on a Parallels Virtuozzo Container with Panel, the following error occurred: “Dependencies cannot be resolved”. (140610)
[-] (Linux only) Users could not delete wildcard subdomains with mail service switched on. (138504)
[-] (Linux only) Panel failed to update and upgrade if PHP from the Webtatic repository was installed on the server. (138635)
[-] Panel did not warn users that all website content will be removed when they switched their domains’ hosting type from Website hosting to Forwarding or No web hosting. (140731)
[-] Security improvements. (140797)
[-] (Linux only) The statistics utility failed to calculate statistics for additional domains and subdomains. (140746)
[-] (Linux only) Administrators could not retrieve additional Parallels Premium Antivirus license keys through the Panel GUI. (140803)
[-] (Linux only) Customers could not set the value of the max_execution_time PHP setting to 0. The following error occurred: “Template_Exception: Syntax error on line 64 of /etc/apache2/plesk.conf.d/vhosts/.conf: FcgidIOTimeout must be greater than 0”. (140849)
[-] (Windows only) Administrators were unable to create domains with international domain names by means of API RPC or command line utilities if the Panel mail server supported ‘mbox_quota’ or ‘total_mboxes_quota’ limits (for example, the IceWarp Merak mail server). (71958)
[-] (Windows only) Panel failed to migrate data from Plesk 8.x or 9.x if Apache was running on the source server. (91307)
[-] (Windows only) Panel incorrectly transferred DNS SRV records when transferring domains from Panel 10.4.4. (139162)
[-] (Windows only) Administrators could not switch on the option Always assign one application pool to each subscription on the Tools & Settings > IIS Application Pool > Global Settings page if there was at least one subscription with the Forwarding hosting type on the server. (140363)
[-] (Windows only) Panel failed to restore system users from backups if the users’ passwords contained the symbol ” (double quote). (140394)
[-] (Windows only) Additional administrators could not add mass email templates. Panel raised the error “500 – Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed.” (140478)
[-] (Windows only) When transferring data from another server, Panel failed to transfer mail content of mailboxes that had subfolders within the Inbox folder. (140616)
[-] (Windows only) The utility web_statistics_executor.exe stopped generating web statistics for all domains if an error occurred while processing a domain. (140717)
[-] (Windows only) Panel failed to migrate FTP accounts created for subdomains from Plesk 9.5. The following error occurred: “Unable to create FTP account: There are no available resources of this type (additional FTP accounts) left. Requested: 1; available: 0.” (140725)
6/18/2013 Houston, TX- cPanel, Inc. announces the impending release of cPanel & WHM software version 11.38. cPanel & WHM software release 11.38, is anticipated to move to the STABLE tier the week of June 24, 2013. This release offers significant improvements to SSL Management and Backups. It also provides enhancements …
6/10/2013 Houston, TX- cPanel, Inc. announces the release of cPanel & WHM software version 11.38. cPanel & WHM software release 11.38, which goes to the RELEASE tier today, offers significant improvements to SSL Management and Backups. It also provides enhancements to jail shell, email auto configuration, and more. Improved SSL …
5/7/2013 Houston, TX- cPanel, Inc. announces the release of cPanel & WHM software version 11.38. cPanel & WHM software release 11.38, which releases to the CURRENT tier today, offers significant improvements to SSL Management and Backups. It also provides enhancements to jail shell, email auto configuration, and more. Improved SSL …
[+] CentOS 6.4 support has been addded. There is know issue with switching between mail servers: http://kb.parallels.com/en/115779
The following bug has been fixed:
[-] Unable to backup subscription with application which contains apostrophe character in application parameter value. (98277)
[-] Custom error page to type ‘URL’, may cause wrong redirect (116078)
[-] Plesk does not report any readable error if hosting panel user is absent in database (81626)
[-] Parallels Premium Outbound Antispam license could not be applied (119721)
[-] Scheduled backups don’t run after upgrade to 11.0.9 (91080)
The following bug has been fixed:
[-] Unable to backup subscription with application which contains apostrophe character in application parameter value. (98277)
[-] Custom error page to type ‘URL’, may cause wrong redirect (116078)
[-] Plesk does not report any readable error if hosting panel user is absent in database (81626)
[-] Parallels Premium Outbound Antispam license could not be applied (119721)
[-] Scheduled backups don’t run after upgrade to 11.0.9 (91080)
(Oct 8) It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client. [More…]
The following bugs have been fixed:
[-] Panel users failed to send e-mail through qmail if the IPv6 support was turned off on the Panel server and turned on on the receiving server. The mail log /usr/local/psa/var/log/maillog contained the error "System_resources_temporarily_unavailable".
[-] Panel always used the /tmp directory for storing backup temporary files during the backup download regardless of the DUMP_TMP_D value in /etc/psa/psa.conf. Panel users got the error "No space left on device" when downloading their backups if there was not enough space on the disk used by /tmp.
[-] Panel users saw wrongly encoded messages on the password retrieval page if the Panel language was set to Russian.
[-] Administarators were unable to simultaneously run multiple restoration processes of the same backup file using the pleskrestore utility.
(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1
(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1
The following functionality has been added:
[+] Now there is able to exclude execution of statistics.exe from Daily Maintenance script if add registry key daily_script_statistics_disabled (REG_SZ) = true in HKLMSOFTWAREPLESKPSA ConfigConfig
The following bugs have been fixed:
[-] Forwarding does not work in Plesk installed on Windows 2008 on Parallels Virtuozzo Container
[-] Huge backup file is not transferred to the FTP repository because of timeout after 10 minutes
[-] Checkbox “Suspend domain until backup task is completed” is switched on by default on Backup Scheduling page
[-] DUMP_D is not treated as system directory by Plesk
[-] FTPmng.exe reconfigures all domains when unsuspending a single one
[-] There is unable to change hosting settings of any domain if backup task in progress, because websrvmng exclusively locks all ‘read’ commands
[-] File Manager: batch File Copy only copies the first selected directory
The following bug have been fixed:
[-] Domain has default SSL Certificate after backup restoring or migration
[-] plesksrv.exe may fails on high load
[-] HTTP traffic and web statistics are not calculated for IDN domains
[-] Migration fails if source server has primary network interface with inaccessible IP address
[-] websrvmng –reconfigure-all can’t restore Plesk Control Panel site on Windows 2008 R2
[-] Error “Version string portion was too short or too long” when backup clean server
[-] IIS logs for PleskControlPanel site stored only one day
[-] Wrong statistic calculating by Webalizer for domain with several aliases
The following bug have been fixed:
[-] Slow creating of configuration backup because APS creation utility is executed for each subscription.
[-] Client CLI is failed to create client with email used as login by existed hosting user.
Sometimes people like to make one cPanel account with multiple domains within it. With cPanel, this can make things difficult sometimes. There are a few things that would require your domain to be on its own cPanel account. Like in […] ↓ Read the rest of this entry…
The following bugs have been fixed:
Note about 2Gb files size limit at upload backup file using Panel UI has been added
Autoinstaller on windows hangs on at executing during upgrade
Multiple Cross-Site Scripting in Panel
Unexpected error is reported by websrvmng on adding already existed MIME type
Watchdog notifications doesn’t pass SPF handler
Plesk Service Team is pleased to introduce the Plesk Mass Migration Script.
The script is designed to allow providers migrating Plesk farm by an automated way.
Also, it does implement per-domain backup algorithm that reduces disk space usage and memory consumption.
Backups are very important to a website. If something should happen to the server, whether it be a hardware failure or breech of security, it is always good to have a copy or 2 to revert to. Backups can be […] ↓ Read the rest of this entry…
This tool for checking business logic issues and other possible problems after upgrade.
Following items were added:
– Inconsistency in “smb_settings” table could lead to errors during backup or migration
Following items have been improved:
[*] "Russian", "Dutch", "Japanese", "Chinese (China)", "Chinese (Taiwan)" locales have been updated.
[*] (Windows only) Has been improved diagnosis of backup/migrate errors when file ICSharpCode.SharpZipLib.dll is absent.
[*] (Windows only) Has been improved diagnosis of backup/migrate errors when file mscorwks.dll is absent.
Following bugs have been fixed:
[-] (Linux only) Added support of authorization method CRAM-MD5 for Courier-IMAP. Added possibility to disable PLAIN authorization method with command /usr/local/psa/admin/bin/pci_compliance_resolver –enable courier
[-] (Linux only) AWstats hangs during statistics calculation in daily maintenance script when you have more than 500 domains.
[-] /var/www/vhosts/skeleton.dom/conf/ directory has been ignored during new domains creation.
[-] (Windows only) Creation of domains and subdomains has been blocked if total amounts of domains and subdomains exceeds limit of Plesk license key.
[-] Glue records are not created in domain’s DNS zone for subdomain’s zone NS.
[-] Infinite redirection loop when you attempts to browse suspended subscription.
[-] (Windows only) DNS zones for new domains have not been created after upgrade to Parallels Plesk Panel 10.4.4.
[-] (Linux only) psa-pc-remote process overloads the CPU
[-] (Linux only) Sending emails from Apple mail clients (Mac/iPhone) doesn’t work for Qmail MTA.
[-] Serial number in the SOA record for the domain is not changed on subdomain creation.
[-] (Linux only) statistics_collector hangs forever trying to write "someuser: cannot find domain for user" to a pipe.
[-] (Linux only) Weekly maintenance script failed with exception from quotacheck_wrapper.sh
44 queries. 7.5 mb Memory usage. 0.417 seconds.