Plesk Obsidian 18.0.74 Release

Plesk Obsidian 18.0.74 is here! This release brings powerful new features, improved security, and expanded platform support to ensure server management is smoother and safer than ever. 

What’s New? 

TuxCare Extended Lifecycle Support for PHP 

We’re excited to introduce TuxCare ELS for PHP. This extension provides extended security updates for older PHP versions directly from the Plesk UI. Now you can keep your websites secure even if they’re running outdated PHP, without complicated workarounds. 

Debian 13 “Trixie” Support 

Debian 13 is now supported! Use the Plesk Migrator to safely migrate your server to this latest version. However, some limitations apply, so please check the documentation for details. 

MariaDB 11.8 

Plesk now supports the latest MariaDB 11.8, ensuring better performance and stability for your databases. 

WP Toolkit 6.9 

Alongside the latest Plesk Obsidian update, we also rolled out WP Toolkit 6.9, bringing important improvements to WordPress management, security, and accessibility. 

Cross server backups 

Starting from WP Toolkit 6.9+, backups can now be restored across different servers and even platforms (from Plesk to cPanel, and vice versa). To restore a backup made on another domain or server: 

1. Create a new WordPress site on the target domain. 
2. Upload the backup. 
3. Make sure the Hide backups from other domains option is off. 
4. Find your backup in the list and restore it.  

WP Toolkit automatically updates relevant paths and URLs during the restoration process.  

Expanded OS support 

Official support has been added for Debian 12 and Debian 13 OSes. 

Improved usability and visibility 

As part of a gradual rollout, the Issues menu in the site card header has been reorganized into categories for easier navigation. 

As well as this, improved accessibility is now available across the interface. 

Faster, smarter security 

• Vulnerability protection rules and mitigation policies are now applied immediately in most cases instead of waiting for the hourly maintenance task. 
• These protections now also apply to ignored low-risk vulnerabilities. 
• Security enhancements throughout WP Toolkit. 

 Improved cloning and Redis support 

WP Toolkit now properly handles cloning and data copying for WordPress sites using the Redis Object Cache plugin. 

CLI updates 

The -password CLI option will be deprecated in WP Toolkit v6.10. 

Please use the ADMIN_PASSWORD environment variable instead. 

Stability and fixes 

• PHP file corruption can no longer break the WP Toolkit interface. 
• The “take over wp-cron.php” feature now works reliably even on servers with many WordPress sites. 
• Failed Smart Updates now correctly clean up their cloned installation files. 
• Plugins/themes with underscores in versions (outside of the main Version field) are now accepted. 
• Vulnerability database updates are more reliable. 
• Error log spam issues have been resolved. 

Feature Improvements in Plesk 

Extension updates 

The Extensions Catalog now shows links to vendors’ privacy policies. Also, the Docker extension now links to Container Settings documentation.  

As well as this, DNS Integration for Cloudflare now displays an informational message about a 5-minute auto-sync delay. 

Repair kit and migration enhancements:  

Restricted Mode permissions have been introduced. As well as this, the ability to migrate error documents on Plesk for Windows >= 18.0.74 is now available.  

It’s now possible to configure MySQL/MariaDB clients using system my.cnf/my.ini files or a custom /var/modules/panel-migrator/conf/my.cnf file for source panels other than Plesk. 

Further improvements 

• Faster Mail Searches: Dovecot now supports Apache Solr for large IMAP mailboxes in Plesk for Linux. 
• Accessibility: Several pages are now screen-reader friendly with semantic HTML and ARIA attributes. 
• Improved Security: Strengthened protection for mail-account passwords and AWStats. 
• Default Security Settings: New installations now prevent creating domains that resolve to other servers or fall into restricted lists. 
• ASP.NET Settings: Page titles now clarify they only affect 32-bit applications. 
• Node.js 25: You can now install the latest version. 
• Logging: Improved logging for subscription desynchronizations. 

Deprecated and Removed Items 

• Windows TLS Support: Removed deprecated TLSv1.0 and TLSv1.1. 
• Skins and Color Schemes extension: Scheduled for removal in 18.0.75 due to reduced functionality. 

Bug Fixes 

• Restoring large MySQL databases no longer fails. 
• Resolved the issue where disabling the mail service did not delete records in the smb_users table. 
• Office 365 DNS SRV record issues have been fixed. 
• “Assigning this service plan will permanently remove all mailboxes” warnings have been resolved. 

For the full list of Linux and Windows specific fixes, please consult the release notes. 

Third-Party Component Updates 

Linux 

Updated: 

• phpMyAdmin to 5.2.3 
• Courier packages, msmtp, OWASP ModSecurity CRS to the latest stable version. 
• PHP 8.4.13, PostgreSQL client 18.0, Passenger 6.1.0 

Windows 

Updated: 

• Git for Windows to 2.51.1 
• ASP.NET Core to 9.0.10 / 8.0.21 
• 7-Zip to 25.01 
• OpenSSL to 3.0.18 
• PHP to 8.4.14, libcurl to 8.16.0 

It’s Time to Upgrade 

To view the full documentation and details of additional changes, please visit the Plesk release notes.  

Plesk Obsidian 18.0.74 focuses on security, stability, and modern infrastructure support. Whether you’re running Linux or Windows servers, this release keeps your Plesk experience seamless, secure, and up to date.