Plesk Obsidian 18.0.78 introduces smarter SSL/TLS defaults that help secure newly deployed servers automatically and gives administrators more flexibility when using multi-factor authentication.
This update also improves the GoAccess experience, and delivers a broad range of stability, compatibility, and security improvements across Linux and Windows.
Smarter SSL/TLS Management
Starting with Plesk Obsidian 18.0.78, when a new Plesk server is deployed with the Let’s Encrypt extension pre-installed, or when the extension is installed for the first time, Plesk will automatically secure the mail server with a free Let’s Encrypt SSL/TLS certificate alongside the Plesk web interface.
We’ve also improved the integration between SSL It! and ACME SSL. When both extensions are installed, users can now choose to request a certificate from an ACME-compatible certificate authority directly from the SSL It! extension card, alongside the option to install a free Let’s Encrypt certificate.
Together, these changes simplify certificate management and help ensure secure defaults from day one.
More Flexible MFA Workflows
Organizations that rely on session token authentication now have more flexibility when configuring multi-factor authentication.
Plesk can now be configured to skip MFA verification for users being logged in via a session token. To enable this behavior, add the following lines to the panel.ini file:
[ext-mfa]
allowSkipRSession = true
Improved GoAccess Experience
Following the introduction of GoAccess support, this release delivers several usability improvements.
- The GoAccess interface now automatically matches the language selected in Plesk, providing a more consistent experience across the platform.
- The website name is now directly displayed on the GoAccess web statistics page, making it easier to identify statistics for individual websites.
These improvements help administrators and customers navigate web analytics more efficiently, particularly on servers hosting multiple websites.
Joomla! Toolkit Improvements
We’ve refined the Joomla! installation experience to better align with existing hosting configurations.
When creating a new Joomla! instance through Joomla! Toolkit extension, the PHP version configured for the hosting domain is now selected by default instead of automatically choosing the latest available PHP version.
This helps ensure greater consistency between newly deployed Joomla! websites and the hosting environments they run on.
Deprecated and Removed Items
APS Catalog applications removed
Due to the deprecation of the APS Catalog in v18.0.77, the following applications have now been removed from the APS Catalog:
- WordPress
- Joomla!
- PrestaShop
Applications previously installed from the APS Catalog will continue to function normally.
AWStats deprecation
AWStats is now clearly marked as deprecated in both the Plesk interface and Plesk Installer.
AtMail upgrade restriction
Servers hosting domains that still use the AtMail webmail client cannot be upgraded to Plesk Obsidian 18.0.78.
AtMail has not been supported since Plesk 11.5, has not been maintained for years, and may pose a security risk to hosted environments. Before upgrading, switch all affected domains to a supported webmail client.
Important Fixes and Stability Improvements
v18.0.78 includes a large number of fixes across SSL/TLS management, hosting plans, mail security, Joomla! Toolkit, File Manager, database management, and server administration.
Highlights include:
- Fixed an issue where the “Welcome to Plesk” survey appeared repeatedly after login.
- Resolved an issue where SSL/TLS certificates associated with removed websites were not deleted from the file system.
- Fixed service plan import failures in Hosting Plan Exporter under specific mail configuration settings.
- Improved update notification reliability on the Home page.
- Fixed multiple issues affecting the Preferred Domain setting across different server configurations.
- Resolved PostgreSQL detection issues after reinstalling the database server.
- Improved DMARC enforcement reliability when Plesk Email Security is installed.
- Fixed Joomla! Toolkit installation issues involving disabled PHP handlers.
Linux-specific improvements also address File Manager usability, Code Editor behavior, nginx configuration handling, mail security, and server administration workflows.
On Windows, fixes include improved SmarterMail registration and more accurate IP address management. Additionally, this release includes further security hardening and platform stability improvements.
Updated Third-Party Components
This release updates a number of third-party components and dependencies across Linux and Windows environments.
Linux
- nginx and sw-cp-server updated to versions 1.30.2
- Dovecot and Pigeonhole updated to 2.4.3
- ProFTPD updated to 1.3.9a
- libcurl updated to 8.19.0
- Roundcube updated to 1.6.16
- Roundcube 1.4.15 updated with backported fixes from 1.6.16
Windows
- .NET updated to versions 10.0.7, 9.0.15, and 8.0.26
- MailEnable Standard updated to 10.57
- Git for Windows updated to 2.53.0.3
- libcurl updated to 8.20.0
- OpenSSL updated to 3.0.20
- Python updated to 3.14.4
- POCO updated to 1.15.2
Update Recommended
Keeping your servers up to date ensures the highest levels of security, stability, and performance available. Plesk Obsidian 18.0.78 is available through the Plesk Installer. Remember to check for AtMail usage before updating. Unsure of how to update? Check out this guide.
To learn more about this release and review the complete changelog, visit the release notes.
No comment yet, add your voice below!