Plesk Obsidian 18.0.79 is here, with security at the heart of this release.
Following a comprehensive security audit, we addressed multiple vulnerabilities and introduced additional hardening improvements across the platform.
Beyond security, this release expands the capabilities of the Plesk REST API, adds support for Microsoft SQL Server 2025, and delivers a wide range of stability, compatibility, and usability improvements for Linux and Windows servers.
Security First
Security was a top priority for this update. v18.0.79 addresses multiple vulnerabilities across the platform and brings several hardening improvements designed to reduce operational risk without adding friction to your day-to-day work.
Highlights include:
- SSL/TLS certificate verification in the Linux license management component is now stricter, closing a gap in how the key authentication server was validated.
- In Plesk for Linux, DKIM signing is now applied automatically to emails sent locally via /usr/sbin/sendmail, automating a previously manual configuration step.
- Enhanced email authentication reliability through DMARC-related fixes.
- Key third-party security components including ModSecurity, the OWASP Core Rule Set, OpenSSL, and more, have been updated to their latest versions.
Expanded REST API Capabilities
Plesk Obsidian 18.0.79 builds on what can be accomplished through the Plesk REST API.
For the first time, reseller and customer accounts can now use the REST API. Until this release, API access was limited to administrator accounts only which meant any automation touching reseller or customer-level resources had to go through an admin account or workaround. That restriction is gone.
This release also introduces a number of new endpoints that make the API more useful for automation and file-based workflows:
- Upload and download files.
- Create, modify, move, copy, and delete files, and manage directories.
- Set file permissions on Linux servers.
- Linux only: Search domain log files (Apache, nginx, PHP-FPM, and others) for matching entries.
- Perform API requests on behalf of another user through a new impersonation header.
You can learn more about the new endpoints in the Plesk REST API reference, available on every Plesk Obsidian server in Tools & Settings, under ‘Remote API (REST)’.
These additions make it easier to automate common management tasks and build integrations with external systems using the Plesk REST API.
Microsoft SQL Server 2025 Support
Plesk now supports Microsoft SQL Server 2025 for user databases.
The latest version can be installed locally using Plesk Installer, so you can move onto the latest release of Microsoft’s database platform as soon as your environment is ready.
AlmaLinux 9 Upgrade Path Now Available
For Linux users planning operating system upgrades, a new script enabling in-place upgrades from AlmaLinux 8 to AlmaLinux 9 is now publicly available.
The script can be downloaded from GitHub and helps simplify migration planning for supported AlmaLinux environments.
Feature Improvements
v18.0.79 also introduces a number of usability and platform enhancements.
New Default Theme
The default theme for new Plesk installations has changed from Light to Contrast, offering higher contrast by default.
Secret Keys Manager Improvements
The Secret Keys Manager extension now displays the owner of each secret key and allows administrators to create keys directly for customers and resellers from within the Plesk interface.
AI Support Assistant (Beta)
The AI Support Assistant is available in beta for Plesk Obsidian 18.0.78 and later.
The assistant can answer questions about Plesk features and configuration through a single chat interface, helping administrators find information more quickly and efficiently. It can also show knowledge base article links in the Plesk search bar.
Both the chat assistant and the knowledge base search are opt-in and configured separately via panel.ini; see the full setup details. Note, it does not yet support conversation history or automated actions.
Upcoming API Security Changes
Starting with v18.0.80, the ‘Access-Control-Allow-Origin’ header returned by all API responses will default to the server’s own origin rather than the * value currently used.
Deprecated and Removed Items
AWStats Deprecation Continues
In Plesk for Linux, AWStats has now been formally deprecated and marked as such in the Plesk interface. GoAccess is now the default web statistics solution.
Servers that already have AWStats installed prior to upgrading to Plesk Obsidian 18.0.79 can continue using it after upgrading. However, AWStats can no longer be installed on servers running v18.0.79 and later.
Learn how to switch hosted domains from AWStats to GoAccess or Webalizer for web statistics reporting.
ngx_pagespeed Removed
The ngx_pagespeed module has been removed from nginx due to a security vulnerability in the PSOL library (libwebp).
The Google PageSpeed Insights extension has been updated accordingly.
Important Fixes and Stability Improvements
v18.0.79 includes a large number of fixes across API functionality, email security, Code Editor, Joomla! Toolkit, Git integration, and server administration.
Highlights include:
- Resolved multiple Code Editor issues affecting file saving, navigation, scrolling, and file copying.
- Fixed rendering issues on the reseller ‘Domains’ page when viewed on smaller screens or at high zoom levels.
- Fixed an issue where the plesk bin subscription –update command could report success even when some hosting settings were not applied.
- Fixed Joomla! Toolkit instance removal failures when associated databases had already been deleted.
- Improved .NET application reliability after extension updates.
- Corrected false DNSBL blacklist reports in Plesk Email Security.
On Linux, improvements include:
- Enhanced DMARC enforcement and email authentication reliability.
- Improved GoAccess stability and error handling.
- Fixed MariaDB startup issues on SELinux-enabled servers.
- Resolved Docker Proxy Rules nginx configuration issues.
- Fixed Git repository creation failures.
- Improved AlmaLinux 10 compatibility.
On Windows, improvements include:
- Corrected PHP error log timestamp discrepancies.
- Fixed unexpected .ssh directory creation when using the Git extension.
Additionally, this release includes further security hardening and platform stability improvements.
Updated Third-Party Components
This release updates a number of third-party components and dependencies across Linux and Windows environments, including nginx, OpenSSL, .NET, PHP, Dovecot, ModSecurity, and the Sophos antivirus engine, among others.
For the full list of updated versions, see the release notes.
Update Recommended
Keeping your servers up to date ensures the highest levels of security, stability, and performance available. Given the extensive security improvements included in this release, we strongly recommend updating as soon as possible.
Plesk Obsidian v18.0.79 is available now through the Plesk Installer. Unsure of how to update? Steps are available in our update guide.
To learn more about this release and review all of the details, visit the release notes.
No comment yet, add your voice below!