The vulnerability CVE-2021-44790 affects
mod_lua module from Apache HTTP Server.
Plesk itself is not affected by the vulnerability. We also do not ship the
mod_lua module in our repositories.
However, the Apache web server packages are installed from the official OS vendors' repositories, and some operating systems ship and enable this module by default (for example, every supported RHEL system).
Call to Action
To protect customers’ website that might be affected by the vulnerability, follow the recommendations from the OS vendor/package maintainer and always keep the system up to date.
Plesk has an embedded mechanism to update system packages:
It is also possible to temporarily disable the
via Plesk UI:
How to enable/disable Apache modules shipped with Plesk
# plesk sbin httpd_modules_ctl --disable lua