Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
27 results found
-
to do an upgrade of roundcube for plesk 17 to version 1.2.3
This week a critical security issue for roundcube has been reported: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
This is present in all roundcube versions below 1.2.3
Thank you very much.11 votesThe Roundcube was updated in Plesk Onyx 17.8.11. We suggest you to upgrade to Plesk Onyx 17.8.11 MU1 and check it out (https://docs.plesk.com/release-notes/onyx/change-log/#contents-17811-mu1).
The Roundcube also was updated in Plesk Onyx 17.5.3 MU29 (https://docs.plesk.com/release-notes/onyx/change-log/#contents-1753-mu29) and Plesk Onyx 17.0.17 MU40 (https://docs.plesk.com/release-notes/onyx/change-log/#contents-17017-mu40).
Let us know if you have any feedback
— AY
-
Upgrade ModSecurity IIS to 2.9.4
Currently Plesk installs ModSecurity IIS 2.9.3, which was released on December 5 2018. On June 11 2021, ModSecurity 2.9.4 was released, it's important to stay up to date with software version releases.
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.4
Please note:
- Windows installer no longer includes OWASP CRS.
3 votesModSecurity update to version version 2.9.5 was introduced with Plesk 18.0.41
-- SH
-
SMTP Smuggling - patch postfix 3.7.9-0+deb12u1 Update to postfix 3.8.3
37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
postfix is vulnerable
2 votesPlease see this KB article for details:
https://support.plesk.com/hc/en-us/articles/20332057992087
-- PD
-
Track who changed the Plesk Administrator password
The idea is to know who and when changed the Plesk admin password. If it's from CLI, what user (usually root), or if it's on GUI, what IP.
That should be noted in the action log.
Right now it isn't.2 votesWe are happy to report that with the release of Plesk 18.0.62 changes of the admin user's password is are now properly logged. This has been announced in the Plesk Change log: https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18062
-
Add the option "Security of wp-content/uploads folder only"
Securing the whole wp-content will break many commercial templates, while blocking script execution under the wp-content/uploads and wp-content/upgrade folder have no known side-effects.
2 votesWe have addressed this in WordPress Toolkit v3.5. Securing wp-content will now only secure wp-content/uploads. The option was renamed accordingly to avoid confusion. Hope this helps!
—AK
-
Fail2Ban rules block IP's permanently
Ip's not only temporary ban but directly permanent
1 voteThis functionality was added in Plesk 18.0.63 (https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18063). We suggest you to update to Plesk 18.0.63 and check it out.
If you have any feedback on the implementation of this feature, please let us know on the forum: https://talk.plesk.com/forums/plesk-obsidian-for-linux.748/
Thank you!
— AY
-
IP Addresses in access_ssl_log with NGINX
Bug?
No real IP Addresses from visitors in accessssllog when Ngnix is enable.
Only Local IP Address will logged.
Thats bad.1 voteFixed in Plesk 12.0 MU#24
- Don't see your idea?