• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/
  • On Plesk for Linux mod_status is disabled on upgrades to improve Apache security.
    This is a one-time operation that occurs during an upgrade. You can manually enable mod_status later if needed.

Resolved Roundcube vulnerability CVE-2025-49113

Hi, @Laurent_Chouraki . Thank you for the question. Our team is already working on updating Roundcube to 1.6.13 and backporting patches to 1.4. The plan is to introduce the changes along with Plesk Obsidian 18.0.76, which is scheduled for release on the 17th of February.
 
I am not entirely sure what exactly the impact is. There hasn't been an extensive investigation on it. Rather than that our team focused on delivering the update and the backport patches as quickly as possible.
 
Hi, @Kaspar . At his point, there is no plan to backport the changes to version 18.0.75. However, the decision can be reconsidered based on the CVE score and exploitability.
 
You must log in or register to reply here.

Similar threads

presswizards
Resolved No changelog on Oct-Nov 2025 Imunify AI-bolit vulnerability? Imunify extension patched or not?
Replies
2
Views
2K
presswizards
presswizards
Back
Top