Announcing:
LiteSpeed Extension for Plesk v2.5.0
In this release: security hardening, bug fixes, and more!
RELEASE LOG:
* [New Feature] As a security feature, only the built-in Plesk administrator may use the plugin. Delegated administrators are denied access.
* [New Feature] Web-server switching (Apache <-> LiteSpeed) is now asynchronous so the page no longer hangs while the web server restarts.
* [New Feature] Switch to Apache now detects whether Apache is installed up front and shows install instructions instead of a misleading prompt.
* [New Feature] Add additional Shared Code Library integrity verifications.
* [Improvement] CSRF tokens are now required on all state-changing actions and are accepted only from the POST body, keeping tokens out of URLs, browser history, and access logs.
* [Improvement] Harden against root-side privilege escalation.
* [Improvement] Relocate temp log files to `/var/lib/litespeed-plesk` with improved read/write logic.
* [Improvement] Shift some URLs to HTTPS.
* [Improvement] Improve LSWS home path validation logic.
* [Improvement] Change Prometheus stats endpoint fetch to use PHP cURL.
* [Improvement] Tighten input validation across LiteSpeed Containers.
* [Bug Fix] Harden against potential XSS vulnerabilities across multiple pages.
* [Bug Fix] Harden scripts against potential command injection.
* [Bug Fix] Properly detect non-CloudLinux systems in Redis.
* [Bug Fix] Several bug fixes in validate_redis.sh.
* [Bug Fix] Fix active users sometimes getting unintentionally disabled in Redis.
* [Bug Fix] Fix Dash Notifier mass-action submissions and improved stats messages in LiteSpeed Containers.
* [Bug Fix] Fix a 500 error that sometimes occurred when clicking the Back button on the LSCWP cache scan progress page.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!
LiteSpeed Extension for Plesk v2.5.0
In this release: security hardening, bug fixes, and more!
RELEASE LOG:
* [New Feature] As a security feature, only the built-in Plesk administrator may use the plugin. Delegated administrators are denied access.
* [New Feature] Web-server switching (Apache <-> LiteSpeed) is now asynchronous so the page no longer hangs while the web server restarts.
* [New Feature] Switch to Apache now detects whether Apache is installed up front and shows install instructions instead of a misleading prompt.
* [New Feature] Add additional Shared Code Library integrity verifications.
* [Improvement] CSRF tokens are now required on all state-changing actions and are accepted only from the POST body, keeping tokens out of URLs, browser history, and access logs.
* [Improvement] Harden against root-side privilege escalation.
* [Improvement] Relocate temp log files to `/var/lib/litespeed-plesk` with improved read/write logic.
* [Improvement] Shift some URLs to HTTPS.
* [Improvement] Improve LSWS home path validation logic.
* [Improvement] Change Prometheus stats endpoint fetch to use PHP cURL.
* [Improvement] Tighten input validation across LiteSpeed Containers.
* [Bug Fix] Harden against potential XSS vulnerabilities across multiple pages.
* [Bug Fix] Harden scripts against potential command injection.
* [Bug Fix] Properly detect non-CloudLinux systems in Redis.
* [Bug Fix] Several bug fixes in validate_redis.sh.
* [Bug Fix] Fix active users sometimes getting unintentionally disabled in Redis.
* [Bug Fix] Fix Dash Notifier mass-action submissions and improved stats messages in LiteSpeed Containers.
* [Bug Fix] Fix a 500 error that sometimes occurred when clicking the Back button on the LSCWP cache scan progress page.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!