Plesk has released Obsidian 18.0.75 (dated January 6, 2026), a maintenance-heavy update that still carries real operational weight for hosting providers and sysadmins. While it doesn’t introduce flashy UI changes, it meaningfully advances three areas that matter in production: platform compatibility, security hardening, and accessibility — alongside a set of deprecations that signal where the ecosystem is headed.
The headline takeaway is simple: Plesk continues to position Obsidian as a stable control plane for modern stacks, but it’s also drawing clearer lines around end-of-life components. If your fleet still relies on legacy databases or older PHP versions, 18.0.75 is another nudge to plan upgrades before “optional” becomes “urgent.”
What’s new: ASP.NET Core 10, MariaDB 11.8 Performance Booster, and WHMCS + PHP 8.3
This release introduces several compatibility upgrades that will be immediately relevant to many environments:
- (Plesk for Windows) ASP.NET Core 10.0 support
A direct win for Windows hosting setups that need to keep pace with Microsoft’s runtime cadence without manual workarounds. It reduces friction for modern .NET application hosting and helps align Plesk-managed stacks with current Microsoft tooling. - Performance Booster support for MariaDB 11.8
Database performance is often the silent bottleneck in shared and managed hosting. Extending Performance Booster compatibility to MariaDB 11.8 targets that pain point — especially for high-query workloads like ecommerce, large CMS installations, and API-driven apps. - (Plesk for Linux) WHMCS Installer now officially supports PHP 8.3 for WHMCS 8.13+
WHMCS remains central for many hosting businesses. Official PHP 8.3 support reduces “unsupported-but-it-works” situations and makes it easier to modernize safely.
Accessibility: small changes with outsized operational value
Plesk continues improving accessibility across the panel:
- More pages now work properly via keyboard navigation
- Better screen reader support through semantic HTML, ARIA attributes, and image descriptions
These aren’t “nice-to-haves.” In real operations, accessibility improvements translate into smoother workflows for diverse teams and more consistent UI behavior overall.
Mail stack change (Linux): optional plaintext authentication in Postfix and Dovecot
On Linux, Plesk adds an option to enable plaintext authentication in Postfix and Dovecot. This can help with compatibility in certain legacy or constrained client scenarios, but it requires careful handling.
The only sane way to use plaintext auth is with TLS enforced end-to-end and a clear understanding of the risk model. Plesk is giving admins a lever; whether it becomes a solution or a liability depends on how it’s configured.
Deprecations and removals: SQL Server 2012 is gone, and PHP 8.1 is officially “outdated”
Here’s where 18.0.75 sends its strongest signals:
- (Plesk for Windows) Microsoft SQL Server 2012 removed due to end-of-life
This is expected, but impactful for any environment still depending on SQL Server 2012. If you’re stuck on it, you’ll need a modernization plan — either database upgrades or architecture changes — before upgrading Plesk. - PHP 8.1 reached EOL on December 31, 2025 — and Plesk responds accordingly:
- Removed PHP 8.1 from all presets
- Marked PHP 8.1 as “outdated” in the Autoinstaller and UI
Notably, the PHP Updates section still lists PHP 8.1 being updated to 8.1.34, which is consistent with how platforms sometimes provide transitional packaging. But the message is unambiguous: PHP 8.1 is no longer a healthy production baseline. If you’re still on 8.1, this is the moment to inventory sites and schedule moves to 8.2/8.3/8.4.
Apache hardening on Linux: mod_status disabled during upgrades
Plesk now disables mod_status on upgrades to improve Apache security. It’s a one-time action during upgrade, and admins can re-enable it manually afterward if needed.
If your monitoring or troubleshooting flow relies on mod_status, plan for a post-upgrade step. If you re-enable it, do it properly (restricted access, authentication, IP allowlists) — mod_status should not be casually exposed.
APS catalog cleanup: several well-known apps removed
Plesk has deprecated and removed multiple APS catalog applications across all Plesk versions, including:
- AfterLogic WebMail Lite / Pro
- Moodle
- Drupal
- MediaWiki
- phpBB
- osTicket
- TYPO3
For admins who used APS as a quick deployment path, this is a clear direction change: fewer “one-click” app installs that can become maintenance liabilities, and more reliance on controlled deployment methods (Composer-based setups, containers, dedicated toolkits, or scripted provisioning).
Fixes and third-party updates: lots of polish, plus security-relevant bumps
Beyond the headline items, 18.0.75 includes a wide set of bug fixes across domain mail settings, scheduled tasks, addon domain moves, license detection, Apache accessibility paths, Joomla Toolkit login links, and more.
On Linux, migration and upgrade reliability gets attention — including DirectAdmin migration fixes, MariaDB upgrade reliability on Ubuntu 20, cron cleanup after subscription deletion, and Postfix/Dovecot related fixes.
Third-party component updates include:
- Roundcube 1.6.12
- curl 8.17.0
- php-redis 6.3.0
- OWASP ModSecurity CRS 4.21.0 (Windows)
- Python 3.14.2 (Windows)
- ASP.NET Core 9.0.11 and 8.0.22 (Windows)
- ImageMagick update addressing CVE-2025-57807
The ImageMagick note is a useful reminder: a control panel’s security posture often depends on its dependency chain as much as on the panel itself.
Extensions: Debian 13 support in Docker, plus incremental hardening across the stack
Several extensions were updated around the same window:
- Docker 2.1.7: adds Debian 13 support; fixes install issues on AlmaLinux 10
- DigitalOcean DNS 1.4.9: security improvements
- Plesk Migrator 2.31.3: accessibility improvements + migration fixes
- Watchdog 3.1.7: fixes Apache monitoring when Nginx isn’t installed
Also worth noting (from late December) is SSL It! 1.19.0, which added full support for short-lived certificates and introduced new CLI options for SSL/TLS lifecycle operations — a practical improvement as the industry shifts toward shorter cert validity and tighter automation.
FAQs
What does it mean that Plesk marks PHP 8.1 as “outdated”?
It means PHP 8.1 is no longer considered a safe default for production: it’s removed from presets and clearly labeled as outdated in the UI. Admins should plan migrations to PHP 8.2+.
Why did Plesk disable Apache mod_status during upgrades?
To reduce Apache’s exposed surface area by default. Admins can re-enable mod_status manually if required, but it should be restricted and secured.
Why were apps like Moodle and Drupal removed from the APS catalog?
To reduce risk and maintenance overhead from one-click deployments that can become outdated quickly. Plesk is steering admins toward more controlled, maintainable deployment paths.
What’s the practical value of ASP.NET Core 10.0 support in Plesk for Windows?
It enables modern .NET hosting without manual runtime juggling, keeping Windows-based Plesk environments aligned with current Microsoft runtime releases.