Parallels PBAS failing PCI tests

Parallels Business Automation (PBA) version Build ID: 3.3.3-07.23 appears to introduce a number of PCI compliance issues which causes PCI compliance to fail.  The issue was picked up by a PCI scan after upgrade PBAS from 3.3.3-06.48 to 3.3.3-07.23.

The release notes say the following bugs have been addressed, but, appear not to have been:

3225 (267935) PBAS PCI Compliance. Web Application Cross Site Scripting issue has been corrected in the default online store.
3634          Configure PBAS for the PCI Compleance.

Which, doesn’t seem to be the case.

Parallels Business Automation (PBA) forum bugs:

Although not detailed in the PBA release notes this is not the first time Parallels Business Automation/HSPC has been plagued by XSS issues.

Suggests fixes for the XSS issue can be found in this document:

But, it doesn’t detail a fix for the SVN entries PCI issue that is reported.  Simply chmod’ing the directory fixes the PCI issue, but, may not be the best fix.

Windows Plesk 8.6.0 upgrade to Plesk 8.6.0.5 causes webmail issue

The updater for Windows Plesk 8.6.0 to 8.6.0.5 is rather small and installs quickly, however, after installation Webmail maybe disabled on sites OR non-existant on new sites.  Also, clients could not click on the webmail button from within the control panel as it was greyed out.

I went to Domains->domain.com->Mail->Preferences and the options I received for webmail was: None

Then, going to:

Server > Plesk Components Management->Web Mail and selected Horde from the list, which, for some reason was disabled.

Then, going back to Domains->domain.com->Mail->Preferences I was able to select a webmail client from the list.

The following thread has the solution as well:

EDIT: Running into another bug

So, after changing the Domains->domain.com->Mail->Preferences webmail setting and being told that “Information: Mail services on the domain domain.com have been configured.” we tried going to the webmail page only to be displayed the default plesk page as before.

It turns out that even though webmail was set, going back to preferences results in the value being “None” again.

Will test a few more things, but, time to try getting through Parallels 1st line support. Ouch.

Note:

This appears to be a known issue as listed in the release notes for Plesk 8.6 which says:

12.  Horde Webmail settings are missing after the upgrade from Plesk 7.6.x, 8.1.x, 8.2.x

I wonder if it’s the same problem?

Wouldn’t it be useful if they provided knowledge base links in the release notes for the “known issues”, unless of course, they don’t have resolutions to the bugs.