CVE-2023-44487
Temporarily disabled HTTP/2 on our Plesk hosting servers due to Rapid Reset vulnerability CVE-2023-44487
10/11/2023: We have temporarily disabled HTTP/2 on our Plesk web hosting servers, due to a recently disclosed vulnerability in HTTP/2. Our servers will serve web pages using HTTP/1.1 until software updates containing the necessary mitigations are provided by Plesk, and Nginx. The effect of this change from HTTP/2 to HTTP/1.1 should, at most, be a slight reduction in website performance.
11/8/2023 Update: HTTP/2 has been re-enabled based on guidance from Plesk.