cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Highlighted

SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

PATCHES
SUPEE-11219
Oct 8, 2019
SUPEE-11219, Magento Commerce 1.14.4.3 and Open Source 1.9.4.3 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

18 REPLIES 18
Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

I realize this patch is very new.  But how long should we expect a SUPEE to be out, and not installed, before it triggers an alert on the scan?  Can the the scan be trusted?  I have seen this before with lack of installed SUPEEs not triggering any sort of alert.

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Hello @aaron18 

 

Depends which scanner you are using for audit. So based on that you can decide scan is trustable or not. Use good scanner i.e here you can find Magento official tool: 

https://magento.com/security

Manish Mittal
https://www.manishmittal.com/
Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Sorry, wasn't clear.  I am talking about the Magento tool (https://magento.com/security).  Seems like oftentimes obvious missing patches don't trigger and failed scan or alert.  Here is what mine said this morning...

 

Magento Security Scan:

No New Issues Detected

   

We have finished a Magento Security Scan of your site:

...

and we have not noticed any new threats or security issues. Congratulations!

Note: While we strive to perform as comprehensive a scan as possible, we cannot identify all issues. Please note that issues that existed prior to the initial scan, and atypical attacks, might escape our scan. Always update your Magento installation and server, as well as follow Magento Security Best Practices.

Thanks,

The Magento Security Team

You are receiving this email because you signed up for the Magento Security Scan service. Unsubscribe.
If you've received it in error, please contact us at  securityscan@magento.com

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Hi @aaron18 

 

I think it may take some time for the Mageno security scanner to include feature to test latest patches.
@msavich  may be able to answer your question.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

I wonder if there is anyone from Magento that can tell us how long it takes, so we know when it can be trusted.  I ran into this with Magereport.  It's best effort and sometimes they just don't always test for critical updates.   I stopped using it because I couldn't trust it.  Same with Magento Security Scan?

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

We are working on it.

The new checks are planned to publicly appear next Thursday.

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Still not showing up in the scan.  Our site still says "No New Issues Detected".  Looks like the Magento Security Scan cannot be trusted.

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Sorry didn't see your response from last Thursday.  Looks like scanner should catch up this week.  Thanks.

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Looks like the work isn't finished yet?  Still missing any notification that 11219 is not present.