cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Still not detecting

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Did the new changes get posted on Thursday?  Trying to understand the status.

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Can someone from Magento tell us how this should work?

 

What is the scanner actually testing for?

 

How long does it take for new SUPEEs to be checked for?

 

Who is responsible for adding new checks to the tool?

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Hi @aaron18 

I my personal opinion if you are sure that you(your team) has not applied these latest security patches on your site. It is better to apply these patches.

Do not wait for the Magento scanner to detect issue and inform you and then you plan to apply these patches.
Even if a patch is applied or not, some times the scanner might try to perform some test on admin url. But some sites may have a custom admin url. In this case you may get false positive results. So it is better to apply the patches first.

NOTE: This is not an official answer from Magento team.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

We are not waiting for anything and are proceeding through change management to apply the patches.

 

I am trying to discern if the Magento security scanner can be trusted.  It appears that it cannot be trusted since some new and obvious patches are not being detected.  Am I wrong?

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

The scanner is reporting this now:

 

SUPEE-11219 - Failed.

Weak password requirements found (PRODSECBUG-2331)

 

But I applied SUPEE-11219" successfully already.

And PRODSECBUG-2331 does not belong to "SUPEE-11219" but to "SUPEE-11155":

https://magento.com/security/patches/supee-11155

 

But I also applied "SUPEE-11155" successfully.

 

Does anybody else have that issue?

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

I am having the same issue since yesterday's scan.  Both SUPEE-11155 and SUPEE-11219 were installed on our site successfully and the scan report says they are both needed/not installed yet.

Magento ver. 1.9.4.0

 

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

As of the Nov 1 Security Scan, it is no longer reporting SUPEE-11219 not being installed, so I guess they fixed their scan code.

 

Now it's just still saying 

SUPEE-11155 - Failed.
WYSIWYG editor stored XSS found (PRODSECBUG-2246) response body is missing expected 'media_disable_flash : this.config.media_disable_flash

 

And the patch is installed and the option line is in the proper file.

 

Highlighted

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Nov 2 2019 update - Security Scan as of today apparently has been fixed for SUPEE-11155 as well now.  This morning's scan results say all is fine, no issues. Yay!