Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

‎10-18-2019 06:59 AM
‎10-18-2019 06:59 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Still not detecting

0 Kudos
Reply
‎10-21-2019 08:47 AM
‎10-21-2019 08:47 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Did the new changes get posted on Thursday?  Trying to understand the status.

0 Kudos
Reply
‎10-23-2019 07:17 AM
‎10-23-2019 07:17 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Can someone from Magento tell us how this should work?

 

What is the scanner actually testing for?

 

How long does it take for new SUPEEs to be checked for?

 

Who is responsible for adding new checks to the tool?

0 Kudos
Reply
‎10-23-2019 08:27 AM
‎10-23-2019 08:27 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Hi @aaron18 

I my personal opinion if you are sure that you(your team) has not applied these latest security patches on your site. It is better to apply these patches.

Do not wait for the Magento scanner to detect issue and inform you and then you plan to apply these patches.
Even if a patch is applied or not, some times the scanner might try to perform some test on admin url. But some sites may have a custom admin url. In this case you may get false positive results. So it is better to apply the patches first.

NOTE: This is not an official answer from Magento team.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
0 Kudos
Reply
‎10-23-2019 12:17 PM
‎10-23-2019 12:17 PM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

We are not waiting for anything and are proceeding through change management to apply the patches.

 

I am trying to discern if the Magento security scanner can be trusted.  It appears that it cannot be trusted since some new and obvious patches are not being detected.  Am I wrong?

0 Kudos
Reply
‎10-25-2019 11:34 AM
‎10-25-2019 11:34 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

The scanner is reporting this now:

 

SUPEE-11219 - Failed.

Weak password requirements found (PRODSECBUG-2331)

 

But I applied SUPEE-11219" successfully already.

And PRODSECBUG-2331 does not belong to "SUPEE-11219" but to "SUPEE-11155":

https://magento.com/security/patches/supee-11155

 

But I also applied "SUPEE-11155" successfully.

 

Does anybody else have that issue?

Reply
‎10-26-2019 09:10 AM
‎10-26-2019 09:10 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

I am having the same issue since yesterday's scan.  Both SUPEE-11155 and SUPEE-11219 were installed on our site successfully and the scan report says they are both needed/not installed yet.

Magento ver. 1.9.4.0

 

Reply
‎11-01-2019 07:20 AM
‎11-01-2019 07:20 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

As of the Nov 1 Security Scan, it is no longer reporting SUPEE-11219 not being installed, so I guess they fixed their scan code.

 

Now it's just still saying 

SUPEE-11155 - Failed.
WYSIWYG editor stored XSS found (PRODSECBUG-2246) response body is missing expected 'media_disable_flash : this.config.media_disable_flash

 

And the patch is installed and the option line is in the proper file.

 

0 Kudos
Reply
‎11-02-2019 06:39 AM
‎11-02-2019 06:39 AM

Re: SUPEE 11219 not installed, yet daily security scan says "No New Issues Detected"

Nov 2 2019 update - Security Scan as of today apparently has been fixed for SUPEE-11155 as well now.  This morning's scan results say all is fine, no issues. Yay!

 

Reply