Did the new changes get posted on Thursday? Trying to understand the status.
Can someone from Magento tell us how this should work?
What is the scanner actually testing for?
How long does it take for new SUPEEs to be checked for?
Who is responsible for adding new checks to the tool?
I my personal opinion if you are sure that you(your team) has not applied these latest security patches on your site. It is better to apply these patches.
Do not wait for the Magento scanner to detect issue and inform you and then you plan to apply these patches.
Even if a patch is applied or not, some times the scanner might try to perform some test on admin url. But some sites may have a custom admin url. In this case you may get false positive results. So it is better to apply the patches first.
NOTE: This is not an official answer from Magento team.
We are not waiting for anything and are proceeding through change management to apply the patches.
I am trying to discern if the Magento security scanner can be trusted. It appears that it cannot be trusted since some new and obvious patches are not being detected. Am I wrong?
The scanner is reporting this now:
SUPEE-11219 - Failed.
Weak password requirements found (PRODSECBUG-2331)
But I applied SUPEE-11219" successfully already.
And PRODSECBUG-2331 does not belong to "SUPEE-11219" but to "SUPEE-11155":
But I also applied "SUPEE-11155" successfully.
Does anybody else have that issue?
I am having the same issue since yesterday's scan. Both SUPEE-11155 and SUPEE-11219 were installed on our site successfully and the scan report says they are both needed/not installed yet.
Magento ver. 220.127.116.11
As of the Nov 1 Security Scan, it is no longer reporting SUPEE-11219 not being installed, so I guess they fixed their scan code.
Now it's just still saying
SUPEE-11155 - Failed.
WYSIWYG editor stored XSS found (PRODSECBUG-2246) response body is missing expected 'media_disable_flash : this.config.media_disable_flash
And the patch is installed and the option line is in the proper file.
Nov 2 2019 update - Security Scan as of today apparently has been fixed for SUPEE-11155 as well now. This morning's scan results say all is fine, no issues. Yay!