On April 28th, 2020, Adobe released the SUPEE-11314 security patch for Magento 1 users.
Then, on May 12th, 2020, Adobe released v2. If you already installed the old patch, the guidance is to revert and install the new v2 patch. It appears that some security fixes were missing in the original version of the patch.
I did not see any mention of this in the forums, or any e-mail from Adobe on this topic (although I could have missed something) and wanted to make sure that folks were aware. So far, most members of the Magento community that I've brought this up to have been unaware.
Solved! Go to Solution.
Hi @Robert Rand
You are right. This information was conveyed in the Slack channel.
It should have been informed in the some other channels also.
Hi @Robert Rand
You are right. This information was conveyed in the Slack channel.
It should have been informed in the some other channels also.
I came to this thread as since the upgrade to a pristine copy of 1.9.4.5, the site is failing Security Scan wit the error "SUPEE-11314 - Failed. Weak password requirements found (MPERF-10886)"
Having compared 1.9.4.5 and the patch files I can see the SUPEE-11314-v2 is installed - since the removal of M1 resource the only way to check is by performing diff etc.
I am posting this here as I suspect the fail is a false positive due to the accompanying jquery 1.12.0 error. I suspect the security scan is triggering both these errors on the jquery 1.12.0 version being present.