cancel
Showing results for 
Search instead for 
Did you mean: 

Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

Highlighted

Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

My security scan has been fine for months and today it says it failed because PATCH SUPEE-10975 is not installed but I am running CE 1.9.4.1 so shouldn't this patch be included in this version? The patch says it's for 1.9.3.4-1.9.3.1 so why do I need to install it? Should I install it?

6 REPLIES 6
Highlighted

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

Check your custom theme for jquery-1.12.0.min.js. If it exists, replace it with 1.12.1.min.js. Check in your theme's layout/page.xml file.

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

I do not have that file.
Highlighted

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

I have seen a couple of people say that the test for 10975 fails after 1.9.4.1 install.  1.9.4.1 does contain 10975 and 11086 so it should be fine.

 

You could try switching back to the base/default theme then re-running the scan. If it passes then you know for sure that the problem is in your theme somewhere.

Highlighted

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

I don't have a page.xml file. Is there another place it could be in my theme?

Highlighted

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

The tool just requests the {base_URL}/js/lib/jquery/jquery-1.12.0.min.js

If the response code is different from 404 (Not found) - it fails.

Highlighted

Re: Security Scan Failed PATCH SUPEE-10975 not installed on Magento 1.9.4.1

OOOOhhhhh....that's my issue, thanks for providing this information.  The old file is still there but it's not in use by any theme.  I will remove old jQuery libraries.  For my knowledge, does having an unused, outdated jQuery library file on the server pose a security risk?