Hello, my Magento 1.9.1 is patched with The SUPEE-10975 and ok, but since yesterday i have a security scan failed :
SUPEE-10975 - Failed.
Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '301'.
Thanks
@Stef82000I doubt it's a false positive. Possibly a third party extension is installed and using an outdated version of jquery or something else. My recommendation would be to connect with Magento security team security@magento.com and provide the details like your website and issue you are seeing.
They will be able to resolve your issue asap.
Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.
Hi @Stef82000
Check page.xml file of your custom theme. If it has following version of jQuery
<action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action>
then you should upgrade it to
<action method="addJs"><script>lib/jquery/jquery-1.12.1.min.js</script></action>
No i dont't have this one. But in my log, i see the scan try to GET xxx.org/js/lib/jquery/jquery-1.12.0.min.js and a redirection is made to 1.12.1, so the result is 301.
The scan was ok since 5 days ago.
@Stef82000 What @Mukesh Tiwari recommended is going to be your most likely answer.
The security scan is returning a 301 for that which means that somewhere in your site there is a reference to that exact file. Search your entire codebase for it is you don't find it in page.xml (although this is where it most likely is).
Thanks for your help, but I Don't have this line, and 1.12.0 file doesn't exist
@Stef82000 have you found any solution? I am having the same issue. I see entire codebase but file is not there. I have also checked from console to see which jquery is loading using this
console.log(window.jQuery.fn.jquery); it showing 1.12.1. don't know from where scan finds old Jquery.
I still have the same problem. I ausi, I checked everything but no solution. Can you inform me if you find the solution
Hello,
HTTP 301 (Moved permanently) is obviously not the correct server response for the item that does not exist.
Security Scanner Tool expects a simple HTTP 404 (Not Found) response code.