cancel
Showing results for 
Search instead for 
Did you mean: 

i have a question?

i have a question?

 

We are receiving an alert that supee-10415 is not installed from magento security scanner but it is installed according to applied.patches.list. Do you know how the scanner is confirming that it is installed? magereport.com says it is patched.

2 REPLIES 2

Re: i have a question?

Hello @hoanghoang_hoan ,

 

 

You can use https://github.com/philwinkle/Philwinkle_AppliedPatches to see a list of applied patches. If you don't want to install an extension you can check the app/etc/applied.patches.list file. Check the module's source for more info.

Be careful with this file. This file isn't the current status of the patch files, but only an information that it was applied in the past.

This means:

  • Applying the patch and not commiting the file means no (or old) file and applied patches
  • Not commiting the patched files, but the applied.patches.list file means misinformation!

 

--
If my answer is useful, please Accept as Solution & give Kudos

Re: i have a question?

@hoanghoang_hoanHey,

 

Magento scanner many of times give you false positive as well as they have strict scanning criteria which Magereport does not have. As you said you already have applied the patch and your shop must be patched.

 

My recommendation would be to send an email to Magento security scanner team to confirm if your website really has an issue. They can manually review your site and confirm if there is an issue with the Patch or scanner is giving you false result.

 

Email address to send your query would be: securityscan@magento.com

Do send your website URL for them to have a look for the issue.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.