Magento 1.9.4.1 - SUPEE-10975 - Failed. Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '200'

Question

I got an email this morning from the Magento.com security scan.

My Magento site running 1.9.4.1 just received the following issue:

SUPEE-10975 - Failed. Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '200'.

Looking at PRODSECBUG-2108 it is only an update of JQuery from 1.12.0 to 1.12.1 to stop it causing PCI scanning failures.

In my /js/lib/jquery folder I have the following:

noconflict.js
jquery-1.12.1.min.map
jquery-1.12.1.min.js
jquery-1.12.1.js
jquery-1.12.0.min.map
jquery-1.12.0.min.js
jquery-1.12.0.js
jquery-1.10.2.min.map
jquery-1.10.2.min.js
jquery-1.10.2.js

Do you know if I am ok to delete the older versions without any problems?

Cheers, Tim

Answer 1

it is entirely possible that your sites theme or an extension is still using the older versions. Check through the source to ensure this is not the case. Of course you can always just move them and see if the site explodes. Note if you have merged js enabled you will need to clear /media/js also As always.. test on a dev site 1st.

Answer 2

Please check file page.xml in your theme. There is probably the javascript version of 1.12.0. Change it to 1.12.1. I got this issue and resolving by the above step.

Thanks

Answer 3

I was able to resolve the issue by removing all 1.12.0 jquery files in /js/lib/jquery. After doing that I no longer get a failed scan from the Magento security scan or any of the other scanners such as MageReport.

Answer 4

It is Ok to delete old versions if there are no references to these old versions in your theme or extensions. You can check it with

$ grep -rl "jquery-1.12.0" app/design/

There should be empty output from the command above. Otherwise, you may need to update all listed files with newer jQuery version, remove old jquery files, clear CSS/Javascript cache at System > Cache Management and purge CDN caches (i.e. Cloudflare or Cloudfront caches).