SUPEE 10975 but still getting warnings
-
25-02-2021 - |
Question
We installed SUPEE 10975 a while ago and more patches since. Lately we are getting warnings that jQuery is out of date and I'm not quite sure what to do.
SUPEE-10975 - Failed. Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '200'.
The patch was installed successfully. The only thing I can think of at the moment is to grab the jQuery files from the latest Magento release and manually use them to replace the files on the server
Do you guys have any thoughts?
Thanks
Update - I replaced the jquery files with ones from the latest Magento 1.9 download and I'm still getting the same error when I do a security scan.
No correct solution
OTHER TIPS
If you open your website, then in dev tools console run
console.log(jQuery.fn.jquery);
This will give you the version of the loaded jQuery library. If the output is 1.12.1
it's all fine.
If it's 1.12.0
it means that your theme is not extending rwd
theme. The patch is applied only to rwd
theme because it's the only one that includes jQuery by default. So if your custom theme doesn't extend rwd
you are including jQuery on your own. The patch doesn't know how you include it and that's why it can't patch it.
To check if your current theme is descendant of rwd
check contents of app/design/frontend/{PACKAGE_NAME}/{THEME_NAME}/etc/theme.xml
<parent>
node. Traverse back until you reach to the end of the hierarchy tree. Even if it is a descendant of rwd
it's possible that you have overridden the jQuery loading. Usually this will happen in app/design/frontend/{PACKAGE_NAME}/{THEME_NAME}/layout/page.xml
in the <default>
handle. Find the line
<action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action>
and update it.