SUPEE 10975 but still getting warnings

Question

We installed SUPEE 10975 a while ago and more patches since. Lately we are getting warnings that jQuery is out of date and I'm not quite sure what to do.

SUPEE-10975 - Failed. Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '200'.

The patch was installed successfully. The only thing I can think of at the moment is to grab the jQuery files from the latest Magento release and manually use them to replace the files on the server

Do you guys have any thoughts?

Thanks

Update - I replaced the jquery files with ones from the latest Magento 1.9 download and I'm still getting the same error when I do a security scan.

Answer 1

If you open your website, then in dev tools console run

console.log(jQuery.fn.jquery);

This will give you the version of the loaded jQuery library. If the output is 1.12.1 it's all fine.
If it's 1.12.0 it means that your theme is not extending rwd theme. The patch is applied only to rwd theme because it's the only one that includes jQuery by default. So if your custom theme doesn't extend rwd you are including jQuery on your own. The patch doesn't know how you include it and that's why it can't patch it.

To check if your current theme is descendant of rwd check contents of app/design/frontend/{PACKAGE_NAME}/{THEME_NAME}/etc/theme.xml <parent> node. Traverse back until you reach to the end of the hierarchy tree. Even if it is a descendant of rwd it's possible that you have overridden the jQuery loading. Usually this will happen in app/design/frontend/{PACKAGE_NAME}/{THEME_NAME}/layout/page.xml in the <default> handle. Find the line

<action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action>

and update it.