Skip to content

Bundled jQuery fails PCI compliance scan #14694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nahall opened this issue Apr 13, 2018 · 2 comments
Closed

Bundled jQuery fails PCI compliance scan #14694

nahall opened this issue Apr 13, 2018 · 2 comments
Labels
Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed

Comments

@nahall
Copy link

nahall commented Apr 13, 2018
edited
Loading

Preconditions

  1. Magento 2.2.3.

Steps to reproduce

  1. PCI compliance scan.

Expected result

  1. PCI compliance scan should pass.

Actual result

  1. PCI compliance scan fails.

The currently bundled version of jquery fails our PCI compliance vendor's scans as of January 23rd. They have added a security check for jquery due to the vulnerabilities CVE 2015-9251 and CVE 2016-10707 and now require at least jQuery 3.0.0 in order to be found compliant. Many other Magento sites will be found not compliant this quarter as they come up to their quarterly scans unless jQuery is upgraded to 3.x.
@magento-engcom-team magento-engcom-team added Issue: Format is not valid Gate 1 Failed. Automatic verification of issue format is failed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed and removed Issue: Format is not valid Gate 1 Failed. Automatic verification of issue format is failed labels Apr 13, 2018
@kirmorozov
Copy link
Member

Same as #15156
You can patch the core to be compatible with jQuery 3.x. Effort was dedicated here: #13685

@magento-engcom-team
Copy link
Contributor

Hi @nahall
Closing this ticket as duplicate of #15156. Please continue tracking under that reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kirmorozov @nahall @magento-engcom-team