From ef56615c75a1e5daec8abfaa99b2a02daeb3f696 Mon Sep 17 00:00:00 2001
From: Olga Lytvynenko <olytvynenko@magento.com>
Date: Tue, 4 Apr 2017 10:48:09 +0300
Subject: [PATCH 1/5] MAGETWO-61189: Stored xss using svg images in Favicon

---
 .../view/adminhtml/ui_component/design_config_form.xml    | 6 +++---
 .../Magento/Config/Model/Config/Backend/Image/Favicon.php | 2 +-
 .../Magento/Config/Model/Config/Backend/Image/Logo.php    | 2 +-
 .../Test/Unit/Model/Config/Backend/Image/LogoTest.php     | 2 +-
 .../view/adminhtml/ui_component/design_config_form.xml    | 2 +-
 .../view/adminhtml/ui_component/design_config_form.xml    | 2 +-
 app/code/Magento/Theme/Model/Design/Backend/Favicon.php   | 2 +-
 app/code/Magento/Theme/Model/Design/Backend/Logo.php      | 2 +-
 .../view/adminhtml/ui_component/design_config_form.xml    | 8 ++++----
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml
index dbca31a35a30b..942f0e62bc18b 100644
--- a/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml
+++ b/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml
@@ -31,7 +31,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
@@ -95,7 +95,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
@@ -159,7 +159,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
index 960853778d5f6..1412e0cd77c17 100644
--- a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
+++ b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
index 908ae53af0991..fc57287fb4945 100644
--- a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
+++ b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
index e68cff5d1280d..28f35c233b874 100644
--- a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
+++ b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
@@ -73,7 +73,7 @@ public function testBeforeSave()
             ->will($this->returnValue('/tmp/val'));
         $this->uploaderMock->expects($this->once())
             ->method('setAllowedExtensions')
-            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
+            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
         $this->model->beforeSave();
     }
 }
diff --git a/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml
index d4c841d1c3c4f..12f6d3b06d2da 100644
--- a/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml
+++ b/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml
@@ -23,7 +23,7 @@
                         <item name="componentType" xsi:type="string">fileUploader</item>
                         <item name="notice" xsi:type="string" translate="true">Allowed file types: jpg, jpeg, gif, png. To optimize logo for high-resolution displays, upload an image that is 3x normal size and then specify 1x dimensions in the width/height fields below.</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>
diff --git a/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml
index d4673bf7e0073..d4cdbc403eb61 100644
--- a/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml
+++ b/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml
@@ -24,7 +24,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Favicon.php b/app/code/Magento/Theme/Model/Design/Backend/Favicon.php
index 160642818cfbd..2d53b11eea6cb 100644
--- a/app/code/Magento/Theme/Model/Design/Backend/Favicon.php
+++ b/app/code/Magento/Theme/Model/Design/Backend/Favicon.php
@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Logo.php b/app/code/Magento/Theme/Model/Design/Backend/Logo.php
index 88a1317d74b78..e5652d7ee4007 100644
--- a/app/code/Magento/Theme/Model/Design/Backend/Logo.php
+++ b/app/code/Magento/Theme/Model/Design/Backend/Logo.php
@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml
index f6478844ba4e3..411bbe3d061d5 100644
--- a/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml
+++ b/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml
@@ -65,9 +65,9 @@
                         <item name="label" xsi:type="string" translate="true">Favicon Icon</item>
                         <item name="formElement" xsi:type="string">fileUploader</item>
                         <item name="componentType" xsi:type="string">fileUploader</item>
-                        <item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng, svg. Not all browsers support all these formats!</item>
+                        <item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng. Not all browsers support all these formats!</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg ico apng</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png ico apng</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>
@@ -176,9 +176,9 @@
                         <item name="label" xsi:type="string" translate="true">Logo Image</item>
                         <item name="formElement" xsi:type="string">fileUploader</item>
                         <item name="componentType" xsi:type="string">fileUploader</item>
-                        <item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg, svg.</item>
+                        <item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg.</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>

From 6d44dd8fc64753d995c368a690af71cce55cccdd Mon Sep 17 00:00:00 2001
From: "Karpenko, Oleksandr" <okarpenko@magento.com>
Date: Tue, 16 May 2017 12:47:49 +0300
Subject: [PATCH 2/5] MAGETWO-54702: Failed ClearAllCompareProductsTest test
 due to Alert window.

---
 .../Test/TestCase/Product/ClearAllCompareProductsTest.php        | 1 +
 .../Test/TestCase/Product/ClearAllCompareProductsTest.xml        | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php
index e6a7f60bcec0d..ebd455fa1ed93 100644
--- a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php
+++ b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php
@@ -28,6 +28,7 @@ class ClearAllCompareProductsTest extends AbstractCompareProductsTest
 {
     /* tags */
     const MVP = 'yes';
+    const TEST_TYPE = 'extended_acceptance_test';
     /* end tags */
 
     /**
diff --git a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml
index 1a702147b40f4..523156fb0de74 100644
--- a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml
+++ b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml
@@ -8,7 +8,6 @@
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../../vendor/magento/mtf/etc/variations.xsd">
     <testCase name="Magento\Catalog\Test\TestCase\Product\ClearAllCompareProductsTest" summary="Clear All Compare Products" ticketId="MAGETWO-25961">
         <variation name="ClearAllCompareProductsTestVariation1">
-            <data name="tag" xsi:type="string">stable:no</data>
             <data name="config/dataset" xsi:type="string">compare_products</data>
             <data name="products" xsi:type="string">catalogProductSimple::simple_for_composite_products,catalogProductVirtual::default,downloadableProduct::default,groupedProduct::grouped_product_with_price,configurableProduct::default,bundleProduct::bundle_dynamic_product,bundleProduct::bundle_fixed_product</data>
             <constraint name="Magento\Catalog\Test\Constraint\AssertProductCompareSuccessRemoveAllProductsMessage" />

From 19a6485f7891c0990ba3b493b7d2e28842a96633 Mon Sep 17 00:00:00 2001
From: Volodymyr Zaets <vzaets@magento.com>
Date: Wed, 17 May 2017 10:11:18 +0300
Subject: [PATCH 3/5] MAGETWO-66885: Special Characters like % in widget inside
 of WYSIWYG gives an error #9452

---
 lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js b/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js
index aa0b19f5f11a2..f2b3365555f3c 100755
--- a/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js
+++ b/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js
@@ -463,8 +463,6 @@ define([
             var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
                 reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9,_-]+)'));
 
-            content = decodeURIComponent(content);
-
             return content.gsub(reg, function (match) { //eslint-disable-line no-extra-bind
                 return Base64.mageDecode(match[1]);
             });

From e13194db9dfc7c56b4361a18131ad06b9f0bd64d Mon Sep 17 00:00:00 2001
From: Maxim Medinskiy <mmedinskiy@magento.com>
Date: Fri, 19 May 2017 12:13:46 +0300
Subject: [PATCH 4/5] MAGETWO-59514: Hard coded "tax_region_id" in the
 \Magento\Tax\Setup\InstallData

---
 app/code/Magento/Tax/Setup/RecurringData.php | 92 ++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 app/code/Magento/Tax/Setup/RecurringData.php

diff --git a/app/code/Magento/Tax/Setup/RecurringData.php b/app/code/Magento/Tax/Setup/RecurringData.php
new file mode 100644
index 0000000000000..bc05db428cde8
--- /dev/null
+++ b/app/code/Magento/Tax/Setup/RecurringData.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Tax\Setup;
+
+use Magento\Directory\Model\RegionFactory;
+use Magento\Framework\Api\Search\SearchCriteriaFactory;
+use Magento\Framework\Setup\InstallDataInterface;
+use Magento\Framework\Setup\ModuleContextInterface;
+use Magento\Framework\Setup\ModuleDataSetupInterface;
+use Magento\Tax\Api\TaxRateRepositoryInterface;
+
+/**
+ * Update installed tax region codes
+ */
+class RecurringData implements InstallDataInterface
+{
+    /**
+     * Tax rate repository
+     *
+     * @var TaxRateRepositoryInterface
+     */
+    private $taxRateRepository;
+
+    /**
+     * @var SearchCriteriaFactory
+     */
+
+    private $searchCriteriaFactory;
+
+    /**
+     * @var RegionFactory
+     */
+    private $directoryRegionFactory;
+
+    /**
+     * Init
+     *
+     * @param TaxRateRepositoryInterface $taxRateRepository
+     * @param SearchCriteriaFactory $searchCriteriaFactory
+     * @param RegionFactory $directoryRegionFactory
+     */
+    public function __construct(
+        TaxRateRepositoryInterface $taxRateRepository,
+        SearchCriteriaFactory $searchCriteriaFactory,
+        RegionFactory $directoryRegionFactory
+    ) {
+        $this->taxRateRepository = $taxRateRepository;
+        $this->searchCriteriaFactory = $searchCriteriaFactory;
+        $this->directoryRegionFactory = $directoryRegionFactory;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function install(ModuleDataSetupInterface $setup, ModuleContextInterface $context)
+    {
+        $taxRateList = $this->taxRateRepository->getList($this->searchCriteriaFactory->create());
+        /** @var \Magento\Tax\Api\Data\TaxRateInterface $taxRateData */
+        foreach ($taxRateList->getItems() as $taxRateData) {
+            $regionCode = $this->parseRegionFromTaxCode($taxRateData->getCode());
+            if ($regionCode) {
+                /** @var \Magento\Directory\Model\Region $region */
+                $region = $this->directoryRegionFactory->create();
+                $region->loadByCode($regionCode, $taxRateData->getTaxCountryId());
+                $taxRateData->setTaxRegionId($region->getRegionId());
+                $this->taxRateRepository->save($taxRateData);
+            }
+        }
+    }
+
+    /**
+     * Parse region code from tax code
+     *
+     * @param string $taxCode
+     * @return string
+     */
+    private function parseRegionFromTaxCode($taxCode)
+    {
+        $result = '';
+        $parts = explode('-', $taxCode, 3);
+
+        if (isset($parts[1])) {
+            $result = $parts[1];
+        }
+
+        return $result;
+    }
+}

From 948bea6af5f4041816cdf6d74bb3c3c64d7e83c1 Mon Sep 17 00:00:00 2001
From: Ievgen Kolesov <ikolesov@magento.com>
Date: Fri, 19 May 2017 16:19:29 +0300
Subject: [PATCH 5/5] MAGETWO-64952: Admin login does not handle autocomplete
 feature correctly

---
 .../Backend/view/adminhtml/templates/admin/login.phtml       | 2 +-
 .../Backup/view/adminhtml/templates/backup/dialogs.phtml     | 4 ++--
 setup/view/magento/setup/marketplace-credentials.phtml       | 3 +++
 setup/view/magento/setup/popupauth.phtml                     | 3 +++
 setup/view/magento/setup/system-config.phtml                 | 5 +++--
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
index b951fd2c19495..c829a2f01fa9c 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
@@ -43,7 +43,7 @@
                        data-validate="{required:true}"
                        value=""
                        placeholder="<?php /* @escapeNotVerified */ echo __('password') ?>"
-                       autocomplete="off"
+                       autocomplete="new-password"
                     />
             </div>
         </div>
diff --git a/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml b/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml
index 03d52ab9e5703..2eebcdbe65749 100644
--- a/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml
+++ b/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml
@@ -73,7 +73,7 @@
         <fieldset class="admin__fieldset password-box-container">
             <div class="admin__field field _required">
                 <label for="password" class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('User Password')?></span></label>
-                <div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="off"></div>
+                <div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="new-password"></div>
             </div>
 
             <div class="admin__field field maintenance-checkbox-container">
@@ -119,7 +119,7 @@
                         <span><?php /* @escapeNotVerified */ echo __('FTP Password') ?></span>
                     </label>
                     <div class="admin__field-control">
-                        <input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="off">
+                        <input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="new-password">
                     </div>
                 </div>
                 <div class="admin__field field">
diff --git a/setup/view/magento/setup/marketplace-credentials.phtml b/setup/view/magento/setup/marketplace-credentials.phtml
index 22ad4b6558f33..c13517f2200ee 100644
--- a/setup/view/magento/setup/marketplace-credentials.phtml
+++ b/setup/view/magento/setup/marketplace-credentials.phtml
@@ -23,6 +23,7 @@
         </div>
         <form name="auth"
               role="form"
+              autocomplete="off"
               ng-show="showCredsForm"
             >
             <fieldset class="fieldset">
@@ -63,6 +64,7 @@
                                                || (auth.username.$error.required && user.submitted) }"
                                autofocus
                                required
+                               autocomplete="off"
                             >
                         <div class="error-container">
                             This is a required field.
@@ -84,6 +86,7 @@
                                                && !auth.password.$pristine)
                                                || (auth.password.$error.required && user.submitted) }"
                                required
+                               autocomplete="new-password"
                             >
                         <div class="error-container">
                             This is a required field.
diff --git a/setup/view/magento/setup/popupauth.phtml b/setup/view/magento/setup/popupauth.phtml
index 87263c7247461..bce55a7c336dc 100644
--- a/setup/view/magento/setup/popupauth.phtml
+++ b/setup/view/magento/setup/popupauth.phtml
@@ -32,6 +32,7 @@
                     <form
                         name="auth"
                         role="form"
+                        autocomplete="off"
                     >
                         <fieldset class="fieldset">
                             <legend ng-show="errors==false" class="legend">
@@ -62,6 +63,7 @@
                                                || (auth.username.$error.required && user.submitted) }"
                                            autofocus
                                            required
+                                           autocomplete="off"
                                     >
                                     <div class="error-container">
                                         This is a required field.
@@ -83,6 +85,7 @@
                                                && !auth.password.$pristine)
                                                || (auth.password.$error.required && user.submitted) }"
                                            required
+                                           autocomplete="new-password"
                                     >
                                     <div class="error-container">
                                         This is a required field.
diff --git a/setup/view/magento/setup/system-config.phtml b/setup/view/magento/setup/system-config.phtml
index 65c13ab3cdf18..55087c5a99491 100644
--- a/setup/view/magento/setup/system-config.phtml
+++ b/setup/view/magento/setup/system-config.phtml
@@ -57,7 +57,7 @@
         <h2 class="page-sub-title">Magento Marketplace</h2>
         <p>Sign in to sync your Magento Marketplace purchases.</p>
         <fieldset class="form-fieldset">
-            <form  ng-submit="saveAuthJson();" name="auth" role="form">
+            <form  ng-submit="saveAuthJson();" name="auth" role="form" autocomplete="off">
                 <div class="row form-row">
                     <div class="col-m-3">
                         <label class="form-label required" for="username">Public Access Key</label>
@@ -74,6 +74,7 @@
                                    || (auth.username.$error.required && user.submitted)}"
                                    autofocus
                                    required
+                                   autocomplete="off"
                                 >
                             <div class="error-container">
                                 This is a required field.
@@ -100,7 +101,7 @@
                                    ng-class="{ 'invalid' : (auth.password.$error.required && !auth.password.$pristine)
                                    || (auth.password.$error.required && user.submitted) }"
                                    required
-                                   autocomplete="off"
+                                   autocomplete="new-password"
                                 >
                             <div class="error-container">
                                 This is a required field.