[PaaS only]{class="badge informative" title="Applies to Adobe Commerce on Cloud projects (Adobe-managed PaaS infrastructure) and on-premises projects only."}

Security patch release notes

The Adobe Commerce security patch release notes provide information about the latest security improvements for supported versions of Adobe Commerce.

About security patch releases

Security Bug Fix: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible.

Security Enhancement: A software improvement or configuration change to improve security proactively within the application. These security enhancements help address security risks that impact the security posture of the Adobe Commerce application but may be backward incompatible.

With security patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full patch release. Security patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security patch releases can also include hotfixes required to address critical issues that affect the Adobe Commerce application.

Security patch releases can also include compliance-related changes that are required to ensure that the Adobe Commerce application can meet compliance requirements. These changes may introduce backward-incompatible changes and are required to ensure that all supported release lines remain compliant.

Each security patch release is based on the prior full patch release. It contains quality and security fixes from prior patch release and security fixes created between the prior full patch release and the security patch release.

For instructions on downloading and applying security patches, see How to obtain and apply security patches in the Adobe Commerce Knowledgebase.

Isolated security patch file

Isolated security patch files are non-cumulative, standalone patch files that include fixes for one or more security vulnerabilities only, without any additional feature updates or non-security changes. These patches are released independently to enable faster remediation and are incorporated into the next full security patch. Details about the vulnerabilities are provided in the associated security bulletin, which links to a Knowledge Base (KB) article with instructions for applying the patch and additional information.

To apply an isolated security patch file, customers must be on the latest security-only patch release (the latest -p version) for their supported release line, as isolated security patch files are tested exclusively against that version.

See the Security Center to find the latest security updates available for Adobe Commerce.