Adobe Commerce and Magento Open Source use semantic versioning on the individual module level (for example
magento/framework 101.1.1), but not for the marketing version number. For example:
The following guidelines apply to minor releases:
Patch releases are primarily focused on delivering security, performance, compliance, and high-priority quality fixes to help you keep your sites performing at their peak.
The following guidelines apply to patch releases:
Security Bug Fix: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible.
Security Enhancement: A software improvement or configuration change to proactively improve security within the application. These security enhancements help address security risks that impact the security posture of the Adobe Commerce application but may be backward incompatible.
With security patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full quarterly patch release. Security patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security patch releases can also include hotfixes required to address critical issues that affect the Adobe Commerce application.
Each security patch release is based on the prior full patch release. It contains quality and security fixes from prior patch release and security fixes created between the prior full patch release and the security patch release.
With the announcement of our new release strategy and updated lifecycle policy (9/16/2021), our security patch releases are differentiated based on whether they are applicable to the latest-supported minor release or a part of a still-supported previous minor release line:
Security patch releases for the latest-supported minor release:
The security patch release for the latest-supported minor release (currently Adobe Commerce 2.4) includes:
Security bug fixes that have been created since the previous full patch release.
These security patch releases can also include hotfixes required to address critical issues that may affect the Adobe Commerce application.
The security patch release for the latest-supported minor release (currently Adobe Commerce 2.4) does not typically include security enhancements. Instead, these are included in the full comprehensive patch release for the latest-supported minor release.
Security patch releases for supported previous minor releases:
The security patch release for a previous minor release that is still supported (currently Adobe Commerce 2.3) includes:
Security bug fixes that have been created since the previous patch or security patch release, and new security enhancements.
These security patch releases can also include hotfixes required to address critical issues that affect the Adobe Commerce application.
|Security Bug||Security Enhancement|
|Security patch releases for the latest-supported minor release (currently 2.4)||X|
|Security patch releases for previous, supported minor releases (currently 2.3)||X||X|
Feature releases contain new features and feature updates that are delivered as independent services, separate from the patch releases. Examples include services like Product Recommendations and Live Search, independent modules like PWA Studio and Inventory Management (MSI), and updates to our cloud services and infrastructure.
Hotfixes are patches that contain high-impact security or quality fixes, such as fixes to zero-day vulnerabilities, that affect many merchants. Adobe releases hotfixes for Adobe Commerce versions that are still supported and affected by critical security or quality issues, as needed. Hotfixes are published to the Known Issues section of our Knowledge Base. These fixes are included in the next planned patch release.
Hotfixes can contain backward incompatible changes.
Individual patches contain low-impact quality fixes for a specific issue. These fixes are applied to the supported minor versions of Adobe Commerce. Adobe releases individual patches as needed for Adobe Commerce in accordance with our Software Lifecycle Policy.
Individual patches do not contain backward incompatible changes.
Created by non-Adobe personnel to fix an issue or modify the Adobe Commerce code for various reasons. Custom patches are delivered through the Quality Patches Tool.