How to obtain and apply a security patch

Last update: February 28, 2025

This article provides instructions on how to obtain and apply a security patch that has been released, but instructions are unavailable.

Affected products and versions

Adobe Commerce On-Premise and Cloud - All versions

Cause

Most Security Patches are released without any physical file or hotfix to apply.

Solution

Case I:

If a physical patch file/hotfix is mentioned in the Release Notes:

  • Download the file from the download section of https://account.magento.com. (Shared access users must first be given download privileges by the account owner/license holder)

Caveats:

If you are on an older version of Adobe Commerce (2.4.4), you will have automatically received Extended Support. Your version must be one of the following unsupported versions to be able to apply the latest available Security Patches:

2.4.4 - 2.4.4-p11

Unsupported versions (2.3.x, 2.4.0 - 2.4.3) are ineligible for support and you must first upgrade to a supported version to take advantage of the latest security fixes.

If you don’t have Extended Support, you may request Support to share the patches with you, but they will not be able to resolve any issues/errors you may encounter when applying them.

Case II:

If a physical patch file/hotfix is not mentioned in the Release Notes:

  • Cloud:
  1. Some Security Patches might be included/released in the latest version of Cloud Tools Suite (ECE Tools) under Cloud Patches for Commerce - check the Release Notes, and if a security fix is mentioned in the release, upgrade the package to that version.
  2. If the Release Notes do not mention a security fix, continue reading.
recommendation-more-help