How to obtain and apply a security patch
This article provides instructions on how to obtain and apply a security patch that has been released, but instructions are unavailable.
Affected products and versions
Adobe Commerce On-Premise and Cloud - All versions
Cause
Most Security Patches are released without any physical file or hotfix to apply.
Solution
Case I:
If a physical patch file/hotfix is mentioned in the Release Notes:
- Download the file from the download section of https://account.magento.com. (Shared access users must first be given download privileges by the account owner/license holder)
Caveats:
If you are on an older version of Adobe Commerce and have purchased Extended Support, your version must be one of the following to be able to apply the Security Patches:
- 2.4.2-p2
- 2.4.3-p3
If you don’t have Extended Support, you may request Support to share the patches with you, but they will not be able to resolve any issues/errors you may encounter when applying them.
Case II:
If a physical patch file/hotfix is not mentioned in the Release Notes:
- Cloud:
- Some Security Patches might be included/released in the latest version of Cloud Tools Suite (ECE Tools) under Cloud Patches for Commerce - check the Release Notes, and if a security fix is mentioned in the release, upgrade the package to that version.
- If the Release Notes do not mention a security fix, continue reading.
-
Cloud or On-Premise:
-
If a physical patch file/hotfix is not available, upgrade the Adobe Commerce version on Cloud 2.4.X to the latest patch version 2.4.X-pY.
-
If a physical patch file/hotfix is not available, upgrade the Adobe Commerce version On-Premise 2.4.X to the latest patch version 2.4.X-pY.
Related reading
- See Release notes for Commerce Cloud Tools Suite in the Adobe Commerce on Cloud Infrastructure Guide.
- See Upgrade the Adobe Commerce version in the Adobe Commerce on Cloud Infrastructure Guide.