PaaS only

Security patch release notes

The Adobe Commerce security patch release notes provide information about the latest security improvements for supported versions of Adobe Commerce.

About security patch releases

Security Bug Fix: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible.

Security Enhancement: A software improvement or configuration change to improve security proactively within the application. These security enhancements help address security risks that impact the security posture of the Adobe Commerce application but may be backward incompatible.

With security patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full patch release. Security patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security patch releases can also include hotfixes required to address critical issues that affect the Adobe Commerce application.

Security patch releases can also include compliance-related changes that are required to ensure that the Adobe Commerce application can meet compliance requirements. These changes may introduce backward-incompatible changes and are required to ensure that all supported release lines remain compliant.

Each security patch release is based on the prior full patch release. It contains quality and security fixes from prior patch release and security fixes created between the prior full patch release and the security patch release.

For instructions on downloading and applying security patches, see How to obtain and apply security patches in the Adobe Commerce Knowledgebase.