Security patch release notes

The Adobe Commerce security patch release notes provide information about the latest security improvements for supported versions of Adobe Commerce.

About security patch releases

Security Bug Fix: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible.

Security Enhancement: A software improvement or configuration change to improve security proactively within the application. These security enhancements help address security risks that impact the security posture of the Adobe Commerce application but may be backward incompatible.

With security patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full patch release. Security patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security patch releases can also include hotfixes required to address critical issues that affect the Adobe Commerce application.

Each security patch release is based on the prior full patch release. It contains quality and security fixes from prior patch release and security fixes created between the prior full patch release and the security patch release.

For instructions on downloading and applying security patches, see Quick start install.