Adobe Commerce lifecycle policy
To streamline the Adobe Commerce lifecycle policy and support the mission-critical needs of customers, Adobe offers a three year support window from the General Availability (GA) date for each version and releases quality fixes during this period. For dates and details on the end of software support for each release, see the End of software support table.
During the three year support window, customer have access to:
-
Quality fixes–Customers can access quality fixes by contacting Adobe Commerce Support or through the self-serve Quality Patches Tool. The following table described end of software support dates for the Adobe Commerce release lines.
-
Security fixes–Adobe provides security fixes through cumulative security patches and non-cumulative isolated security patch files for the three-year support period.
-
Hotfixes–For critical security issues, such as zero-day vulnerabilities, Adobe provides hotfixes for all customers on a supported version, even if they are not on the latest patch or security patch release. Note that a hotfix is not comprehensive and does not address all security issues that would be resolved by upgrading to the latest release.
Adobe does not provide security and quality fixes for third-party services and software dependencies (such as PHP and MySQL) that may reach end of life while customers are in the three-year or extended support period for Adobe Commerce. See the system requirements for a full list of tested and supported third-party technologies.
Extended support
Adobe encourages customers to upgrade as soon as possible. However, to provide greater flexibility to align with upgrade plans and business needs, Adobe offers a one-year support extension at no additional cost for Adobe Commerce customers on versions 2.4.6. The support extension includes quality and security patches for the core application for up to one year. Extended support for Adobe Commerce 2.4.4 and 2.4.5 versions ends in April and August 2026 as planned.
End of software support
- 1 If you are an Adobe Commerce customer, you can continue to receive security and quality fixes for an additional year through the extended support period.
- See Software Lifecycle Policy.
Additional Security fixes provisioning for Adobe Commerce 2.4.4 and 2.4.5
As a one-time exception, Adobe is providing an extended security fixes provisioning period for Adobe Commerce versions 2.4.4 and 2.4.5 to give customers additional time to migrate to Adobe Commerce as a Cloud Service or upgrade to a supported release line.
During this security fixes provisioning period, note the following:
-
Isolated security patch file only-An isolated security patch file will be released for these versions according to the release schedule. No security patch releases (no new -p versions) will be provided during this period.
To apply an isolated security patch file, customers must be on the latest security-only patch release (the latest -p version) for their supported release line, as isolated security fixes are tested exclusively against that version.
-
No quality fixes or engineering assistance–No bug fixes, quality updates (Quality Patches Tool), or engineering assistance (Adobe Commerce Support) will be provided for versions 2.4.4 or 2.4.5 during this period.
-
PCI compliance is not guaranteed:–Because 2.4.4 and 2.4.5 use PHP versions that have reached end of life, PCI compliance cannot be guaranteed for merchants on those releases. Continuing to run these versions may put your PCI compliance at risk.
To maintain full security coverage and ensure PCI compliance, customers must upgrade to a currently supported version of Adobe Commerce as soon as possible or migrate to Adobe Commerce as a Cloud Service.
Support timeline
The support timeline maps support periods quarter by quarter for each Adobe Commerce release line. Use the tables provided earlier in this topic for exact end dates.
Key