Commerce Version Tool release notes
These release notes describe updates for Commerce Version Tool (CVT).
Version 1.0.0 — June 2026 version-1-0-0
New features
- Patch status reporting - Reports which monthly Adobe Commerce security patches are applied, missing, or could not be classified for an Adobe Commerce installation.
- CVE protection status - Maps patch results to per-CVE protection status values:
PROTECTED,VULNERABLE,UNKNOWN, andNOT_APPLICABLE. - Multi-component support - Detects installed Adobe Commerce components from
composer.lock, including Adobe Commerce business-to-business (B2B), Adobe Commerce Page Builder, Adobe Commerce Inventory, and other components represented in the patch registry file. - JSON and CSV output - Provides JSON output by default for programmatic consumption and CSV output for spreadsheets, scanners, dashboards, and compliance tooling.
- Offline-friendly cache behavior - Caches the patch registry file locally after each successful fetch. If the remote registry is unavailable, the CVT tool can use the cached registry with a warning.
- Bundled delivery - Ships inside monthly Adobe Commerce security patch files. Applying the patch installs CVT at
vendor/bin/patch-statuswith no separate installation step.
commerce-operations-help-tools