PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in April 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x and PHP 7.4.x to help maintain PCI compliance.

2.3 Release Information

Magento 2.3.x Release Notes

Security-only patches

With the release of Magento 2.3.3, Magento introduced a new type of patch: the security-only patch. Patch 2.3.3-p1 includes the significant security fixes that Magento 2.3.4 introduces, plus the hot fixes that were applied to Magento 2.3.3, without the hundreds of functional fixes and enhancements that Magento 2.3.4 also includes. (A hot fix provides a fix to a released version of Magento that addresses a specific problem or bug.) Merchants deploying Magento 2.3.3 can apply patch 2.3.3-p1 to immediately take advantage of time-sensitive security fixes without investing the time required to install Magento 2.3.4.

For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.2-p1), see Install Magento using Composer.

Backward-incompatible changes

Cloud for Adobe Commerce

The ece-tools package is a scalable deployment tool that simplifies the Cloud for Adobe Commerce upgrade process by providing commands to backup the database, apply custom patches, verify environment packages, and more. The package also contains scripts and Cloud for Adobe Commerce commands to help manage your code and automate the project build and deploy process.

See Release Notes for ece-tools for the latest updates and improvements to the ece-tools package as well as information about Cloud for Adobe Commerce upgrades and patches.

We recommend installing full Cloud for Adobe Commerce upgrades for important security updates. Full upgrades include all associated patches and hotfixes.

Third-party license agreements