2.3.x Release Information

Magento 2.3.x Release Notes

Interested in the Magento 2.2.x releases? Check out the 2.2.x Release Information pages.

Security-only patches

With the release of Magento 2.3.3, Magento is introducing a new type of patch: the security-only patch. Patch 2.3.2-p2, our first security-only patch, includes the significant security fixes that Magento 2.3.3 introduces without the hundreds of functional fixes and enhancements that Magento 2.3.3 also includes. Merchants deploying Magento 2.3.2 can apply patch 2.3.2-p2 to immediately take advantage of time-sensitive security fixes without investing the time required to install Magento 2.3.3.

If you have already upgraded to the pre-release version of this patch (2.3.2-p1), we strongly recommend that you upgrade to 2.3.2-p2 as soon as possible.  Patch 2.3.2-p2 contains the critical security fixes that are included in Magento 2.3.3, 2.2.10, 1.9.4.3, and 1.14.4.3, but that are not included in patch 2.3.2-p1.

For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.2-p1), see Install Magento using Composer.

Backward-incompatible changes

Magento Commerce Cloud

The ece-tools package is a scalable deployment tool that simplifies the Magento Commerce Cloud upgrade process by providing commands to backup the database, apply custom patches, verify environment packages, and more. The package also contains scripts and Magento Commerce Cloud commands to help manage your code and automate the project build and deploy process.

See Release Notes for ece-tools for the latest updates and improvements to the ece-tools package as well as information about Magento Commerce Cloud upgrades and patches.

We recommend installing full Magento Commerce Cloud upgrades for important security updates. Full upgrades include all associated patches and hotfixes.

Third-party license agreements