Magento Commerce uses semantic versioning on the individual module level (for example magento/framework 101.1.1) but not for the Magento Commerce marketing version number. For example:
- MAJOR release—2
- MINOR release—2.4
- PATCH release—2.4.1
- SECURITY patch release—2.4.1-p1
- Security bug fix
- Security enhancement
- SECURITY patch release—2.4.1-p1
- Individual patch
- Custom patch
Adobe makes a minor version of Magento Commerce available about once a year.
The following guidelines apply to minor releases:
- Breaking changes are possible; code written for Magento Commerce 2.2.x may no longer work with Magento Commerce 2.3.x. For example, minor releases can introduce support for major system requirements and dependencies, such as PHP.
- Module versions can vary. For example, some module changes are introduced in a new patch whereas others are introduced in a minor release.
- Minor releases can include new features that may require additional work by you or your solution partner during upgrade to ensure compatibility.
- Minor releases can include fixes for security and quality issues.
Patch releases are primarily focused on delivering security and quality fixes on a regular basis to help you keep your sites performing at their peak. Adobe typically makes Magento patch releases available for supported release lines of Magento Commerce quarterly.
The following guidelines apply to patch releases:
- The latest-supported minor release will receive full functional quality fixes and enhancements.
- Changes that could break extensions or code compatibility are avoided. For example, code written for Magento 2.2.0 should still work on Magento 2.2.7.
- On an exceptional basis, breaking changes or additional patches or hotfixes may be released to address security or compliance issues and high-impact quality issues. On the module level, these are mostly PATCH-level changes; sometimes MINOR-level changes.
- Patch releases may include new features as long as they are not expected to break other code. The new feature can be included in core Magento code or as an extension, such as Magento Page Builder.
SECURITY patch release
Security Bug Fix: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible.
Security Enhancement: A software improvement or configuration change to proactively improve security within the Magento application. These security enhancements help address security risks that impact the security posture of the Magento Commerce application but may be backward incompatible.
With security patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full quarterly patch release. Security patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security patch releases can also include hotfixes required to address critical issues that affect the Magento Commerce application.
Each security patch release is based on the prior full patch release, hence it contains quality and security fixes from prior patch release and security fixes created between the prior full patch release and the security patch release.
With the announcement of our updated life cycle policy [10/1/2020], our security patch releases are differentiated based on whether they are applicable to the latest-supported minor release or a part of a still-supported previous minor release line:
Security patch releases for the latest-supported minor release:
The security patch release for the latest-supported minor release (currently Magento Commerce 2.4) includes:
Security bug fixes that have been created since the previous full patch release.
These security patch releases can also include hotfixes required to address critical issues that may affect the Magento Commerce application.
The security patch release for the latest-supported minor release (currently Magento Commerce 2.4) does not typically include security enhancements. Instead, these are included in the full comprehensive patch release for the latest-supported minor release.
Security patch releases for supported previous minor releases:
The security patch release for a previous minor release that is still supported (currently Magento Commerce 2.3) includes:
Security bug fixes that have been created since the previous patch or security patch release, as well as new security enhancements.
These security patch releases can also include hotfixes required to address critical issues that affect the Magento Commerce application.
Security Bug Security Enhancement Security patch releases for the latest-supported minor release (currently 2.4) X Security patch releases for previous, supported minor releases (currently 2.3) X X
For general information about security releases, see Introducing the New Security-only Patch Release. For instructions on downloading and applying security patches, see Install Magento using Composer.
Hotfixes are patches that contain high-impact security or quality fixes that affect a large number of Magento merchants. These fixes are applied to the next patch release for the applicable Magento minor version. Adobe releases hotfixes for Magento Commerce as needed.
Hotfixes can contain backward incompatible changes.
Individual patches contain low-impact quality fixes for a specific issue. These fixes are applied to the supported minor versions of Magento Commerce. Adobe releases individual patches as needed for Magento Commerce in accordance with our Software Lifecycle Policy.
Individual patches do not contain backward incompatible changes.
Created by non-Adobe personnel to fix an issue or modify the Magento Commerce code for various reasons. Adobe does not support custom Magento Commerce patches.