Applying New Magento 2 Security Patches

Applying Magento 2 Security Patches

Since the release of v2.3.2 Magento are now releasing security patches with every quarterly release for the previous version. Recently Magento released v2.3.4 but also released the v2.3.3-p1 security-only patch.

What are Magento 2 Security-Only Patches?

The idea behind this is that it will allow merchants to move quickly in securing their Magento websites. This will give them more time to plan, deploy and test the upgrade to the next version. The security patch contains all the latest security updates applied in the latest Magento 2 release as well as bug fixes to resolve issues that were discovered after that version was initially released.

Any merchants thinking that this means they won’t have to upgrade are mistaken. Magento is only going to release a security patch for the previous version of the current release.

Planning Your Magento 2 Upgrades

The diagram below provides a good overview of the upgrade path that merchants could take:

I am currently advising all my clients to only apply the security patch unless there is something specific in the new release that they need. Magento’s QA is currently not great so at this point in time upgrading to newer versions of the platform may introduce new bugs. For example in the v2.3.4 release, admins are unable to add an address to a customer account. If you are currently on 2.3.2-p1 there is nothing to stop you upgrading to v2.3.3-p1 which is the latest security patch.

It’s also worth noting here that the security-only patches contain a number of bug fixes relating to issues discovered in the release that the patch was created for. This means that if you were holding back on upgrading because you were worried about it’s stability, you can now rest assured that these issues will have now been resolved.

Need a Magento 2 Upgrade Plan?

As a freelance Magento 2 developer its very important that I ensure all my clients have an upgrade plan in place. These plans were developed based on their business requirements. Magento are going to be releasing these upgrades every quarter so you have to be on the ball to ensure that your Magento website is kept up-to-date and secure.

Have you got an upgrade plan in place? If not then feel free to reach out today and I’ll be more than happy to help you work out an upgrade plan that works for your business.