2.3.x Release Information

Magento 2.3.x Release Notes

Security-only patches

With the release of Magento 2.3.3, Magento introduced a new type of patch: the security-only patch. Patch 2.3.3-p1 includes the significant security fixes that Magento 2.3.4 introduces, plus the hot fixes that were applied to Magento 2.3.3, without the hundreds of functional fixes and enhancements that Magento 2.3.4 also includes. (A hot fix provides a fix to a released version of Magento that addresses a specific problem or bug.) Merchants deploying Magento 2.3.3 can apply patch 2.3.3-p1 to immediately take advantage of time-sensitive security fixes without investing the time required to install Magento 2.3.4.

For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.2-p1), see Install Magento using Composer.

Backward-incompatible changes

Magento Commerce Cloud

The ece-tools package is a scalable deployment tool that simplifies the Magento Commerce Cloud upgrade process by providing commands to backup the database, apply custom patches, verify environment packages, and more. The package also contains scripts and Magento Commerce Cloud commands to help manage your code and automate the project build and deploy process.

See Release Notes for ece-tools for the latest updates and improvements to the ece-tools package as well as information about Magento Commerce Cloud upgrades and patches.

We recommend installing full Magento Commerce Cloud upgrades for important security updates. Full upgrades include all associated patches and hotfixes.

Third-party license agreements