Changes to the Magento update policy

03.12.2020 Angelika Siczek
magento policy update

As you know, in recent times more and more attention has been paid to online security. This applies not only to websites that are used on a daily basis, but above all to online stores. If you are a reseller, you probably know how important it is to keep your website and customers safe.


To strengthen this aspect, Adobe has set its priorities in the field of security. It has improved the Magento Security Scan Tool, the new version of which is now available for users of the Magento platform. Why is it worth using? It turns out that the average cost of a data breach is as high as $ 3.86 million, and unfortunately, 82% of e-commerce stores where malware was located used an unsupported version of the product. Moreover, financial losses are not the only negative effect of hackers. Equally significant is shaking the trust of customers, negative advertising, dissatisfaction of deceived users, which can harm your business even for years. For this reason, it is worth putting on solid protection!


Accordingly, in Q1 2021, Adobe will introduce a new update policy for all e-commerce sellers who do not yet have the latest version of Magento 2.4 and still use a supported version of Magento Commerce or Magento Open Source 2.3. The purpose of this new policy is to make the deployment, planning and security of Magento sellers easier, while providing your team with more options about how and when to update your Magento website. The Magento Lifecycle Policy will also be updated to reflect the entire policy change.


The new life cycle of Magento software

Adobe’s new approach to Magento releases will continue to focus on features, quality, and security updates in the current minor version – currently in version 2.4. In the future, other supported minor releases (currently 2.3) will split the quality and security improvements into two separate processes. Security will be implemented through quarterly updates as has been the case in the past. However, this time the selected quality patches will only be available through the new Magento Quality Patch tool. This will make the upgrade process faster and more flexible than before. Moreover, it will allow you to update to the latest security patch using the traditional quarterly release frequency and have important quality patches available through the new MQP process.


How will the new security policy work?

According to Magento’s newly updated security policy, when a new minor version like 2.5 is released, the previous line (2.4 in our example) will be moved to security only update. This means it will continue to be supported in the event of any security deficiencies.


Any required patches will be delivered to the previous version (2.4) via Magento Quality Patches (MQP). This will happen if there are problems with high impact quality on the site that will interrupt the basic flows necessary for the proper functioning of the site.


What else will change? In keeping with Adobe’s practice of relying on large amounts of validated data, the security-only line will include fixes in the quarterly release that have a high impact on a large number of vendors. Lower impact quality issues will not be available on the previous supported line (2.4) and will only be addressed on the latest line (2.5) in Adobe’s standard quarterly update. The developers recommend this practice to limit the use of MQP in the previous version of the tool and thus ensure easier possible migration to the latest version. Why is Adobe making changes to its security policy?


The main goal of Adobe is to create pathways for resellers to strategically plan the annual development costs of their e-commerce business, while allowing them to remain secure and of the highest quality during these strategic business cycles. Changes in the policy are also important for all those who focus on the highest security class and for all those who are satisfied with the stability of older, supported versions. Therefore, these types of sellers gain the possibility of easier planning and budgeting of updates, as they will not include any new functions or major changes in the functioning of the entire e-commerce site.


When will the changes come into effect?

Magento 2.3.6, scheduled for October 2020, will be the last line of extra quality plus security for version 2.3.


After version 2.3.6, line 2.3 will only be updated for the sake of security. All quality fixes in this regard will be available through the MQP. Adobe’s release calendar for 2021 is quite plentiful. In the second quarter, the company plans to expand lines 2.3 to 2.3.7 due to mandatory PHP 7.4 compatibility update. However, after the end of the second quarter of the year, line 2.3 will fall back to only security updates supporting PHP 7.4. So let’s keep that in mind.


How to plan a Magento version for your business?

If you are wondering how to plan the implementation of the new Magento version, remember that you should still prioritize the adoption of the new Magento line in a timely manner. The MQP Upgrade Policy is not intended to replace strategic upgrade plans for traders. It rather offers the flexibility to prepare an update plan and the means to respond quickly to security and quality issues without having to deploy all available updates.


The closer we are to the release of the new product version – 2.4.2 and when the security policy comes into force, the more details you will find on our website. We will certainly keep you informed about all the available options to stay safe on your Magento platform!

Have a question?

Write to us

    PDF, DOC, DOCX, JPG lub PNG (max 5MB)



    Andrzej Szylar

    Chief Executive Officer


    Magdalena Paczyńska-Kamienik

    HR Manager


    Aleksandra Bielawska-Clegg

    HR Business Partner



    Michał Duława

    New Business Developer



    Katarzyna Zajchowska

    Marketing Partner