Magento 2 : How can security patches be applied?

Magento releases patches of many types like cross-site scripting vulnerability issue, backward compatibility issues, module specific issues, hot fixes etc. These patches are very important to install in our Magento Instance for many reasons. Let’s get started.

Command Line

STEP 1 : Copy the .patch file to your Magento root directory.

STEP 2 : In the command line interface, run the following command according to the patch extension:

STEP 3 : Copy the file path and paste it into the File to patch: prompt and press Enter and the patch should complete.

STEP 4 : Refresh the cache in the Admin under System > Tools > Cache Management. If required delete the generated folder.

Composer

STEP 1 : Open your command line application and navigate to your project directory.

STEP 2 : Add the cweagans/composer-patches plugin to the composer.json file.

STEP 3 : Edit the composer.json file and add the following section to specify:

  • Module: “magento/module-payment”
  • Title: “MAGETWO-56934: Checkout page freezes when ordering with Authorize.net with invalid credit card”
  • Path to patch: “patches/composer/github-issue-6474.diff”For example:

If a patch affects multiple modules, you must create multiple patch files targeting multiple modules.

STEP 4 : Apply the patch. Use the -v option only if you want to see debugging information.

STEP 5 : Update the composer.lock file. The lock file tracks which patches have been applied to each Composer package in an object.

Source : Magento Docs