Magento releases patches of many types like cross-site scripting vulnerability issue, backward compatibility issues, module specific issues, hot fixes etc. These patches are very important to install in our Magento Instance for many reasons. Let’s get started.
- GoTo : https://magento.com/tech-resources/download
- Scroll to Magento Open Source Patches – 2.x
- Select your format Github or Composer depends how you have setup your Magento instance
- Click Download

Command Line
STEP 1 : Copy the .patch file to your Magento root directory.
STEP 2 : In the command line interface, run the following command according to the patch extension:
1 | patch < patch_file_name.patch<br> |
STEP 3 : Copy the file path and paste it into the File to patch: prompt and press Enter and the patch should complete.

STEP 4 : Refresh the cache in the Admin under System > Tools > Cache Management. If required delete the generated folder.
Composer
STEP 1 : Open your command line application and navigate to your project directory.
STEP 2 : Add the cweagans/composer-patches
plugin to the composer.json
file.
1 | composer require cweagans/composer-patches |
STEP 3 : Edit the composer.json
file and add the following section to specify:
- Module: “magento/module-payment”
- Title: “MAGETWO-56934: Checkout page freezes when ordering with Authorize.net with invalid credit card”
- Path to patch: “patches/composer/github-issue-6474.diff”For example:
1 2 3 4 5 6 7 8 | "extra": { "composer-exit-on-patch-failure": true, "patches": { "magento/module-payment": { "MAGETWO-56934: Checkout page freezes when ordering with Authorize.net with invalid credit card": "patches/composer/github-issue-6474.diff" } } } |
If a patch affects multiple modules, you must create multiple patch files targeting multiple modules.
STEP 4 : Apply the patch. Use the -v
option only if you want to see debugging information.
1 | composer -v install |
STEP 5 : Update the composer.lock
file. The lock file tracks which patches have been applied to each Composer package in an object.
1 | composer update --lock |
Source : Magento Docs