Magento 2 : How can security patches be applied?

Magento releases patches of many types like cross-site scripting vulnerability issue, backward compatibility issues, module specific issues, hot fixes etc. These patches are very important to install in our Magento Instance for many reasons. Let’s get started.

• GoTo : https://magento.com/tech-resources/download
• Scroll to Magento Open Source Patches – 2.x
• Select your format Github or Composer depends how you have setup your Magento instance
• Click Download

Command Line

STEP 1 : Copy the .patch file to your Magento root directory.

STEP 2 : In the command line interface, run the following command according to the patch extension:

STEP 3 : Copy the file path and paste it into the File to patch: prompt and press Enter and the patch should complete.

STEP 4 : Refresh the cache in the Admin under System > Tools > Cache Management. If required delete the generated folder.

Composer

STEP 1 : Open your command line application and navigate to your project directory.

STEP 2 : Add the cweagans/composer-patches plugin to the composer.json file.

STEP 3 : Edit the composer.json file and add the following section to specify:

• Module: “magento/module-payment”
• Title: “MAGETWO-56934: Checkout page freezes when ordering with Authorize.net with invalid credit card”
• Path to patch: “patches/composer/github-issue-6474.diff”For example:

If a patch affects multiple modules, you must create multiple patch files targeting multiple modules.

STEP 4 : Apply the patch. Use the -v option only if you want to see debugging information.

STEP 5 : Update the composer.lock file. The lock file tracks which patches have been applied to each Composer package in an object.

Source : Magento Docs