Magento 2 : How can security patches be applied?

Magento releases patches of many types like cross-site scripting vulnerability issue, backward compatibility issues, module specific issues, hot fixes etc. These patches are very important to install in our Magento Instance for many reasons. Let’s get started.

Command Line

STEP 1 : Copy the .patch file to your Magento root directory.

STEP 2 : In the command line interface, run the following command according to the patch extension:

patch < patch_file_name.patch

STEP 3 : Copy the file path and paste it into the File to patch: prompt and press Enter and the patch should complete.

STEP 4 : Refresh the cache in the Admin under System > Tools > Cache Management. If required delete the generated folder.


STEP 1 : Open your command line application and navigate to your project directory.

STEP 2 : Add the cweagans/composer-patches plugin to the composer.json file.

composer require cweagans/composer-patches 

STEP 3 : Edit the composer.json file and add the following section to specify:

  • Module: “magento/module-payment”
  • Title: “MAGETWO-56934: Checkout page freezes when ordering with with invalid credit card”
  • Path to patch: “patches/composer/github-issue-6474.diff”For example:
"extra": {
      "composer-exit-on-patch-failure": true,
      "patches": {
          "magento/module-payment": {
              "MAGETWO-56934: Checkout page freezes when ordering with with invalid credit card": "patches/composer/github-issue-6474.diff"

If a patch affects multiple modules, you must create multiple patch files targeting multiple modules.

STEP 4 : Apply the patch. Use the -v option only if you want to see debugging information.

composer -v install 

STEP 5 : Update the composer.lock file. The lock file tracks which patches have been applied to each Composer package in an object.

composer update --lock

Source : Magento Docs

Leave a Reply

Your email address will not be published. Required fields are marked *