How To Update Security Patches In Magento 2 – Step By Step Guide 2024

How To Update Security Patches In Magento 2 – Step By Step Guide 2023

Magento 2 is now one of the top leading eCommerce platforms for shop owners and online retailers. Most of the big brands in the world use Magento for their e-business because of its flexibility, reliability, and open-source nature.

Many of the leading online businesses and even small retail businesses are migrating from other ecommerce platforms to Magento because of its wide range of inbuilt functionalities, high scalability, and continuous growth in development.

With the new version, there are some updates, and security patches are also being released along with Magento version upgrades. Magento has released many security patch updates for Magento 1 version and there are few security patches released for Magento 2 version as well since January 2016.

Here’s a Step by Step Guide on How to Upgrade Security Patches in Magento 2:

Backup

Before you start working on any security patch update first thing you want to do is take a full backup of your Magento store. Take a backup of store files and database using your server’s control panel or SSH otherwise consult your hosting provider for help. You can revert to your backup if any of the steps break your website or causes data loss.

Disable Cache

Make sure that the Magento cache is disabled so that you don’t have to clear the cache while you are installing the security patch. This will save you a lot of time.

To disable cache is to go to Admin → System → Cache Management → select all cache types and disable them.

Developer Mode

Ensure that your Magento store is in developer mode so that all changes are reflected in real-time and you can view any errors you come across while patch updating.

For this, you have to run commands from the terminal using SSH access. Log in to your Magento store SSH account and go to the Magento root directory and run the below command:

php bin/magento deploy:mode:set developer

Download Security Patch

We have listed all the security patches below with their download links for you.

  • MAGETWO-93036

This patch contains a fix for problems faced in Magento 2.2.4 and 2.2.5 versions. This has a solution to fix the issues when changing any store’s theme and shows an error in Admin. See GitHub-14968 for more information.

If you are running the store with 2.2.4 then upgrade the Magento version to the latest 2.2.5 and apply this patch to resolve this issue.

https://magento.com/tech-resources/download#download2224

Download the patch from the above location and go to your Magento root directory and extract the archive. After that just run the below command to apply the patch:

php bin/magento setup:upgrade
  • MAGETWO-92926

This patch contains a fix for an issue customers are facing when upgrading to Magento 2.2.4 version from previous versions for stores having multiple websites. Magento multi-store setup was not using the store view-specific values from each store’s configuration settings if those values or settings differed from the global default configuration settings. But instead, it was using the default configuration and values for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions.

You need to install this patch if you are running the store with 2.2.4 or if you are facing this issue.

https://magento.com/tech-resources/download#download2217

Download the patch from the above location and go to your Magento root directory and extract the archive. After that just run the below command to apply the patch:

php bin/magento setup:upgrade
  • MAGETWO-67805

This is a hotfix applicable to Magento 2.1.6 CE for image resizing issue fix. It is recommended to upgrade to 2.1.7 which contains this fix.

https://magento.com/tech-resources/download#download2011

Download the patch from the above location and go to your Magento root directory and extract the archive. After that just run the below command to apply the patch:

php bin/magento setup:upgrade
  • MDVA-532

This patch is for fixing the issue of the Magento composer-installer component which causes upgrades to fail.

https://magento.com/tech-resources/download#download1892

To apply this patch download from the above and extract the files to your Magento root directory and then at the same directory and edit the file “composer.lock” and change the following line from:

“type”: “magento2-module-customer-balance”,

to:

“type”: “magento2-module”,

and save the file. After that you have to clear these directories with the below commands:

rm -rfvar/cache/* var/page_cache/* var/generation/*

php bin/magento setup:upgrade
  • MDVA-449

This patch has a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version 10.0.1 of the Magento Setup application.

https://magento.com/tech-resources/download#download1883

You need to extract the downloaded archive of the patch to /update the directory on your Magento root directory using SSH logins. Then run the below commands:

php bin/magento setup:upgrade
  • MDVA-84

This patch is applicable if you are running Magento CE 2.0.1 and the hosting server runs PHP 7.0.1 or 7.0.2 which causes an error trying for a Magento upgrade.

https://magento.com/tech-resources/download#download1890

You can resolve this issue if you upgrade the Magento version to 2.0.2 which contains this patch. The first extract is the downloaded archive of the patch to /update directory on your Magento root directory using SSH logins. Then run the below commands:

composer update magento/magento-composer-install

composer update magento/magento-composer-install

php bin/magento setup:upgrade

Deploy

Last but not the least, we have to run the below commands to deploy the files for the security patch to take effect so that it’s usable on the Magento store. Log in to your Magento store SSH account and go to the Magento root directory and run the below command:

php bin/magento setup:static-content:deploy
php bin/magento deploy:mode:set production

Now that all the security patches are updated, verify with the Magento storefront and Admin that your website is running smoothly and everything is working fine without any broken pages or functionality.

When you have verified the security patches, now it’s time to enable all the caches. Go to the below path in Admin:

  • System -> Cache Management
  • Select all Cache types then Select Enable from the Actions dropdown and click on Submit button to activate the cache.
  • If you had any server cache disabled then turn them on as well and check the front is working fine on that as well.

That’s it. Feel free to contact us and our Magento 2 Experts would be happy to help you.

Parth Patel, a skilled E-commerce Consultant and co-founder of Icecube Digital, dedicates his time to producing straightforward yet invaluable content. With a sharp attention to detail and a passion for innovation, Parth focuses on Magento, WordPress, Shopify, and other platforms in his commitment to advancing e-commerce solutions.

Leave a Reply