cancel
Showing results for 
Search instead for 
Did you mean: 

Security update from Magento 2.3.2-p2 to 2.3.5-p1

SOLVED
Highlighted

Security update from Magento 2.3.2-p2 to 2.3.5-p1

We are running Magento ver 2.3.2-p2 on our live website.

We do not wish to upgrade the 2.3.5 immediately as some custom modules may break.

Should we run the security upgrade to 2.3.5-p1 instead and is that a viable update for us?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

Hello @kanratech 

 

You have to apply all the security patches or upgrade version then auto will be implement. 

 

Here are 2 methods you can follow:

1. Apply patch 2.3.3-p1> 2.3.4-p1 >2.3.5-p1 

or 

1. upgrade Magento version to latest then these all auto implement

Manish Mittal
https://www.manishmittal.com/

View solution in original post

10 REPLIES 10
Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

Hello @kanratech 

 

Yes you can just upgrade security patch instead full version of Magento. As you think its major change and do not want to upgrade now due to keeping in mind it can break some modules as these modules not support this version.

 

For your reference you can follow below shared official magento document:

Example  – Security-only update to security-only update:

  • In Q3’19, you upgrade your 2.3.2 instance to 2.3.2-p1.
  • In Q1’20, you can upgrade your 2.3.2-p1 instance to 2.3.3-p1.**

https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/ba-...

 

Manish Mittal
https://www.manishmittal.com/
Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

Many thanks for the link, I checked and believe my query is very similar to an unanswered question there

https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/bc-...

Magento has released multiple security patches after our version 2.3.3-p1, 2.3.4-p1, 2.3.5-p1 .

So we need to apply only the latest patch or all the intermediates too? 

Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

Hello @kanratech 

 

You have to apply all the security patches or upgrade version then auto will be implement. 

 

Here are 2 methods you can follow:

1. Apply patch 2.3.3-p1> 2.3.4-p1 >2.3.5-p1 

or 

1. upgrade Magento version to latest then these all auto implement

Manish Mittal
https://www.manishmittal.com/

View solution in original post

Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

I am in the same situation, i am currently using 2.3.3-p1 but cant upgrade to 2.3.4/2.3.5 as it breaks a plugin i use. Can i upgrade to 2.3.5-p1? I cant find any reference to a 2.3.4-p1, only 2.3.4-p2.

Obviously i would like to stay as secure as possible but until the plugin developers update the plugin i use i cannot as it is a major plugin to import my stock so cannot function without it.

Can i go to 2.3.4-p2 > 2.3.5-p1 (in theory) without breaking the plugin?

Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

@CSP_Alex 

 

Yes you can go to 2.3.4-p2 > 2.3.5-p1 (in theory) without breaking the plugin. It will security patch so dont think it break. Please validate once you upgrade it at your end.

Manish Mittal
https://www.manishmittal.com/
Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

2.3.4-p2 states "You must deploy Magento 2.3.4 before applying this patch." so it doesnt look like you can do what i am asking.

To go update further than 2.3.3-p1 i would need to install 2.3.4 which i cant do as that version breaks the plugin.

Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

We are currently running Magento 2.3.2-p2 (Magento 2.3.2 with 2.3.3 security patch only basically) on our client's live store. We have been holding off on upgrades to 2.3.3 and 2.3.4 as those had issues that would affect functionality of our client's store and that is not an option

Is there a way to upgrade our 2.3.2-p2 store to latest security patch 2.3.5-p1 without upgrading to the 2.3.5 functionality making sure that all the modules still work the same way as they do now and don't break? And do we really need to have 2.3.4 to update to 2.3.4-p2?

Thanks in advance

Highlighted

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

HEllo @deggial 

 

You have to install all security patches between 2.3.2-p2 - 2.3.5-p1 first then you can upgrade to latest one. Directly can not upgrade to latest.

Manish Mittal
https://www.manishmittal.com/

Re: Security update from Magento 2.3.2-p2 to 2.3.5-p1

If we go from 2.3.2-p1 to 2.3.5-p1 does that mean we would have essentially 2.3.4 functionality with 2.3.5 security patches or still 2.3.2 functionality just with latest security updates?

 

2.3.3 and 2.3.4 had issues which would impact our client's store and therefore we did not update to those