Adobe Commerce lifecycle policy

To streamline the Adobe Commerce lifecycle policy and support the mission-critical needs of customers, Adobe expanded the support window to three years from the General Availability (GA) date for Adobe Commerce 2.4.4 and later. Adobe provides quality fixes to the 2.4.4 and later releases for a three-year support period. Customers can access quality fixes by contacting Adobe Commerce Support or through the self-serve Quality Patches Tool if their version is still eligible for quality support. Refer to the table below for the end of software support dates for Adobe Commerce release lines.

Adobe provides security fixes through a security patch release for the three-year support period.

For critical security issues, such as zero-day vulnerabilities, Adobe provides hotfixes for all customers on a supported version, even if they are not on the latest patch or security patch release. It is important to note that a hotfix is not a catch-all and does not address all the security issues that would be fixed by upgrading to the latest release.

Adobe does not provide security and quality fixes for third-party services and software dependencies, such as PHP. It is your responsibility to maintain the security and compliance (for example, PCI, ISO, SOC) of third-party software dependencies. Adobe recommends updating your environments to use the latest version of PHP supported by Adobe Commerce as soon as possible. Do not use a version of PHP that has reached end of support.