Big Changes Coming to Adobe Commerce: The 2026 Patch Cycle Shift

TL:DR

Adobe Commerce ditching quarterly patches for monthly ones in 2026
Monthly isolated security fixes let you patch threats fast
Big annual security bundle lands in May each year
Full platform patch with features also scheduled in May
Goal is smoother maintenance and fewer surprise upgrades

Foreword

If you are running Adobe Commerce or Magento Open Source, your maintenance schedule is about to get a major shake-up. Starting in January 2026, Adobe is moving away from its traditional quarterly release cycle in favour of a new, more predictable monthly patch strategy.

This shift is designed to make security easier to manage without the "heavy lifting" of constant full upgrades. Here is the breakdown of what the new calendar looks like.

The New Schedule at a Glance

‍

Instead of waiting for quarterly bundles, the new lifecycle splits updates into three distinct types:

‍

Monthly Isolated Security Fixes: Every month, Adobe will release small, non-cumulative security fixes. These are targeted updates for all supported versions, allowing you to patch specific vulnerabilities immediately without waiting for a larger release window.
‍
Annual Security Patch (May): Once a year, usually in May, a major security bundle will be released. This cumulative patch rolls up all the isolated fixes from the previous months into one package. (Note: An additional security patch may drop in November if urgent needs arise, but it isn’t guaranteed).
‍
Annual Full Patch Release (May): Also landing in May, this is the full platform update for the 2.4.x LTS line. This is where you will find new features, performance improvements, and general stabilisation work.

What This Means for Merchants

‍

Moving to a monthly cadence might sound like more work, but the goal is actually to smooth out the spikes in maintenance. By isolating security fixes, teams can react faster to threats without needing to perform full-scale regression testing every few months.

‍

Key Benefits:

Predictability: No more guessing when the next critical fix might drop.
‍
Agility: Faster response times to emerging security threats.
‍
Stability: Fewer massive "surprise" patches that disrupt your roadmap and require significant testing
‍
Clarity: A clearer upgrade path with a major annual focus point in May.

Learn More

‍

This new schedule represents a significant shift in how we plan for ongoing support and maintenance. For a deep dive into the official release calendar and technical specifics, we recommend reviewing the full documentation.

‍

You can find out more information here.