More control over your Adobe Commerce updates from 2026

Starting January 2026, Adobe Commerce will fundamentally change how it handles updates. Instead of bundling everything into quarterly releases, there will be a new system with different types of patches. Isolated security fixes will be released as needed, without waiting for a major release. In addition, there will be a security patch every May that bundles all previously released fixes, plus a full patch with new features and improvements for the 2.4.x LTS release line. If you run a large e-commerce platform, this means more flexibility, better security, and fewer forced upgrades.

The biggest change is the separation between security and functionality. When a critical vulnerability is discovered, you no longer have to wait for the next major release or perform a full upgrade. Adobe can quickly release an isolated fix that addresses only that specific issue. You then decide when to implement the big feature updates, without being forced by security concerns.

Let’s clarify exactly what’s changing and what this means for your organization in practical terms.

The old approach had a pain point. Every three months there was a major release bundling new features, bug fixes, and security patches in one package. That meant that for a single critical security patch you had to perform a full upgrade, with potential risks and testing effort as a result.

Imagine a significant vulnerability is discovered halfway through a quarter. You had two options: wait for the next quarterly release and take on risk, or implement a hot-fix that could later conflict with the official update. Not an ideal situation.

Adobe has listened to feedback from developers and companies who work with the platform every day. The new approach separates security from functionality. That gives you more control over when you update what, without compromising on security.

It’s a mature decision that aligns with how modern software development works. And it’s good news for anyone who wants to run a stable, secure platform without constantly dealing with major upgrades.

The new system consists of different types of updates, each with its own purpose and timing.

1. Isolated security fixes when needed

When Adobe discovers a security issue, they immediately release an isolated security fix. This doesn’t happen on a fixed schedule, but when needed. These patches are targeted and non-cumulative, which means they only resolve the specific security issue without touching anything else. You can implement them quickly without fearing that other functionality suddenly stops working or behaves differently.

The benefit is clear. If a critical vulnerability is discovered tomorrow, you don’t have to wait months for a major release. The patch becomes available as soon as Adobe has a fix, and you can apply it in isolation. Your platform stays secure without major operations.

2. Annual security patch in May

Once a year, in May, there will be a security patch that bundles all previously released isolated fixes. This is the moment when you can carry out a comprehensive security upgrade if you haven’t applied every individual fix separately throughout the year.

For organizations that prefer to plan larger updates in one go, this provides a clear moment in the year. You can plan ahead, free up budget, and perform thorough testing. Adobe may also release an additional security patch in November if needed, but that is not guaranteed.

3. Annual full patch with new functionality

Also in May, there will be a full patch for the Adobe Commerce 2.4.x LTS release line. This is the major update with new functionality, improvements, and non‑critical bug fixes. Everything that used to be spread across multiple quarterly releases is now bundled into a single annual release.

The big advantage is that you have much more control over when you implement this update. Security is separate, so you can schedule the full patch with new features at a time that suits your organization. Quiet period after the peak months? Ideal for upgrading. Busy period with Black Friday or other campaigns? Then you simply wait until things calm down, while your platform still remains secure via the isolated security fixes.

Let’s be honest about what this changes in your day‑to‑day operations and planning.

Faster response to security threats

When a critical security vulnerability is discovered, you immediately receive an isolated fix without having to wait. In a world where cybersecurity threats are constantly evolving, that speed is essential. Your platform and customer data are better protected because Adobe no longer has to wait for the next quarterly release.

Lower risks with updates

Smaller, targeted patches mean less chance of unexpected issues. You test one specific fix instead of a bundle of changes. If something does go wrong, the impact is more limited and the cause easier to identify.

More predictable budgeting and planning

You now know that May is the time for the major annual updates, both security and features. That makes planning and budgeting simpler. You can free up resources, schedule testing, and prepare your team without surprises. Busy period such as Black Friday? Then you simply schedule the big update for a quieter time, while security continues via isolated fixes.

More control over your upgrade timing

Security is separate from new functionality. That means you decide when you implement major feature updates, not Adobe’s release schedule. Quiet period in the first quarter? Perfect for that upgrade. In the middle of your peak season? Then you just wait, without putting security at risk.

In addition to the new patch strategy, Adobe has more in store for 2026. These developments are important to keep on your radar.

Native integration with Adobe Experience Platform

Adobe is bringing real-time data sharing between Commerce and Experience Platform directly into the product. This means you can automatically share all order, cart, and browsing data with privacy and governance built in.

Concretely, this means you can build audiences in Real-Time CDP and have them automatically sync with your platform for personalized pricing, promotions, and campaigns. Personalization becomes much more powerful and happens in real time.

App Builder gets database support

For organizations that need custom functionality that doesn’t fit into standard Adobe Commerce, a fully managed database layer within App Builder is coming. This will become generally available in the first half of 2026.

This may sound technical, but the impact is significant. Your development team can build complex, data‑intensive custom features without having to manage infrastructure themselves. That lowers costs and increases development speed.

Improved B2B capabilities

Adobe continues to invest in faster implementation of B2B storefronts and better tools for complex B2B workflows. If you sell B2B or are considering it, the capabilities will only get stronger.

Merchant Center gets a redesign

The admin interface your team works with every day is being redesigned. The goal is to make administration simpler and more intuitive. Fewer clicks, faster work, better overviews.

AI-powered catalog management

Adobe is integrating more AI capabilities to automate catalog management. Think smarter product recommendations, automated content optimization, and better insights into what works.

These changes don’t require immediate action on your part, but they do require awareness and preparation.

Align with your development partner

Talk to the team managing your Adobe Commerce platform about how you will handle the new patch cycle. Will you apply every monthly security patch immediately? Or will you bundle them and perform the major update in May? Both options are valid; it depends on your risk appetite and resources.

Are you a PHPro client? Then your PM will contact you to discuss and schedule these matters.

Evaluate your current version

If your platform is still running on an older Adobe Commerce version, now is a good time to look at an upgrade strategy. The new patch cycle works best if you are relatively up to date.

Think about the roadmap features

Which of the announced updates are interesting for your organization? Adobe Experience Platform integration for better personalization? B2B improvements? AI-powered catalog management? Discuss with your team which opportunities there are.

Stay informed

Adobe’s roadmap is constantly evolving. Keep an eye on releases and regularly align with partners who know the ins and outs of the platform. That way you don’t miss opportunities and you’re prepared for changes.

At PHPro, we’ve been helping organizations get the most out of their Adobe Commerce platform for over 15 years. This new patch cycle calls for a clear strategy that fits your organization.

We help you set up an update roadmap. Which patches do you implement monthly? When do you schedule the major May update? How do you prepare your team? We translate technical changes into concrete actions that make your platform better, more secure, and more profitable.