PHPackages samjuk/m2-meta-security-patches - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. samjuk/m2-meta-security-patches ActiveLibrary[Security](/categories/security) samjuk/m2-meta-security-patches =============================== Meta package to apply all the new isolated security and emergency patches for Magento 2 2026.03.19(1mo ago)514ShellCI passing Since Feb 1Pushed 1mo ago1 watchersCompare [ Source](https://github.com/SamJUK/m2-meta-security-patches)[ Packagist](https://packagist.org/packages/samjuk/m2-meta-security-patches)[ RSS](/packages/samjuk-m2-meta-security-patches/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (2)Versions (5)Used By (0) Magento 2 Meta Package: Security Patches ======================================== [](#magento-2-meta-package-security-patches) [![Test on Master](https://github.com/SamJUK/m2-meta-security-patches/actions/workflows/test-master.yml/badge.svg)](https://github.com/SamJUK/m2-meta-security-patches/actions/workflows/test-master.yml) This repository contains a meta package for applying security patches to Magento 2 installations. The package aggregates various security patches including Adobe's new isolated patches, and emergency out of band patches to ensure that your Magento 2 store remains secure against known vulnerabilities. The primary reason for using a meta package is to simplify the management and application of multiple security patches. Instead of applying each patch individually to each project, you can install this meta package, which will automatically include all the necessary patches. Future updates can be handled automatically via Dependabot or Renovate, ensuring that your Magento 2 installation stays up-to-date with the latest security fixes without the manual overhead and cost. Requirements ------------ [](#requirements) - Magento 2.4.2+ (see [test-matrix.json](test-matrix.json) for full compatibility) - PHP 7.4+ (version depends on Magento version) - Composer 2.x List of Included Security Patches --------------------------------- [](#list-of-included-security-patches) We break down the included security patches into a few groups: ### Isolated Security Patches [](#isolated-security-patches) These are the new approach to regular security updates provided by Adobe. - TBA For detailed information on each patch, see the patches in [src/patches/isolated/](src/patches/isolated/). ### Emergency Security Patches [](#emergency-security-patches) These patches address critical vulnerabilities out of band security issues that require immediate attention: - **CVE-2024-34102** - CosmicSting vulnerability affecting Magento 2.4.7 and earlier - **CVE-2025-54236** - Session security vulnerability - **APSB25-94** - Polyshell vulnerability affecting Magento 2.4.9-alpha2 and earlier For detailed information on each patch, see the patches in [src/patches/emergency/](src/patches/emergency/). Installation ------------ [](#installation) To install the meta package, use Composer by running the following command in your Magento 2 root directory: ``` composer require samjuk/m2-meta-security-patches:">=2026.02.01" ``` The patches will be automatically applied during installation via [vaimo/composer-patches](https://github.com/vaimo/composer-patches). Versioning ---------- [](#versioning) The versioning of this meta package follows date based versioning to indicate the release date of the included patches. For example, a version `2024.10.15` indicates that the package was released on October 15, 2024. Development ----------- [](#development) To contribute to the development of this meta package: 1. Clone the repository 2. Make your changes in the `src/` directory 3. Add or update patches in `src/patches/` 4. Update `src/composer.json` with patch configuration 5. Run tests locally with `sh tests/test.sh` (requires Docker) 6. Submit a pull request Testing ------- [](#testing) ### Automated Testing [](#automated-testing) Full E2E tests are run via GitHub Actions: - **On master/main commits**: Tests run automatically on every push - **On pull requests**: Add the `run-tests` label to trigger the test suite The test suite validates the package installation across multiple Magento versions and PHP versions (see [test-matrix.json](tests/test-matrix.json) for the complete matrix). ### Local Testing [](#local-testing) You can run the full test suite locally with Docker: ``` sh tests/test.sh ``` This will test the package installation across all supported Magento/PHP version combinations. Be aware, this can take a significant amount of disk space and time. Contributing ------------ [](#contributing) 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Ensure tests pass locally 5. Submit a pull request ### Health Score 38 — LowBetter than 85% of packages Maintenance89 Actively maintained with recent releases Popularity11 Limited adoption so far Community7 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~23 days Total 3 Last Release 54d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/401ee0b9faa791ec1a3b567e5e3668340aa9954c5f44ed536956d56ea3593584?d=identicon)[SamJUK](/maintainers/SamJUK) --- Top Contributors [![SamJUK](https://avatars.githubusercontent.com/u/7872420?v=4)](https://github.com/SamJUK "SamJUK (9 commits)") --- Tags magento-security-patchesmagento2composersecuritymagento2cvepatches ### Embed Badge ![Health badge](/badges/samjuk-m2-meta-security-patches/health.svg) ``` [![Health](https://phpackages.com/badges/samjuk-m2-meta-security-patches/health.svg)](https://phpackages.com/packages/samjuk-m2-meta-security-patches) ``` ### Alternatives [jorijn/laravel-security-checker Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you. 2021.8M1](/packages/jorijn-laravel-security-checker)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k4](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[padosoft/laravel-composer-security Security checker for composer.lock. 314.1k](/packages/padosoft-laravel-composer-security) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)