When you host your project on the New Media Lab server, we require you to keep your software reasonably up to date. It’s safe to assume that all software has security flaws, so it is generally the case that, the older the software is, the more its flaws are known and can be exploited. However, it can also be the case that new software is released before adequate testing. Some security updates are urgent, but not every update needs to be applied immediately. Generally, the more an update changes, the better it is to wait until the relevant community of users has accepted that it works well.
When updating your site, you should at least back up your files and database but might want to test updates on a development server first.
Updating to new versions of software
When you see that an update is available, read release notes in case it’s critical or urgent. Additionally, the version number of software can be helpful in deciding whether and how urgently to apply an update.
Version numbers, in general
Most software uses 3-part version numbers, such as 2.4.6. A common, though not universal, understanding of three-part version numbers is that used by semantic versioning, in which the version parts are, respectively, the major, minor, and patch numbers. If the major version is changed (i.e. version 2.4.6 is updated to version 3.0 or 3.0.0), the new release likely includes substantial changes and likely drops support for old features, plugins, and/or themes. It’s possible that the previous major version (2.x.x in our example) of the software will be maintained in parallel with the new version, so you may not need to upgrade. Support for older versions varies by product.
If the minor version is changed (i.e. 2.4.6 is updated to 2.5 or 2.5.0), new features were likely added, and some old features may have been deprecated (scheduled to be removed), but the upgraded software is relatively unlikely to cause problems. Unless the upgrade also fixes critical security problems, we recommend delaying slightly to let early adapters find and report problems. If no major flaws are found shortly after the release of a minor version, it’s generally best to upgrade.
When the third component of a version, the patch number, is increased (i.e. 2.4.6 is updated to 2.4.7), the release should only fix bugs and/or security flaws. Though it’s possible that a patch will break something, they are often urgent updates that fix security problems.
Version numbers, the exceptions
Not all software follows common version number standards.
WordPress increases its major version by .1 on a rough schedule 3 times per year, so the amount of change between WordPress 3.9 and WordPress 4.0 was not meant to be more (or less) than the difference between 4.0 and 4.1. WordPress patches are the third component of WordPress version numbers, e.g. 4.1.3 was the third patch to 4.1. Unlike WordPress’ core, most WordPress plugins and themes use version numbers with major, minor, and patch components.
Drupal 7 does not use minor versions, so Drupal 7.36, for example, is major version 7, patch 36. Drupal 8 does include a minor version, starting with version 8.0.0.
Change your hosting to reduce maintenance
Eventually, you may decide that the ability to easily change your site is not worth the work of keeping it up to date. NML staff can help archive your site as static HTML. See the continued hosting page for details and other options.