Keeping up with upgrades

Written By Allen Shaw

If you’ve already got an expert professional (in-house or outsourced) handling upgrades for you, you can probably skip this email. But if you’re curious about the kinds of challenges that can come up, or you’re doing the upgrades yourself (totally do-able, by the way), this might interest you.

How actively should you be applying updates to your open-source CRM and CMS?

CiviCRM drops a new release at least once a month, and usually more often.

Drupal and WordPress may release a little less frequently, but not by much.

On top of that, new versions are continually being released for CiviCRM extensions, WordPress plugins, and Drupal modules.

How you respond to these updates is entirely up to you, but here are my general guidelines for most sites:

  • Security updates: Take the update.

    If you find that a new release includes security fixes, take the update. It's very rare that you'll have a good reason to wait. Just do it.

    Rationale: Security issues are serious, and once the update is released, you can be sure that nefarious players are looking for un-patched sites they can attack. (Sure, if you're a developer with opinions about whether some security patches are not-so-serious, and are willing to own the risk, I won't try to persuade you. But for everyone else: take the update.)

  • Non-security updates for the core CiviCRM, Drupal, and WordPress projects: Wait on it, if you can.

    If there's as bug-fix or feature improvement you believe would be fixed by updating, then take the update. Otherwise, it's generally not worth the effort to chase these updates just because they're available.

    Rationale: Updates require measurable effort (backups, installation, testing) and present measurable risk (potential new bugs). And updates to core systems increase the risk because they're more likely to affect the entire system. Unless you have a specific reason to update, it's not worth it.

  • Updates for CiviCRM extensions, Drupal modules, and WordPress plugins: Take the update.

    Go ahead and take these updates as they're available. Make a practice of checking every week or so for available updates, and take them as they come.

    Rationale: These updates are relatively easy to apply, and carry a lower risk than core updates -- they may still introduce new bugs, but the scope of that bug is usually limited to the scope of the plugin. Applying frequent updates on these plugins gets you incremental improvement in bug-fixes and functionality, and helps limit the risk of version incompatibility when you do update your core systems.

Here's the thing:

Your open source tools are continually being supported by a vibrant and active community of contributors who are constantly handing out free fixes for your benefit.

Isn't it nice that you, your organization, and your members can benefit from it?

All the best,
A.

Allen Shaw
Previous

What’s on the line for them?
Next

Knowing what you want