ANSWER. Upgrade to the latest major/minor version each year if you can.
Keeping your Ruby on Rails applications up-to-date is important to maintain and even future-proof your digital infrastructure. As technology evolves, so do risks and issues, making staying current with the latest advancements imperative.
Let's say you're a property owner of an older home. If you let your house sit as-is without repairing any structural issues, upgrading heating and plumbing, or adding modern amenities, it will become challenging to maintain the value and functionality of your home. Similar to how a renovated home becomes more efficient and enjoyable, an updated application ensures it remains secure, performs well, and supports your organization's needs. Neglecting updates would be like leaving a house untouched for years. So, you might think of modernizing your application as a form of "digital renovation."
In this article, we'll dig into the importance of staying current with Rails versions, the risks of falling behind, and the benefits of proactive maintenance.
What Are We Working With?
As a general rule of thumb, Ruby on Rails has released a new version nearly annually. The core team has typically aligned these with the annual RailsConf (now at Rails World) so that there are new features and updates to demo in keynote talks.
This has consistently been the case for nearly each of the last 18+ years...give or take a few.
I also understand that it can be challenging for teams to plan and prioritize upgrades. I'll touch on that more later.
First, let's get down to brass tacks. We need to assess your situation.
What is the newest version of Rails?
The community has finished kicking the tires on the Rails 7.1.z release, and it is now available.
What version is your app currently running on?
If your Rails application is not running on anything newer than 6.1.z...your application is at risk.
| Rails Version | Status | Latest Patch |
|---|---|---|
| 7.1.z | π Supported | Oct 2023 |
| 7.0.z | π Supported | Sept 2023 |
| 6.1.z | π Supported | Aug 2023 |
| 6.0.z | π¨ At Risk | Jan 2023 |
| 5.2.z | π¨ At Risk | July 2022 |
| 5.1.z | π¨ At Risk | March 2019 |
| 5.0.z | π¨ At Risk | March 2019 |
| 4.2.z | π¨ At Risk | May 2020 |
| 4.1.z | π¨ At Risk | July 2016 |
| 4.0.z | π¨ At Risk | Jan 2015 |
| 3.2.z | π¨ At Risk | Sept 2016 |
| ...you get the idea |
The older the version, the more at risk your application is.
Do you have multiple Ruby on Rails applications and want to have someone gather this information? We have a free Google sheet template for you to document these details.
I encourage you to steal this template!
At risk of what, exactly?
Great question!
Like any software running on your laptop, smartphones... the software that we write to power our web application also has security vulnerabilities that are found. When these issues are found (usually by the good/friendly hackers who are kind enough to share what they discover), the Ruby on Rails Core Team will apply security patches and release a minor update.
For example, if you are running on 6.1.7.5, they might release 6.1.7.6 to patch a CVE.
In theory, a developer on your team should be able to quickly bump up to the new version in the Gemfile with one line of code change, a run through your automated tests, and a deployment. That known security hole is no longer a possible backdoor for the unfriendly hackers out there.
Note: this can be automated!
What about bug fixes?
The other benefit to staying up-to-date is that there are π bugs found within the underlying Ruby on Rails framework from time to time.
If they are critical enough bugs, the Rails team release will release a small patch.
Learn more about the official Ruby on Rails Maintenance Policy
What version are most Rails applications running on?
Planet Argon surveys the Ruby on Rails developer community every two years and shares our findings. As of our last survey, 2,660 community members shared several details about their applications.
Based on the survey, ~33% of respondents said they were running on either 5.2.x or 6.x.
Are you running on an unsupported version?
How often should you update your version of Rails?
In a utopia, your team would update Rails versions like clockwork as they are released. But let's face it, we're not in developer paradise here. Balancing priorities often means updating Ruby gem dependencies takes a backseat.
Ah, the magical land of "we'll get to it, eventually." π¦
That laid-back attitude? It has a cost. The further you drift from the latest version, the more complicated and riskier it gets to upgrade. We all know developers are about as fond of risks as cats are of water. Oh, and product owners often see upgrade estimates like they're mythsβgreat stories, but hard to believe.
Here's a curveball: third-party dependencies. They add a layer of "fun" to major upgrades you can't make up. π
Delaying upgrades is like a welcome mat for technical debt, and let's not forget the culture you're establishing. New engineers will catch on quickly: "Ah, so we don't care about staying current, got it."
Heads up, you could also be ushering your devs out the door faster than you can say "Ruby on Rails." Keeping up with Ruby gem dependencies is good practice and a retention perk.
Let's not mince words; it's a problem. But hey, problems are made to be solved, right? It is time to establish a policy and make updating a healthy team habit.
Can't you just hire a professional to upgrade for you?
Yes! (...but I have written 3 Reasons Why You Shouldn't Outsource Your Rails Upgrades to explain my concerns about that as a long-term "solution").
Several companies have hired our team to handle the underlying upgrade over the years. We enjoy rolling up our sleeves and getting our hands dirty.
However, we believe that a better approach is to guide teams on handling their own upgrade.
Interested in helping get your team started? Take a look over our Rails Upgrade Kickoff service and fill out the form if you'd like to talk shop about how we can help your team manage their Rails upgrade process.
This article was updated in December 2023.
