Why Rails upgrades are so important

There’s going to be another Ruby on Rails upgrade. There always will be.

No one likes the actual upgrade to the latest Rails version. It can be a long and tedious process that costs time and money with seemingly nothing to show for it. Changes can be so broad-based that it brings all feature development to a halt, causes unanticipated breaks, or disrupts day-to-day work.

So, when budgets are limited, can you just skip the Rails upgrades? Or wait until the next major release and do all the updates at once?

In general, no. Skipping your Rails upgrades creates a serious security risk. And the longer you wait the more likely something will go seriously wrong.

Upgrading to the latest Rails version is also a strategic move to remain competitive, protect platform stability, and enable quicker releases of new features. Skipping them becomes a form of taking on technical debt.

(Now, there can be nuance to this: There might be times where it’s necessary to defer the upgrade. For example, if limited budgets force you to choose between a minor Rails upgrade or a key feature that unlocks time-limited revenue potential, it might make business sense to defer your Rails upgrade. Teams that routinely choose to defer or skip maintenance, though, tend to delay other things that are quality-related – increasing the risk of attrition of the engineers who care most about quality (aka your best engineers.))

Test Double has more than a decade of experience in leading Rails upgrades – including for some of the large codebases, like GitHub, Gusto, and ZenDesk. We’ll break down in more detail why it’s so important to upgrade to the latest Rails version.

The latest Rails version is required for bugs and security patches

Bug fixes and security patches are only included in the most recent version of Rails. If you face bugs and security issues on an older version, you’re on your own, according to the Ruby on Rails maintenance policy.

Remember when Equifax was hacked in 2017? It was one of the largest data breaches in American history, exposing the personal data of 147 million people. The breach was announced 6 months after Apache Struts released an update with security patches. Equifax had ignored the update. The breach ended up costing the company $425 million.

That’s an extreme example – but it serves as an important lesson for all of us: Just like insurance, upgrades are an important investment to protect you if things go wrong.

Unfortunately, failed security audits would leave you with few remediation options, which will cost you more time and money than it costs to maintain your updates in real-time.

Rails upgrades are key to compatability and feature development

Another key business reason to keep current on Rails versions: It’s important to both maintain your current compatibility and enable your future feature development.

When you stay on an older version, though, the rest of the development world moves on without you:

• Ruby, Elixir, and JavaScript are all powered by volunteer contributors. They dedicate their free time to create something new for all of us. They’re not getting paid for it, so they’re not necessarily devoting time to thinking about how new changes might break something that’s two years old.

• Rails depends on external gems – but as the gems are upgraded, backward incompatibilities arise.

• Gems start requiring new versions, blocking critical updates. Platform as a Service (PaaS) providers sunset your version and block new deployments.

Eventually, your team will want to add a new feature or try a new gem – and it won’t work. You’ll be weighed down by the outdated version you’re running. (We see this kind of error all the time with new clients who haven’t made the updates: “Bundle install stopped working months ago. Nobody can clone fresh and build the app anymore.”)

Rails upgrades = more productivity and talent retention

Another insight that is worth discussion: Attracting top developer talent is already difficult. Attracting developers to an outdated stack is even harder, because they don’t want to be stuck programming in the 2010s.

Upgrading to the latest Rails version also unlocks a boost in developer productivity and efficiency. It’s an investment that optimizes your teams’ skills and positions them to take advantage of the latest technology.

Don’t save Rails upgrades for all at once

So, what if you just update every other version or once a year? That attempt at pragmatism is more fraught than it might at first appear.

Companies fall behind for one reason or another, then decide to catch up all at once. But here’s the kicker: The older your Rails version, the longer and more Herculean the effort to catch up.

If you’re multiple Rails versions behind, we do not recommend upgrading directly to the current version all in one big go. Instead, we highly recommend an incremental approach, breaking the upgrade into manageable chunks. (Consultant Ali Ibrahim goes in-depth on this in his RailsConf talk about Zero downtime Rails upgrades.)

It’s not just about avoiding the hassle of dealing with ancient bugs. It’s about staying relevant and agile – kind of like exercise. It’s really hard to find the time and motivation to get started, but it gets easier the more you practice. And, in both cases, it’s a necessary habit for your health.

We can take the Rails upgrade off your plate

Rails upgrades can be complicated – but our team of consultants has deep experience in efficient and seamless upgrades, so your team can continue delivering critical features and shipping new products.

We can help you plot out the best course for an upgrade based on your unique situation and what your engineering team needs to tackle daily production work.

Contact us now for a free consultation on what approach to Rails upgrades makes sense for your team.

More reading on upgrading Rails to the latest version:

• Why hire Test Double for your Rails upgrades
• Gusto case study
• Working strategically through Rails upgrades
• RailsConf 2023 Talk: Zero downtime Rails upgrades