What happens when… I don’t keep my Umbraco site patched and up to date?
Like any piece of modern, evolving software, Umbraco - and its users - benefit from regular release updates. These could be new patches for specific issues, which come out on a weekly or monthly basis, minor version updates which are released anywhere between a monthly and quarterly basis, or major version releases, which come out every few years.
But each release, no matter how major or minor, is always an improvement on what existed before. So when commissioning a new site, it’s crucial to understand what your prospective agency's support policy is regarding applying updates.
If your new site is hosted on Umbraco Cloud (UCloud), then it’s very simple, as patch releases are applied to sites automatically. Job done. Minor updates, however, are semi-automatic, which means they require some human intervention from your developers to complete. But it’s important to understand that you’re obligated to maintain your UCloud site on the latest version, and failure to do so will stop the automatic patching feature working.
If you’re hosting your own site, or doing it through your suppliers, your patching options are more varied. At one extreme, you could make no updates at all, and at the other you could apply every single update that is released as it comes out.
But both of these approaches present risks. Apply no updates and you risk running with a dangerously exposed version of Umbraco that doesn’t contain fixes to known security vulnerabilities. On the other hand, if you apply every single patch immediately, you could be investing significant costs in testing and deployment which may not yield any significant business benefit.
We take an approach somewhere between the two. We always apply security-related patches released by Umbraco, to ensure the system is secure. We also apply patches to fix problems that impact any given site. But over and above that, we recommend installing other upgrades at a time when substantial other work is being done to your site, which spreads the cost of testing.
Ultimately, while upgrades can appear to be a technical decision, they are often in fact a business decision where the costs, benefits and risks need to be carefully considered.
Next time you commission a new website, be sure to contact us to find out how we manage patching and updating sites that we host, as well as those we manage on client-hosted systems.
Lastly, if you’re suffering from a poorly-patched Umbraco Site, or you’re nervous because you don’t know what version you’re on, you might want to consider using our Umbraco Health Check service to get things back under control.