Before starting work on the upgrade of your application, make sure you know exactly why your team needs to spend those hours on this project. You will have to consider various factors: the increasing difficulty of finding support for old code, the need for new features, and available time and resources, to name a few. By the time the next Rails version comes out, your application will be even more out of touch with the latest version. So it might be better to upgrade on your terms today than being forced to push your team to upgrade under a tight deadline in the near future.
But do you really need to upgrade right away? Why does it matter?
My application's working fine!
We are using Rails Version 5.0.x, and we haven't run into any issues yet. I'm sure we can afford to give it a few more months. Right?
By the end of this blog, if you find no compelling case to move to Rails 6.1 right away, it's fine. However, it is highly recommended to upgrade to 5.2.x ASAP. It's old by today's standards, but it will keep you on the upgrade path regarding bug and security fixes for the time being. Rails 5.2 is bound to drop out of the versions supported by the Rails team first for bug fixes, then for general security issues, then for severe security issues, soon enough. So our suggestion is still to upgrade to the latest version.
Ideally, Rails should be upgraded one minor/major version at a time. For instance, you need to upgrade to 5.1 next if you're running on 5.0 now. Your goal should be to get your application running on 6.0 by the end of the year.
Upgrades can feel like too much work for the little instant payoff. But the fact of the matter is that many of the major version upgrades aren't trivial. Many of the challenges that those upgrades need to navigate are third-party dependencies. Let's take a closer look at the various issues you need to consider before upgrading your Rails app.
You want your application to remain as safe as possible. Keeping your Rails application up to date is a key part of that. Especially if Rails underlies everything your application does, it is in a critical position and has to remain secure against any attack from the outside, like Cross-Site Scripting to SQL injection. The Rails Core security team has an actively maintained Security Policy, meaning security threats get handled ASAP. Tracking the Rails security mailing list is a good way to do it, but the best method to get ahead of this is to update your Rails version, thereby letting you apply security patches rapidly to your application without any upgrade issues getting in the way.
This is another big one. Many large websites run on Rails. If yours is one of them, you understand how important speed is. If speed is a critical factor for you, there's really no way around updates. There's nothing like it to improve performance. Remember the asset pipeline function that came with Rails 3? That's a great example of how updates can make a significant difference. You'll find performance updates in just about every release of Rails. Updating is a clear-cut way to take advantage of performance improvements.
Your app's stability will take a hit when new bugs pop up. No team would leave bugs discovered within your application un-fixed. In the same way, you really don't want the bugs discovered in your application's framework to remain un-fixed. The next release is typically when a new bug discovered by the creators or by the Rails community is fixed. Upgrading the Rails app is a good way to make sure the bug fixes are applied to the application.
Ruby language improvements
Ruby, the underlying programming language, also gets security and performance updates applied to it often. The older versions of Rails no longer run on newer versions of Ruby. There are big performance updates that Ruby 3.0.0 has over the older versions. You want to take advantage of the benefits every update of the programming language gives you, as it gets more flexible and powerful. Upgrading your Rails application is a good way to make sure you get the benefit of the latest improvements to the Ruby language too.
The various gems and programming libraries that Rails depends on also improve and update, with performance and security patches as Rails itself gets an update. When you're running on an old version of Rails, there's a good chance you won't be able to make use of these as the new software packages might not be compatible with the new version of Rails.
Three factors that determine how long the process will take:
What version of Rails is your app running on? (the newer, the less time it will take)
The complexity of your app (the less complex, the less time it will take)
Your app depends on how many external libraries? (the less, the less time it will take).
New versions of Rails are released quite often. It is best to adopt them as soon as they get stabilized. If you make a habit of it, it becomes part of the culture of the company. There are many more motivations to upgrade the Rails app. The five listed above are what our team believes to be the most crucial.
Unless you have a compelling reason to stay on an older version of Rails, you should upgrade when you have resources available.
Upgrades aren't always the highest priority for your product team if they're tied up elsewhere. If you're thinking – I want to upgrade, but – our team would love to hear from you. Over the years, companies have hired and re-hired our team to handle the underlying upgrade. We enjoy rolling up our sleeves and getting our hands dirty.