Once upon a time, it wasn’t uncommon for people to leave their web application the hell alone once they’d stabilised things. The belief being that making changes may introduce new problems, and the best approach to boosting longevity was to make as few changes possible.
Over the years, as businesses become more dependent on web applications to operate, and as the threat of cyber fraud increased a tipping point was reached, and this strategy become no longer viable in most cases.
It’s really important to keep your Ruby on Rails application up to date
Take a look for a .ruby-version file in the root of your app to determine which version you’re running, if that’s missing you can check to see if it’s specified inside the Gemfile, or failing that you can make some assumptions based on your Rails version.
|Rails Version||Ruby Version|
As of writing this in September 2023, Ruby 3 and greater are currently supported. For further information check https://endoflife.date/ruby
You can check your Gemfile to determine which version of Rails your app is running.
Rather than updating the Rails version in your Gemfile to the latest version, you will need to incrementally update through the major rails releases, updating ruby to the recommended versions as you go and fix issues as they arise.
Having a functional automated test suite will be extremely helpful for testing as you go.
It’s useful to run a static analysis tool such as Brakeman to discover any known critical vulnerabilities in your gems, and prioritise updating those with issues.
Rather than updating your gems to the latest version, move slowly through major versions
As you progress through your Upgrade Journey, you will encounter various speed bumps, depending on rails version, and gems you use. Here’s some noteworthy ones
Some Advice on updating your Ruby on Rails app
10 Sep 2023