Always keep your software ‘kind of’ updated

by Martin Reed on 19 May 2007 in Articles

If your site is running any type of software, it will require updating as new versions and security or bug fixes are released. It is always important to keep on top of software updates, but it is not always a good idea to immediately upgrade to the newest available versions.

Always keep on top of security fixes

If a new version of your software has been released which addresses security fixes, it is essential that you upgrade as soon as possible. NEVER, ever ignore these updates. I used to, and once lost the entire Just Chat message boards.

I think we lost around 100,000 posts and 1,000 members overnight. Of course, I had no backups either at that time. Don’t repeat my mistake – keep on top of security upgrades and always keep backups.

Delay the cosmetic upgrades

Having said all of that you may now be a little confused as to why I am advising against the immediate upgrading of non-security related updates of your software.

The reason I advise this is because new versions of software often contain bugs which cannot be identified until the software is used on a large scale.

Minor incremental upgrades should be fine; I would always advise on the immediate updating of phpBB 2.0.22 from 2.0.21 as these updates stay loyal to the existing codebase and solely address bugs and security issues.

PhpBB forum software

phpBB – Keep on top of security upgrades but beware of phpBB 3.0!

Soon, phpBB 3.0 will be released and thousands if not millions of people will immediately upgrade their forum with this software. I will not be one of them.

Regardless of the thoroughness or complexity of the beta testing periods, there will always be bugs and security issues that do not reveal themselves until the software is put through its paces by a large demographic of users.

Similarly, the new release of WordPress 2.2 had many bloggers keenly downloading and installing the new version. Unfortunately it soon became clear that there were some issues with this download; it was affecting some sidebar widgets that had been installed and generally causing issues that were not present in previous versions.

Keep security immediate and cosmetics delayed

In conclusion, I recommend always keeping on top of security updates. Sign up to the mailing lists of your software providers so you are always alerted to any priority updates. As soon as they are available, upgrade.

If a brand new version of your software is released which only offers updated features and cosmetic changes, I would always advise waiting a while before you take the plunge and upgrade.

You can determine the stability of new versions by checking out sites that have upgraded and seeing if they mention any issues, or see if you find any yourself! Additionally, the blogosphere is a wonderful way of remaining clued up on any issues with upgraded or newly released software.

What do you think of this approach? Do you feel that all software should be upgraded as soon as possible regardless of the potential bugs? Do you agree with me that you should immediately update security fixes but allow time for new software versions to be ‘broken in’ before you upgrade? Let me know by leaving a comment below.

Share this community building advice


Similar Posts

Previous post:

Next post:


Smiley May 19, 2007 at 1:00 pm

I agree completely. I won’t be upgrading to 3.0 either. I actually set up some test 3.0 boards and let my regular members run riot on it to test them out etc – then since it’s their community, I let them decide whether they want an upgrade or not eventually.

I was basically given the answer “they’re OK but don’t fix what’s not broken”

So I don’t plan on upgrading to 3.0 at all at the moment.

I think security upgrades should be done ASAP but as you have said yourself, before upgrading for “new features”, you really should sit back and keep a close eye on other sites who have upgraded and see how things go on theirs.

If you’re planning to keep your site around for a long time then there’s really no rush to get the latest “gadgets” for it, is there?

Martin Reed May 19, 2007 at 8:41 pm

I agree Smiley. I particularly like the way you allowed your members to play around with the new software on a ‘ring-fenced’ area of your site. This makes your members feel more valued, and further strengthens your community.

Cifra May 20, 2007 at 10:23 am

I’m still sceptical about phpBB3. I think I’m going to stay with the second version on my forum.

Martin Reed May 20, 2007 at 11:58 am

Hey Cifra – thanks for your comment. I love the new look of phpBB 3, but will be sticking with version 2.x for the foreseeable future. I want to wait until version 3 has been updated at least once or twice before I take the plunge.

phpBB 3 is a complete recode which is very exciting but the integrity of my website always comes first!

Smiley May 20, 2007 at 2:18 pm

I tell you what would be handy. phpBB restore function doesn’t work for databases above 2mb and it’s very annoying having to pay a coder everytime I need it restoring to do it for me.

Do you know of any sites or resources that can help you learn how to back up & restore the phpBB database yourself?

Martin Reed May 20, 2007 at 2:58 pm

Hi Smiley – do you mean that you have problems in uploading the backup to a fresh install? Give Big Dump a go – it splits the upload into smaller chunks to prevent timeouts.

For help in downloading a backup from phpmyadmin, try checking out the thread at the phpBB support forums.

Smiley May 20, 2007 at 3:10 pm

Thanks! Will take a ghanda at Big Dump. I use easyMOD to install hacks at the moment while I learn how to do it properly. Sometimes it goes wrong and I need to restore. Our boards are surprisingly popular for some reason, you know what my banter is like, the entire boards are just like that – so the database is well over 2mb now lol.

If I do ever upgrade to 3.0, I hope they’ve made the restore function easier !!

Karebac June 23, 2007 at 4:51 pm

I have a Yahoo Business site. I just used the Yahoo add-on utility to add a phpbb forum, which added version phpBB 2.0.18. Where can I find the STEP BY STEP instructions to update to phpBB 2.0.22? I did find some instructions in a google search, but it is not exactly clear to me into which folders I should place the files. Also, it is not clear to me that I SHOULD update to the latest version. Perhaps Yahoo Business has a good reason to remain with some more stable older version.

Martin Reed June 23, 2007 at 7:55 pm

Hi Karebac – welcome to the blog and thank you for your comment. I am not sure how your Yahoo! Business Site will work, or what features it offers.

If you are able to access your site via FTP you should be able to keep phpBB manually updated – just go to the downloads section of phpBB and follow the instructions contained in the download.

I would say that with phpBB you should always upgrade to the latest release if it contains security fixes (which they often do).

Sid August 10, 2008 at 10:45 pm

I am a web developer and I have got into trouble before, because of online systems which I did not patch up. If it is publicly accessible you have to install the security upgrades.

Mathew November 21, 2008 at 10:53 am

phpBB I do not think will ever make it up to snuff. With so many security woes you have to wonder who do they have programming it? Many people program with flexibility with out taking mind to security. The more flexibility added into an application creates more thought and processes to weedout security problems.

Biju March 19, 2009 at 10:59 pm

Cheers; this looks really good. Iíve got it up and running. I love that 3.0 uses CSS properly! Itís much easier to modify themes now and I donít even have to edit any PHP.

sherone July 10, 2009 at 1:52 am

I got the updated php backup script which works very well on my smaller phpbb installations.However I have a larger phpbb installation that the scripts fails on. Error is
“Download failed: 500 Server closed connection without sending any data back”
sure this is due to the larger size of this phpbb database. Is there some setting that could increase the capability of the script to download larger files?
Perhaps its a php.ini setting, perhaps its a Apache setting.

{ 1 trackback }