Great news! reinteractive is now offering Ruby on Rails upgrades as a specialised service.
This is good news for me because I love doing upgrades, and it is good news for you too because developers typically dislike the upgrade task. When I first put my hand up for this role, my manager’s reaction was that of disbelief. His exact words were “Oh, you’re actually serious? I thought someone was having a lend of me.”
But why should you upgrade an already working Rails app?
Quite simply, keeping your Rails app up to date with the latest patches and/or versions is essential for the following reasons:
- Old versions of any software, Rails included, can be seen as an easy target for hackers.
As an example, the latest security patch that was released early this month included two fixes: Information Leak Vulnerability in Action View and Code Execution Vulnerability in Action Pack.
If your Rails app does not have these security patches applied, then it still contains these known vulnerabilities. And likely many more than that, depending on how far behind your app is in terms of security releases of Rails.
-
Developers are always looking for ways to improve performance. When a new version gets released your app will benefit from any performance tweaks that have been recently made in Rails. So, generally, your app will run faster after an upgrade.
-
And, of course, the latest and greatest features are only available on newer versions of Rails.
A Rails app is traditionally made up of a number of freely available libraries of code called “gems”, together with custom application specific code that adds functionality to your app and makes everything play nicely together. If a bug or a security vulnerability is discovered in one of these gems, a new version of that gem gets released with the problem fixed. That new version is intended to work with a specific version of each of the gems that it interacts with (known as “dependencies”). Similarly with Rails itself.
What this means is that you cannot apply an update to a single gem without impacting the rest of your gem set (or “bundle”). All the gems in your app need to be updated in lock-step with each other, based on their dependencies.
In some cases, an update made to a gem changes the way your code should access the functionality provided by the gem (known as the “interface”). This will require changes to your custom application code so that it can continue to use the features provided by the gem and function normally.
If many gems have changed in the time since your app was last updated, making the required changes to your application can be very time-consuming and the cause of much developer frustration. It is often the case that getting one gem up to a current version appears to break many other things within your codebase. This is where a comprehensive test suite is invaluable.
Put simply, upgrading your application’s dependencies is a long and fairly complex process of cross-referencing versions and checking for changes to the way in which each gem’s functionality gets called, and then implementing those changes in your own code.
There are publicly available tools to help you with this process, such as railsdiff. We also have a number of in-house tools built from our collective years of experience performing Rails upgrades. We have people in the company that have been doing Rails upgrades since Rails 1. Our scars from the Rails Upgrade Battle are deep and we’re better for it. :-)
How will you know when it is time to upgrade? Keep an eye out for announcements on sites like http://weblog.rubyonrails.org/. Here at reinteractive we monitor these sites daily, which means that if your app is under OpsCare® or CodeCare we will automatically take care of upgrades for you, keeping your application up to date and free of known security vulnerabilities.
If you see an announcement and don’t have time to deal with an upgrade in-house, give us a call. I’m ready, willing, and able to get your app up and running on the latest version. I will do it with a smile. Probably a very big smile! :-)
Find out more at Ruby and Rails Upgrade Support.
