I have a message on my magento admin screen informing me that Magento has had an update. My question is, roughly how often do they do updates? Im new to Magento and it doesn’t seem that long ago they did 2.3.3. I hate the updating process as im not confident command user. And i worry its going to negatively effect my extensions.
Do they happen often? if so is it worth missing an update and jumping to the next, or should i do them as they come along?
Magento releases updates/new version every quarter.
Please check here:
Ah brill, thanks. I’ll read that now. Do you update everytime or do you jump updates?
I’m still on M1 and prepering for replatforming to M2 but yes, I’m intending to upgade my Magento everytime a new version is released. Having said this I’m intending to do it but we will see how it will be in real life.
You need to remember that some of your 3rd pary modules if any migh not be compatible strat away with the newly relesed Magento. Your custom codes too.
I would test any new Magento version on your local enviroment before deploying it to production. Accualy test any changes not only new M before deploying ti to the production enviroment.
Craig will probably add some more coments to my post.
It’s always a smart thing to do the update on your development environment first. So you can test I make sure that all the third-party extensions are supported.
So… As @PawelP pointed out, a scheduled update occurs roughly every quarter (give or take). However, I believe Security Patches can be released at any time.
When an update is released, I like to give it a week or so before applying it to my Production environment. This allows any “hot-fixes” to be released incase it’s a bad update. And as @Mohamed_Suliman points out, this also allows you to test everything in your Development environment.
Sometimes you’ll find that you can update Magento because old/unsupported 3rd party modules hold it back due to various dependencies. This is a perfect reason why you should pay extra and purchase from reputable companies and not some kid in his bedroom who won’t be around when you really need him.
You should never wait more than 1 month to apply any patch to Magento for 2 very critical reasons:
- If it’s a security patch, then the information on your website vulnerabilities is now public.
- Under PCI DSS Compliance (Section 6.1), you will be viewed as negligent for not following security best practices. The PCI DSS governing body has the power to revoke Visa/Mastercard from allowing your business to transact. This rule would also apply to everything from 3rd party modules to PHP (and so much more)
PCI DSS Quick Reference Guide (Section 6.1)
Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Deploy critical patches within a month of release. (Ref: pcisecuritystandards.org)
Luckily, Magento added the ability for you to apply security patches without the need to do a full update to make life a little easier. (Ref: Magento Official Documentation)
In my experience, the biggest complications come from the amount of 3rd party modules you shoe-horn into to Magento. If you have to use 3rd party modules, be selective and only purchase from a Magento Technology Partner.
To summarise, aim for 2-4 weeks and don’t fall behind as it’s so much harder to catch up.
I appreciate some of this information is daunting, but I’d rather lay it all out in black and white.
Haha… yes daunting. Do you ever wish you could multiply yourself?
As a fellow M2 newbie, here’s my opinion:
What @digitalstartup said, particularly the bit about purchasing 3rd party modules from Magento Tecehnology Partners. Also when purchasing modules, aim for ones with free lifetime updates. Whilst you don’t get lifetime free support, you are at least guaranteed that if you need an update for compatilbity issues in the future, you don’t end up paying twice. I learnt my lesson from Magento 1.
So far I’ve started on 2.3.2, installed 2.3.3 using the Magento web setup wizard (daunting at first), and am now waiting like Craig said a little while before I update to 2.3.4. Let someone else sort out the tech bugs