Last year the Ruby on Rails team announced a change to their maintenance policy, bringing certainty to the support window for each release. If you have a web application running Rails 7.1 or older, then you need to be taking action.
What’s the new policy and why are they changing?
The Rails team releases new versions frequently, often twice a year. Previously it was not clear how long a version would continue to be supported after release.
From now, each new feature release will receive bug fixes for one year, and security patches for two years. These changes provide clarity on their support timelines and help you plan your Rails upgrades effectively.
Who needs to take action?
- If you’re using Rails 6.1 or older, then your application is already running on an unsupported version. This means you will not have access to fixes for critical security vulnerabilities without a major upgrade. It’s highly important that you resolve this as soon as possible.
- Rails 7.0 will become unsupported on 1st April 2025, giving you two months to upgrade your system.
- Rails 7.1 is no longer receiving bug fixes, and security fixes will stop on October 1st 2025.
- Rails 7.2 will receive bug fixes until August 9th 2025. You’ll then have until August 9th 2026 to upgrade to ensure you still receive security fixes.
What does an upgrade involve?
Ruby on Rails provides excellent upgrade documentation and there have been very few significant breaking changes in recent releases, making upgrades an often painless process. This can be complicated by dependencies your application may have on other technologies that may not have been kept up-to-date, so a feasibility audit is essential to uncover the extent of the work required. In our experience, for a small to medium Rails application with a good automated test set a major rails upgrade would take 1-2 weeks.
As a bonus, when upgrading to the latest versions of Ruby and Ruby on Rails you will benefit from the tremendous effort that has gone into improving the performance of the language and framework – you will likely find your application is significantly faster to load!
What happens if I do nothing?
Failing to upgrade your Ruby on Rails application can expose your business to serious risks. Unsupported versions may contain vulnerabilities that put your sensitive data at risk and invite spam, malware, or other attacks. Additionally, using outdated software can lead to non-compliance with security standards like SOC2 and CyberEssentials, and expose you to data protection and other legal issues. We highly recommend you keep your applications up-to-date.
How can Storm help?
As Ruby on Rails experts that have performed a great many version upgrades we’re here to help. We are currently performing multiple upgrades to version 8 and are ready to use that knowledge on your application. We can work on apps big or small, alongside an in house product team, or on a codebase previously developed by an agency or contractor.
In addition to a version upgrade we also offer a range of services to help keep your application in top condition. These include a Rails performance checkup to keep your application snappy and your hosting costs down, a Rails security health check to identify potential vulnerabilities and website accessibility audits to ensure it can be used by everybody.
Efficient. Robust. Scalable. Secure.
Do you need help upgrading your application?
We have spent over 15 years building robust and scalable Ruby on Rails applications, with a team of skilled developers.
