SilverStripe releases new versions of the content management system (CMS) throughout the year. The contents of a new release may come from the co-funded development pool, the open source community, developments within SilverStripe or in response to a reported security threat.
The release management process is documented to:
Standard releases are scheduled for four times a year, in: February, May, August and November. The exact date will be confirmed close to the release. This flexibility allows the CWP team to work better with the releases occuring in the open source, providing better value to agencies. Security releases are unpredictable events, such as the discovery of a security or data integrity issue, and can occur at any time.
The CWP team will send an announcement to Instance Managers (and Deployment Managers, where nominated) prior to a release. This email will include release notes, explaining what is included in the release. The email will also indicate whether the upgrade is required for security.
If there is a defect that needs to be fixed or a change required before the next quarterly release, agency developers can solve the issue themselves; creating a code patch or using one from another source, like an upsteam module. See 'How to use an alternate module version'. If this is not possible, raise a CWP Service Desk bug ticket and explain why you cannot wait until the next quarterly release, and the platform team will work on a solution for you.
Releases are made up of software packages. A software package is a named compilation of code from up to three different sources:
These packages will have improvements developed for them via several sources:
Each software package will have, over time, new versions made available to agencies that contain these improvements.
Upgrading your CMS reduces the risk of security incidents, fixes bugs in the CMS and adds new features for developers and CMS users.
The agency controls their website code and has responsibility for CMS upgrades and regression testing, using their technical users (developers). An agency’s technical staff understand how the website works and how it has been built. If for some reason an agency requires the CWP team to perform and upgrade (such as an emergency security upgrade), they should raise a service desk ticket.
The technical process is explained in more detail, in technical guide for carrying out upgrades.
As an indication an agency can expect to:
Security patches need to be applied quickly. An agency will be provided with a timeframe to implement them. This will range from 2 days to a month, depending on the severity.
Agencies are recommended to bundle minor upgrades, upgrading to the latest version at lease once a year. This will reduce costs to the agency, taking advantage of stability and functionality provided by releases. However an agency might wish to perform a particular upgrade more frequently if there is a specific fix or feature they want. Minor upgrades are typically released 3-4 times a year, accompanied by release notes. It is also recommended to upgrade the CMS whenever a website going through development, to use testing time more efficiently.
How well the Content Management System (CMS) upgrades depends on how the website has been developed. Using the Supported Code will make this easier and reduce cost to the agencies.
As a rule of thumb, point and minor upgrades take a few hours to perform and test, and major upgrades take days. However, the more custom code an agency develops, and the more complex the website, the more likely that regression testing will identify bugs. Using the code review and warranty services will help to reduce the likelihood of these bugs.
If bugs are found in Supported Code or warranted code, log a ticket with the service desk and the CWP team will fix as part of the CWP service. Bugs found in custom code need to be fixed by the agency’s development staff.
Agencies running unsupported versions of the CMS present a security risk to CWP. Agencies will be given 18 months notice, before a version of the CMS becomes unsupported, after which time the website cannot be hosted on CWP.
Security patches must be applied within the prescribed timeframe. If an agency has not applied a security update within the timeframe, they will receive a warning, then forcibly upgraded if no action is taken. Forcibly upgrading a website risks affecting the website’s functionality or even causing cause an outage.