Silverstripe releases new versions of Silverstripe CMS throughout the year. The contents of a new release may come from the co-funded development pool, the open-source community, developments within Silverstripe or in response to a reported security threat.

This section answers common questions about release management on CWP. The process for standard releases and security releases are explained in detail on seperate pages in this section (review past CWP releases)

The release management process is documented to:

  • Allow agencies to know when releases will occur
  • Give agencies guidance on when requested bug fixes and new features will be available
  • Allow all parties to know how and when a developed change will propagate through to a release - both for their planning, and to allow them to communicate this to agencies

When will releases occur?

Standard releases are scheduled for four times a year, in: February, May, August and November. The exact date will be confirmed close to the release. This flexibility allows the CWP team to work better with the releases occuring in the open source, providing better value to agencies. Security releases are unpredictable events, such as the discovery of a security or data integrity issue, and can occur at any time. All past CWP releases are listed with detailed changelog notes.

How will agencies be notified of releases?

The CWP team will send an announcement to Stack Managers (and Release Managers, where nominated) prior to a release. This email will include release notes, explaining what is included in the release. The email will also indicate whether the upgrade is required for security.

Other staff can monitor new releases on the CWP Recipe Release page and the CWP Open Developer Forum(external link).

What happens if you require a hot fix between releases?

If there is a defect that needs to be fixed or a change required before the next quarterly release, agency developers can solve the issue themselves; creating a code patch or using one from another source, like an upsteam module. See 'How to use an alternate module version'. If this is not possible, raise a CWP Service Desk bug ticket and explain why you cannot wait until the next quarterly release, and the platform team will work on a solution for you.

What makes up a release?

 Releases are made up of software packages. A software package is a named compilation of code from up to three different sources:

  • Open-source modules with their own release system (which include the framework and cms modules which are the core of Silverstripe CMS)
  • Open-source modules with no release system
  • Modules specific to CWP (which, while they may be made available publically, don’t have regular contributions from developers outside the Silverstripe Cloud team)

These packages will have improvements developed for them via several sources:

  • Bug fixes performed as a result of issues raised via CWP service desk
  • Feature development funded by the co-funded development pool
  • Feature development directly funded by agencies
  • Feature development performed by Silverstripe
  • External development - that is, development not under the direct control of Silverstripe Cloud, for stack development by open source contributors, by bespoke developers who contribute fixes back to the open-source project, or by agencies who develop fixes themselves and contribute them back to the community

 Each software package will have, over time, new versions made available to agencies that contain these improvements.

What are the benefits of upgrading your CMS?

Upgrading your CMS reduces the risk of security incidents, fixes bugs in the CMS and adds new features for developers and CMS users. 

Who upgrades your CMS?

The agency controls their website code and has responsibility for CMS upgrades and regression testing, using their developers. An agency’s technical staff understand how the website works and how it has been built. If for some reason an agency requires the CWP team to perform and upgrade (such as an emergency security upgrade), they should raise a service desk ticket.

The technical process is explained in more detail, in technical guide for carrying out upgrades.

How often do agencies need to upgrade the CMS? 

As an indication an agency can expect to:

  • Apply a security patch every 2-3 months
  • Perform minor upgrades every year
  • Perform a major upgrade every 3-4 years

Security patches need to be applied quickly. An agency will be provided with a timeframe to implement them. This will range from 2 days to a month, depending on the severity.

Agencies are recommended to bundle minor upgrades, upgrading to the latest version at lease once a year. This will reduce costs to the agency, taking advantage of stability and functionality provided by releases. However an agency might wish to perform a particular upgrade more frequently if there is a specific fix or feature they want. Minor upgrades are typically released 3-4 times a year, accompanied by release notes. It is also recommended to upgrade the CMS whenever a website going through development, to use testing time more efficiently.

How much effort is required to upgrade the CMS?

How well the Content Management System (CMS) upgrades depends on how the website has been developed. Using the Supported Code will make this easier and reduce cost to the agencies.

As a rule of thumb, point and minor upgrades take a few hours to perform and test, and major upgrades take days. However, the more custom code an agency develops, and the more complex the website, the more likely that regression testing will identify bugs. Using the code review and warranty services will help to reduce the likelihood of these bugs.

What happens if regression testing has identified bugs?

If bugs are found in Supported Code  or warranted code, log a ticket with the service desk and the CWP team will fix as part of the CWP service. Bugs found in custom code need to be fixed by the agency’s development staff.

What happens if agencies do not perform upgrades?

Agencies running unsupported versions of the CMS present a security risk to CWP. Agencies will be given 18 months notice, before a version of the CMS becomes unsupported, after which time the website cannot be hosted on CWP.

Security patches must be applied within the prescribed timeframe. If an agency has not applied a security update within the timeframe, they will receive a warning, then forcibly upgraded if no action is taken. Forcibly upgrading a website risks affecting the website’s functionality or even causing cause an outage. 

Last modified: