Published by Mijingo

movie icon image

EE Insider Blog

Spend your time learning and developing sites with ExpressionEngine and we'll use this blog to keep you informed of all the news related to ExpressionEngine and CodeIgniter.

» Read more in the Archives.

» Have a tip? Send us your EE news.

Learn ExpressionEngine Today

Over a series of 8 videos, watch and learn as Ryan builds an entire ExpressionEngine website from beginning to end. Get started now.

The Rollback

Last Thursday EllisLab posted security and maintenance builds of ExpressionEngine 2.13, 2.14 beta and 1.71. All releases included important security patches and bug fixes, so it’s not surprising that many people upgraded quickly.

If you’ve spent any time in the forums you know that the first thing the support folks will do is make sure you’re running the latest version. Always being up-to-date has been pounded into the collective brain of the community (even EngineHosting’s Acceptable Use Policy requires you to run the latest stable version) and rightly so; staying up-to-date with EE releases is a good strategy…

...except when it’s not.

Four days later:

Well, we really blew the “last of the old EllisLab releases,” aka the April 7th ExpressionEngine 2 release (2.1.3 and 2.1.4 Beta 20110406 builds). As the Product Owner of ExpressionEngine and on behalf of our entire team, I’m sorry this got into the wild and is causing problems for you. Its a great example of why we’ve changed our entire release process.

I know a lot of people on Twitter and in the forums have been up in arms about this. If my site was broken because of a botched release I’d be upset, too. And ever since the public release of EE2 last Summer it seems like a lot of releases have had problems. I say it seems like because I looked back at the releases and that really isn’t the case at all.

For me, there are two takeaways from this situation. First, doing software releases isn’t easy. The team at EllisLab are, Derek Jones notwithstanding, human. They make mistakes and then fix them. Is it frustrating? Yes.

Second, you can protect yourself. This is definitely against the official advice of EllisLab but I would advise everyone to do what I do with all new software releases (especially for mission critical apps): WAIT. Don’t upgrade right away. Give it a few days or a week until the any potential issues shake out.

If you do upgrade, do it on a development server, locally or in a different branch of your version control repository. As customers we should expect EllisLab to provide reliable software releases but there is no automatic update feature in EE so ultimately we are the last line of defense. Take advantage of that.

 

Posted on Apr 13, 2011 by Ryan Irelan

Filed Under: EllisLab, ExpressionEngine 2

Jeremiah Rich13:07 on 04.13.2011

This is slightly off topic, but you mentioned there is no automatic updater in EE. I find one of my issues in staying up to date is 1) Plugins and 2), much more importantly, the relatively difficult process of updating.

This concerns me also for when I work on client sites and they wish to maintain the install. I know point 1 is being addressed with NSM Addon Updater, so that situation is improving, but really, Ellis Lab needs to get on the ball and provide a better update mechanism in EE.

In the future I could see an “update available” button, that when clicked, would first run NSM Addon Updater, and then download a compressed archive of the latest EE release and automatically install.

Perhaps a better updating mechanism is in the works, but I have not seen or heard anything about it. If someone else has, please feel free to correct/enlighten me, as I see this as a major sticking point in (mostly) otherwise great software.

Spamschlucker15:38 on 04.13.2011

There is one thing that you forgot to mention, Ryan: It is _commercial_ software. I agree with you every word, if we are talking about open source stuff. But when you pay you have the right to expect that it works.

Luckily I was not a victim of this problem. But if I was I would be VERY &#$$!

Regards,
stephan@spamschlucker.org

Ryan Irelan16:01 on 04.13.2011

I agree, Stephan but “commercial” isn’t synonymous with “perfect.” What I’m saying is human errors will occur, so plan accordingly.

Spamschlucker16:07 on 04.13.2011

Ok, I agree. But you know: Now it is MY job to wait, to check locally if everything goes alright ... I think I pay the guys exactly for doing this: wait, check if everything is alright ...

I don’t want to push it up. For sure it human errors are to be expected in ANY context and paying some bucks doesn’t give you the right to expect perfection (as you say). But I myself am using MODx on some projects; that such problems occured there was one reason why I turned my focus back to EE.

Regards, stephan@spamschlucker.org

Kristen Grote01:12 on 04.14.2011

I update infrequently for one reason: add-ons. Any pro worth her salt uses a whole gob of add-ons on any EE build, which means updating doesn’t just involve the EE version, but every gosh darn add-on as well. And with so many files flying around, the risk that something will get overlooked and the site will break increases. I don’t know about you, but that’s more time, effort, and stress than I think is worth it for every single version release.

And Ryan - if everyone were to follow your advice and not update right away, how would anyone discover the inevitable bugs? Somebody’s gotta take that bullet.

Anson08:42 on 04.15.2011

My apologies if my post comes in twice. I posted from my mobile last night and I’m not sure if comments are moderated or something just didn’t go through.

I’m curious how everyone handles the cost in time and money of keeping EE up to date? When we uses a CMS for a client site one of the main benefits is saving money on updating content. If this cost is replaced by the necessity of frequent upgrades that take hours of time to ensure they go right are they still saving that money?

What approaches do you use to keep upgrade costs manageable while still keeping the site secure? Perhaps only upgrading when there are critical security patches?

Is there an average time for an upgrade with quite a few modules installed?

For the EE veterans how many times on average do you upgrade each site per year and how do you handle this cost with the client?

Thanks!

Anson

Marc08:25 on 04.20.2011

The Upgrade issue is a large problem (both EE and Add-ons). I upgrade EE versions (after waiting a while) and Plugins (have to wait a little while with these too) while in development, but then, unless their is a bug or large security hole, I don’t touch it once its launch. My moto is, if it ain’t broke, don’t fix it. The site was working fine when it launched, and new releases aren’t going to make old releases break just by being released (they may if you install them, but thats another issue).

Now I have been waiting a while for EE 2.1.4 on some of my projects, and I’m a little worried its going to be a while before its out of beta.

Spamschlucker16:15 on 04.20.2011

Marc, years ago I had the same philosophy. And it was the stupidst thing I could do. When an important project gets hacked because you did not make updates you will see what I mean grin

And therefore it is so important that you can rely on the publisher of your CMS (see above).