RoR 2.3.5

aris · June 13, 2012, 8:31am

I am evaluating an application that runs on RoR 2.3.5. What are the
liabilities of an application that is based on this older version of
RoR? I
am concerned about security and ease of development. How common is this
in
the Rails world?

TIA

rickbocas · June 13, 2012, 8:37am

On Jun 13, 5:36am, Rick B. [email protected] wrote:

I am evaluating an application that runs on RoR 2.3.5. What are the
liabilities of an application that is based on this older version of RoR? I
am concerned about security and ease of development. How common is this in
the Rails world?

The latest version of 2.3.x is 2.3.14 or so. This should be easy to
update to and includes security updates if I remember correctly.
2.3.x is no longer receiving updates (security or otherwise) and a lot
of the popular libraries / plugins are dropping support for 2.3 and
moving to 3.x only. The 2.3 to 3.x migration can
be quite a bit of work too.

Fred

rickbocas · June 13, 2012, 10:50am

On Jun 13, 2012, at 6:35 PM, Frederick C.
[email protected] wrote:

update to and includes security updates if I remember correctly.
2.3.x is no longer receiving updates (security or otherwise) and a lot
of the popular libraries / plugins are dropping support for 2.3 and
moving to 3.x only. The 2.3 to 3.x migration can
be quite a bit of work

Hi,

I’m the maintainer of an open source app that is still on 2.3.5
(http://kete.net.nz). As time progresses it definitely becomes more
difficult and being behind becomes a form of technical debt, but that
isn’t the whole picture.

If your codebase is large, upgrades of the underlying version of Rails
can be non-trivial. For quite awhile versions of 2.3.x above 2.3.5
changed pretty rapidly. It seemed to be a fairly bumpy road.

The obstacles to upgrading are specific to your code. Something that is
not a big deal for others may stop you from proceeding. It really
depends.

You have to weigh the value upgrading will give you (erasing some forms
of technical debt, new features, etc.) vs the effort necessary to
upgrade and its side effects (destabilizing your codebase).

It also hinges on resources available and priorities. Time spent
upgrading that may not have benefits that are visible to a paying client
is not spent on features that delivers obvious value. In other words you
may have to expend more effort even justifying the work to upgrade.

At the same time, Rails has been fairly good over the long haul about
providing tools for ‘freezing’ an application’s environment. Often you
can simply stick with what is already working.

So yeah, not ideal, but it’s only part of the picture. Does the
application give you the features you need? Is the codebase active?
What’s the developer community like? How’s the documentation? You get
the idea.

Cheers,
Walter

rickbocas · June 14, 2012, 3:30pm

If you can, upgrade, especially if your app is developed for Windows. I
have developed several apps in 2.x and they are increasingly becoming a
nightmare to maintain. Most of the better gems I’ve wanted to use work
only
under Rails 3 and the alternatives are usually not good. I am currently
upgrading an app from 2.3.5 to Rails 3 and although there are challenges
there has been nothing I couldn’t do easier and better in Rails 3, which
has helped to clean up the code quite a bit.