Is 4.1.x unsupported for security patches?

[Fast Lane!]

I was just told that IPB 4.1.x (I currently have 4.1.19.4) is unsupported and no longer receiving security patches. I was always under the impression that IPB supported the last release for at least 12 months after a new branch was released.

Am I mistaken?  My understanding is that 4.2.x breaks 4.1.x skins pretty bad so I would need to do a full regression test board for this upgrade -- which I consider a major upgrade not a routine .x.x upgrade (hence the old version should still have have security support releases but not feature releases).

 

[Colonel_mortis]

You are mistaken. They do seem to support major versions (v3), but not minor versions (4.1), but I completely agree that it would make sense to do so from a site owner perspective. However, the security fix in 4.2.3 fixes an issue that was introduced in 4.2.0, so as far as I understand it, there is no significant risk to you of running 4.1.19.4. However, when 4.1 came out, there were security fixes that applied to 4.0 that were included in 4.1.0, which I strongly disagree with because it's simply not possible for a large or customised site to do upgrades like that in a timely manner.

[Fast Lane!]

Yeah I agree. For larger sites that monetize and run as a business this seems critical. IPB could even have an Enterprise Support tier that gives this flexibility. I actually "like" to stay one .x rev back (or many .x.x revs back) to avoid zero day goofs and fixes in the SW. Most large companies use this method with all their critical SW to avoid issues. Having to redesign skins or do major rework more than once a year is burdensome. 

Can anyone at IPB (@bfarber, @Lindsay or  @Matt) comment on this level of Enterprise or large customer support?  This is not really applicable to enthusiast sites that may be ok with bleeding edge releases to get new features. 

Thanks. 

 

[Charles]

Version numbers are just indicators of status. It's the version 4 series that we are in and that is what we support.

As for our larger enterprise clients, they tend to be the first to want large upgrades as they want to always stay up to date and engaged with their users. Many obsessively follow our news so they can prepare.

[Fast Lane!]

Fair enough on version numbers but I guess I measure major updates in a series to include when there are substantial changes to skins or functionality which require major attention or rework by site owners. I've been an IPB customer for 13-14 years and I recall that previous .x updates would retain security (but not feature) support for a while. I'm thinking back to the days of 2.x. 

For 4.2 IPB ran a several month formal beta and said on the release notes,

"Version 4.2.0 is the next large release for Invision Community! We are very excited to introduce all the new features and improvements."

Small .x.x updates are low risk to upgrade but for 4.2 this means I may need to reskin my entire forum and regression test custom interfaces. It's unclear what database changes occurred, etc..

[Fast Lane!]

Ping

[DesignzShop]

On 9/1/2017 at 8:05 AM, Fast Lane! said:

Fair enough on version numbers but I guess I measure major updates in a series to include when there are substantial changes to skins or functionality which require major attention or rework by site owners. I've been an IPB customer for 13-14 years and I recall that previous .x updates would retain security (but not feature) support for a while. I'm thinking back to the days of 2.x. 

For 4.2 IPB ran a several month formal beta and said on the release notes,

"Version 4.2.0 is the next large release for Invision Community! We are very excited to introduce all the new features and improvements."

Small .x.x updates are low risk to upgrade but for 4.2 this means I may need to reskin my entire forum and regression test custom interfaces. It's unclear what database changes occurred, etc..

Yes,, your skin will need some work without doubt. If it's a dark skin you will have a few more edits. An entire re-skin? No... But,, a lot of work ahead for you depending how much work your skin has to it.. 4.2 was a substantial change. We had literally months to prepare for it. IPB for 4.2 done a outstanding favor to us by providing as much time as they did. It was needed and they kindly obliged. 

There's been several major security fixes since your version, You're at risk. is there a reason to not upgrade as soon as possible instead of waiting and putting your community and investment at risk?

There's a lot of skins in Marketplace, if updating your theme is a issue why not consider a pre-made theme from anyone to make your life easier?

[Dll]

On 01/09/2017 at 2:05 PM, Fast Lane! said:

For 4.2 IPB ran a several month formal beta and said on the release notes,

 

I think you just made an argument for exactly why you could (and should) have sorted your skin changes by now. Site owners have a duty to their users to stay up to date with security etc. So, it's probably best you pull your finger out rather than wasting time trying to push what is a flawed argument, as you're not going to change the way this works.

[Stuart Silvester]

1 hour ago, Fast Lane! said:

Ping

We've got a theme upgrade guide for 4.2 that you may find useful.

 

[Fast Lane!]

50 minutes ago, Dll said:

I think you just made an argument for exactly why you could (and should) have sorted your skin changes by now. Site owners have a duty to their users to stay up to date with security etc. So, it's probably best you pull your finger out rather than wasting time trying to push what is a flawed argument, as you're not going to change the way this works.

I'm not a beta tester.  I'd happily regression test the final version before upgrading if there was an overlap in support between versions.  I can't think of any large company that runs betas.

Got it that I can't win, but it would be useful in the future to give an advance firm cutoff date (EOL) on versions so we can plan ahead better.

[Dll]

2 hours ago, Fast Lane! said:

I'm not a beta tester.  I'd happily regression test the final version before upgrading if there was an overlap in support between versions.  I can't think of any large company that runs betas.

Got it that I can't win, but it would be useful in the future to give an advance firm cutoff date (EOL) on versions so we can plan ahead better.

You don't need to be a beta tester, 4.2 has been out of beta for nearly 2 months. Although since you apparently have a skin that must take weeks/months to update, I'd have thought it would be in your interest to stay on top of what's going on, and perhaps even use beta versions to set you in the right direction in tems of updating it.

And 4.2 was a point release of version 4 of IPB, why would you expect an eol notice for that?

[Joel R]

On 8/30/2017 at 5:22 AM, Fast Lane! said:

I was just told that IPB 4.1.x (I currently have 4.1.19.4) is unsupported and no longer receiving security patches. I was always under the impression that IPB supported the last release for at least 12 months after a new branch was released.

Am I mistaken?  My understanding is that 4.2.x breaks 4.1.x skins pretty bad so I would need to do a full regression test board for this upgrade -- which I consider a major upgrade not a routine .x.x upgrade (hence the old version should still have have security support releases but not feature releases).

 

They supported v3 for a year.  

v4 is a separate line.  And yes, 4.2 breaks all the skins, so you should expect to contact your themer who will need to update his theme to 4.2.  

[TSFX]

I've been told by my support team and developers that there are many breaking changes going from 4.1.x to 4.2.x. The skins all broke from 4.0.x to 4.1.x, these constant breaking changes cost us a lot of money and time, I really beg that Invision do better and integrate backwards compatibility.

We can't deploy 4.2.x and will release our product using 4.1.19.4 because of the time and cost it would take to convert, that's if I can actually find the Download and Developer docs for 4.1.19.4 because our product was developed on 4.1.9.

[Joel R]

If it makes you feel any better, if you procrastinate a tad bit longer you can end up not releasing on the forthcoming 4.3 line either!  

[TSFX]

Not very helpful. There are massive breaking changes between 4.1.x and 4.2.x, but I will probably wait till 4.3.x before upgrading so we only have to go through I cycle of upgrades. This is a particularly large project, the changes are by no means trivial.

[Joel R]

Just now, Cardio said:

Not very helpful. There are massive breaking changes between 4.1.x and 4.2.x, but I will probably wait till 4.3.x before upgrading so we only have to go through I cycle of upgrades. This is a particularly large project, the changes are by no means trivial.

I mean, the core IPS itself is fine for the upgrade so I think it's a stretch to say 'massive breaking changes.'  It's all the junk you add on that cause 'massive breaking changes' because they need to update their templates and code.    

As others have learned when upgrading from 4.1 to 4.2, revert to default theme.  Turn off all 3rd party apps and plugins.  Then upgrade and you'll be fine.  Once you've upgraded, then start turning on your 3rd party applications and plugins and customization.  

[TSFX]

Ok, moderate breaking changes. I've been told by the developers, and I trust them, that it will take hundreds of hours to update, Unit test, E2E, QA.

That's not trivial.

[Rhett]

49 minutes ago, Cardio said:

Ok, moderate breaking changes. I've been told by the developers, and I trust them, that it will take hundreds of hours to update, Unit test, E2E, QA.

That's not trivial.

 

I think someone is pulling your leg here. Have you tested on 4.2 even to see if there is, in fact, an issue?   What item is this you are speaking of in this case? 

[TSFX]

Perhaps. I'll double check. It is a very complex project.

[All Astronauts]

That link, scroll to the bottom, there is a blurb at the bottom left menu linking to 4.2 changes.

At the end of the day, most of the grief coming from people moving from 4.1 to 4.2 were 3rd party themes not being updated enough out of the gate to handle the new Clubs and Reactions features. For hooks (apps or plugins) if they were, again, on template elements, those might need to be re-targeted due to the template changes. The actual back-end changes you'd need to account for in your apps and plugins was mainly in new features being available; not breaking changes on existing code.

But again, as you say, it depends on what you are actually doing.