Rails often releases updates to their gem, for new releases, bug fixes or security fixes. Its always important to stay at the latest version, to receive support and to stay safe of security issues.
The core team often release security patches, based on CVEs or other security issues found by the team or the general public. Only the latest couple of releases get the security fixes. You stand the risk of exposing security holes in your system, if you dont upgrade the rails version. The same is true of other gems. Gems often make security fixes, and creates a version bump, and the application should be ready to incorporate it. If your application is always at the latest gems, you are on the safer side and the new security fixes can be applied easily.
As of this writing, Rails 5.1 has been released and regular security issues gets fixed only in Rails 5.1 and 5.0, and servere fixes also on 4.2.
As per the Rails maintenance policy only the latest release series will receive bug fixes. That would mean that unless you are on the latest version of Rails, be ready to patch the fixes to your application. Other than bug fixes versions 4.x (lower than 4.2) do not receive any security fixes.
The more far away you are from the latest version, the more difficult it is to upgrade. Also, remember since your app is constantly changing by the addition of new code, it tend to add a lot of technical debt to the system. Unless code is carefully crafted, and the new upated gems are used, it might lead to throw away code.
New features sometimes leads to dependency avalanches. Assume that you need a newer version of a gem, for a particular feature, which in-turn depends on an updated version of gem B, the chances are very high that they finally end up in a situation that the rails gem needs to be upgraded. Since rubygems have a dependency matrix, a single point is enough to end up in a situation that would require an upgrade, all the way up to the latest Rails version. Just a small nudge is enough for a whole avalanche to be triggered!
Rails 5.x series has a lot of new features that can be used in your application. The most important ones are Action Cable and API mode.
Action Cable for WebSockets
Action Cable has been introduced in Rails 5.0, for creating applications using WebSockets. This supports long connections and is ideal for chat applications, instant notifications and real-time apps. More on this on another blog post.
Rails API Mode
Rails had earlier supported APIs using the rails-api gem. Now it provides a slim stack, that supports only the API mode with some sensible defaults. You get the
rails new backend --api command to create a new API only application.
So why wait. Begin you upgrade process today.
We help companies to upgrade your rails applications to the latest version.