Short Answer: Yes.
Read on to find out why...
Joomla 3.7 was just released with a bevy of cool improvements. The core team and Joomla volunteers have done a great job of advancing the platform forward with additions like custom fields and UX improvements. (You can see the full list of enhancements on the Joomla site here: https://www.joomla.org/3/)
We have a client on a Joomla 2.5 site that we've been harassing (politely) for years to update and are finally in the process of finishing a redesign and relaunching with an upgraded version of Joomla. I was talking with her about her concerns with site stability and she told me, "I don't want to be on the bleeding edge. I don't need to have the latest software. I'd rather have something six months out of date." You see this perspective often with people from the corporate world and who know how buggy innovation can be. It's one of the reasons many retailers have ancient computing infrastructure: upgrading is risky when they know that what they have works.
Her concerns are legitimate. A few years ago, a developer friend performed a major version upgrade on a Joomla site a week after it was released. Initially, everything looked fine, but there were several issues that creeped up later due to changes with the Joomla core API and the extensions the site used. It took them almost a month for everything to be smoothed out and in the meantime they had to downgrade- wasting days working through the issues.
While it's a good rule of thumb to not be on the bleeding edge unless you desperately need a new feature, everyone's situation is different. The reason you don't upgrade quickly to a new major version is because of stability. You want to avoid the situation that that developer ran into when he upgraded too early. However, occasionally an upgrade fixes a security issue. In these cases, if you don't upgrade, your site actually becomes less stable because it's at risk of being hacked. Then it becomes a really bad idea to drift behind the pack because that's where hackers are going to pick you off.
In the case of Joomla 3.7, most Joomla sites need to perform the upgrade soon. There are a plethora of low level security patches included in the release and one security fix marked by the Joomla security team as a high-level threat. Depending on your risk tolerance, the low-level threats may be okay to ignore for a time, but any medium or high level threat should be addressed ASAP and that is the case with 3.7. The upgrade fixes security issue 20161205, which is a vulnerability in the PHP Mailer class many versions of Joomla ship with. You can learn more about what the security patches are at the Joomla Security Center.
The best way to mitigate the risk of an early upgrade is to test your upgrades in a safe environment prior to implementing them on your live website. You can do this by downloading a backup of your website and upgrading locally, but the best way to get a clear idea of how the upgrade will affect the website is to perform the upgrade on your Web server in a subdirectory or staging environment. The reason why is because there are often server differences between your local environments and the web host your site is running on and those differences can cause different behavior. Sometimes your site will update smooth locally, but turn into a flaming wreck on your web host's server.
Just like with any upgrade, you want to be methodical about testing all functional aspects of your website. Often, the areas that break during an upgrade are not obvious and deep in your checkout process or on the tail end of some form that is supposed to be saving things to your database or sending emails.
Need help upgrading? Shoot us an email at [email protected]