Short Answer: Yes.

Read on to find out why...

Joomla 3.7 was just released with a bevy of cool improvements. The core team and Joomla volunteers have done a great job of advancing the platform forward with additions like custom fields and UX improvements. (You can see the full list of enhancements on the Joomla site here: https://www.joomla.org/3/)

We have a client on a Joomla 2.5 site that we've been harassing (politely) for years to update and are finally in the process of finishing a redesign and relaunching with an upgraded version of Joomla. I was talking with her about her concerns with site stability and she told me, "I don't want to be on the bleeding edge. I don't need to have the latest software. I'd rather have something six months out of date."  You see this perspective often with people from the corporate world and who know how buggy innovation can be. It's one of the reasons many retailers have ancient computing infrastructure: upgrading is risky when they know that what they have works.

Her concerns are legitimate. A few years ago, a developer friend performed a major version upgrade on a Joomla site a week after it was released. Initially, everything looked fine, but there were several issues that creeped up later due to changes with the Joomla core API and the extensions the site used. It took them almost a month for everything to be smoothed out and in the meantime they had to downgrade- wasting days working through the issues.

Does this mean that you should wait 6 months before upgrading to Joomla 3.7?

While it's a good rule of thumb to not be on the bleeding edge unless you desperately need a new feature, everyone's situation is different. The reason you don't upgrade quickly to a new major version is because of stability. You want to avoid the situation that that developer ran into when he upgraded too early. However, occasionally an upgrade fixes a security issue. In these cases, if you don't upgrade, your site actually becomes less stable because it's at risk of being hacked. Then it becomes a really bad idea to drift behind the pack because that's where hackers are going to pick you off.

In the case of Joomla 3.7, most Joomla sites need to perform the upgrade soon. There are a plethora of low level security patches included in the release and one security fix marked by the Joomla security team as a high-level threat. Depending on your risk tolerance, the low-level threats may be okay to ignore for a time, but any medium or high level threat should be addressed ASAP and that is the case with 3.7.  The upgrade fixes security issue 20161205, which is a vulnerability in the PHP Mailer class many versions of Joomla ship with. You can learn more about what the security patches are at the Joomla Security Center.

Upgrading Safely

The best way to mitigate the risk of an early upgrade is to test your upgrades in a safe environment prior to implementing them on your live website. You can do this by downloading a backup of your website and upgrading locally, but the best way to get a clear idea of how the upgrade will affect the website is to perform the upgrade on your Web server in a subdirectory or staging environment. The reason why is because there are often server differences between your local environments and the web host your site is running on and those differences can cause different behavior. Sometimes your site will update smooth locally, but turn into a flaming wreck on your web host's server.

Just like with any upgrade, you want to be methodical about testing all functional aspects of your website. Often, the areas that break during an upgrade are not obvious and deep in your checkout process or on the tail end of some form that is supposed to be saving things to your database or sending emails.

7 Steps to Upgrade Joomla 3.x to Joomla 3.7

1. Review your site and make a list of functionality used on the website. For example, if you're running a shopping cart on your Joomla site, you want to make sure that visitors can create accounts, log into accounts, add items to their cart, check out, and that you receive notification of their orders.
2. Review the extensions you're using and go to the extension creators' websites to see if there are any announcements about compatibility with 3.7. Often, when there is an issue around major versions, you'll see a press release or announcement saying that they either compatible or are working on bug fixes for it.
3. Create a copy of your site in a subdirectory or staging server that matches your production server.
4. Perform the upgrade on the site.
5. Review the upgraded site for any issues using your original list.
6. If everything looks good, backup your main website.
7. Perform the upgrade during a time when you know you have open time in front of you. In other words, don't upgrade your site Friday night before heading out on a camping trip for the weekend.

Need help upgrading? Shoot us an email at [email protected]