Why you should keep your Moodle site up to date
Ensuring your site is up to date can be time-consuming and fiddly, especially if your Moodle site is accessed on a 24/7 basis. In this blog post, we tell you why you should allocate time to this!
Every year, there are six minor releases and two major releases to Moodle.
There are many sites that are still running old and unsupported versions of Moodle. Perhaps due to the time required to ensure a successful upgrade, site administrators take the “if it ain’t broke…” decision, or they just don’t realise that there is an update!
However, each release may contain vital security fixes on top of any additional features. And these aren’t just to do with issues in Moodle! The last two years we have seen some rather nasty security issues come to light which Moodle has had to build defences for.
Your Moodle site contains information on your company, college or school, materials that may be private, as well as your users, including personal information.
New security issues can appear at any time and can range from deleting your content or adding viruses/malware, to extracting user data or gaining server access. Once such issues are made public, these will start to be actively abused and could affect your Moodle site at any point.
Security issues with Moodle itself are often hidden from the Moodle Tracker until they are fixed. When fixed, the security issues are made public. Which means anyone is able to view what version of Moodle had a particular issue and this can be used maliciously. The message from Moodle is clear: keep your site up to date!
Some security flaws are not with Moodle itself, but other underlying services that Moodle uses (such as Apache and MySQL), so keeping on top of server updates is also important.
On top of their own code, Moodle also uses a number of third-party libraries within its codebase (such as PHPMailer) which can also contain security issues. When these libraries are updated, Moodle then has to provide an update to include the new version of that affected library.
In some cases, a patch or other mitigation is made available and it may be prudent to apply this where an issue is urgent but it’ll take longer to prepare for the released update, though we recommend updating at the earliest opportunity.
Each change in Moodle is stored in the source code repository and often the fixes can be seen as “diffs”. These can then be used to patch your Moodle site with that particular fix.
If your Moodle site source code has been modified, then this may not work for you and could cause further issues. You also need to ensure you are on a version for before the fix was created.
Each minor and major release includes a number of bug fixes to its functionality. Most of the time, you might not even know it was a bug until it was fixed. But sometimes, there is something you can’t quite get working correctly and it turns out it’s a bug!
Minor releases are dedicated to fixing core functionality issues and the majority of the time you can expect no visible change to your Moodle site or any functionality change.
Moodle has its own bug tracker (aptly named, Moodle Tracker) that is available to view, and anyone is free to create an account to raise their own issues. You can also visit the Moodle Forums to discuss any bugs you experience or interact with other Moodlers on their bug reports.
Bugs don’t just affect staff!
Users are affected by bugs in Moodle functionality just as much as admins and trainers are. Some bugs may only even affect users and you may not even be aware of these.
Ensure your users know they can report issues to you, these may turn out to be bugs and be fixed further down the line.
This one is a bit obvious, but every major Moodle release is dedicated to new features. A lot of these features are asked for by other Moodlers via the forums, or through the Moodle Users Associaton.
Compared to minor releases, the upgrade process may have some risk, where functionality is likely to change and any third party plugins or themes may break.
A lot of the time, people do not upgrade because they are happy with their current working Moodle site and don’t see a reason to change it. However, most of the time these new features prove to be useful and lead to improvements in how you present courses to your users.
Before upgrading to a major release, we advise performing a test upgrade first. This is where you clone your site to another location and then perform the upgrade so that it does not affect the live site that users are seeing. This way, you can investigate any issues that may occur and prepare any necessary additional steps when you do upgrade the live site.
The timescales for when Moodle updates are released are widely publicised, so scheduling updates are possible to do in advanced. There are two major releases every year to Moodle – one in May and another in November – and the dates can be found in the Moodle Docs “Releases” page for future reference.
Long-Term Support Releases
Moodle has started providing Long-Term Support (LTS) releases since the release of Moodle 2.7.
Moodle 3.1 is the latest LTS release, which is supported for security releases up until April 2019.
LTS releases extend the life of a Moodle version to three years of minor releases, as opposed to the normal 18 months with two years’ security support as opposed to the normal six months.
So if you don’t want to be on the latest and greatest all the time, this is a recommended option for you. Though do remember to plan to update to the next LTS release after 3 years!
Keeping up to date can be tricky, but it’s always worthwhile. And there is a long-term support option for those that don’t have the time for a full upgrade every year.
As of this post, the current release is Moodle 3.4 with Moodle 3.5 due in May 2018. Are you up to date?