Staying in the LoopYou should already have bookmarked the Web sites for Apache, PHP, and MySQL. It doesn't matter if you've been using these technologies for six days or six yearsthere will always be a need to refer back to the sites (I do, all the time!). If the primary reason for visiting the Web sites is to obtain information regarding updates, you could always subscribe to an announcements-only mailing list:
When to UpgradeAs indicated in the installation chapters, minor version changes occur whenever the developers find it necessary to do sonot on any particular schedule. But just because a minor version change has occurred, that doesn't necessarily mean you should run right out and upgrade your software. Sometimes, however, you should upgrade. The primary instance in which you should immediately upgrade your software is when a security fix is announced. Usually, security issues are not discovered until they are exploitedsometimes in a testing environment but sometimes by a rogue user who just wants to cause trouble for the world. Once a security issue is verified, you can bet that it becomes the top priority for developers to fix, and very quickly you will see an announcement of an upgrade. When that occurs, you should follow suit and upgrade immediatelyeven if you don't use the particular element that is the cause of the security issue. A hole is a holewhy leave it uncovered? Here is an example of the Apache changelog, documenting a change that occurred between version 2.0.49 and 2.0.50, that would be an indicator of a need to upgrade: SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. A good rule of thumb would be that if the word security appears anywhere in the changelog, you should upgrade. However, if the release is simply a maintenance release, meaning that it contains bugfixes and general enhancements that occur through normal development, you probably don't need to drop everything and upgrade your software. Here are some examples of maintenance items, from the Apache and PHP changelogs: mod_deflate: Fix memory consumption (which was proportional to the response size). (from Apache changelog) Fixed bug #28963 Fixed address allocation routine in IMAP extension. (from PHP changelog) If nothing in the list of changes is relevant to you, your work, or your environment, you could probably put off the upgrade until scheduled downtime or a rainy day. For example, if all the bugs fixed in a maintenance release of PHP have to do with an AIX or Tru64 platform and you run Linux on Intel architecture, you can put the task aside, worry-free. Even if you don't immediately upgrade your software, it's a good idea to stay at least within one or two minor versions of the current production version of the software. Anything past that and it becomes more likely that new features would be added or bugs fixed, which are indeed relevant to your work or your environment. |