Skip to Content
Last modified by Agnease on 2026/05/26 10:58
From version 8.1
edited by Agnease
on 2026/05/22 07:50
Change comment: There is no comment for this version
To version 1.4
edited by Agnease
on 2026/05/12 14:47
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,0 @@
1 -Why You Should Upgrade XWiki Regularly for Security and Stability
Content
... ... @@ -2,166 +2,292 @@
2 2  #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 3  {{html clean="false"}}
4 4  
5 - <section class="resource-header" aria-labelledby="hero-title">
6 - <div class="container">
7 - <div class="text-center">
8 - <div class="hero-kicker">
9 - <i class="fa fa-refresh" aria-hidden="true"></i>
10 - XWiki upgrade guidance
11 - </div>
5 + ## PAGE HEADER
6 + <section class="hero hero-centered service-hero" aria-labelledby="hero-title">
7 + <div class="container hero-inner">
8 + <div class="hero-kicker">
9 + <i class="fa fa-refresh" aria-hidden="true"></i>
10 + XWiki upgrade guidance
12 12   </div>
13 13  
14 14   <h1 id="hero-title">Why upgrading your XWiki instance should be a regular priority</h1>
15 15  
16 - <p class="resource-summary">
15 + <p class="lead">
17 17   A working XWiki instance can still become outdated, harder to maintain and exposed to avoidable risks
18 18   when upgrades are postponed for too long.
19 19   </p>
19 +
20 + <p class="hero-support">
21 + Regular upgrades help keep XWiki secure, stable, compatible and easier to evolve, especially when the platform
22 + is used for internal knowledge, documentation, procedures, workflows or business-critical collaboration.
23 + </p>
24 +
25 + <div class="hero-actions">
26 + <a class="btn btn-primary" href="$xwiki.getURL('services.xwiki-upgrades')">View upgrade services</a>
27 + <a class="btn btn-secondary" href="#upgrade-tips">Read upgrade tips</a>
28 + </div>
20 20   </div>
21 21   </section>
22 22  
23 - <section class="resource-page">
32 + ## WHY IT MATTERS
33 + <section aria-labelledby="why-title">
24 24   <div class="container">
25 - <div class="resource-layout">
35 + <h2 id="why-title">“It still works” is not the same as “it is safe to keep unchanged”</h2>
26 26  
27 - <aside class="resource-sidebar" aria-label="Page summary">
28 - <h4>In this guide</h4>
37 + <p class="section-intro">
38 + Many XWiki instances continue to run for years with only small visible problems. That can create the impression
39 + that upgrades are optional. In practice, the longer an instance stays behind, the more risk accumulates around
40 + security fixes, extension compatibility, infrastructure changes, custom code and future upgrade effort.
41 + </p>
42 +
43 + <div class="pathways">
44 + <article class="pathway-card">
45 + <div class="pathway-icon">
46 + <i class="fa fa-shield" aria-hidden="true"></i>
47 + </div>
48 + <h3>Security fixes accumulate</h3>
49 + <p>
50 + Older versions may miss security-related fixes and improvements that are already available in newer releases.
51 + </p>
29 29   <ul>
30 - <li><a href="#why-it-matters">Why upgrades matter</a></li>
31 - <li><a href="#upgrade-checklist">Upgrade checklist</a></li>
32 - <li><a href="#safe-process">Safe process</a></li>
33 - <li><a href="#common-mistakes">Common mistakes</a></li>
34 - <li><a href="#upgrade-rhythm">Upgrade rhythm</a></li>
53 + <li>Known issues may already be fixed upstream</li>
54 + <li>Public information about vulnerabilities increases risk over time</li>
55 + <li>Security updates are easier to handle when upgrades are regular</li>
35 35   </ul>
36 - </aside>
57 + </article>
37 37  
38 - <article class="resource-content">
39 -
59 + <article class="pathway-card">
60 + <div class="pathway-icon">
61 + <i class="fa fa-puzzle-piece" aria-hidden="true"></i>
62 + </div>
63 + <h3>Compatibility becomes harder</h3>
40 40   <p>
41 - Many XWiki instances continue to run for years with only small visible problems. This can create the
42 - impression that upgrades are optional, especially when users can still log in, search, edit pages and
43 - access the content they need.
65 + Extensions, custom applications, authentication integrations and infrastructure components evolve together.
44 44   </p>
67 + <ul>
68 + <li>Extensions may require newer XWiki versions</li>
69 + <li>Java, Tomcat and database requirements can change</li>
70 + <li>Large version jumps are harder to validate</li>
71 + </ul>
72 + </article>
45 45  
74 + <article class="pathway-card">
75 + <div class="pathway-icon">
76 + <i class="fa fa-line-chart" aria-hidden="true"></i>
77 + </div>
78 + <h3>Maintenance cost increases</h3>
46 46   <p>
47 - The real risk is that technical debt accumulates quietly. Security fixes, extension compatibility,
48 - authentication behavior, infrastructure requirements and custom code assumptions continue to evolve.
49 - The longer an instance remains behind, the more difficult the next upgrade becomes.
80 + The longer upgrades are postponed, the more difficult it becomes to understand what changed and what may break.
50 50   </p>
82 + <ul>
83 + <li>More release notes to review</li>
84 + <li>More compatibility checks to perform</li>
85 + <li>More risk around custom code and old assumptions</li>
86 + </ul>
87 + </article>
88 + </div>
89 + </div>
90 + </section>
51 51  
52 - <div class="resource-note">
92 + ## WHAT TO REVIEW
93 + <section id="upgrade-tips" class="services" aria-labelledby="tips-title">
94 + <div class="container">
95 + <h2 id="tips-title">Practical tips before planning an XWiki upgrade</h2>
96 +
97 + <p class="section-intro">
98 + A good upgrade starts before the installation step. The most useful preparation is to understand the current
99 + platform, identify what is business-critical and validate the upgrade outside production.
100 + </p>
101 +
102 + <div class="services-grid">
103 + <article class="service">
104 + <div class="service-icon" aria-hidden="true">
105 + <i class="fa fa-code-fork"></i>
106 + </div>
107 + <div class="service-body">
108 + <h4>Check your current version and target version</h4>
53 53   <p>
54 - <strong>The main point:</strong> regular upgrades are not only about new features. They reduce security
55 - exposure, compatibility risk and long-term maintenance cost.
110 + Identify the current XWiki version, the desired target version and whether intermediate upgrade steps are needed.
56 56   </p>
57 57   </div>
113 + </article>
58 58  
59 - <h2 id="why-it-matters">Why regular XWiki upgrades matter</h2>
115 + <article class="service">
116 + <div class="service-icon" aria-hidden="true">
117 + <i class="fa fa-puzzle-piece"></i>
118 + </div>
119 + <div class="service-body">
120 + <h4>Review installed extensions</h4>
121 + <p>
122 + List installed extensions and check whether they are compatible with the target XWiki version.
123 + </p>
124 + </div>
125 + </article>
60 60  
61 - <h3>1. Security fixes accumulate over time</h3>
62 - <p>
63 - Older versions may miss security-related fixes already available in newer releases. Once security issues
64 - become publicly known, running an old version can become a more predictable risk.
65 - </p>
127 + <article class="service">
128 + <div class="service-icon" aria-hidden="true">
129 + <i class="fa fa-code"></i>
130 + </div>
131 + <div class="service-body">
132 + <h4>Identify custom code</h4>
133 + <p>
134 + Review custom macros, Velocity scripts, Java components, UI extensions, sheets, templates and local changes.
135 + </p>
136 + </div>
137 + </article>
66 66  
67 - <p>
68 - This does not mean every old instance is immediately exposed in the same way. The real impact depends on
69 - your configuration, installed extensions, access model, authentication setup and whether the instance is
70 - public or private. But staying close to supported versions makes security maintenance more manageable.
71 - </p>
139 + <article class="service">
140 + <div class="service-icon" aria-hidden="true">
141 + <i class="fa fa-lock"></i>
142 + </div>
143 + <div class="service-body">
144 + <h4>Validate authentication</h4>
145 + <p>
146 + LDAP, Active Directory, SSO, OIDC, SAML and MFA configurations should be tested carefully after the upgrade.
147 + </p>
148 + </div>
149 + </article>
72 72  
73 - <h3>2. Large upgrade gaps are harder to control</h3>
74 - <p>
75 - A small, regular upgrade is usually easier to validate than a large jump after several years. Large gaps
76 - mean more release notes, more compatibility changes, more extension checks and more uncertainty around
77 - custom code.
78 - </p>
151 + <article class="service">
152 + <div class="service-icon" aria-hidden="true">
153 + <i class="fa fa-database"></i>
154 + </div>
155 + <div class="service-body">
156 + <h4>Prepare backups and a staging clone</h4>
157 + <p>
158 + Never treat production as the first test. Validate the upgrade on staging or a temporary clone first.
159 + </p>
160 + </div>
161 + </article>
79 79  
80 - <h3>3. Extensions and customizations can become fragile</h3>
81 - <p>
82 - XWiki instances often include installed extensions, custom Velocity scripts, macros, templates, sheets,
83 - UI extensions, Java components or business-specific applications. These elements need to be reviewed when
84 - planning an upgrade.
85 - </p>
163 + <article class="service">
164 + <div class="service-icon" aria-hidden="true">
165 + <i class="fa fa-check-square-o"></i>
166 + </div>
167 + <div class="service-body">
168 + <h4>Create a validation checklist</h4>
169 + <p>
170 + Test login, permissions, search, dashboards, PDFs, custom applications, jobs, important pages and integrations.
171 + </p>
172 + </div>
173 + </article>
174 + </div>
175 + </div>
176 + </section>
86 86  
87 - <h3>4. Infrastructure requirements evolve</h3>
178 + ## SAFE PROCESS
179 + <section class="split-section" aria-labelledby="process-title">
180 + <div class="container">
181 + <div class="split-grid">
182 + <div class="split-copy">
183 + <h2 id="process-title">The safest upgrade is the one rehearsed before production</h2>
184 +
88 88   <p>
89 - XWiki upgrades can involve more than the application itself. Java, Tomcat, the database, Docker images,
90 - reverse proxy configuration, PDF export services and authentication integrations may also need attention.
186 + A production upgrade should not be the first time the process is tested. A staging environment or temporary
187 + clone allows problems to be discovered before they affect users.
91 91   </p>
92 92  
93 - <h3>5. Business-critical features need validation</h3>
94 94   <p>
95 - A successful upgrade is not only one where the server starts. Users usually depend on login, permissions,
96 - search, dashboards, PDF exports, workflows, notifications, custom applications and important pages. These
97 - should be part of the validation plan.
191 + This is especially important when the instance includes custom applications, authentication integrations,
192 + PDF exports, workflows, advanced permissions or business-critical documentation.
98 98   </p>
194 + </div>
99 99  
100 - <h2 id="upgrade-checklist">Practical checklist before planning an upgrade</h2>
196 + <ol class="process-list">
197 + <li>
198 + <strong>Prepare a staging clone</strong>
199 + Copy the relevant database, filesystem and configuration into a controlled non-production environment.
200 + </li>
201 + <li>
202 + <strong>Run the upgrade there first</strong>
203 + Apply the upgrade, resolve compatibility issues and record the steps required.
204 + </li>
205 + <li>
206 + <strong>Validate business-critical features</strong>
207 + Confirm that authentication, rights, search, exports, custom apps and important workflows still work.
208 + </li>
209 + <li>
210 + <strong>Plan the production window</strong>
211 + Define backup, downtime, rollback and communication expectations before touching production.
212 + </li>
213 + <li>
214 + <strong>Document the result</strong>
215 + Keep upgrade notes, observed issues and follow-up recommendations for the next maintenance cycle.
216 + </li>
217 + </ol>
218 + </div>
219 + </div>
220 + </section>
101 101  
102 - <ul class="resource-checklist">
103 - <li>Identify the current XWiki version and the target version.</li>
104 - <li>Check whether intermediate upgrade steps are needed.</li>
105 - <li>List installed extensions and verify compatibility with the target version.</li>
106 - <li>Identify custom code: Velocity scripts, macros, sheets, templates, UI extensions and Java components.</li>
107 - <li>Review authentication: LDAP, Active Directory, SSO, OIDC, SAML or MFA.</li>
108 - <li>Prepare a staging environment or temporary clone of production.</li>
109 - <li>Validate backups and clarify rollback expectations.</li>
110 - <li>Test important pages, dashboards, permissions, search, jobs, exports and custom workflows.</li>
111 - <li>Document the steps, issues found and follow-up recommendations.</li>
112 - </ul>
222 + ## COMMON MISTAKES
223 + <section aria-labelledby="mistakes-title">
224 + <div class="container">
225 + <h2 id="mistakes-title">Common mistakes to avoid</h2>
113 113  
114 - <h2 id="safe-process">A safer upgrade process</h2>
227 + <p class="section-intro">
228 + Most difficult upgrades are not difficult because XWiki cannot be upgraded. They become difficult because
229 + the environment, customizations or validation steps were not understood early enough.
230 + </p>
115 115  
232 + <div class="widgets">
233 + <article class="widget">
234 + <div class="icon" aria-hidden="true">
235 + <i class="fa fa-warning"></i>
236 + <h4>Upgrading<br />directly in production</h4>
237 + </div>
116 116   <p>
117 - Production should not be the first place where the upgrade is tested. The safest approach is to rehearse
118 - the upgrade on staging or a temporary clone, resolve compatibility issues there, then perform the production
119 - upgrade with a clear plan.
239 + Production should not be the first place where compatibility issues are discovered.
120 120   </p>
241 + </article>
121 121  
122 - <ol>
123 - <li><strong>Prepare a clone:</strong> copy the relevant database, filesystem and configuration.</li>
124 - <li><strong>Run the upgrade outside production:</strong> record the steps and issues found.</li>
125 - <li><strong>Validate critical features:</strong> login, rights, search, PDFs, workflows, dashboards and integrations.</li>
126 - <li><strong>Plan the production window:</strong> backups, downtime, rollback and communication.</li>
127 - <li><strong>Document the result:</strong> keep notes for the next upgrade cycle.</li>
128 - </ol>
129 -
130 - <h2 id="common-mistakes">Common mistakes to avoid</h2>
131 -
132 - <ul>
133 - <li><strong>Upgrading directly in production.</strong> Compatibility issues should be discovered before users are affected.</li>
134 - <li><strong>Checking only public pages.</strong> Authentication, restricted spaces and admin features also need validation.</li>
135 - <li><strong>Ignoring custom code.</strong> Custom scripts and extensions often create the real upgrade complexity.</li>
136 - <li><strong>Skipping backup validation.</strong> A backup is useful only if restore expectations are understood.</li>
137 - <li><strong>Keeping no upgrade notes.</strong> Without notes, the next maintenance cycle starts again from uncertainty.</li>
138 - </ul>
139 -
140 - <h2 id="upgrade-rhythm">How often should XWiki be upgraded?</h2>
141 -
243 + <article class="widget">
244 + <div class="icon" aria-hidden="true">
245 + <i class="fa fa-puzzle-piece"></i>
246 + <h4>Ignoring<br />extensions</h4>
247 + </div>
142 142   <p>
143 - For many organizations, a practical rhythm is to stay aligned with the current Long Term Support version
144 - and plan upgrades regularly rather than waiting for a major problem. Some environments can upgrade more
145 - frequently, while heavily customized instances may require more planning.
249 + Extensions and custom code often create the real upgrade complexity.
146 146   </p>
251 + </article>
147 147  
253 + <article class="widget">
254 + <div class="icon" aria-hidden="true">
255 + <i class="fa fa-lock"></i>
256 + <h4>Testing only<br />public pages</h4>
257 + </div>
148 148   <p>
149 - The important part is not only the exact frequency. It is having an upgrade process that is repeatable:
150 - review, staging validation, production rollout, documentation and follow-up.
259 + Login, permissions, restricted spaces and admin features should also be validated.
151 151   </p>
261 + </article>
152 152  
153 - <div class="resource-cta">
154 - <h3>Need help planning an XWiki upgrade?</h3>
155 - <p>
156 - If your XWiki instance is outdated, customized or business-critical, the safest next step is to review
157 - the current version, extensions, infrastructure and validation needs before planning the production upgrade.
158 - </p>
159 - <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Request an upgrade review</a>
263 + <article class="widget">
264 + <div class="icon" aria-hidden="true">
265 + <i class="fa fa-file-text-o"></i>
266 + <h4>No upgrade<br />notes</h4>
160 160   </div>
161 -
268 + <p>
269 + Without notes, every future upgrade starts again from uncertainty.
270 + </p>
162 162   </article>
163 163   </div>
164 164   </div>
165 165   </section>
275 +
276 + ## CTA
277 + <section class="cta-section" aria-labelledby="cta-title">
278 + <div class="container">
279 + <div class="cta-panel">
280 + <h2 id="cta-title">Need help planning an XWiki upgrade?</h2>
281 +
282 + <p>
283 + If your XWiki instance is outdated, customized or business-critical, the safest next step is to review
284 + the current version, extensions, infrastructure and validation needs before planning the production upgrade.
285 + </p>
286 +
287 + <a class="btn btn-primary" href="$xwiki.getURL('services.xwiki-upgrades')">View XWiki upgrade services</a>
288 + </div>
289 + </div>
290 + </section>
291 +
166 166  {{/html}}
167 167  {{/velocity}}
Agnease.Code.SEODetailsClass[0]
metaDescription
... ... @@ -1,1 +1,0 @@
1 -Learn why regular XWiki upgrades matter for security, stability, extension compatibility and long-term maintenance, especially for production XWiki instances.
metaTitle
... ... @@ -1,1 +1,0 @@
1 -Why You Should Upgrade XWiki Regularly for Security and Stability | Agnease