Skip to Content

Wiki source code of why-upgrade-xwiki

Version 1.8 by Agnease on 2026/05/12 14:49
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 {{html clean="false"}}
4
5 <section class="resource-header" aria-labelledby="hero-title">
6 <div class="container">
7 <div class="text-center">
8 <div class="resource-kicker">
9 <i class="fa fa-refresh" aria-hidden="true"></i>
10 XWiki upgrade guidance
11 </div>
12 </div>
13
14 <h1 id="hero-title">Why upgrading your XWiki instance should be a regular priority</h1>
15
16 <p class="resource-summary">
17 A working XWiki instance can still become outdated, harder to maintain and exposed to avoidable risks
18 when upgrades are postponed for too long.
19 </p>
20 </div>
21 </section>
22
23 <section class="resource-page">
24 <div class="container">
25 <div class="resource-layout">
26
27 <article class="resource-content">
28
29 <p>
30 Many XWiki instances continue to run for years with only small visible problems. This can create the
31 impression that upgrades are optional, especially when users can still log in, search, edit pages and
32 access the content they need.
33 </p>
34
35 <p>
36 The real risk is that technical debt accumulates quietly. Security fixes, extension compatibility,
37 authentication behavior, infrastructure requirements and custom code assumptions continue to evolve.
38 The longer an instance remains behind, the more difficult the next upgrade becomes.
39 </p>
40
41 <div class="resource-note">
42 <p>
43 <strong>The main point:</strong> regular upgrades are not only about new features. They reduce security
44 exposure, compatibility risk and long-term maintenance cost.
45 </p>
46 </div>
47
48 <h2 id="why-it-matters">Why regular XWiki upgrades matter</h2>
49
50 <h3>1. Security fixes accumulate over time</h3>
51 <p>
52 Older versions may miss security-related fixes already available in newer releases. Once security issues
53 become publicly known, running an old version can become a more predictable risk.
54 </p>
55
56 <p>
57 This does not mean every old instance is immediately exposed in the same way. The real impact depends on
58 your configuration, installed extensions, access model, authentication setup and whether the instance is
59 public or private. But staying close to supported versions makes security maintenance more manageable.
60 </p>
61
62 <h3>2. Large upgrade gaps are harder to control</h3>
63 <p>
64 A small, regular upgrade is usually easier to validate than a large jump after several years. Large gaps
65 mean more release notes, more compatibility changes, more extension checks and more uncertainty around
66 custom code.
67 </p>
68
69 <h3>3. Extensions and customizations can become fragile</h3>
70 <p>
71 XWiki instances often include installed extensions, custom Velocity scripts, macros, templates, sheets,
72 UI extensions, Java components or business-specific applications. These elements need to be reviewed when
73 planning an upgrade.
74 </p>
75
76 <h3>4. Infrastructure requirements evolve</h3>
77 <p>
78 XWiki upgrades can involve more than the application itself. Java, Tomcat, the database, Docker images,
79 reverse proxy configuration, PDF export services and authentication integrations may also need attention.
80 </p>
81
82 <h3>5. Business-critical features need validation</h3>
83 <p>
84 A successful upgrade is not only one where the server starts. Users usually depend on login, permissions,
85 search, dashboards, PDF exports, workflows, notifications, custom applications and important pages. These
86 should be part of the validation plan.
87 </p>
88
89 <h2 id="upgrade-checklist">Practical checklist before planning an upgrade</h2>
90
91 <ul class="resource-checklist">
92 <li>Identify the current XWiki version and the target version.</li>
93 <li>Check whether intermediate upgrade steps are needed.</li>
94 <li>List installed extensions and verify compatibility with the target version.</li>
95 <li>Identify custom code: Velocity scripts, macros, sheets, templates, UI extensions and Java components.</li>
96 <li>Review authentication: LDAP, Active Directory, SSO, OIDC, SAML or MFA.</li>
97 <li>Prepare a staging environment or temporary clone of production.</li>
98 <li>Validate backups and clarify rollback expectations.</li>
99 <li>Test important pages, dashboards, permissions, search, jobs, exports and custom workflows.</li>
100 <li>Document the steps, issues found and follow-up recommendations.</li>
101 </ul>
102
103 <h2 id="safe-process">A safer upgrade process</h2>
104
105 <p>
106 Production should not be the first place where the upgrade is tested. The safest approach is to rehearse
107 the upgrade on staging or a temporary clone, resolve compatibility issues there, then perform the production
108 upgrade with a clear plan.
109 </p>
110
111 <ol>
112 <li><strong>Prepare a clone:</strong> copy the relevant database, filesystem and configuration.</li>
113 <li><strong>Run the upgrade outside production:</strong> record the steps and issues found.</li>
114 <li><strong>Validate critical features:</strong> login, rights, search, PDFs, workflows, dashboards and integrations.</li>
115 <li><strong>Plan the production window:</strong> backups, downtime, rollback and communication.</li>
116 <li><strong>Document the result:</strong> keep notes for the next upgrade cycle.</li>
117 </ol>
118
119 <h2 id="common-mistakes">Common mistakes to avoid</h2>
120
121 <ul>
122 <li><strong>Upgrading directly in production.</strong> Compatibility issues should be discovered before users are affected.</li>
123 <li><strong>Checking only public pages.</strong> Authentication, restricted spaces and admin features also need validation.</li>
124 <li><strong>Ignoring custom code.</strong> Custom scripts and extensions often create the real upgrade complexity.</li>
125 <li><strong>Skipping backup validation.</strong> A backup is useful only if restore expectations are understood.</li>
126 <li><strong>Keeping no upgrade notes.</strong> Without notes, the next maintenance cycle starts again from uncertainty.</li>
127 </ul>
128
129 <h2 id="upgrade-rhythm">How often should XWiki be upgraded?</h2>
130
131 <p>
132 For many organizations, a practical rhythm is to stay aligned with the current Long Term Support version
133 and plan upgrades regularly rather than waiting for a major problem. Some environments can upgrade more
134 frequently, while heavily customized instances may require more planning.
135 </p>
136
137 <p>
138 The important part is not only the exact frequency. It is having an upgrade process that is repeatable:
139 review, staging validation, production rollout, documentation and follow-up.
140 </p>
141
142 <div class="resource-cta">
143 <h3>Need help planning an XWiki upgrade?</h3>
144 <p>
145 If your XWiki instance is outdated, customized or business-critical, the safest next step is to review
146 the current version, extensions, infrastructure and validation needs before planning the production upgrade.
147 </p>
148 <a class="btn btn-primary" href="$xwiki.getURL('services.xwiki-upgrades')">View XWiki upgrade services</a>
149 </div>
150
151 </article>
152
153 <aside class="resource-sidebar" aria-label="Page summary">
154 <h4>In this guide</h4>
155 <ul>
156 <li><a href="#why-it-matters">Why upgrades matter</a></li>
157 <li><a href="#upgrade-checklist">Upgrade checklist</a></li>
158 <li><a href="#safe-process">Safe process</a></li>
159 <li><a href="#common-mistakes">Common mistakes</a></li>
160 <li><a href="#upgrade-rhythm">Upgrade rhythm</a></li>
161 </ul>
162 </aside>
163
164 </div>
165 </div>
166 </section>
167 {{/html}}
168 {{/velocity}}