Ruby On Rails App Update: The Product Owner’s Complete Guide

Ruby On Rails App Update: The Product Owner’s Complete Guide [2024]

20 min read


Download pdf

If you have an outdated Ruby on Rails (ROR) application, that doesn’t mean you need to rebuild it from scratch if you want to update it. Older versions of the framework can certainly cause various issues related to performance, user experience, maintainability, insufficient infrastructure costs, and security as the main concern. However, in our long experience updating Ruby, an app can return to life even if we lift the code from 2.7.0 or much older versions of the framework dating back to 2008.

That said, at MobiDev, over the past eight years, we’ve come through different scenarios of updating Ruby on Rails applications for our clients. And here I want to share our approach to upgrading an existing legacy Rails code. While I’ll address general aspects for modernization, you can contact us and discuss more specific questions, or meet in person with one of our Ruby Team Leaders in the USA, Canada, the UK, or the European Union.

Get in touch

if you are ready to reanimate your Ruby project!

Book a meeting

4 Things to Consider when Upgrading ROR Applications

To remove unrequired anxiety you may experience while thinking about upgrading your old application, you need to know what to expect and how labour intensive this process can be. There are four important aspect you need to consider, to estimate your specific ROR requirements and not disrupt ongoing processes:

  1. How will modernization influence the development of new features? Should the entire development team be involved in modernization, or is it better to have dedicated developers? When is it time to do the code freeze?
  2. Is the code ready for modernization? It should be if the features are covered with tests, documentation is in place, and backups and disaster recovery are functioning properly.
  3. What are the goals of modernization? The team should set understandable and trackable performance indicators of modernization and regularly assess how the process is moving along.
  4. Is the risk of modernization warranted? Modernization is an improvement but everything has its cost. Modernization plans should cover the increased risks of developer error (automation is required), rising complexity (more documentation to onboard new developers needed), etc.

Should You Update Your Ruby App to the Latest Version?

Updating your app basically can be done in two ways:

Incremental approach – This means the Rails version is updated step by step through major versions. This approach grants more control over changes and mitigates the possible risks of broken features or data corruption. It is strongly recommended to make incremental updates for larger applications, since there are a lot of interconnected elements that can simply stop working. 

Direct jump – This is a straightforward update to the latest version that grants speed, but may cause serious issues. Smaller apps can be upgraded with this procedure, however the risk of losing track of changes remains a problem. The biggest risk comes with the application built with Ruby 2.x versions, since major changes came with 3.x versions. 

The choice between the options depends on the engineering experience and knowledge of changes between the versions. At MobiDev, we prefer an incremental approach to deal with  issues before they can cause any damage to the application operation.

How do We Handle ROR Update Projects?

In most cases, running a Ruby on Rails application means you are already familiar with the stack of technologies used and in some cases can specify the project requirements. However, that’s not always the case, so at MobiDev, we propose two models of cooperation for updating Rails apps:

1. Hiring a Dedicated Ruby Team

If you understand the general vector of your Ruby product update and you already have a technical vision, all you need is a skilled engineering team. MobiDev offers its talents for implementing Ruby updates and covering the development tasks, even if you need a single developer.

The team size and its composition choice is up to the client, as we provide suitable experts for every aspect, from project management and QA, to the required number of Ruby developers. All of our engineers possess a vast expertise in Ruby updates with an average of 5+ years of experience. The team will cover the following tasks:

  1. Execution of the development, bug fixing, demo presentation, communication with the product owner while providing ongoing task estimates and documentation for code. 
  2. Covering quality assurance needs from manual and automated end-to-end testing including API, UI testing, performance, and accessibility.
  3. In terms of DevOps, there is also a range of tasks concerning infrastructure setup, continuous integration and delivery, infrastructure as code, service monitoring, software containerization, and cloud migration.

Hiring a dedicated team brings value, both for updating existing code base to more recent versions of Ruby on Rails, as well as for providing resources for further development of your product through implementation of new features and adaptations to changing requirements. A dedicated project manager, in this case, can handle all the communication tasks between teams, helping integrate MobiDev’s engineers into the client’s workflow and keep the development in-line with global business aims. 

2. Embracing Ruby Consulting

The second scenario might happen when the product update is stuck at the initial stages of analysis and planning. If you struggle to come up with a technical vision and lack Ruby expertise, you might need this kind of consulting service. This includes the following stages of working with your product:

  1. Audit — a full review of your source code, infrastructure, used tools and approaches to spot potential or existing issues.
  2. Development strategy — indication and statement of goals for the Ruby update, documented as a strategy that provides clear vision and timelines. The strategy, in its turn, covers all the aspects such as the technical analysis, delivery of a process description, the QA stage, and infrastructure solutions.
  3. Technical supervision — is performed during the development and implementation to make sure that the actual features align with the strategy as it is tested against product requirements. 
  4. AI/AR feature implementation — Finally, if an update implies the use of artificial intelligence or augmented reality, MobiDev team will perform a separate investigation to propose optimal solutions, steps to implement them, and actual development resources.

Consulting is suitable for any stage of the product life cycle since it includes an all-around overview covering different perspectives of performance, usability, cost-efficiency, reliability, and security. We strive to present the most concise way for the customer to achieve a future-proof Ruby project by implementing the latest approaches. The output deliverables, however, can be used to move on with any other technical team to fit the budget of the project.

Need help with Ruby on Rails product update?

Click to see how MobiDev can cover your needs


5 Success Stories: MobiDev ROR Application Updates

Since 2009, we’ve been developing and improving our expertise with Ruby and Ruby on Rails applications. We want to demonstrate our five most prominent clients’ success stories with regard to modernizing RoR applications. Here, you can find commentaries of our tech experts concerning the projects as well as highlights of the most challenging development aspects of each, as well as getting a grasp of the general idea of how we handle Ruby on Rails product upgrades.

Success story #1: Updating Legacy Ruby On Rails Web Portal

MobiDev worked with a credit reporting and collection company to improve their existing product that used outdated versions of Ruby on Rails and Heroku stack. The client’s request was to upgrade the RoR legacy web portal to a newer version and run testing to eliminate bugs. In this case, the main need was regression testing.

Service type: Consulting & Dedicated Ruby team

At the initial stage, the client received consulting and estimates for the upcoming workflow for an audit of the existing platform. Since there was no engineering staff on the client’s team, MobiDev moved forward by providing a dedicated team consisting of Ruby developers, a project manager, QA, and a business analyst. 

As an output of this team’s work, the client received a review of the infrastructure and existing application code with the found critical issues. All of the findings were documented as a strategy that included required tests and a development timeline.


  • Upgrade the version of Ruby on Rails and Heroku service
  • Perform complex bug fixing
  • Create detailed tech documentation

How we delivered:

1. Upgraded Ruby on Rails and Heroku Versions

Our developers have ensured the stable operation of the portal by updating code from Ruby 2.5.8, Ruby on Rails, and Heroku 18 Stack. It took us only three months to successfully complete the full system update.

2. Performed Complex Bug Fixing

As our developers were working towards upgrading the original version of the software, they came across a multitude of bugs that required attention in order to ensure the optimal functioning of the system. The development team prioritized the identified bugs from minor issues to more complex ones and gradually fixed these problems. We conducted regression testing to make sure that the upgrade didn’t affect the operation of existing features and that everything worked as it should. Last but not least, the team developed a set of automated tests to make it easier to perform upgrades in the future.

3. Composed Detailed Project Documentation

The creation of technical project documentation at each stage of the RoR application upgrade was an important task. So our business analyst created a document with detailed functional requirements that outlined the intended behaviour and functionality of the portal. This document greatly simplified the testing of the software in the current release and will be a reliable basis for future product improvements.

The client was satisfied with the prompt work of the team and recommended MobiDev for cooperation.

Success Story #2: Refactoring Outdated Healthcare Application

The project was inherited from another development team after five years of development. It had outdated versions of Ruby and Ruby on Rails, and the code was written using many different architecture approaches mixed in a single codebase. However, the code had no related documentation, which required analysis of the product in the first place. 

Service type: Consulting & Dedicated Ruby team

Our Ruby architects ran multiple tests to audit the code, as well as the existing infrastructure and document the approaches used on the platform. Then, we proposed a plan for gradual implementation of new features and updating Ruby and Ruby on Rails. 

Since the client had no engineers on their side, to implement the described development tasks MobiDev offered a dedicated team once again. But since the project required new infrastructure and breaking monolith code into modular design, DevOps engineers were also involved in the project to transfer the application to Azure cloud. 


  • Upgrade Ruby and Ruby on Rails versions
  • Define the set of patterns and abstractions to be used during the refactoring stage
  • Make sure the new version of code was developed in an extendable way
  • Provide a high level of security and personal health information (PHI) protection to comply with HIPAA
  • Set up performant and easily scalable infrastructure
  • Document the architecture design
  • Develop a new set of features and launch in half a year

How we delivered:

1. Upgraded to Ruby 2.7.1 and Rails 6.0.1

The first task performed by the Ruby development team was to ensure that upgrades wouldn’t break the existing functionality. We developed and refactored 4,488 automated rspec tests, which covered most of the existing application features. This step made it possible to upgrade Ruby on Rails to the newest versions safely. After the upgrade, the rspec tests showed us all the cases as well as where new libraries had caused problems, and we managed to fix them.

2. Built Modular (Component) Monolith Rails Architecture Design

Although the Ruby on Rails application had a single repository, by its true nature, the application consisted of many different services. It was a real challenge to develop new features because of the way the code of all these services was mixed together.

After the brainstorming phase, the development team decided to use Modular Monolith design for Ruby on Rails API. The benefit of this choice was that all services were decoupled into separate Rails engines (Admin Portal, CMS, Common API, etc.). It was then easy to navigate the project and implement new features, and the design had a clear and easy to implement set of guidelines.

Modular Monolith design for Ruby on Rails API

3. Built a New Cloud Infrastructure

Microsoft Azure was a great candidate for a new cloud enterprise solution. At that moment, it had a suitable bunch of tools to set up new infrastructure, taking into account security, scalability, durability, performance, and recoverability.

Building new infrastructure on Microsoft Azure

For security reasons, it was decided to implement an “End to End SSL” approach, which ensured that at any phase of communication between services, the traffic was encrypted and safe. An Azure Kubernetes service called AKS, enabled achieving required scalability, durability, and performance for our Ruby on Rails API.

Last but not least, the whole setup was performed using the Helm tool and Azure DevOps CI/CD.

It was a real challenge to work on the healthcare project that was passed to MobiDev’s Ruby Team from previous developers without proper documentation.

During the project’s 2.5 years, we were doing a major upgrade and developing a product by adding new functional modules. A major upgrade included refactoring files, moving business logic operations to Trailblazer and database queries to a separate repository. Following Domain-driven design principles, we thoroughly covered both the new code and the legacy one with QA testing.

The project had quite a cumbersome monolith architecture, but we managed to divide it into several modules, using Rails Engines. To ensure proper code formatting, we applied Rubocop.

Success story #3: Upgrading Sports Tournaments Management System

MobiDev’s Ruby developers dealt with competing objectives for this project. We had to develop more features within the same budget, reduce the number of bugs, and increase extensibility. Additional tasks included simplifying the onboarding of new team members and improving overall security.

Service type: Team augmentation

MobiDev’s developers performed a range of tasks, further developing features for the client’s product, while integrating with other teams and onboarding new team members. 


  • Move the code to Service and Query Objects plus Decorators by introducing a Domain Driven Design (DDD) approach
  • Unify the frontend part
  • Make onboarding for new team members and developing of new features seamless and fast

How we delivered:

  • Moved logic from controllers to Service Objects
  • Moved query functions form models to Query Objects
  • Moved helper functions form models to Decorators
  • Upgraded Rails version
  • Developed all Front-end features using React
  • Unified code style using Robocop and Rails upgrade

Applying DDD allowed the developers to simplify overly-complicated models and controllers of the legacy Ruby on Rails application, and make sure it was easy to extend the code for new features.

The RoR app had two different ways to develop UI components: pure jQuery with Ajax and EJS with remote links. To unify the frontend part, we employed migrating to React.js as an appropriate UI approach.

Interesting technologies and a powerful development team always motivate me. I was absolutely excited to work on the outstanding project which had no analogs, especially for kids, in that kind of sport. A lot of teams were involved to launch the mobile, desktop, and browser versions of the application. I am proud that we‘ve managed to transform the legacy project into the one with optimal architecture, totally covered with QA testing, and an API used only by GraphQL.

Artem Krikun

Ruby Developer

Success story #4: Updating Bank Management System

Multi-tenant Ruby on Rails startup development had been running smoothly until the team faced many risks: slow response time under load, increased development time for new features, a single point of failure, and a lack of security mechanisms.

Service Type: Consulting & Dedicated Development Team

At the initial stages, a few team members of MobiDev were involved in the communication process to consult with the client about the ongoing tasks. However, the investigation results implied the need for an audit of the whole application, since we noticed that the existing application was built as a monolith. 

After analyzing all the necessary components of the app and the infrastructure, we proposed a plan that included code base optimization, breaking monolith architecture into microservices and transfer to a new cloud infrastructure. The actual implementation of the plan was done by augmenting the client’s team with engineers and architects to close the expertise gap and provide technical supervision.


  • Provide migrating from AWS to Azure
  • Improve legacy code base
  • Find out how to solve other tasks related to risks encountered by the team

After investigation, the following problems were found:

  • A lot of load from periodic computations
  • At the initial stages, quality was sacrificed for speed
  • Hard to extend and maintain code base
  • Slow tests (harder to develop and release)
  • Hard dependencies between system components

How we delivered:

1. Migrated from AWS to Azure

The original first version of the system was built using AWS cloud in an outdated manner.

Old AWS-based structure

All developers had direct access to servers and databases, which is unsafe because of human errors and the high possibility of trouble that could happen from time to time. Also, servers were likely to crash because of periods of high load. The Ruby on Rails web application generated a lot of jobs and made the Compute Server (Sidekiq) get “stuck”. At these moments, the whole system became unavailable due to the hard coupling of the components.

It was decided to perform a decisive technology modernization and also migrate to Azure.

Migrating to Microsoft Azure

Additional security mechanisms were implemented around authentication and authorization, applying a Single Sign On approach (SSO) and Azure Active Directory (AAD). These were seamlessly integrated into the existing Ruby on Rails solution and Active Admin.

All the public traffic was routed through Gateway and Firewall to ensure a high level of protection for sensitive data. Key Vault allowed the solution to store Ruby on Rails credentials and secret keys.

The core of the system, the AKS (Kubernetes) cluster was set up to provide the required value of performance and stability of the system, eliminating the single point of failure and providing a fault-tolerant experience for users.

2. Improved Legacy Code Base

After the internal analysis of the code base, it became clear that, to improve time-to-market for new features and reduce the number of bugs, we had to get rid of the monolith architecture and the server-side rendering approach.

The split to services and separating the frontend part drastically assisted the Ruby on Rails developers to speed up automated tests and increase the extendibility of the legacy monolithic Ruby code.

I’ve been working on the project for more than four years. Along with the Ruby team we’ve implemented the project features, using parallel computing, service architecture, and complex business logic. The project utilizes an advanced security system based on Azure, Kubernetes, and Helm. The tech stack comprises RoR, PG, Sidekiq, Redis, React, and Java. It’s worth noting that the project meets the Accessibility requirements, has successfully passed Security Audit performed by the client’s IT department, and is under ongoing performance optimization.

I am located in Toronto, Canada, so contact us and let’s meet in person to discuss your project. 

Viktor Volontsevych

Ruby Team Leader

Success Story #5: WordPress-Based Legacy App Upgrade With Ruby on Rails

The project was initially a WordPress based startup social network for teams interested in the growth of their businesses. Soon an idea of a special growth management tool came into play, and it could be built using Ruby on Rails framework. 

The development team quickly realized that the project was a set of multiple services, and it was difficult to keep engineers for different technology stacks (WordPress and RoR). In addition to the startup-based architecture design, it was hard to develop new features and the development slowed down.

Service type: Dedicated Ruby Team

Since engineering teams on the client’s side didn’t have the required expertise for developing new services on Rails, MobiDev offered a team to perform a full cycle of development.


  • Unifying the tech stack
  • Isolate multiple apps from each other
  • Reduce release risks

How we delivered:

  • Rewrote the WordPress part of the project using RoR for unifying the tech stack
  • Introduced Microservices architecture to keep multiple apps isolated from each other and make it possible to share the data between them (like users). This increased overall stability and performance.
  • Introduced CI/CD automation for reducing release risks
New microservices-based architecture

Ruby on Rails Upgrade in 2024: Addressing Security Risks with Timely Updates

Ruby on Rails in 2024 possesses all the required features for building secure applications, once both the programming language and framework are updated. Each Rails update provides fixes of prior vulnerabilities and removes security breaches that are well documented by the community. So upgrading your Ruby software to the latest standards should be the primary solution used to make it bulletproof with regard to data leaks and to prevent damage to your organization.

However, security measures are also implemented through the development approach, architecture choice, and the overall approach to testing. MobiDev’s Ruby teams follow the principles of a test-driven approach, built on DevOps principles and a CI/CD pipeline. This generally helps us eliminate the largest number of bugs iteratively, and cover the code with automated and manual tests. 

So, are you ready to upgrade your RoR application?

We are ready to work on challenging projects and believe that, with a competent approach, they are bound to succeed. For us, RoR is flexible enough in the long term, as well as secure and easy for business logic implementation. Ruby on Rails shines again with all its refactoring best practices gathered by the MobiDev Ruby development team throughout our years in web application development.

By submitting your email address you consent to our Privacy Policy. You can withdraw your consent at any time by sending a request to

Open Contents


To discuss your project details with our tech experts

+1 916 243 0946 (USA/Canada)

Book a meeting


Legacy Application Modernization: 5 Approaches to Upgra…

Ruby on Rails Security Guide: Protecting Your Business and Customer Data

Ruby on Rails Security Guide: Protecting Your Business …


We will answer you within one business day