Updating a CMS by partially applying release code, for real?

Hi, I’m looking for some advice please with regard to what I consider an outlandish claim made by the web dev company maintaining my employer’s websites, but which I can’t disprove because I can’t get access to their server side code. I also do web dev work and feel like I’ve entered the twilight zone with this company, so could do with a reality check from the pros on this forum.

It looks like the CMS (MojoPortal) hasn’t been updated in the six years since the sites were launched, making it sixteen versions behind the current release, according to the version number reported in the backend. Inspecting the javascript of the bundled text editor (CKEditor) shows the same version number as six years ago, which is a full major version behind.

The web-dev company claim that this is because they don’t apply the releases in full, but are ‘continually’ updating the CMS by inspecting the code from the releases and selectively applying changes. They haven’t yet explained why they would do this.

As far as I’m aware, no-one does this ever. It would create ten times more work, would quickly become unmaintainable, and has no benefits that I can see.

To your knowledge…
Is this an anomaly or are you aware of anyone else doing this?
Are there any benefits in doing this?
Is doing this at all sane?
Would you believe them?

To put it all in context, websites they deliver for approval take literally around 100 hours of our time, sometimes more, in testing and bug reporting to get them to a barely passable state for launch. Try to create a new post, the whole website breaks (server error). Try to create a new job advert, the whole website breaks. Try to add a new author, the whole website breaks. Pages don’t display. New content won’t save. Image captions don’t display. The search function doesn’t work (no results). Entire admin sections for administering content are missing. New websites are created by copying the database and code from another website, often leaving entire content sections in both the front and back end from the original… so on a website about home baking equipment you will find posts about industrial air conditioning units in the search results (not kidding). There are 10 different headline font styles on the homepage because they’ve copied and pasted CSS code from here, there and everywhere. Images are put inline with text. Worst of all was a security blunder where, on a membership website (free sign up, automatic account creation), anyone could get the username, password, and email address of every other user on the system, including the web dev’s super-admin account with full access to the CMS, using an actual user interface they’d implemented in the backend. With auto-completion. And that’s just the tip of the iceburg.

Please tell me this isn’t normal.

This sounds like a lame excuse they pulled out to keep you paying them. No one would do this crazy thing. Do you think they’ll just selectively patch CKEditor with the new updated code? I don’t think so, it sounds like most probably they do not have a clue of what they are doing or they are just plain lazy to update. All that you’re telling us sounds pretty terrible and I wouldn’t pay a cent for that kind of service.


No one would do this crazy thing.

Thanks, pretty much as I thought.

Do you think they’ll just selectively patch CKEditor with the new updated code?

Thanks Andres! That’s given me the idea to check the CKEditor code for security patches :grinning:

1 Like

I’ve never heard of anything like this. Why on earth do you keep using them? Your long list of features that don’t work, and the fact that they don’t use a fresh database for each new website has me shaking my head in disbelief.


I would be tempted to review the original suppliers contract and see it they are adhering to their terms and conditions.


That first part of your post about the updates sounds very iffy to me.

And that last paragraph makes them sound grossly incompetent and not to be trusted.
Why are you still dealing with these people? I think you need a fresh start with another company.

1 Like

Your post is hilarious! Only the problem is this is not funny for you. I agree with other posters - why are you still dealing with them?

1 Like

It isn’t normal.

I can understand the concern about upgrades breaking things, but picking code apart and only applying portions is in essence running a “fork”. IMHO this is more work but as long as one understands the implications I guess it could be OK. eg. “don’t need this feature, but do want this security patch, we understand the code as well as the authors so all is good”.

Ideally, breaking changes would come with advanced warnings to give users time to modify their code so they could do thorough testing in a staging environment prior to going live.
IMHO, simply not upgrading is not an option.


As well as the numerous update problems the security blunder could lead to your company going out of business.

I would be looking for another job now :slight_smile:

1 Like

Thanks everyone for your feedback, it will be useful.
Sometimes things are so bizarre that you start to doubt yourself. Glad to be reassured that it’s way outside the norm, or the world would be a truly depressing place.
Why do we keep using them? Inertia, lack of resources, lack of organizational structure, and lack of knowledge, experience, and judgment in the decision making. The shots are called outside of our department, we pick up the pieces. No credible reason exists for continuing with them, just empty promises that things will improve. Working toward replacing them though. This will help.
Kudos to Mittineague for one potentially valid reason for “forking”.
Today diff’d the running CKEditor with the version released six years ago, they’re identical to the last character ha.

Thanks y’all


:grinning: :+1: Particularly the industrial air conditioning units on the home bakeware site. Gotta laugh or you’d cry :grinning:

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.