I would setup a development environment, run upgrades there; test the site, and then upgrade the production environment IF it works. Drush is awesome for syncing environments and upgrading. I do think up-to-date software is a requirement for PCI compliance. I found these resources helpful: What you need to know about PCI Compliance http://www.mijireh.com/docs/what-you-need-to-know-about-pci-compliance/ Let's Talk About PCI Compliance for Ubercart and Drupal Commerce: http://soundpostmedia.com/article/lets-talk-about-pci-compliance-ubercart-an... Tracey -------------------- Tracey Hummel Web Application Developer tracey@arizona.edu http://tshummel.com ________________________________ From: support-bounces@drupal.org [support-bounces@drupal.org] on behalf of James R Stone [fndtn357@gmail.com] Sent: Tuesday, February 25, 2014 11:15 AM To: support Subject: [support] Updates I have inherited an eCommerce website that I am preparing for a soft launch. The code base is out of date, specifically, Drupal core is 7.23, 41 modules are out-of-date, and there are 31 Features dependent to some degree or another on any modules that get updated. Should I apply all the updates before launching? My gut tells me it is a show stopper (they must be applied) but I am asking for some sage advice on this list. James R Stone Drupal builder-developer-consultant Messages: 216-635-5492 | Office: 216-931-0475 fndtn357@gmail.com<mailto:fndtn357@gmail.com> <mailto:fndtn357@gmail.com> [http://www.addedbytes.com/images/drupal.png] <https://drupal.org/user/255723> [LinkedIn] <http://www.linkedin.com/in/jamesrstone> [Twitter] <http://www.twitter.com/fndtn357> <http://www.twitter.com/fndtn357>"The skill of coding is to create a context in which other people can contribute."