The status of software is rarely static. Software companies are either releasing bug fixes (patches), or introducing new versions with enhanced functionality. See also Responding to Vendor Recommended Upgrades to Software. However, substantial Information Security issues are raised by this seemingly straight forward process.

• The new version may simply fail to perform as expected and / or may have key features removed, enhanced or otherwise modified - potentially disrupting your business operations.

• Consider all such releases as brand new code which must be tested properly. See Testing Software before Transferring to a Live Environment.
• Your Test Plan should include Regression Testing to test all the key features - not only those which have been changed or updated.

• Users of an older version of the software can be prevented from reading files created using a later release of the software.

• Always ensure that the newer version can read and write files in the older format. Investigate 'save options' accordingly.
• Do not permit upgrades to take place informally. Schedule them as a project and inform users accordingly.
• Use the existing (older) format for saving files until all users are upgraded. Take care if you need to share your files with tele-workers or external parties, because the latest format may be incompatible with their systems.

• New software versions released following the merger of software companies may contain unanticipated (new) code and / or bugs.

• Consider all such software as brand new code which must be tested properly. See Testing Software before Transferring to a Live Environment.
• Your Test Plan should include Regression Testing to test all the key features - not only those which have been changed or updated.