Managing SecureAI Updates

SecureAI receives regular updates that include new AI model integrations, security patches, feature improvements, and bug fixes. As an administrator, you control when and how these updates are applied to your organization's instance. This article covers the update process, version management, planning maintenance windows, and rolling back if something goes wrong.

How SecureAI Updates Work

SecureAI follows a structured release cycle:

Every release includes a changelog accessible from Admin Panel > System > Updates or on the SecureAI release notes page.

Checking Your Current Version

1. Navigate to Admin Panel > System > About.
2. Your current version is displayed at the top (e.g., SecureAI v3.4.2).
3. The page also shows your deployment type (Cloud Run, Docker, Kubernetes) and the date of your last update.

You can also check the version from the command line:

secureai version

Or via the API:

curl -s https://your-instance.com/api/version \
  -H "Authorization: Bearer $ADMIN_API_KEY" | jq '.version'

Reviewing Available Updates

Automatic Notifications

SecureAI checks for available updates daily. When a new version is available:

• A banner appears at the top of the Admin Panel.
• Administrators receive an email notification (if configured under Admin Panel > Settings > Notifications).
• The Admin Panel > System > Updates page shows the available version with its changelog.

Manual Check

Navigate to Admin Panel > System > Updates and click Check for Updates. The page displays:

• Current version and release date.
• Available version with a summary of changes.
• Update classification (patch, minor, or major).
• Breaking changes highlighted in a warning box for major updates.
• Estimated downtime based on your deployment size and the update type.

Planning a Maintenance Window

Updates require a brief service interruption. Plan accordingly:

Pre-Update Checklist

1. Review the changelog. Read the full release notes, paying special attention to breaking changes, deprecated features, and new configuration options.
2. Check compatibility. If you use custom tools, pipelines, or API integrations, verify they are compatible with the new version. The changelog notes any API changes.
3. Back up your data. Create a full backup before any update (see Backup Procedures below).
4. Notify your users. Use the built-in maintenance announcement feature:
   • Go to Admin Panel > Settings > Announcements.
   • Create an announcement with the maintenance window time and expected duration.
   • The announcement appears as a banner for all users.
5. Schedule during low-usage hours. Check Admin Panel > Analytics > Usage Patterns to identify when your team is least active.

Estimated Downtime

Actual downtime depends on your data volume and deployment infrastructure.

Backup Before Updating

Always create a backup before applying updates. SecureAI provides built-in backup tools.

Using the Admin Panel

1. Navigate to Admin Panel > System > Backups.
2. Click Create Backup.
3. Select what to include:
   • Database (conversations, users, assistants, settings) -- always recommended.
   • Uploaded documents (knowledge base files) -- recommended for major updates.
   • Configuration (environment variables, custom settings) -- always recommended.
4. Click Start Backup. The backup file is saved to your configured backup location.
5. Verify the backup completed successfully before proceeding.

Using the CLI

# Full backup (database + documents + configuration)
secureai backup create --full --output /backups/pre-update-$(date +%Y%m%d).tar.gz

# Database only (faster, sufficient for patch updates)
secureai backup create --db-only --output /backups/pre-update-$(date +%Y%m%d)-db.tar.gz

# Verify backup integrity
secureai backup verify /backups/pre-update-20260320.tar.gz

Cloud Run Deployments

If you are running SecureAI on Google Cloud Run:

# Snapshot the Cloud SQL database
gcloud sql backups create --instance=secureai-db --description="Pre-update backup"

# Export documents from Cloud Storage
gsutil -m cp -r gs://secureai-documents/ /backups/documents/

Applying Updates

Cloud-Managed Instances

If your SecureAI instance is managed (hosted by SecureAI):

1. Go to Admin Panel > System > Updates.
2. Review the changelog and breaking changes.
3. Click Apply Update.
4. Confirm the maintenance window. Users see a "Maintenance in progress" page during the update.
5. The update applies automatically. You receive a notification when it completes.

Self-Hosted: Docker

# Pull the new image
docker pull secureai/secureai:3.5.0

# Stop the running container
docker stop secureai

# Start with the new image (using your existing volume mounts)
docker run -d --name secureai \
  --env-file /etc/secureai/.env \
  -v secureai-data:/app/data \
  -p 8080:8080 \
  secureai/secureai:3.5.0

If you use Docker Compose:

# Update the image tag in docker-compose.yml, then:
docker compose pull
docker compose up -d

Self-Hosted: Kubernetes

# Update the image tag in your deployment manifest
kubectl set image deployment/secureai \
  secureai=secureai/secureai:3.5.0 \
  -n secureai

# Monitor the rollout
kubectl rollout status deployment/secureai -n secureai

For Helm-based deployments:

helm upgrade secureai secureai/secureai \
  --set image.tag=3.5.0 \
  --namespace secureai \
  --values values.yaml

Self-Hosted: Cloud Run

# Deploy the new image
gcloud run deploy secureai \
  --image secureai/secureai:3.5.0 \
  --region us-central1 \
  --platform managed

Post-Update Verification

After the update completes, verify everything is working:

1. Check the version. Confirm the Admin Panel shows the expected version number.
2. Run the health check. Navigate to Admin Panel > System > Health or:

   curl -s https://your-instance.com/health | jq '.'
   

3. Test core functionality:
   • Start a new conversation and verify AI responses work.
   • Upload a test document to confirm knowledge base indexing.
   • Check that existing assistants load and respond correctly.
4. Verify integrations. If you have API integrations, custom tools, or SSO configured, test each one.
5. Check the audit log. Navigate to Admin Panel > Audit Log and confirm the update event was recorded.
6. Monitor for errors. Watch the system logs for the first 30 minutes after the update:

   secureai logs --follow --since 30m
   

Rolling Back an Update

If the update causes problems, you can roll back to the previous version.

When to Roll Back

Roll back if you encounter:

• Application crashes or the instance fails to start after updating.
• Critical features (chat, document upload, API) are broken.
• Performance degradation that affects user experience.
• Integration failures with SSO, custom tools, or external APIs.

Do not roll back for cosmetic issues or minor bugs -- report these to SecureAI support instead.

Rollback: Cloud-Managed Instances

1. Go to Admin Panel > System > Updates > History.
2. Find the previous version in the update history.
3. Click Roll Back next to that version.
4. Confirm. The system restores the previous version and its database state.

Rollback: Docker

# Stop the current container
docker stop secureai
docker rm secureai

# Start with the previous image
docker run -d --name secureai \
  --env-file /etc/secureai/.env \
  -v secureai-data:/app/data \
  -p 8080:8080 \
  secureai/secureai:3.4.2

If the update included database migrations, restore from your pre-update backup:

# Restore the database backup
secureai backup restore /backups/pre-update-20260320.tar.gz

Rollback: Kubernetes

# Undo the last deployment
kubectl rollout undo deployment/secureai -n secureai

# Verify the rollback
kubectl rollout status deployment/secureai -n secureai

Rollback: Cloud Run

# List recent revisions
gcloud run revisions list --service=secureai --region=us-central1

# Route traffic back to the previous revision
gcloud run services update-traffic secureai \
  --to-revisions=secureai-00042=100 \
  --region=us-central1

Restoring Data After Rollback

If the update included database schema changes (common in major updates), rolling back the application alone is not enough. You also need to restore the database:

1. Stop the SecureAI instance.
2. Restore your pre-update database backup:

   secureai backup restore /backups/pre-update-20260320.tar.gz --db-only
   

3. Start the instance with the previous version.
4. Verify data integrity in the Admin Panel.

Important: Any conversations or data created between the update and the rollback will be lost when restoring the backup. Communicate this to affected users.

Version Pinning and Update Policies

For organizations that need tight control over which versions are deployed:

Pinning to a Specific Version

Lock your instance to a specific version to prevent automatic updates:

1. Go to Admin Panel > System > Updates > Policies.
2. Set Update Mode to one of:
   • Automatic -- Updates apply automatically during the configured maintenance window.
   • Notify Only -- You receive notifications but must manually approve each update.
   • Pinned -- No updates are applied until you explicitly change the pinned version.
3. If you choose Pinned, specify the version to pin to.

For self-hosted deployments, pin the version by using an explicit image tag rather than latest:

# docker-compose.yml
services:
  secureai:
    image: secureai/secureai:3.4.2  # Pinned — do not use :latest

Update Channels

SecureAI offers two update channels:

Change your channel under Admin Panel > System > Updates > Channel.

Recommendation: Use Stable for production instances. Use Preview only on a separate staging instance to evaluate upcoming features before they reach stable.

Staging and Production Strategy

For organizations running multiple SecureAI instances, apply updates to staging first:

1. Staging instance -- Set to Preview or Stable channel with Automatic update mode.
2. Production instance -- Set to Stable channel with Notify Only or Pinned update mode.
3. After an update applies to staging, run your verification checklist.
4. If staging is healthy for 48--72 hours, apply the same update to production.

Handling Major Version Upgrades

Major version upgrades (e.g., 3.x to 4.x) require extra care:

1. Read the migration guide. Major versions include a dedicated migration guide in the release notes. Follow it step by step.
2. Test on a staging instance first. Clone your production data to staging and run the upgrade there.
3. Check for deprecated features. Features deprecated in the previous major version are removed. Update your workflows before upgrading.
4. Plan for extended downtime. Major upgrades run database migrations that can take 10--30 minutes depending on your data volume.
5. Update API integrations. Major versions may change API endpoints or request/response formats. Update your integration code before upgrading.
6. Coordinate with your team. Major upgrades may change the user interface. Prepare your team for changes and update any internal documentation or training materials.

Troubleshooting Update Issues

Update Fails to Apply

Instance Won't Start After Update

1. Check the logs:

   secureai logs --tail 100
   # or for Docker:
   docker logs secureai --tail 100
   

2. Common causes:
   • Missing environment variable -- New versions sometimes require new configuration. Check the changelog for new required settings.
   • Database migration incomplete -- The migration may have been interrupted. Try running it manually:

     secureai db migrate
     

   • Port conflict -- Another service may have taken the port during downtime.

Performance Degradation After Update

1. Check Admin Panel > System > Health for resource usage.
2. New features may require more memory or CPU. Review the release notes for updated resource requirements.
3. If the issue persists, consider rolling back and reporting the issue to SecureAI support.

Related Articles

• Configuring Data Retention Policies
• Content Filtering and Safety Settings
• Deleting Data from SecureAI