That depends on several factors. Here are some pros and cons of each:

It is not recommended you do this because you may run into issues. For example, some changes were made in crypto_master.php and data/upgrader2.php prior to the first v11 alpha. These changes will result in a broken upgrade unless you already pulled these changes from git. Similar situations could happen in the future as well.

It is recommended you either discard the git install and use a fresh install from the Downloads, or to maintain a git install and a bleeding-edge release install separately. Do not combine the two.

Absolutely! Frequent changes may be made to both bundled and non-bundled addons. Bundled addons will be updated via the upgrader. For non-bundled addons, you will have to update them through the addons management screen (Admin Zone > Structure > Addons). You will be informed which ones need updated.

Once version 11 reaches release candidate, we do not expect frequent updates to non-bundled addons anymore. But it is still good practice to check after every update.

Yes, for basic non-custom v10 sites. However, expect some issues to arise in the process. And please report those issues to the tracker.

For v10 sites with non-bundled addons or customisations, upgrading to v11 will likely break the site until you update the non-bundled addons or temporarily remove the customisations.

We aim to have the upgrader fully functional for a large majority of types of sites and for sites using non-bundled addons by the time version 11 reaches release candidate stage.

We do not recommend upgrading production v10 sites at this time until v11 reaches stable.

Yes (probably). Always remember especially during alpha and beta phases that things can break. Please make backups first. And let us know on the issue tracker if an issue occurs.
 

Note: You cannot upgrade from 11 alpha to 11 beta without first upgrading to 11.alpha4 (if you are not already on 11.alpha4).

As of July 22, 2024, we entered beta status where our focus is now smashing bugs and stabilising the software. All planned features have been implemented for 11.0 (and most others deferred to 11.1 or later), though we may still merge in a few minor features or tweaks. The upgrader has been tested on a typical non-custom v10 site.

We will be releasing several beta versions in the beta phase.

We do not know when we will be able to release the first Release Candidate or stable versions at this time.

These plans are all subject to change without notice.

Highly optimised code

Can run CDNs

Multiple levels of caching

Sophisticated template compiler

Self-learning optimisation system

Automatic pruning of old cache files when caches get large

Translate Composr into your own language

Translate content into multiple languages

Custom time and date formatting

Language packs: Download new language packs as users post them; host multiple languages on your website at the same time.

Time zone support: Members may choose their own time zones, and dates / times will adapt to them.

Support for different character sets and Unicode

Serve different theme images for different languages

Right-to-left languages possible

Professionally designed user interfaces

AJAX techniques: Streamlined website interaction.

WYSIWYG editing

Tutorials: Over 200 written tutorials, and a growing collection of video tutorials.

Displays great on mobiles: Mobile browsers can be automatically detected, or the user can select the mobile version from the footer. All public website features work great on QVGA or higher. The default theme is also responsive and will adapt to the client screen size.

A consistent and fully integrated feature-set: Breadcrumb navigation, previews, and many other features we didn't have space to mention here – are all present right across Composr.

Supports different URL schemes and textual monikers

Automatic site-map generation: Both XML Sitemaps and sitemaps for users.

Metadata: Meta descriptions and keywords for all content. Auto-summarisation.

Keyword density analysis when previewing content

Correct use of HTTP status codes

Content-contextualised page titles

Semantic and accessible markup (e.g. ‘alt tags')

Compliance with major data protection legislation such as the GDPR

Allow members to download or purge their personal data from their profile. Set a limit on the number of days between downloads / purges to preserve server resources.

Also manage member data to a more technical degree in the Administration Zone.

Allow members to purge their data upon deleting their member account

Composr is careful to maintain important data (such as warnings or bans) when members request their data to be purged from their profile. But this data can still be purged on the admin side (in the Admin Zone).

Automatic generation of a basic Privacy Policy based on site settings and installed addons

Cookie Consent notice

Basic COPPA / child protection settings

Set declarations on the rules page which members must agree to on registration (or whenever they are changed) which are also stored in the database and e-mailed to the member as a written copy

Automatic detection, logging, notifying, and banning of hackers

2-factor-authentication: E-mail based 2-factor-authentication security when unrecognised IP addresses are used with certain usergroups (optional, Conversr-only).

Password strength checks: Enforce minimum password strengths based on length and use of upper / lower case, numbers, and symbols, and avoiding repeated characters (Conversr-only).

Architectural approaches to combat all major exploit techniques

A JavaScript framework that makes XSS attacks virtually impossible

Defence-in-depth: Multiple layers of built-in security.

Encrypted custom profile fields: Once set the CPF can't be read unless a key password is entered (Conversr-only, requires OpenSSL).

Extensive support and use of Content Security Policy (CSP)

Track failed logins and automatically ban brute-force attacks

HTML filtering

Protection against CSRF attacks: Forms and AJAX requests make use of randomly generated POST tokens

Root-kit detection kit for developers

Cookies are secure and HttpOnly where possible to prevent session hijacking

Set number of days that passwords expire or must be changed

(Conversr Only)

Issue warnings (with an optional Private Topic sent to them) for unruly members. Optionally include one or more of several punitive actions as explained below.

Ban the member's IP address so they can no longer access the site from that device (this also adds their IP address in your htaccess file)

Ban the member so they can no longer log in (and their profile can no longer be viewed by others except high-ranking staff)

Report spammers to public blocklists such as Stop Forum Spam

Put members in a special restricted 'probation' usergroup for a specified number of days

Silence a member from the forum or topic on which they made their problematic post (this also works on comments).

Change a member's usergroup (useful to de-rank them)

Automatically delete recent or violating content / posts posted by the member

Charge points from the member's balance (also affects rank points to penalise their ability to rank up)

Reverse recent point transactions members made in abuse

Save and load explanatory messages for future use

Automatically generate punitive action text in the Private Topic sent to the member

Members can view their account standing on their profile, including any active punitive actions and their warnings history

Staff can view full details of individual warnings including an action log and options to undo some of the individual punitive actions

Develop your own cns_warnings hooks to define additional punitive actions that can be used with the warnings system

Use one of the several pre-defined "reasons" for a warning in the dropdown to include the warning in your site statistics (for number of warnings issued by reason).

Configurable word filters

Investigation: Investigate activity by member ID, username, IP address, or e-mail. Ban troublesome IP addresses.

CAPTCHA: Include CAPTCHA on forms for guests and new members. Enable CSS and/or JavaScript CAPTCHA to make detection by bots much harder. Enable an audio version for the visually impaired.

Integrate with known-spammer blacklists: Multiple configurable levels of enforcement.

Honeypots and blackholes: Find and ban bots via automated traps that humans would never see or fill out.

Heuristics: Clever ways to detect and block spammers based on behaviour.

Published e-mail addresses will be protected from spammers

Protection from spammers trying to use your website for their own SEO

Also known as Tempcode.

Perform computations: Run loops, manipulate logic, numbers, and text.

Handy effects: Easily create design effects like “Zebra striping” and tooltips – and much more.

Branching and filtering: Tailor output according to permissions and usergroups, as well as user options such as language selection.

Include other templates, blocks, or pages, within a template

Create and use standard boxes: Avoid having to copy and paste complex segments of XHTML5.

Easy web browser sniffing: Present different markup to different web browsers, detect whether JavaScript is enabled, detect bots, and detect PDAs/Smartphones.

Randomisation features

Pull up member details with ease: For example, show the current users avatar or point count.

Easily pull different banner rotations into your templates

Escaping: Easily escape parameters and strings to avoid JavaScript or HTML syntax errors and XSS vulnerabilities.

Create your own Tempcode symbols through hooks

Switch users: Masquerade as any user using your admin login

Change theme images inline with just a few clicks

Easily find and edit the templates used to construct any screen

Error monitoring: Get informed by e-mail if errors happen on your site.

Make inline changes to content titles

Easy text changes: Easily change the language strings used to build up any screen.

Easily diagnose permission configuration problems: Log permission checks, or interactively display them in Firefox.

Testing platform: Use our testing_platform non-bundled addon when developing with Composr to ensure nothing has been broken.

Profiler: Use the documented profiling tool to monitor intensive logic and their time / memory consumption.

Health check: Use the bundled health check to routinely run site checks and report any issues or failures detected.