Right, we don't recommend upgrading since we trying to keep our testing simple. Security updates are enabled for the base packages that we use. We don't really use many base packages - nginx, collectd. Rest are all containerized (mysql/mongo/redis/email etc) and updated via our docker updates. Docker, nodejs itself are all installed from binaries and not via apt.
@mishkalidas When there is an update, you will see an update button in the UI. This is the same for apps - when there is an update, you will see an update indicator in the app grid. There is no other supported update mechanism. Let me know if I misunderstood your question.