Keeping WordPress Core up-to-date is not only important for getting bug fixes, but for security updates.
Consider: As soon as a security patch is released, every hacker now knows exactly how to hack WordPress, because the fix is public knowledge.
Therefore, when WordPress releases a patch release (e.g. v3.1.1 -> v3.1.2), we automatically apply the patch to your blog as fast as we can. We try to have it done in less than 60 minutes after the public announcement.
A patch release has never broken one of our customers’ blogs. Therefore we consider this automatic update to be safe.
However, when WordPress comes out with a new minor release (e.g. v3.1.4 -> v3.2.0) or a major release (e.g. v2.9.2 -> v3.0.1), the same rules don’t apply. Upgrading can and does cause blogs to break.
Specifically, upgrading causes breakage with plugins and themes which are no longer compatible. Popular plugins and themes often have patched versions ready in time, although there’s always a few which infamously take a little longer to release a fix. Others take much longer — as much as a month — while others still might never release a fix if they’re not under active development.
Then of course there’s custom code in themes and plugins which also might or might not need to be updated.
Finally, there’s often some last-minute bugs or security problems in WordPress Core itself which is cleaned up quickly with patches.
In general we wait until we believe the new release is “stable,” meaning Automattic isn’t releasing patches so quickly, most plugins seem like they’re working, etc.. This is just a judgement call — we try our best but we can’t know all the permutations that happen with custom code and various plugins.
When we’re ready, we’ll recommend that you upgrade your blog. You still need to test to make sure you’re comfortable with that. Then we’ll automatically push out the latest release, unless you tell us not to, which we can honor.