Another good one is; please always split any security updates from feature changes (and backport the updates per whatever versioning policy you have for those lagging the latest).

After many years of being burned I always delay system level non-security -related updates at least several days after launch to mitigate the risk.