Trusted execution environments enable the creation of confidential and attestable enclaves that exclude the platform and service providers from the trusted base. From its initial attestable state, a stateful enclave such as a confidential database can hold confidential information in memory or use an enclave-specific secret seed to encrypt it on disk. The attestation logic is bound to a unique software version, and does not provide a mechanism to upgrade software version. We propose attestable software versioning to ensure the trust-worthy software migration of stateful enclaves in the context of an untrusted service operator. Attestable software versioning relies on extended attestation, a two-steps hashing process for measurement validation of an enclave extended with its complete software lineage, which further restricts migration to white-listed software versions. Enclaves rely on mutual local or remote extended attestation during the software upgrade; client program use remote extended attestation to determine the software lineage decisions made by the untrusted service operator. The mechanism enables a full separation of roles and responsibilities between software editors, which cannot access data, and untrusted platform operators, who trigger attestable software upgrades.