At the moment, the server I am using cannot update PHP, as it could affect other projects that are in production.
It sounds like this is more of a question of the security of PHP rather than of OJS. OJS 2.4.8-5 will run under PHP 5.x and under PHP 7.x. OJS 3.x requires PHP 7.
PHP 5.x is no longer supported by PHP itself:
https://www.php.net/supported-versions.php
So, if new PHP 5.x vulnerabilities are discovered, they are likely to go unpatched.
OJS 2.4.8-5 does not have any open vulnerability reports. If a new vulnerability is discovered for OJS, it will be disclosed and patched.
My recommendation would be to spin off the other projects which require PHP 5.x onto their own server, upgrade to PHP7 for OJS 2.4.8-5, and consider a future path to upgrade of OJS to 3.x.
1 Like