Help request: upgrade from Laravel Framework 5.4.36

[SilvioIBZ]

Hi everyone,
We are facing considerable difficulties in trying to update our site, currently online on framework 5.4.36.

We are basically worried about the risk of cyber attacks and the question is the following: is a system update a viable solution for our situation?

A description of current working conditions follows:

Laravel Framework 5.4.36
Wordpress 6.3.3
PHP 7.0.33
MySQL 5.6.51

Centos Linux 7.9.2009

Our business is built around two very similar and currently running websites, each one consists of:
• a public area (running entirely on Laravel)
• an administration restricted area (running entirely on Laravel)
• a magazine (running on Wordpress)

The two websites are almost clones in functionalities, but are currently two separate entities running on the same web server.
Unfortunately, currently there is no repository nor version control software: open-heart operations directly on the production web server (there isn't a development environment).

Apart from the urgency to protect our business from attacks, we are also looking to find a way to have a modern, up-to-date (so relatively secure) and easy to maintain platform to run our business on, but we are trying to avoid to build a new webpage from scratch.

Thank you for any suggestions or support!

[ghost]

Hi. I did a migration once from 5.7 to laravel 8. I did it by creating a new repo on my local in a folder from laravel 8 and mooving (cut & paste) files from the old in the new. Used Meld to track the differences between the 2 folders.
With each file moved, I updated/mooved their dependencies and refactored etc.

I did not update in the same repository (project) but created a new one. I would NOT just update the composer.json and hope it would work, but you can try also that on your local...
Also bear in mind that Laravel supports the versions for 1 year only. https://laravel.com/docs/8.x/releases#versioning-scheme

So forget about staying up to date.

(this is very interesting... you finish a project after more than a year and you are told to update... because there is a new version which introduces new bugs of course along with new features which you don't really need anyway) .

I would pick 9 if I were you because I saw 10 has some bugs if you browse the discussions section.

PS. if your current project is not affected by known vulnerabilities, I would say you don't need to update yet.

[SilvioIBZ]

Thanks Marius