Case Study: OJS Upgrade for IAIN Parepare

By   Last Updated : February 28, 2026
ClientIAIN Parepare (Institut Agama Islam Negeri Parepare)
Websiteejurnal.iainpare.ac.id
PlatformOpen Journal Systems (OJS)
Upgrade VersionOJS 3.1 → OJS 3.3

Background

IAIN Parepare manages an active academic journal portal serving multiple scholarly journals across Islamic studies, education, and social sciences. Their OJS platform had been running reliably for years, supporting authors, reviewers, and editors from various institutions across Indonesia.

However, over time, their OJS installation had fallen significantly behind on updates. When they reached out to us, the platform was still running on OJS 3.1 — a version that had reached end-of-life and was no longer receiving security patches from the PKP (Public Knowledge Project) development team.

The Challenge

The primary reason for the upgrade was clear: critical security vulnerabilities discovered in their outdated OJS 3.1 installation.

During our initial audit, we identified several categories of risk:

  • Unpatched CVE Vulnerabilities — OJS 3.1 carried multiple publicly documented security exploits that had been fixed in later releases but remained open on their server.
  • No Security Updates Available — The version was too old to receive official patches without a full upgrade, leaving the platform permanently exposed.
  • User Data at Risk — Hundreds of registered users — authors, reviewers, and editors — had their personal data potentially accessible to unauthorized parties.
  • Plugin Incompatibilities — Key plugins including DOI registration and indexing integrations had silently stopped working due to version incompatibilities.

Our Approach

Jumping directly from OJS 3.1 to 3.3 on a live production server carries significant risk. We used a staged upgrade approach, moving through intermediate versions to validate data integrity and plugin compatibility at each step before proceeding.

Upgrade path: OJS 3.1 → OJS 3.2 → OJS 3.3

Here is what we did, step by step:

  1. Full Backup & Environment Audit — We created a complete backup of the database and file system, then audited the server environment — PHP version, MySQL configuration, and file permissions — to prepare for OJS 3.3 requirements.
  2. Staging Environment Setup — A full clone of the production site was deployed on a private staging server. All upgrade steps were performed and validated here first, without affecting the live journal.
  3. Staged Upgrade: 3.1 → 3.2 → 3.3 — Each version step was handled separately to ensure all database migration scripts ran cleanly, with no content, submissions, or user data lost or corrupted along the way.
  4. Plugin Restoration & Compatibility Check — All installed plugins were reviewed. Outdated or incompatible plugins were replaced with their OJS 3.3-compatible counterparts. DOI integration and indexing plugins were reconfigured and thoroughly tested.
  5. Security Hardening — Beyond the upgrade itself, we applied additional hardening measures: updated file permissions, secured config.inc.php, disabled unnecessary features, and verified SSL was correctly configured.
  6. Production Deployment & Verification — The validated upgrade was applied to the live server during a low-traffic window. Post-deployment, we ran a full checklist covering submission workflows, user logins, email notifications, and DOI registration to confirm everything was working correctly.

Results

  • Zero downtime — The entire upgrade process was invisible to users, completed during off-peak hours without any service interruption.
  • 100% data preserved — All articles, submissions, user accounts, and review history were fully carried through the migration without any loss.
  • All CVEs resolved — Every known security vulnerability present in OJS 3.1 was patched by moving to the actively maintained OJS 3.3 release.
  • Now on an officially supported version — IAIN Parepare is now running a version of OJS that continues to receive official security patches from PKP.

Is Your OJS Version Putting You at Risk?

If your journal is still running on an outdated version of OJS, security vulnerabilities are not just a possibility, they are an inevitability. Contact us for a free audit and consultation on upgrading your OJS platform.

Tags :
About the Author
user-avatar

Hello! I'm Ghazi, im OJS Technical Support from Openjournaltheme. Have a passion for linux, helping solve publisher problems related to the use of OJS, OMP and Eprints.

Leave a Comment

Your email address will not be published. Required fields are marked *

Open Journal Theme

Professional Publishing system services OJS, OMP, Eprints

Need More Services  or Question?

Contact us

Openjournaltheme.com started in 2016 by a passionate team that focused to provide affordable OJS, OMP,  OPS,  Dspace, Eprints products and services. Our mission to help publishers to be more focus on their content research rather than tackled by many technical OJS issues.

Under the legal company name :
Inovasi Informatik Sinergi Inc.

About
OJS Services
OJS Themes

Secure Payment :

All the client’s financial account data is stored in the respective third-party site (such as Paypal, Wise and Direct Payment).
*Payment on Credit card can be done by request
Your financial account is guaranteed protection. We never keep any of the clients’ financial data.

Table of Contents

Index