We're currently on Symfony 3.3 which has security holes. We're very close to having PHP 7.2 support on Toolforge (T188318), and regardless we likely will end up on VPS or a production instance where we can freely install PHP 7.2.
The upgrade to Symfony 4+ means an easier setup for new contributors, and smaller footprint overall -- and of course the latest and greatest security.
I think the process could be broken down into these piecemeal steps:
- Upgrade to PHP 7.2. This is the only thing that has to be done before everything else. Sam and I are already on 7.2 locally and everything works. So I think we're good there, just need to move the app to the 7.2 container on Toolforge (simple).
- Core Symfony upgrade. This seems to mostly involve moving files around to match the new directory structure. There are a lot of deprecations as well, but those hopefully won't be too hard to fix.
Two tasks created for followup that are not part of this task's specific work: