PHP 7.2 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.2.18 is not recommended. PHP 7.2.34 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.2.18 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.2.18
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.2.18-x64NTS.zip (24.68 MiB)
php-7.2.18-x86NTS.zip (23.05 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.2.18-x64TS.zip (24.82 MiB)
php-7.2.18-x86TS.zip (23.12 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.2.18-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.2.18-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.2.18-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.2.18-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.2.18-fpm
ChangeLog
CLI
- Fixed bug #77794 (Incorrect Date header format in built-in server).
EXIF
- Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). (CVE-2019-11036)
Interbase
- Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x).
Intl
- Fixed bug #77895 (
IntlDateFormatter::create
fails in strict mode if $locale = null).
litespeed
- LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request()
.
- Fixed bug #77821 (Potential heap corruption in TSendMail()).
PCRE
- Fixed bug #77827 (preg_match does not ignore \r in regex flags).
PDO
- Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
phpdbg
- Fixed bug #76801 (too many open files).
- Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
- Fixed bug #77805 (phpdbg build fails when readline is shared).
Reflection
- Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work).
- Fixed bug #77882 (Different behavior: always calls destructor).
SOAP
- Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).
Standard
Commit List
Alessandro Chitolina
- fix bug #76801: phpdbg too many open files error in b8b880932e
- Ref #76801 remove old file source from file_sources hash in case of file included more than once in 4029c0b6a2
Anatol Belski
- Fix phar:// include handling with file cache in f31d7ca85e
- Fix potential OPcache file cache related issues in 5477d68300
bohwaz
- SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws in 58c25bf679
Cameron Porter
- Fix bug #77849 Disable cloning of PDO handle/connection objects to avoid segfault in 9ec1525eb5
Christoph M. Becker
- Fix test expectation in 0aa1a2c833
- Fix #77827: preg_match does not ignore \r in regex flags in 88460c017a
- Pointer arithmetic on void pointers is illegal in 01a4de5c58
- Update Appveyor CI to php-sdk-2.2.0beta4 in 7b0ed8975d
- Fix tests wrt. internationalization in d07a6fdedf
Dmitry Stogov
- Fixed CFG construction for SWITCH opcodes in 56a5d0bd91
- Repare SWITCH VM in 7b8212f4d1
George Wang
- LiteSpeed SAPI 7.3, better process management, new API function
litespeed_finish_request()
in 1e7f1b90e8 - Fixed bug in
litespeed_finish_request()
, disablefastcgi_finish_request()
alias for now in 0a3fb20586
Joe Watkins
- Fix #77800 phpdbg segfaults on conditional breakpoints in 7df8e4fc0a
- more work on phpdbg conditional breaks in 6d3a2b4693
- Fix #77805 phpdbg build fails when readline is shared in 7af270eb28
- fix build: readline support must be disabled by default in phpdbg in b7442f1bb8
- bump versions after release in 731eeb8dec
- Follow up #77849 PDOStatement objects in undefined state after clone in a2b8a62abf
Matteo Beccati
- Fixed
SKIPIF
when--disable-mbregex
is used in 0dbb581cf4
Nikita Popov
- Fixed bug #77772 in da35fa2cb8
- Fixed bug #72175 in 85095dfd09
- Validate pattern against mbregex encoding in 40fe50daf6
- Validate subject encoding in
mb_split
andmb_ereg_match
in 0ecac37c40 - Fixed bug #77844 in eea61cda7d
- Fixed bug #77853 in d7b5954f28
- Fix use after free on
pg_close()
of default connection in b55715d61a - Fix pgsql use after free trying to reuse closed connection in c7a86a38a3
- Fix 29nb_async_connect.phpt in 8f13599a64
- Fix key leaks in
mb_convert_encoding()
in 3b53d28e60 - Fixed bug #77882 in e9c0367fdc
- Fix uninitialized cert_captured in 917952453c
- Zero sockaddr struct in 9b1950b005
- Fixed bug #77895 in 619c4e9f2e
Niklas Keller
- Fix #77794: Incorrect Date header format in built-in server in 7f9872387e
Remi Collet
- comment out sqlite3.defensive = 1 in 78c9a53df7
- Revert "Fix #77609: Tests from mailparse extension fails" in 32e7b0864c
- NEWS in a785ccd21a
- Fix tests after fix for #76717 in a467a89f16
- ensure pcre.jit=1 for these tests in 2e9dccef78
- fix paste issue in dc1cd3daf2
- Update CREDITS for PHP 7.2.18RC1 in 83442ede06
- typo in a5da2409c7
- news entry for litespeed in 4e17b44b28
- add news entries for secfix in 5d8e1eb8fa
- Update versions for PHP 7.2.18 in b0edc17f32
Samuele Kaplun
- Consider phpdbg as cli in 79f046f89e
Sara Golemon
- Bump versions for 7.2.18 in 963428a75d
Stanislav Malyshev
- Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s in f3aefc6d07
- Update NEWS in c684d32fb8
- Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF in 887a7b5714
- Always use
ZEND_SECURE_ZERO()
when cleaning up data in 588db7cecf
twosee
- Preserve keys in
emulate_read_fd_set()
in bdac9ef10d
Vlad Temian
- Fix bug #77680: Correctly implement recursive mkdir on FTP stream in ec2ecb7e12