PHP 7.2 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.2.21 is not recommended. PHP 7.2.34 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.2.21 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.2.21
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.2.21-x64NTS.zip (24.91 MiB)
php-7.2.21-x86NTS.zip (23.25 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.2.21-x64TS.zip (25.04 MiB)
php-7.2.21-x86TS.zip (23.33 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.2.21-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.2.21-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.2.21-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.2.21-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.2.21-fpm
ChangeLog
Date
- Fixed bug #69044 (discrepency between time and microtime).
EXIF
- Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
- Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
Fileinfo
- Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
FTP
- Fixed bug #77124 (FTP with SSL memory leak).
Libxml
- Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
LiteSpeed
- Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
- Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
Openssl
- Fixed bug #78231 (Segmentation fault upon
stream_socket_accept
of exported socket-to-stream).
OPcache
- Fixed bug #78189 (file cache strips last character of uname hash).
- Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
- Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
Phar
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
Phpdbg
- Fixed bug #78297 (Include unexistent file memory leak).
PDO_Sqlite
- Fixed bug #78192 (SegFault when reuse statement after schema has changed).
SQLite
- Upgraded to SQLite 3.28.0.
Standard
- Fixed bug #78241 (
touch()
does not handle dates after 2038 in PHP 64-bit). - Fixed bug #78269 (password_hash uses weak options for argon2).
XMLRPC
- Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
Commit List
Alex Scott
- Fix bug #78138: opcache.validate_permission incorrectly works with PHAR files in a4acff3e21
Andrew Collington
- Fix bug #78291 Missing opcache directives in 768ad70f70
Andrey Hristov
- Fix version comparison in 82021ad9df
- Add explicit cast to uint32_t in 102c64e827
Asher Baker
- Fix #78173: XML-RPC mutates immutable objects during encoding in d54220bc79
Christoph M. Becker
- Fix #78189: file cache strips last character of uname hash in fcd6f2de60
- Fix #78202: Opcache stats for cache hits are capped at 32bit NUM in 4366f22dfc
- Fix brittle test in be559e6c37
- Add missing SKIPIFs in 75bc3446f8
- Add missing SKIPIFs in 57688ad7bf
- Fix #78241:
touch()
does not handle dates after 2038 in PHP 64-bit in 44c8b7414c - Upgrade to SQLite 3.28.0 in e944ae6b2a
Dmitry Stogov
- Backport 91a6cdbf in 40f463b560
- Backport 96a12578 in 28808ca96d
- Fixed bug #78185 (File cache no longer works) in cd6a6e4cf2
- Fixed incorrect specialization (missed IS_INDIRECT handling) in 9ccf3fb996
George Wang
- Updated to LiteSpeed SAPI V7.4.3 in 32af676bd9
Joe Watkins
- Resolve discrepencies between second value yielded by gettimeofday and time, fixes #69044 in 65067dff01
- export
php_time
in 599b94ff14 - fix setcookie Max-Age to use
php_time
in 31a1c1e67c
Joshua Westerheide
- Fix #78183: finfo_file shows wrong mime-type for .tga file in 855bbc88c9
Nikita Popov
- Add test for bug #78106 in f8a68fd935
- Fixed bug #78106 in f1a8138055
- Accept null for preg_quote delimiter argument in 03db04c3ab
- Free cert in
php_openssl_load_stream_cafile()
in 90cb3743be - Fix CSR leaks in openssl in e0bafc6da4
- Fix X509 leak in
openssl_pkcs7_verify()
in a0da2fb2b7 - Fix netscape spki leak in openssl in dfe6f0c1c6
- Fix d leak in ecc openssl_pkey_new in c939a67866
- Fix PKCS12 leak in openssl in 99f3e0f0ed
- Remove
stream_socket_sendto.phpt
in 7d28a24c66 - Backport test fix in 32c68428a9
- Fixed bug #78231 in 0e48e35e04
- Fix inference for compound object op on dim in c353f17d42
- Backport fe_reset_rw case in 5846e85283
- Revert "Fixed bug #76980" in 22ed362810
- Fixed bug #78279 in 4a91f66b8f
- Use TRY_ADDREF/TRY_DELREF in soap in a7de2af46c
- Fix bug #77124 in 88ffe05797
- Fixed bug #78297 in 1260de7749
Niklas Keller
- Fix memory leak in TLS matches_san_list in fea9f93166
Remi Collet
- next is 7.2.21 in feb92adc5c
- move NEWS entry in e59b986fa7
- add test for #78185 in 63f2d88088
- move NEWS entry in c2ee2e4c74
- improve test clean section in b3cfeda3c7
- fix test for Windows and for parallel run in d8202bf917
- Fix #78269 password_hash uses weak options for argon2 in eab0079c90
- Update CREDITS for PHP 7.2.21RC1 in f46faa54f9
- fix release date in f353c77fe8
- Update versions for PHP 7.2.21 in e258e2bca0
sunnyeo
- Fix bugs in AST printer in f7327b6244
Vincent
- Fix bug #78192 PDO SQLite SegFault when reuse statement after schema has changed in 05c00a832c