PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.13 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.13
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:7.3.13-cli-alpine
docker pull php:7.3.13-cli
docker pull php:7.3.13-fpm-alpine
docker pull php:7.3.13-apache
docker pull php:7.3.13-fpm
ChangeLog
Bcmath
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
Core
- Fixed bug #78862 (
link()
silently truncates after a null byte on Windows). (CVE-2019-11044). - Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
- Fixed bug #78943 (
mail()
may release string with refcount==1 twice). (CVE-2019-11049). - Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
EXIF
- Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
- Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
GD
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
MBString
- Upgraded bundled Oniguruma to 6.9.4.
OPcache
- Fixed potential ASLR related invalid opline handler issues.
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
PCRE
- Fixed bug #78853 (
preg_match()
may return integer > 1).
Standard
- Fixed bug #78759 (
array_search
in $GLOBALS). - Fixed bug #77638 (var_export'ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
Commit List
Christoph M. Becker
- 7.3.13 is next in 4c9ba3e042
- Fix ASLR related invalid opline handler issues in 39d04f15f8
- Update NEWS in f6eac76b65
- Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW in 9b92c1d154
- Fix #78853:
preg_match()
may return integer > 1 in e1da72bdf1 - Fix #77638: var_export'ing certain class instances segfaults in 23c65a8173
- Fix #78840: imploding $GLOBALS crashes in fee38633d2
- Adapt test cases for Oniguruma 6.9.4 in c55d09c2f5
- Partially revert "Adapt test cases for Oniguruma 6.9.4" in ff2140c49d
- Add missing skip checks in 8c4b0ddde5
- Upgrade to Oniguruma 6.9.4 in 1979c5d16f
- Fix #78833: Integer overflow in pack causes out-of-bound access in db420cb6a1
- Fix #78296: is_file fails to detect file in bb735c9e9e
- Fix #78814: strip_tags allows / in tag name => whitelist bypass in 600f1f898f
- Next is 7.3.14 in 65bbc67063
- Prepare 7.3.13RC1 in 303528803a
- Update for 7.3.13 in 36ac1671d5
- Fix #78943:
mail()
may release string with refcount==1 twice in 11893c8e66 - Update NEWS in a1457cf8b8
Dmitry Stogov
- Fixed wrong constant usage in 9083e178f6
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value) in bb30fe9e2b
George Wang
- Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update SAPI version to LiteSpeed v7.6 in c7141412ce
Levi Morrison
- Wrap hrtime in
extern "c" {}
in b9dfa12853 - Wrap
php_random.h
in C++ portability macros in 4a55794b98
Nikita Popov
- Fixed bug #78787 in 6d4965febd
- Fixed bug #78759 in 5fa6dcd972
- Remove outdated comments in test in ee243bc471
- Fix
php_pcre_mutex_free()
in 6dcc0b859f
Remi Collet
- next is 7.2.27 in d2cfb63f02
Stanislav Malyshev
- Fix bug #78804 - Segmentation fault in
Locale::filterMatches
in 2c9926f156 - Fix build - no model field anymore in df5ec733ff
- Fix test in b88bd529e7
Tyson Andre
- Fix $x = (bool)$x; for undefined with opcache in a2c41c0ea6