PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.13 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.13 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.13How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.13-x64NTS.zip (24.41 MiB)
php-7.3.13-x86NTS.zip (22.79 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.13-x64TS.zip (24.54 MiB)
php-7.3.13-x86TS.zip (22.85 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.13-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.13-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.13-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.13-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.13-fpmChangeLog
Bcmath
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
Core
- Fixed bug #78862 (
link()silently truncates after a null byte on Windows). (CVE-2019-11044). - Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
- Fixed bug #78943 (
mail()may release string with refcount==1 twice). (CVE-2019-11049). - Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
- Fixed bug #78868 (Calling
__autoload() with incorrect EG(fake_scope) value). - Fixed bug #78296 (is_file fails to detect file).
EXIF
- Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
- Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
GD
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
MBString
- Upgraded bundled Oniguruma to 6.9.4.
OPcache
- Fixed potential ASLR related invalid opline handler issues.
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
PCRE
- Fixed bug #78853 (
preg_match()may return integer > 1).
Standard
- Fixed bug #78759 (
array_searchin $GLOBALS). - Fixed bug #77638 (var_export'ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
Commit List
Christoph M. Becker
- 7.3.13 is next in 4c9ba3e042
- Fix ASLR related invalid opline handler issues in 39d04f15f8
- Update NEWS in f6eac76b65
- Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW in 9b92c1d154
- Fix #78853:
preg_match()may return integer > 1 in e1da72bdf1 - Fix #77638: var_export'ing certain class instances segfaults in 23c65a8173
- Fix #78840: imploding $GLOBALS crashes in fee38633d2
- Adapt test cases for Oniguruma 6.9.4 in c55d09c2f5
- Partially revert "Adapt test cases for Oniguruma 6.9.4" in ff2140c49d
- Add missing skip checks in 8c4b0ddde5
- Upgrade to Oniguruma 6.9.4 in 1979c5d16f
- Fix #78833: Integer overflow in pack causes out-of-bound access in db420cb6a1
- Fix #78296: is_file fails to detect file in bb735c9e9e
- Fix #78814: strip_tags allows / in tag name => whitelist bypass in 600f1f898f
- Next is 7.3.14 in 65bbc67063
- Prepare 7.3.13RC1 in 303528803a
- Update for 7.3.13 in 36ac1671d5
- Fix #78943:
mail()may release string with refcount==1 twice in 11893c8e66 - Update NEWS in a1457cf8b8
Dmitry Stogov
- Fixed wrong constant usage in 9083e178f6
- Fixed bug #78868 (Calling
__autoload() with incorrect EG(fake_scope) value) in bb30fe9e2b
George Wang
- Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update SAPI version to LiteSpeed v7.6 in c7141412ce
Levi Morrison
- Wrap hrtime in
extern "c" {}in b9dfa12853 - Wrap
php_random.hin C++ portability macros in 4a55794b98
Nikita Popov
- Fixed bug #78787 in 6d4965febd
- Fixed bug #78759 in 5fa6dcd972
- Remove outdated comments in test in ee243bc471
- Fix
php_pcre_mutex_free()in 6dcc0b859f
Remi Collet
- next is 7.2.27 in d2cfb63f02
Stanislav Malyshev
- Fix bug #78804 - Segmentation fault in
Locale::filterMatchesin 2c9926f156 - Fix build - no model field anymore in df5ec733ff
- Fix test in b88bd529e7
Tyson Andre
- Fix $x = (bool)$x; for undefined with opcache in a2c41c0ea6