PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.15 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.15 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.15How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.15-x64NTS.zip (24.43 MiB)
php-7.3.15-x86NTS.zip (22.81 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.15-x64TS.zip (24.56 MiB)
php-7.3.15-x86TS.zip (22.88 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.15-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.15-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.15-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.15-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.15-fpmChangeLog
Core
- Fixed bug #71876 (Memory corruption
htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
CURL
- Fixed bug #79078 (Hypothetical use-after-free in
curl_multi_add_handle()).
Intl
- Fixed bug #79212 (
NumberFormatter::format()may detect wrong type).
Libxml
- Fixed bug #79191 (Error in SoapClient ctor disables
DOMDocument::save()).
MBString
- Fixed bug #79154 (
mb_convert_encoding()can modify $from_encoding).
MySQLnd
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
OpenSSL
- Fixed bug #79145 (openssl memory leak).
Phar
- Fixed bug #79082 (Files added to tar with
Phar::buildFromIteratorhave all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
- Fixed bug #76584 (
PharFileInfo::decompressnot working).
Reflection
- Fixed bug #79115 (
ReflectionClass::isCloneablecall reflected class __destruct).
Session
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
SPL
- Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
Standard
- Fixed bug #78902 (Memory leak when using
stream_filter_append).
Testing
- Fixed bug #78090 (
bug45161.phpttakes forever to finish).
XSL
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
Commit List
Christoph M. Becker
- Bump version in 38c0a53b60
- Fix #79078: Hypothetical use-after-free in
curl_multi_add_handle()in 0dda4a844e - Fix test for Windows ZTS builds in bc529b92ee
- Fix test cases which fail on Windows debug builds in f6dea34831
- Fix #79084: mysqlnd may fetch wrong column indexes with MYSQLI_BOTH in 1752393bb4
- Fix #79091: heap use-after-free in
session_create_id()in f79c774274 - Update NEWS wrt. sec fixes in b67fc51859
- Fix #79145: openssl memory leak in 9eff906a02
- Fix #79154:
mb_convert_encoding()can modify $from_encoding in 9be31a582a - Don't leak encoding_str in f1bf4bf6eb
- Yet another check for
php_strip_tags_ex()in 372b678e56 - Make test independent of online XSD schema in 49cbd23155
- Fix #76584:
PharFileInfo::decompressnot working in 136f51f1e1 - Fix #70078: XSL callbacks with nodes as parameter leak memory in 8226e704e4
- Fix #79212:
NumberFormatter::format()may detect wrong type in c2935499b1 - Relax test expectation in b93e4aa11c
- Fix #79191: Error in SoapClient ctor disables
DOMDocument::save()in fe1bfb78d6 - Fix #78090:
bug45161.phpttakes forever to finish in 079905acd5 - Bump version in 41f4674257
- Bump version in a64d111c6e
- Fix # 79171: heap-buffer-overflow in phar_extract_file in 254a7c2457
Deus Kane
- Fix #79146: cscript can fail to run on some systems in 3046e35718
Florian Smeets
- Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0 in b836d9cdc1
Ivan Mikheykin
- Fix bug #78323: Code 0 is returned on invalid options in fd08f062ae
liudaixiao
- Fixed bug #78902 in 67421a780d
Léopold Jacquot
- Add unit test for bug #78902 in f720fb1e21
Nikita Popov
- Fixed bug #71876 in 018251a7c4
- Fixed bug #79115 in 07bda97e76
- Fixed bug #79151 in db9776c53c
- Fix
bug76348.phptin 2c2cbbbf55 - Fix use of
mb_ereg_search_getregs()after invalid pattern in 392ad206a4 - Reset MBREX(search_re) in RSHUTDOWN in 560ff9725e
- Fix
mb_ord()crash if internal encoding not supported in a62c06c4cf - Add
SKIPIFto test requiring mbregex in 6ccd675776 - Fix leak in
DateTimeImmutable::modify()in 494615fcb8 - Fix bug #76047 in ef1e4891b4
Remi Collet
- next will be 7.2.28 in 7e2bd95fa5
Stanislav Malyshev
- Fix #79099: OOB read in
php_strip_tags_exin 0f79b1bf30 - Fix bug #79037 (global buffer-overflow in
mbfl_filt_conv_big5_wchar) in 2bcbc95f03 - Update NEWS in 5c90f8eb66
- More checks for
php_strip_tags_exin 2dc170e25d - Fix bug #79082 - Files added to tar with
Phar::buildFromIteratorhave all-access permissions in 2589f5bd83 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 08b47a3d0f