PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.15 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.15
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:7.3.15-cli-alpine
docker pull php:7.3.15-cli
docker pull php:7.3.15-fpm-alpine
docker pull php:7.3.15-apache
docker pull php:7.3.15-fpm
ChangeLog
Core
- Fixed bug #71876 (Memory corruption
htmlspecialchars()
: charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
CURL
- Fixed bug #79078 (Hypothetical use-after-free in
curl_multi_add_handle()
).
Intl
- Fixed bug #79212 (
NumberFormatter::format()
may detect wrong type).
Libxml
- Fixed bug #79191 (Error in SoapClient ctor disables
DOMDocument::save()
).
MBString
- Fixed bug #79154 (
mb_convert_encoding()
can modify $from_encoding).
MySQLnd
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
OpenSSL
- Fixed bug #79145 (openssl memory leak).
Phar
- Fixed bug #79082 (Files added to tar with
Phar::buildFromIterator
have all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
- Fixed bug #76584 (
PharFileInfo::decompress
not working).
Reflection
- Fixed bug #79115 (
ReflectionClass::isCloneable
call reflected class __destruct).
Session
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
SPL
- Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
Standard
- Fixed bug #78902 (Memory leak when using
stream_filter_append
).
Testing
- Fixed bug #78090 (
bug45161.phpt
takes forever to finish).
XSL
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
Commit List
Christoph M. Becker
- Bump version in 38c0a53b60
- Fix #79078: Hypothetical use-after-free in
curl_multi_add_handle()
in 0dda4a844e - Fix test for Windows ZTS builds in bc529b92ee
- Fix test cases which fail on Windows debug builds in f6dea34831
- Fix #79084: mysqlnd may fetch wrong column indexes with MYSQLI_BOTH in 1752393bb4
- Fix #79091: heap use-after-free in
session_create_id()
in f79c774274 - Update NEWS wrt. sec fixes in b67fc51859
- Fix #79145: openssl memory leak in 9eff906a02
- Fix #79154:
mb_convert_encoding()
can modify $from_encoding in 9be31a582a - Don't leak encoding_str in f1bf4bf6eb
- Yet another check for
php_strip_tags_ex()
in 372b678e56 - Make test independent of online XSD schema in 49cbd23155
- Fix #76584:
PharFileInfo::decompress
not working in 136f51f1e1 - Fix #70078: XSL callbacks with nodes as parameter leak memory in 8226e704e4
- Fix #79212:
NumberFormatter::format()
may detect wrong type in c2935499b1 - Relax test expectation in b93e4aa11c
- Fix #79191: Error in SoapClient ctor disables
DOMDocument::save()
in fe1bfb78d6 - Fix #78090:
bug45161.phpt
takes forever to finish in 079905acd5 - Bump version in 41f4674257
- Bump version in a64d111c6e
- Fix # 79171: heap-buffer-overflow in phar_extract_file in 254a7c2457
Deus Kane
- Fix #79146: cscript can fail to run on some systems in 3046e35718
Florian Smeets
- Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0 in b836d9cdc1
Ivan Mikheykin
- Fix bug #78323: Code 0 is returned on invalid options in fd08f062ae
liudaixiao
- Fixed bug #78902 in 67421a780d
Léopold Jacquot
- Add unit test for bug #78902 in f720fb1e21
Nikita Popov
- Fixed bug #71876 in 018251a7c4
- Fixed bug #79115 in 07bda97e76
- Fixed bug #79151 in db9776c53c
- Fix
bug76348.phpt
in 2c2cbbbf55 - Fix use of
mb_ereg_search_getregs()
after invalid pattern in 392ad206a4 - Reset MBREX(search_re) in RSHUTDOWN in 560ff9725e
- Fix
mb_ord()
crash if internal encoding not supported in a62c06c4cf - Add
SKIPIF
to test requiring mbregex in 6ccd675776 - Fix leak in
DateTimeImmutable::modify()
in 494615fcb8 - Fix bug #76047 in ef1e4891b4
Remi Collet
- next will be 7.2.28 in 7e2bd95fa5
Stanislav Malyshev
- Fix #79099: OOB read in
php_strip_tags_ex
in 0f79b1bf30 - Fix bug #79037 (global buffer-overflow in
mbfl_filt_conv_big5_wchar
) in 2bcbc95f03 - Update NEWS in 5c90f8eb66
- More checks for
php_strip_tags_ex
in 2dc170e25d - Fix bug #79082 - Files added to tar with
Phar::buildFromIterator
have all-access permissions in 2589f5bd83 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 08b47a3d0f