PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.16 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.16 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.16How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.16-x64NTS.zip (24.43 MiB)
php-7.3.16-x86NTS.zip (22.81 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.16-x64TS.zip (24.56 MiB)
php-7.3.16-x86TS.zip (22.87 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.16-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.16-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.16-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.16-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.16-fpmChangeLog
Core
- Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
COM
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (
php_istreamsare never freed). - Fixed bug #79333 (
com_print_typeinfo()leaks memory).
DOM
- Fixed bug #77569: (Write Access Violation in DomImplementation).
- Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
Enchant
- Fixed bug #79311 (
enchant_dict_suggest()fails on big endian architecture).
EXIF
- Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
MBstring
- Fixed bug #79371 (
mb_strtolower(UTF-32LE): stack-buffer-overflow atphp_unicode_tolower_full). (CVE-2020-7065)
MySQLi
- Fixed bug #64032 (mysqli reports different client_version).
PCRE
- Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
PDO_ODBC
- Fixed bug #79038 (
PDOStatement::nextRowset()leaks column values).
Reflection
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
SQLite3
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::
reset()).
Standard
- Fixed bug #79329 (
get_headers()silently truncates after a null byte). (CVE-2020-7066) - Fixed bug #79254 (
getenv()w/o arguments not showing changes). - Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
Commit List
Christoph M. Becker
- Next is 7.3.16 in e3632fdc0d
- Fix #66322: COMPersistHelper::SaveToFile can save to wrong location in 5e2ea00b15
- Fix #79242: COM error constants don't match com_exception codes in b9738f5802
- Fix #79248: Traversing empty VT_ARRAY throws com_exception in f649adedfe
- Fix #79254:
getenv()w/o arguments not showing changes in 7b464ce6f3 - Fix #77569: Write Acess Violation in DomImplementation in cec8b24c84
- Fix typo in recent bugfix in 8308196c97
- Fix #79271: DOMDocumentType::$childNodes is NULL in 0966941130
- Fix # 79171: heap-buffer-overflow in phar_extract_file in 7df594b943
- Fix #79038:
PDOStatement::nextRowset()leaks column values in 08073b0658 - Add test for bug #78569 in ad000a63e8
- Fix #79294: ::columnType() may fail after SQLite3Stmt::
reset()in f133f0024e - Fix #79299: com_print_typeinfo prints duplicate variables in 9e6358af36
- Fix #64032: mysqli reports different client_version in 8654c32b58
- Add upgrading node regarding fix for bug #79271 in 49762c84e0
- Fix #79311:
enchant_dict_suggest()fails on big endian architecture in 6adb885966 - Fix #79332:
php_istreamsare never freed in 2adf1c4d23 - Fix #79333:
com_print_typeinfo()leaks memory in 53140e5c56 - Update libmagic.patch in f15ab32af8
- Bump version in f5939563f6
- Fix #79371:
mb_strtolower(UTF-32LE): stack-buffer-overflow in b8048de333 - Bump version in d466e966ef
Dmitry Stogov
- Fixed incorrect behavior of internal memory debugger in 45b4368d5c
- Fixed incorrect overflow detection in 5b51b633e2
Mark Plomer
- Fix #63206: Fully support error/exception_handler stacking, even with null or inside the handler in 8c6a7c3326
Miguel Xavier Penha Neto
- Fixes #79265: Improper injection of Host header when using fopen for http requests in d0d60503b5
Nikita Popov
- Fixed bug #79188 in 13bfa9f5ac
- Mark
bug76348.phptas online test in 2826364298 - Reduce code duplication in HTTP header checks in 3d9c02364d
- Don't treat any WS as start of header in 56cdbe63c2
- Fixed bug #79062 in 6c48da9a50
Remi Collet
- bump version to 7.2.29 in 63f6608f89
- Fix #79315
ZipArchive::addFiledoesn't honor start/length parameters in d31fc591e0
Stanislav Malyshev
- Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in d76f7c6c63
- Fix bug #79082 - Files added to tar with
Phar::buildFromIteratorhave all-access permissions in e5c95234d8 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 409965fe1c
- Fix bug #79082 - Files added to tar with
Phar::buildFromIteratorhave all-access permissions in 6facfa59a5 - Fix bug #79329 - get_headers should not accept \0 in f930ff52f4
- Fixed bug #79282 in c099c71ea5
- Fix test in 4e330d3d48