PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.17 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.17 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.17How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.17-x64NTS.zip (24.44 MiB)
php-7.3.17-x86NTS.zip (22.81 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.17-x64TS.zip (24.57 MiB)
php-7.3.17-x86TS.zip (22.88 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.17-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.17-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.17-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.17-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.17-fpmChangeLog
Core
- Fixed bug #79364 (When copy empty array, next key is unspecified).
- Fixed bug #78210 (Invalid pointer address).
CURL
- Fixed bug #79199 (
curl_copy_handle()memory leak).
Date
- Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
Iconv
- Fixed bug #79200 (Some iconv functions cut Windows-1258).
OPcache
- Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
Session
- Fixed bug #79413 (
session_create_id()fails for active sessions).
Shmop
- Fixed bug #79427 (Integer Overflow in
shmop_open()).
SimpleXML
- Fixed bug #61597 (SXE properties may lack attributes and content).
Spl
- Fixed bug #75673 (
SplStack::unserialize()behavior). - Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
Standard
- Fixed bug #79330 (
shell_exec()silently truncates after a null byte). - Fixed bug #79465 (OOB Read in
urldecode()). (CVE-2020-7067) - Fixed bug #79410 (
system()swallows last chunk if it is exactly 4095 bytes without newline).
Zip
Commit List
Christian Schneider
- Fix bug #79410 (
system()swallows last chunk if it is exactly 4095 bytes without newline) in c0840fec9c
Christoph M. Becker
- Next is 7.3.17 in 9dda3b9eb2
- Fix #75673:
SplStack::unserialize()behavior in b84277297a - Skip test on Windows if privileges are insufficient in dc4f42508d
- Enclose INI values containing {TMP} in quotes in d5e206620b
- Fix #79364: When copy empty array, next key is unspecified in 2462f2dab1
- Fix #78210: Invalid pointer address in 53797c206a
- Fix #61597: SXE properties may lack attributes and content in 7c081db885
- Fix #79199:
curl_copy_handle()memory leak in 2b5fc8e325 - Fix #79371:
mb_strtolower(UTF-32LE): stack-buffer-overflow in 1fdffd1c55 - Fix NEWS in 6a4fff4682
- Fix #79393: Null coalescing operator failing with SplFixedArray in 47c745555c
- Fix #79200: Some iconv functions cut Windows-1258 in 32a2644305
- Fix test for Windows in ba404f21e4
- Fix #79427: Integer Overflow in
shmop_open()in a681b12820 - Fix #79413:
session_create_id()fails for active sessions in b510250b8e - Next is 7.3.18 in 33226c3a17
- Bump version in d1f4f18270
- Bump version in ad5b00aea9
Dmitry Stogov
- Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script) in 65120cfc09
Jacob Dreesen
- Fix typo in php.ini comment in 68e2da6362
Lukas Berger
- Add missing 'skip' to
bug79332.phptskip message in 7f9b534e3a
Max Rees
- Fix #79424
ext/zip: don't use gl_pathc after call to globfree in 04920645f1
Nate Brunette
- Fix #79396: DateTime hour incorrect during DST jump forward in d70058a139
Nikita Popov
- Clarify
session.cookie_samesite="None" in c00cce3229 - Handle NULL caller_call_opline in 34f1266a9c
- Add test file in 2e8db5d6be
Remi Collet
- bump verison to 7.2.30-dev in 3072b77c21
- Fix Bug #79296
ZipArchive::openfails on empty file in 8aab43c85d - NEWS in 51c57a9c67
Stanislav Malyshev
- Fixed bug #79282 in 41f66e2a2c
- Fix bug #79329 - get_headers should not accept \0 in 0d139c5b94
- Fix test in 2c081b7e26
- Fixed bug #79282 in 25238bdf60
- Fix bug #79329 - get_headers should not accept \0 in 69fdc14152
- Fix test in 62e7b80267
- Fix bug #79330 - make all execution modes consistent in rejecting \0 in 242589457b
- Fix bug #79465 - use unsigneds as indexes in 2c0d56cc15