PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.18 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.18 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.18How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.18-x64NTS.zip (24.44 MiB)
php-7.3.18-x86NTS.zip (22.81 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.18-x64TS.zip (24.57 MiB)
php-7.3.18-x86TS.zip (22.87 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.18-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.18-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.18-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.18-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.18-fpmChangeLog
Core
- Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
- Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
- Fixed bug #79477 (casting object into array creates references).
- Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
- Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
DOM
- Fixed bug #78221 (
DOMNode::normalize()doesn't remove empty text nodes).
FCGI
- Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString
- Fixed bug #79441 (Segfault in
mb_chr()if internal encoding is unsupported).
OpenSSL
- Fixed bug #79497 (
stream_socket_client()throws an unknown error sometimes with <1s timeout).
Phar
- Fix bug #79503 (Memory leak on duplicate metadata).
SimpleXML
- Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
Standard
- Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Commit List
Christoph M. Becker
- Fix #78221:
DOMNode::normalize()doesn't remove empty text nodes in efec22b7be - Fix memory leak introduced by fixing bug #78221 in 7e91fcd7f9
- Fix test cases in a1b46fc152
- Add missing CVE in c4cdf1ae12
- Fix #79491: Search for .user.ini extends up to root dir in fa10abd6d7
- Fix #79503: Memory leak on duplicate metadata in ccca2c448d
- Fix #79470: PHP incompatible with 3rd party file system on demand in 29968d8f99
- Bump version in 6998cc5029
- Prepare for 7.3.18RC1 in 830e566998
- Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4 in cb265a0add
- Bump version in 47a2da6951
- Fix #78875: Long filenames cause OOM and temp files are not cleaned in c71416cba2
- Fix #78876: Long variables cause OOM and temp files are not cleaned in 8fd9277689
Derick Rethans
- Updated to version 2020.1 (2020a) in b962d2e36f
dinosaur
- Fixed bug #79468 in 95eaccd0bb
- Fixed bug #79468 in 13842eda37
Dmitry Stogov
zend_timeout()may access EX(opline) in d31ccb5fc8
George Peter Banyard
- Fix bug 79441 in 18dc9044f5
- Fix Bug #79448 0 is a valid Unicode codepoint, but
mb_substitute_character(0) fails in 1333b46d6d - Went to fast and forgot to update tests in 656eac74fa
- Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but
mb_substitute_character(0) fails" in 6031b08240 - Revert "Went to fast and forgot to update tests" in a0df5f3b54
Graham Campbell
- Add additional preg_match test case in 51fb8398e2
guirish
- Fix MySQL local infile / attr handling on big endian systems in a1c1736bfb
Joe Cai
- Fix #79497: Fix
php_openssl_subtract_timeval()in 94e09bfe55
Nikita Popov
- Fix literal compaction collision between string and double in 14b770d407
- Fixed bug #79434 in cf68bc413b
- Don't leak peername if accept fails in b56fb9019e
- Fixed bug #79477 in 79a36ff7f3
- Apply doc root fix for FPM in f62571c121
Qianqian Bu
- Fix incorrect free for last_message in ee21657a6a
Sara Golemon
- NEWS in 6df761b7ff
Stanislav Malyshev
- Fix bug #79330 - make all execution modes consistent in rejecting \0 in 14fcc81394
- Fix bug #79465 - use unsigneds as indexes in 9d6bf8221b