PHP 7.3.2: Downloads, Changelog, News

Release Information

Release: 7.3.2
PHP Version: PHP 7.3
Release Date: 2019 Feb 07
Release Type: Bug Fix Release
Release Status: EOL, Use PHP 7.3.33
Branch Status: Unsupported

PHP 7.3 reached EOL on 2021-12-06, and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.2 is not recommended. PHP 7.3.33 is the latest version in the series.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-7.3.2-x64NTS.zip (24.19 MiB)

php-7.3.2-x86NTS.zip (22.56 MiB)

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-7.3.2-x64TS.zip (24.31 MiB)

php-7.3.2-x86TS.zip (22.63 MiB)

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.3.2-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:7.3.2-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.3.2-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:7.3.2-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:7.3.2-fpm

ChangeLog

Core

Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
Fixed bug #77376 ("undefined function" message no longer includes namespace).
Fixed bug #77357 (base64_encode / base64_decode doest not work on nested VM).
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77317 (DIR, FILE, realpath() reveal physical path for subst virtual drive).
Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator).
Fixed bug #77447 (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).
Fixed bug #77484 (Zend engine crashes when calling realpath in invalid working dir).

Curl

Fixed bug #76675 (Segfault with H2 server push).

Fileinfo

Fixed bug #77346 (webm files incorrectly detected as application/octet-stream).

FPM

Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).

GD

Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).

ldap

Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).

Mbstring

Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable).
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).

MySQLnd

Fixed bug #77308 (Unbuffered queries memory leak).
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).

Opcache

Fixed bug #77266 (Assertion failed in dce_live_ranges).
Fixed bug #77257 (value of variable assigned in a switch() construct gets lost).
Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
Fixed bug #77287 (Opcache literal compaction is incompatible with EXT opcodes).

PCRE

Fixed bug #77338 (get_browser with empty string).

PDO

Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).

PDO MySQL

Fixed bug #77289 (PDO MySQL segfaults with persistent connection).

SOAP

Fixed bug #77410 (Segmentation Fault when executing method with an empty parameter).

Sockets

Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).

SPL

Fixed bug #77298 (segfault occurs when add property to unserialized empty ArrayObject).

Standard

Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).

Commit List

Alexander Kurilo

Regenerate certs for openssl tests in 687dad3674
Regenerate certs for openssl tests in f51062523d
Regenerate certs for openssl tests in e3e3289bd1
Generate certs for openssl tests on the fly in 1fab01be5b
Fix cleaning up after openssl_pkcs7_verify_basic test in 1a1e12c2a9

Anatol Belski

Fixed bug #77317 DIR, FILE, realpath() reveal physical path for subst virtual drive in 199914b42d
Update binary SDK version for AppVeyor in 3c7dc7b4c4
Fixed bug #77346 webm files incorrectly detected as application/octet-stream in d874d4a15c
Add memory check to the test in 222fa032d2
Increase timeout for test on AppVeyor in 54a2b42778
Fixed bug #75684 In mysqlnd_ext_plugin.h the plugin methods family has no external visibility in 7b3f8e746a
Update NEWS in 1732ce9c23
Update SDK version for AppVeyor in 8f66ca8189
Fixed bug #77484 Zend engine crashes when calling realpath in invalid working dir in 8b20e7b68b
Make test output more reliable in 4254bf87ba
Skip test on unsuitable build in 52730fa30a

Andrey Hristov

Revert visibility in 7a88f89a90

Christoph M. Becker

Prepare main branch for 7.3.2 in a65133a17a
Drop deprecated /Gm compile option in 20de58f51d
Fix #77391: 1bpp BMPs may fail to be loaded in b0cfa28d6d
Fix #77269: Potential unsigned underflow in gdImageScale in a918020c03
Fix #77270: imagecolormatch Out Of Bounds Write on Heap in 7a12dad4dd
Fix #77269: Potential unsigned underflow in gdImageScale in dfd8237aec
Fix #77270: imagecolormatch Out Of Bounds Write on Heap in 567c9f5842
Fix #77367: Negative size parameter in mb_split in e617f03066
Fix NEWS in deb88f2269
Sync NEWS with 7.3.1 in c4c6b80b9c
Fix #77272: imagescale() may return image resource on failure in 772b1cb245
Fix #73281: imagescale(…, IMG_BILINEAR_FIXED) can cause black border in 6b4cdbaade
Fix #73614: gdImageFilledArc() doesn't properly draw pies in 61cfa34e11
Fix #77479: imagewbmp() segfaults with very large images in 44fa0b0f31
Fix failing test in 2966da70cf
Update version for PHP 7.3.2RC1 in dd2301ddc4
Update version for PHP 7.3.2 in 3fa88e0ce0

CHU Zhaowei

Fix #77298: segfault occurs when add property to unserialized empty ArrayObject in b15189f4d8

Derick Rethans

Upgrade timelib to 2018.01RC3 in 3e4a3d005a
Update API use due to changes in timelib 2018.01RC3 in a9a084c092
Updated to version 2018.9 (2018i) in 81da7f75e3
Empty merge in 7ad9d6a63b
Updated to version 2018.9 (2018i) in 11105e90c4
Update tests due to data changes in tzdata 2018i in bd1d2c7bfe

Dmitry Stogov

Removed /e modifirer and fixed ws in 8db63adb6d
Fixed bug #77339 (__callStatic may get incorrect arguments) in 7e597f48e9
Backport later interned strings destruction in 5888fbde0d
Respect EG(vm_stack_page_size) in b45774eed0
Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator) in 920450534e
Fixed bug #77308 (Unbuffered queries memory leak) in 1a306cc9a1

George Wang

Checkin LiteSpeed SAPI 7.2 in 66d72377d0

Jakub Zelenka

Fix bug #77430 (php-fpm crashes with Main process exited) in 766b4fd515
List me in the openssl maintainers in 25ffdc8dc9

Kevin Adler

Fix bug #77361 (configure fails on 64-bit AIX when opcache enabled) in 332b58f865

Lauri Kenttä

Fix #77359: spl_autoload causes segfault in 89bf3df67d
Fix #77360: class_uses causes segfault in 16c62a8179
Fixed bug #77289 in 63c38c9e49
Fix seeking in php://input in dbe7f2a41a

Michael Meyer

Initialize s_un (sockaddr_un) to zero before using it. Fixes #76839 in 3c42c784c2

Nikita Popov

Fix invalid efree in browscap in 64de5bc224
Fixed bug #77338 in b1deb98c42
Fixed bug #77257 in 91888cc372
Partial fix for bug #75426 in 73596c56e7
Disable ifuncs on FreeBSD in 291589114a
Possible fix for bug #77287 in 325a113974
Fixed bug #77273 in cb009b12a5
Possible fix for bug #77357 in 5a361c3a54
Add NEWS entry for bug #77357 in 07873fab3c
Fix self::class inside constant in global scope in 41af1e6781
Fix bug #77410 in 361d3ede93
Fix one issue reported in bug #77310 in 6f75890e7b
Don't swap operands of ZEND_MUL in 1165a9068c
Fixed bug #77428 in 76c687feaf
Make operator swapping depend on IGNORE_OVERLOADING flag in bf4dab0163
Fixed bug #77434 in ade702a0d2
Fixed bug #77439 in 5d33024a5d
Fixed bug #77454 in 3ad0ebdf5c
Fixed bug #77447 in c8c5a3ab8a
Add additional no_sanitize_address attributes in 986b9b5ae3
Revert "Prefix error_code with underscore in FastZPP implementation" in 5cce13ed67
Fixed bug #77287 in 80b17a73ae

Ondřej Surý

Fix rl_completion_matches detection in 1ea58b6e78

Pedro Magalhães

Fixed bug #76675 in 32ae716037

Remi Collet

bump to 7.2.15-dev in 7161fe629d
missing entry for #77020 in 3245d1bb09
cleanup merge in 0d9935739c

Sara Golemon

Bump for 7.1.27 in fabade1573

Stanislav Malyshev

Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) in 4fc0bceb7c
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) in 428d8164ff
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes in 20407d06ca
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) in 28362ed4fa
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) in 1cc2182bcc
Fix more issues with encodilng length in c95daa9c75
Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) in 9c62b95e5e
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) in 78bd347774
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes in deb06bbb9c
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) in c6e34d91b8
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) in 4feb9e66ff
Fix more issues with encodilng length in 31f59e1f30
Fix #77369 - memcpy with negative length via crafted DNS response in 8d3dfabef4
Fix test in 0c35032012
Add NEWS in 25c95752d6
Add NEWS in 08bb0ce4e4
Add NEWS in 1b7c599a02
Fix tests - newer versions check Unicode in d0d0d922de
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code in 9d6c59eeea
Still leaking for some reason, XFAIL for now, I'll look into it later in 27625f063e

twosee

Prefix error_code with underscore in FastZPP implementation in 6305119a51

Vincent JARDIN

skeleton: support PHP 7.2 in 91e44a27f6

wbob

document open_basedir and realpath cache coupling in php.ini in 5ac9990ddf

Xinchen Hui

Fixed bug #77395 (segfault about array_multisort) in 8ebae84674
Update NEWS in 703ccd5d27
Fixed bug #77376 ("undefined function" message no longer includes namespace) in e01f08f679
Fixed bug #77387 (Recursion detection broken when printing GLOBALS) in 54a58a7380
Entry get lost while merging in 1b86f84908
Fixed bug #77266 (Assertion failed in dce_live_ranges) in cd49db9d47
Incase of invalid read in 16176ad0e3