PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.23 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.3.23 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.23How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.3.23-x64NTS.zip (24.44 MiB)
php-7.3.23-x86NTS.zip (22.81 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.3.23-x64TS.zip (24.57 MiB)
php-7.3.23-x86TS.zip (22.87 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.23-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.3.23-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.3.23-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.3.23-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.3.23-fpmChangeLog
Core
- Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
- Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
- Fixed bug #79699 (PHP parses encoded cookie names so malicious
__Host-cookies can be sent). (CVE-2020-7070)
Calendar
- Fixed bug #80007 (Potential type confusion in
unixtojd()parameter parsing).
COM
- Fixed bug #64130 (COM obj parameters passed by reference are not updated).
OPcache
- Fixed bug #80002 (calc free space for new interned string is wrong).
- Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
OpenSSL
- Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
PDO
- Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
SOAP
- Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Standard
Commit List
Andy Postnikov
- Fix #80007: Potential type confusion in
unixtojd()parameter parsing in b2a33ab06b
Christoph M. Becker
- 7.3.23 is next in ff14b7adad
- Fix #80002: calc free space for new interned string is wrong in fcd26ffcc3
- Fix #79986: str_ireplace bug with diacritics characters in 844a2dd6ac
- Fix potential integer overflow detected by oss-fuzz in 74de17f2ea
- Avoid double-free in 3324bb893e
- Fix #64130: COM obj parameters passed by reference are not updated in 5ff15e2651
- Separate COM::__construct()s $server_name array in 75ac3f1cba
- Fix com_safearray_proxy related memory management issues in 1b7ee6db88
- Skip test if A: drive exists in c70a938f28
- Fix #80048: Bug #69100 has not been fixed for Windows in 1848ccdae2
- Fix #72941: Modifying bucket->data by-ref has no effect any longer in 5dcb8f2f1c
- Fix #80067: Omitting the port in bindto setting errors in dfb3a79914
- Avoid segfault if module/extension version is not defined in 4e198c0064
- Prepare for 7.3.23RC1 in 25b6c0ced0
- Bump versions in e00cc56596
- Fix NEWS in 251b1fe177
Derick Rethans
- Update timelib to 2018.04 in 778902db63
- Fixed test case in 488e53c18b
Manuel Mausz
- Fix wrong datatype in 46d62e5464
Matteo Beccati
- Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked" in f7c43b8c72
- Fix #80027 Terrible performance using $query->fetch on queries with many bind parameters in 44ade0e875
Nikita Popov
- Remove bogus REGISTER_LONG_CONSTANT in 063082043a
- Fix memory leak when yielding from non-iterable in d179e34e42
- Require non-negative length in
stream_get_contents()in 62dce97973 - Make MAX_IFD_NESTING_LEVEL an actual nesting level in 376bbbdf3b
- Fix handling of exception if
valid()during yield from in ad750c3bb6 - Fix leak on assign concat of array and empty string in cd2afd99b1
- Fix infinite loop on string offset during by-ref list assign in a07c1f56aa
- Fix throwing of yield from related exceptions into generator in 2e9e706a82
- Fix binary-safety of parse_url in 54dbd3eccc
- Handle memory limit error during string reallocation correctly in 573ad182d2
- Fixed bug #80049 in 46a49be6c8
- Avoid duplicate octal warning during heredoc scan ahead in e8d36ce762
- Fixed bug #80077 in 07cb665515
Sammy Kaye Powers
- Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers in 2d4aa1ef3d
Stanislav Malyshev
- Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV) in de777c8fd2
- Do not decode cookie names anymore in 78c2deb356
twosee
- Improve error_handing replacement functions in e948188832