PHP 7.3 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.3.8 is not recommended. PHP 7.3.33 is the latest version in the series.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.3.8
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:7.3.8-cli-alpine
docker pull php:7.3.8-cli
docker pull php:7.3.8-fpm-alpine
docker pull php:7.3.8-apache
docker pull php:7.3.8-fpm
ChangeLog
Core
- Added syslog.filter=raw option.
- Fixed bug #78212 (Segfault in built-in webserver).
Date
- Fixed bug #69044 (discrepency between time and microtime).
- Updated timelib to 2018.02.
EXIF
- Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
- Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
FTP
- Fixed bug #78039 (FTP with SSL memory leak).
Libxml
- Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
LiteSpeed
- Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
- Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
Openssl
- Fixed bug #78231 (Segmentation fault upon
stream_socket_accept
of exported socket-to-stream).
Opcache
- Fixed bug #78189 (file cache strips last character of uname hash).
- Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
- Fixed bug #78271 (Invalid result of if-else).
- Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
- Fixed bug #78341 (Failure to detect smart branch in DFA pass).
PCRE
- Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx" version strings).
- Fixed bug #78338 (Array cross-border reading in PCRE).
PDO_Sqlite
- Fixed bug #78192 (SegFault when reuse statement after schema has changed).
Phar
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
Phpdbg
- Fixed bug #78297 (Include unexistent file memory leak).
SQLite
- Upgraded to SQLite 3.28.0.
Standard
Commit List
Alex Scott
- Fix bug #78138: opcache.validate_permission incorrectly works with PHAR files in a4acff3e21
Anatol Belski
- Fix typo in b926690947
Andrew Collington
- Fix bug #78291 Missing opcache directives in 768ad70f70
Andrey Hristov
- Fix version comparison in 82021ad9df
- Add explicit cast to uint32_t in 102c64e827
Asher Baker
- Fix #78173: XML-RPC mutates immutable objects during encoding in d54220bc79
Christoph M. Becker
- Next is 7.3.8 in bcf20963c1
- Update NEWS in 740d9ecdee
- Update NEWS in a0f370e78a
- Fix #78189: file cache strips last character of uname hash in fcd6f2de60
- Fix #78202: Opcache stats for cache hits are capped at 32bit NUM in 4366f22dfc
- Fix brittle test in be559e6c37
- Add missing SKIPIFs in 75bc3446f8
- Add missing SKIPIFs in 57688ad7bf
- Fix NEWS in 41949bb71e
- Fix #78241:
touch()
does not handle dates after 2038 in PHP 64-bit in 44c8b7414c - Upgrade to SQLite 3.28.0 in e944ae6b2a
- Fix #78212: Segfault in built-in webserver in fa65f5ecf5
- Prepare PHP 7.3.8RC1 in 0ed5c4aecf
- Fix #77919: Potential UAF in Phar RSHUTDOWN in e204df55ac
- Fix #78338: Array cross-border reading in PCRE in 9f6a5a0270
- Update
credits_ext.h
in ba259dbdef - Prepare PHP 7.3.8 in 6db09a0f46
Côme Chilliet
- Avoid converting zval when not needed in c219d8d5c2
- Some more string conversion handling, fixing bug #77958 in 5d2fe48785
Derick Rethans
- Update timelib to 2018.02 in aae5907cb7
- Fixed tests due to changed timezone data in cc3fe3bd30
Dmitry Stogov
- Backport 91a6cdbf in 40f463b560
- Backport 96a12578 in 28808ca96d
- Fixed bug #78185 (File cache no longer works) in cd6a6e4cf2
- Fixed incorrect specialization (missed IS_INDIRECT handling) in 9ccf3fb996
Erik Lundin
- Add syslog.filter=raw in 9f0515c40c
George Peter Banyard
- Convert short tag to standard tag in Zend test file in 63f1def367
George Wang
- Updated to LiteSpeed SAPI V7.4.3 in 32af676bd9
Joe Watkins
- Resolve discrepencies between second value yielded by gettimeofday and time, fixes #69044 in 65067dff01
- export
php_time
in 599b94ff14 - fix setcookie Max-Age to use
php_time
in 31a1c1e67c
Joshua Westerheide
- Fix #78183: finfo_file shows wrong mime-type for .tga file in 855bbc88c9
- Add tests from fix #78183 from PHP-7.2 in 6cdeedb8de
Nikita Popov
- Add test for bug #78106 in f8a68fd935
- Fixed bug #78106 in f1a8138055
- Fix some leaks in ldap in 98457b6d60
- Accept null for preg_quote delimiter argument in 03db04c3ab
- Free cert in
php_openssl_load_stream_cafile()
in 90cb3743be - Fix CSR leaks in openssl in e0bafc6da4
- Fix X509 leak in
openssl_pkcs7_verify()
in a0da2fb2b7 - Fix netscape spki leak in openssl in dfe6f0c1c6
- Fix d leak in ecc openssl_pkey_new in c939a67866
- Fix PKCS12 leak in openssl in 99f3e0f0ed
- Remove
stream_socket_sendto.phpt
in 7d28a24c66 - Backport test fix in 32c68428a9
- Fixed bug #78230 in 4892bbc167
- Fixed bug #78231 in 0e48e35e04
- Fix inference for compound object op on dim in c353f17d42
- Backport fe_reset_rw case in 5846e85283
- Revert "Fixed bug #76980" in 22ed362810
- Add CONFLICTS to recognized sections in 3fa9f9cfae
- Fix bug #78271 in e7a83ec8df
- Fixed bug #78279 in 4a91f66b8f
- Use TRY_ADDREF/TRY_DELREF in soap in a7de2af46c
- Fixed bug #78010 in 193f28c7d5
- Fix bug #77124 in 88ffe05797
- Fixed bug #78297 in f3e71b3b73
- Fixed bug #78341 in d561a998c9
Niklas Keller
- Fix memory leak in TLS matches_san_list in fea9f93166
Peter Kokot
- Fix bug #78197: PCRE2 version check in 624488b5e8
Remi Collet
- next is 7.2.21 in 05c60abfdb
- next is 7.2.21 in feb92adc5c
- move NEWS entry in e59b986fa7
- add test for #78185 in 63f2d88088
- move NEWS entry in c2ee2e4c74
- improve test clean section in b3cfeda3c7
- fix test for Windows and for parallel run in d8202bf917
- Fix #78269 password_hash uses weak options for argon2 in eab0079c90
- Fix #78269 password_hash uses weak options for argon2 in a7ff3a6483
Stanislav Malyshev
- Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) in f22101c830
- Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment) in e648fa4699
sunnyeo
- Fix bugs in AST printer in f7327b6244
Tyson Andre
- Fix bug in opcache flags for mysqli_get_charset in 7350e808c5
- Fix opcache signatures for mysqli_stat in 07c63c6fdf
- Be more precise about possible types for mysqli methods in 5d3e3a62a2
Vincent
- Fix bug #78192 PDO SQLite SegFault when reuse statement after schema has changed in 05c00a832c