PHP 7.4.11: Downloads, Changelog, News

Release Information

Release: 7.4.11
PHP Version: PHP 7.4
Release Date: 2020 Oct 01
Release Type: Security Update
Release Status: EOL, Use PHP 7.4.33
Branch Status: Unsupported

PHP 7.4 reached EOL on 2022-11-28, and all releases of this version no longer receive security or bug fixes. Using PHP 7.4.11 is not recommended. PHP 7.4.33 is the latest version in the series.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-7.4.11-x64NTS.zip (24.83 MiB)

php-7.4.11-x86NTS.zip (23.13 MiB)

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-7.4.11-x64TS.zip (24.93 MiB)

php-7.4.11-x86TS.zip (23.10 MiB)

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.4.11-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:7.4.11-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.4.11-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:7.4.11-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:7.4.11-fpm

ChangeLog

Core

Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
Fixed bug #79699 (PHP parses encoded cookie names so malicious __Host- cookies can be sent). (CVE-2020-7070)

Calendar

Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).

COM

Fixed bug #64130 (COM obj parameters passed by reference are not updated).

OPcache

Fixed bug #80002 (calc free space for new interned string is wrong).
Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).

OpenSSL

Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)

PDO

Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).

SOAP

Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").

Standard

Fixed bug #79986 (str_ireplace bug with diacritics characters).
Fixed bug #80077 (getmxrr test bug).
Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
Fixed bug #80067 (Omitting the port in bindto setting errors).

Commit List

Andy Postnikov

Fix #80007: Potential type confusion in unixtojd() parameter parsing in b2a33ab06b

Christoph M. Becker

7.3.23 is next in ff14b7adad
Fix #80002: calc free space for new interned string is wrong in fcd26ffcc3
Fix #79986: str_ireplace bug with diacritics characters in 844a2dd6ac
Fix #79979: passing value to by-ref param via CUFA crashes in 6b6c2c003c
Fix potential integer overflow detected by oss-fuzz in 74de17f2ea
Avoid double-free in 3324bb893e
Fix #64130: COM obj parameters passed by reference are not updated in 5ff15e2651
Separate COM::__construct()s $server_name array in 75ac3f1cba
Fix com_safearray_proxy related memory management issues in 1b7ee6db88
Catch potential exceptions during to string conversion in 296030119c
Skip test if A: drive exists in c70a938f28
Fix #80048: Bug #69100 has not been fixed for Windows in 1848ccdae2
Fix #72941: Modifying bucket->data by-ref has no effect any longer in 5dcb8f2f1c
Fix #80067: Omitting the port in bindto setting errors in dfb3a79914
Avoid segfault if module/extension version is not defined in 4e198c0064

David Carlier

sqlite3 linkage issue on some systems/package combination fix in 1b21b56074

Derick Rethans

Prepare for 7.4.11 in 499bf91cd0
Update timelib to 2018.04 in 778902db63
Fixed test case in 488e53c18b
NEWS maintenance in d84f56a4a7
Update versions for PHP 7.4.11 in e1daa19750

Manuel Mausz

Fix wrong datatype in 46d62e5464

Matteo Beccati

Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked" in f7c43b8c72
Fix #80027 Terrible performance using $query->fetch on queries with many bind parameters in 44ade0e875

Nikita Popov

Fix refcounting in bb54694f4f
Remove bogus REGISTER_LONG_CONSTANT in 063082043a
Don't enable --with-mm in CI in 571f6a598f
Fix memory leak when yielding from non-iterable in d179e34e42
Avoid socket path clash in test in 0487bcfac7
Fix file name clash in test in 358721bcf7
Property handle read_property exception in fetch_property_address in 247105ae1a
Require non-negative length in stream_get_contents() in 62dce97973
Don't assert when comparing uninit DateTimeZone objects in 5ae657b296
Make MAX_IFD_NESTING_LEVEL an actual nesting level in 376bbbdf3b
Fix handling of exception if valid() during yield from in ad750c3bb6
Add test for bug #80039 in 8f7c529720
Fix bug #80037 in dfaa4768d2
Check update constant failure in ReflectionClassConstant::__toString() in 8bb2f406de
Fix leak on consteval exception in ReflectionClass::__toString() in 1f6f9c70cb
Fix leak on assign concat of array and empty string in cd2afd99b1
Fix pi node removal when removing predecessor in 37612936a1
Check for null EX(func) in write_property in f92a03627a
Fix infinite loop on string offset during by-ref list assign in a07c1f56aa
Fix throwing of yield from related exceptions into generator in 2e9e706a82
Fix binary-safety of parse_url in 54dbd3eccc
Handle memory limit error during string reallocation correctly in 573ad182d2
Fixed bug #80046 in 8516434a56
Fixed bug #80049 in 46a49be6c8
Avoid duplicate octal warning during heredoc scan ahead in e8d36ce762
Fix azure i386 build in 4ebc04ca9d
Don't leave behind temporary file in bug70362.phpt in 2a334f1655
Fixed bug #80077 in 07cb665515
Revert "Manually build re2c on macos" in 3a5b22e3b5
Revert "Update libzip on macos" in 5a201ddad0
Support more placeholders in bless_tests.php in ababa22136
Fix azure i386 build, again in 1d8ddf6c49

Sammy Kaye Powers

Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers in 2d4aa1ef3d

Stanislav Malyshev

Update UPGRADING in e88dcdcdc8

twosee

Improve error_handing replacement functions in e948188832