PHP 7.4 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.4.3 is not recommended. PHP 7.4.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.4.3 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.4.3How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-7.4.3-x64NTS.zip (24.79 MiB)
php-7.4.3-x86NTS.zip (23.09 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-7.4.3-x64TS.zip (24.89 MiB)
php-7.4.3-x86TS.zip (23.06 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.3-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.4.3-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.3-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.4.3-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.4.3-fpmChangeLog
Core
- Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #79155 (Property nullability lost when using multiple property definition).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #78989 (Delayed variance check involving trait segfaults).
- Fixed bug #79174 (cookie values with spaces fail to round-trip).
- Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
CURL
- Fixed bug #79078 (Hypothetical use-after-free in
curl_multi_add_handle()).
FFI
- Fixed bug #79096 (FFI Struct Segfault).
IMAP
- Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure time).
Intl
- Fixed bug #79212 (
NumberFormatter::format()may detect wrong type).
Libxml
- Fixed bug #79191 (Error in SoapClient ctor disables
DOMDocument::save()).
MBString
- Fixed bug #79149 (SEGV in
mb_convert_encodingwith non-string encodings).
MySQLi
- Fixed bug #78666 (Properties may emit a warning on
var_dump()).
MySQLnd
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
- Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars).
Opcache
- Fixed bug #79114 (Eval class during preload causes class to be only half available).
- Fixed bug #79128 (Preloading segfaults if preload_user is used).
- Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
OpenSSL
- Fixed bug #79145 (openssl memory leak).
Phar
- Fixed bug #79082 (Files added to tar with
Phar::buildFromIteratorhave all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
- Fixed bug #76584 (
PharFileInfo::decompressnot working).
Reflection
- Fixed bug #79115 (
ReflectionClass::isCloneablecall reflected class __destruct).
Session
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
Standard
- Fixed bug #78902 (Memory leak when using
stream_filter_append). - Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).
Testing
- Fixed bug #78090 (
bug45161.phpttakes forever to finish).
XSL
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
Zip
- Add ZipArchive::CM_LZMA2 and
ZipArchive::CM_XZconstants (since libzip 1.6.0). - Add
ZipArchive::RDONLY(since libzip 1.0.0). - Add
ZipArchive::ER_* missing constants. - Add
ZipArchive::LIBZIP_VERSIONconstant. - Fixed bug #73119 (Wrong return for
ZipArchive::addEmptyDirMethod).
Commit List
aand18
- Update php.ini files to add missing FTP extension in 4d24f5a494
Akim Demaille
- Use "%define parse.error verbose" in 5265fabc25
Anatol Belski
- Backport 7d2ef3d2 into 7.4 in 6352e9a989
Christoph M. Becker
- Bump version in 38c0a53b60
- Increase
sleep()time in test case in 896f7533ee - Make test more resilient in eaa93f6b8a
- Extract function in a6d385a8e8
- Bump version in 7ea4f0e47e
- Fix #79078: Hypothetical use-after-free in
curl_multi_add_handle()in 0dda4a844e - Fix #79086: Bump version not applied in d684f5fdc0
- Fix useless tests in cfa9e5e05e
- Silence potential taskkill error messages in bf629baa9c
- Fix test for Windows ZTS builds in bc529b92ee
- Fix test cases which fail on Windows debug builds in f6dea34831
- Bring back test case support for older MySQL versions in 0ab53f1636
- Fix #79084: mysqlnd may fetch wrong column indexes with MYSQLI_BOTH in 1752393bb4
- Fix #79096: FFI Struct Segfault in 05f3cd23ed
- Disable optimizations for ASan instrumented builds in c9908ee5eb
- Fix #79091: heap use-after-free in
session_create_id()in f79c774274 - Update NEWS wrt. sec fixes in b67fc51859
- Fix #79145: openssl memory leak in 9eff906a02
- Fix #79149: SEGV in
mb_convert_encodingwith non-string encodings in 94c9dc498f - Fix #79154:
mb_convert_encoding()can modify $from_encoding in 9be31a582a - Don't leak encoding_str in f1bf4bf6eb
- Make MSVCRT memory leak checking usable for the test suite in 4130fe437a
- Enable UBSan in addition to ASan in ea3afcbae3
- Yet another check for
php_strip_tags_ex()in 6d57476fd7 - Yet another check for
php_strip_tags_ex()in 372b678e56 - Make test independent of online XSD schema in 49cbd23155
- Fix #79172: STRUCT_OFFSET() relies on undefined behavior in 412b476b7f
- Fix #76584:
PharFileInfo::decompressnot working in 136f51f1e1 - Enable support for LIBZIP_VERSION in d7052765ed
- Fix #79174: cookie values with spaces fail to round-trip in addc3c92f2
- Fix #70078: XSL callbacks with nodes as parameter leak memory in 8226e704e4
- Fix #79212:
NumberFormatter::format()may detect wrong type in c2935499b1 - Relax test expectation in b93e4aa11c
- Fix #79191: Error in SoapClient ctor disables
DOMDocument::save()in fe1bfb78d6 - Fix #78090:
bug45161.phpttakes forever to finish in 079905acd5 - Fix #79247: Garbage collecting variant objects segfaults in 7acaa4020d
- Fix # 79171: heap-buffer-overflow in phar_extract_file in b97a9718c8
Derick Rethans
- Update NEWS in 9d63514d35
- Update versions for PHP 7.4.3 in 1bc56dbdba
Deus Kane
- Fix #79146: cscript can fail to run on some systems in 3046e35718
Dmitry Stogov
- Fixed bug #79092 (Building with clang+lld-9 results in a broken PHP binary) in ce44cd3b3c
- Fixed bug #79094 (Crashing when running recursion function) in db7193f31e
Florian Smeets
- Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0 in b836d9cdc1
Ivan Mikheykin
- Fix bug #78323: Code 0 is returned on invalid options in fd08f062ae
liudaixiao
- Fixed bug #78902 in 67421a780d
Léopold Jacquot
- Add unit test for bug #78902 in f720fb1e21
Máté Kocsis
- Fix #78969 Make PASSWORD_DEFAULT match PASSWORD_BCRYPT instead of being null in ea1b878877
- Fix #78666 mysqli_options generates Warning on
var_dump()in d39edebbce
Nikita Popov
- Display a message if select in FPM test timeouts in e2361498d5
- Revert "Display a message if select in FPM test timeouts" in 4b860c06ed
- Increase select timeout in FPM tester in b3cc30adf8
- Remove unnecessary whitespace sensitivtiy from some tests in e748a5a0e6
- Fix test in c247898949
- Fixed bug #71876 in 018251a7c4
- Fixed bug #79115 in 07bda97e76
- Increase timeout in mysqli_reap_async_query test in b6506ab32a
- Fix bug #79112: IMAP can't find OpenSSL during configure in 74380465ec
- Fix file clash in
bug54446.phpttests in f5c5f7c05b - Add sleep in FPM reload test in 0aa09da486
- Avoid some @
count()suppressions inrun-tests.phpin 59b3ab827a - Fixed bug #79155 in 2eb33818b6
- Fixed bug #79151 in db9776c53c
- Fix
bug76348.phptin 2c2cbbbf55 - Don't use CRLF when generating diffs in c6cf354a9a
- Fix memory leaks in mysqlnd debug functionality in 555567468a
- Fixed bug #79011 in bb5cdd9b74
- Fix mysqli ssl test for tls1.3 in c14df824d1
- Fixed bug #79128 in 3291891408
- Fixed bug #78989 in 1146bdb9b2
- Fix
mysqli_get_warnings()with multi queries in 8a5bc8c6be - Fix memory leak in
mb_str_splitin 9fcaf25c93 - Fix recovery of large entities in
mb_decode_numericentity()in 91f878779c - Fix length inconsistency in
mb_convert_encodingin 5589bf4d4a - Fix use of
mb_ereg_search_getregs()after invalid pattern in 392ad206a4 - Reset MBREX(search_re) in RSHUTDOWN in 560ff9725e
- Better overflow check for entity decoding in 18599f9c52
- Fix
mb_ord()crash if internal encoding not supported in a62c06c4cf - Restore digit check in
mb_decode_numericentity()in 9aadcb18e1 - Fix shift ub in mbstring in 43465768f1
- Fix UAF in
is_callable()and allocated trampoline in 429f194f40 - Reset trampoline on executor startup in 98deece6f7
- Add
SKIPIFto test requiring mbregex in 6ccd675776 - Fix copying of functions in variance obligations in 68596ed71e
- Fix leak in
DateTimeImmutable::modify()in 494615fcb8 - Fix DatePeriod property handling with indirect modification in 01d30f880a
- Fix live range calculation for FE_FETCH in be7eab3202
- Fixed bug #79193 in f70b552326
- Fix bug #76047 in ef1e4891b4
- Disable parallelism for FPM tests in aaf9cbb7eb
- Add WHITESPACE_SENSITIVE run-tests section in 27fb0b28dd
- Add
tidy.phpto enforce formatting in 4fd6318580 - Apply tidy formatting in 58b17906f5
Pascal de Bruijn
- fix cross compilation failure due to size_t typecast in define in f0f5c415a6
Remi Collet
- next will be 7.2.28 in 7e2bd95fa5
- Add ZipArchive::CM_LZMA2 constant (since libzip 1.6.0) in b9dff1160e
-
- bump zip extension version to 1.15.6 in 5215f072af
- zip: more constants in bdcfdd4402
- Fixed bug #73119 Wrong return for
ZipArchive::addEmptyDirMethod in 3c274613dc - NEWS in 846e52bd45
- add test in 7fc06635c4
Stanislav Malyshev
- Fix #79099: OOB read in
php_strip_tags_exin 0f79b1bf30 - Fix bug #79037 (global buffer-overflow in
mbfl_filt_conv_big5_wchar) in 2bcbc95f03 - Update NEWS in 5c90f8eb66
- More checks for
php_strip_tags_exin 2dc170e25d - Fix bug #79082 - Files added to tar with
Phar::buildFromIteratorhave all-access permissions in ead40a6678 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in e73d8e2627
Xinchen Hui
- Fixed bug #79114 (Eval class during preload causes class to be only half available) in 9c2fd55d01
- minor cleanup in dda2addab2
- Let's make this safer from maliciously crafted filename in 2958cdc0b5