PHP 7.4.3: Downloads, Changelog, News

Release Information

PHP Version
PHP 7.4
Release Date
Release Type
Security Update
Release Status
EOL, Use PHP 7.4.33
Branch Status

PHP 7.4 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.4.3 is not recommended. PHP 7.4.33 is the latest version in the series.


Source Code

Git Clone
Use Git to clone the 7.4.3 tag from the PHP Git repository.
git clone --depth 1 --branch php-7.4.3
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.3-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.4.3-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.3-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.4.3-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.4.3-fpm



  • Fixed bug #79146 (cscript can fail to run on some systems).
  • Fixed bug #79155 (Property nullability lost when using multiple property definition).
  • Fixed bug #78323 (Code 0 is returned on invalid options).
  • Fixed bug #78989 (Delayed variance check involving trait segfaults).
  • Fixed bug #79174 (cookie values with spaces fail to round-trip).
  • Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).


  • Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).


  • Fixed bug #79096 (FFI Struct Segfault).


  • Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure time).


  • Fixed bug #79212 (NumberFormatter::format() may detect wrong type).


  • Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).


  • Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).


  • Fixed bug #78666 (Properties may emit a warning on var_dump()).


  • Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
  • Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars).


  • Fixed bug #79114 (Eval class during preload causes class to be only half available).
  • Fixed bug #79128 (Preloading segfaults if preload_user is used).
  • Fixed bug #79193 (Incorrect type inference for self::$field =& $field).


  • Fixed bug #79145 (openssl memory leak).


  • Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
  • Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
  • Fixed bug #76584 (PharFileInfo::decompress not working).


  • Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).



  • Fixed bug #78902 (Memory leak when using stream_filter_append).
  • Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).


  • Fixed bug #78090 (bug45161.phpt takes forever to finish).


  • Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).


  • Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).
  • Add ZipArchive::RDONLY (since libzip 1.0.0).
  • Add ZipArchive::ER_* missing constants.
  • Add ZipArchive::LIBZIP_VERSION constant.
  • Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method).

Commit List


  • Update php.ini files to add missing FTP extension in 4d24f5a494

Akim Demaille

Anatol Belski

Christoph M. Becker

Derick Rethans

Deus Kane

Dmitry Stogov

  • Fixed bug #79092 (Building with clang+lld-9 results in a broken PHP binary) in ce44cd3b3c
  • Fixed bug #79094 (Crashing when running recursion function) in db7193f31e

Florian Smeets

  • Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0 in b836d9cdc1

Ivan Mikheykin


Léopold Jacquot

Máté Kocsis

  • Fix #78969 Make PASSWORD_DEFAULT match PASSWORD_BCRYPT instead of being null in ea1b878877
  • Fix #78666 mysqli_options generates Warning on var_dump() in d39edebbce

Nikita Popov

Pascal de Bruijn

  • fix cross compilation failure due to size_t typecast in define in f0f5c415a6

Remi Collet

Stanislav Malyshev

Xinchen Hui

  • Fixed bug #79114 (Eval class during preload causes class to be only half available) in 9c2fd55d01
  • minor cleanup in dda2addab2
  • Let's make this safer from maliciously crafted filename in 2958cdc0b5
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.