PHP 7.4.4: Downloads, Changelog, News

Release Information

Release: 7.4.4
PHP Version: PHP 7.4
Release Date: 2020 Mar 19
Release Type: Security Update
Release Status: EOL, Use PHP 7.4.33
Branch Status: Unsupported

PHP 7.4 reached EOL on 2022-11-28, and all releases of this version no longer receive security or bug fixes. Using PHP 7.4.4 is not recommended. PHP 7.4.33 is the latest version in the series.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-7.4.4-x64NTS.zip (24.78 MiB)

php-7.4.4-x86NTS.zip (23.09 MiB)

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-7.4.4-x64TS.zip (24.89 MiB)

php-7.4.4-x86TS.zip (23.05 MiB)

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.4.4-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:7.4.4-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:7.4.4-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:7.4.4-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:7.4.4-fpm

ChangeLog

Core

Fixed bug #79244 (php crashes during parsing INI file).
Fixed bug #63206 (restore_error_handler does not restore previous errors mask).

COM

Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
Fixed bug #79247 (Garbage collecting variant objects segfaults).
Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
Fixed bug #79332 (php_istreams are never freed).
Fixed bug #79333 (com_print_typeinfo() leaks memory).

CURL

Fixed bug #79019 (Copied cURL handles upload empty file).
Fixed bug #79013 (Content-Length missing when posting a curlFile with curl).

DOM

Fixed bug #77569: (Write Access Violation in DomImplementation).
Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).

Enchant

Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).

EXIF

Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)

Fileinfo

Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow).

FPM

Fixed bug #77653 (operator displayed instead of the real error message).
Fixed bug #79014 (PHP-FPM & Primary script unknown).

MBstring

Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)

MySQLi

Fixed bug #64032 (mysqli reports different client_version).

MySQLnd

Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows).

Opcache

Fixed bug #79252 (preloading causes php-fpm to segfault during exit).

PCRE

Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
Fixed bug #79241 (Segmentation fault on preg_match()).
Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even if not matched).

PDO_ODBC

Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).

Reflection

Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).

SQLite3

Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).

Standard

Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066)
Fixed bug #79254 (getenv() w/o arguments not showing changes).
Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).

Zip

Fixed bug #79315 (ZipArchive::addFile doesn't honor start/length parameters).

Commit List

Anatol Belski

Update bundled stdxx check macros in 34bab6c9fc

Christoph M. Becker

Fix #79019: Copied cURL handles upload empty file in 2d0dec91a5
Next is 7.3.16 in e3632fdc0d
Fix #66322: COMPersistHelper::SaveToFile can save to wrong location in 5e2ea00b15
Fix #79242: COM error constants don't match com_exception codes in b9738f5802
Fix #79247: Garbage collecting variant objects segfaults in b4f61d99cf
Fix #79248: Traversing empty VT_ARRAY throws com_exception in f649adedfe
Fix #79254: getenv() w/o arguments not showing changes in 7b464ce6f3
Fix #77569: Write Acess Violation in DomImplementation in cec8b24c84
Fix typo in recent bugfix in 8308196c97
Fix #79271: DOMDocumentType::$childNodes is NULL in 0966941130
Fix # 79171: heap-buffer-overflow in phar_extract_file in 7df594b943
Fix # 79171: heap-buffer-overflow in phar_extract_file in b01b1f65e7
Create a new console for each test worker on Windows in e1de11d467
Fix #79038: PDOStatement::nextRowset() leaks column values in 08073b0658
Add test for bug #78569 in ad000a63e8
Fix #79294: ::columnType() may fail after SQLite3Stmt::reset() in f133f0024e
Fix #79299: com_print_typeinfo prints duplicate variables in 9e6358af36
Fix #64032: mysqli reports different client_version in 8654c32b58
Add upgrading node regarding fix for bug #79271 in 49762c84e0
Fix #79311: enchant_dict_suggest() fails on big endian architecture in 6adb885966
Fix #79332: php_istreams are never freed in 2adf1c4d23
Fix #79333: com_print_typeinfo() leaks memory in 53140e5c56
Update libmagic.patch in f15ab32af8
Abstract over crypto operations in a7400d5fd3
Native Windows support for mysqlnd sha256 authentification in a0377021c5
Fix #79013: Content-Length missing when posting a curlFile with curl in fc8b3ab7cb
Next is 7.3.17 in 9dda3b9eb2
Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow in 69155120e6
Fix #79283: Segfault in libmagic patch contains a buffer overflow in 54bccd7345

Derick Rethans

Update NEWS in 2c24590d6e
Update versions for PHP 7.4.4 in acfdeccb2e

Dmitry Stogov

Make opcodes to return de-refereced values of typed references (in the same was as for non-typed) in 5d0ef4c239
Disable instantiation of zero size FFI\CData objects in 54ecf57fe2
Fixed incorrect behavior of internal memory debugger in 45b4368d5c
Fixed incorrect overflow detection in 5b51b633e2

Jakub Zelenka

Fix bug #77653 (operator displayed instead of the real error message) in 0bc6a66a7a
Fix bug #79014 (PHP-FPM & Primary script unknown) in 578a8113eb

jsmmo

Remove hint to security purpose of disable_functions in 038ca4bb07

Mark Plomer

Fix #63206: Fully support error/exception_handler stacking, even with null or inside the handler in 8c6a7c3326

Michael Voříšek

Remove value from comment in php.ini files in 61e76927b4

Miguel Xavier Penha Neto

Fixes #79265: Improper injection of Host header when using fopen for http requests in d0d60503b5

Nikita Popov

Fixed bug #79188 in 13bfa9f5ac
PCRE: Check whether start offset is on char boundary in c9e78e6d33
PCRE: Only remember valid UTF-8 if start offset zero in cd5591a28d
Fixed bug #79257 in 3a51530963
Fix Azure MacOS build in 9c8cc480ba
Mark bug76348.phpt as online test in 2826364298
Don't use VLA in mysqlnd auth in 9d31a42a30
Update Ubuntu version on Azure in 2b50d905df
Don't use asm arithmetic under msan in 5a5680c25b
Reduce code duplication in HTTP header checks in 3d9c02364d
Don't treat any WS as start of header in 56cdbe63c2
Add skipif for argon2id in test in 6c0a33f2dc
Enable ext/sodium in CI in 2d15845ae1
Add test for bug #60161 in 8c8f8c4193
Use type-checked ref assignment in UConverter in 6d19acf54b
Fixed bug #79252 in 30ee3f48d4
Try to fix intermittent FPM failures in 3c096b51f9
Fix another flaky FPM test in b2d01e0be8
Try to fix msvc build in a7de98fb12
Fixed bug #79062 in 6c48da9a50
Remove generated lexer in 533633deda

Remi Collet

bump version to 7.2.29 in 63f6608f89
Fix #79315 ZipArchive::addFile doesn't honor start/length parameters in d31fc591e0
NEWS in 1b40bb76b9
fix test in 5b82fd491a
this test needs json in e2b5f18896

Stanislav Malyshev

Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in d76f7c6c63
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions in e5c95234d8
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 409965fe1c
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions in 6facfa59a5
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 282bfb109e
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions in bbcb8cab8c
Fixed bug #79282 in 0c77b4307d
Fix bug #79329 - get_headers should not accept \0 in a33d05b147
Fix test in 919e91f841

Xinchen Hui

Fixed bug #79244 (php crashes during parsing INI file). (Laruence) in 6295ff77b7