PHP 7.4 reached EOL on , and all releases of this version no longer receive security or bug fixes. Using PHP 7.4.4 is not recommended. PHP 7.4.33 is the latest version in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 7.4.4 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-7.4.4
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.4-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:7.4.4-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:7.4.4-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:7.4.4-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:7.4.4-fpm
ChangeLog
Core
- Fixed bug #79244 (php crashes during parsing INI file).
- Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
COM
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79247 (Garbage collecting variant objects segfaults).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (
php_istreams
are never freed). - Fixed bug #79333 (
com_print_typeinfo()
leaks memory).
CURL
- Fixed bug #79019 (Copied cURL handles upload empty file).
- Fixed bug #79013 (Content-Length missing when posting a curlFile with curl).
DOM
- Fixed bug #77569: (Write Access Violation in DomImplementation).
- Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
Enchant
- Fixed bug #79311 (
enchant_dict_suggest()
fails on big endian architecture).
EXIF
- Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
Fileinfo
- Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow).
FPM
- Fixed bug #77653 (operator displayed instead of the real error message).
- Fixed bug #79014 (PHP-FPM & Primary script unknown).
MBstring
- Fixed bug #79371 (
mb_strtolower
(UTF-32LE): stack-buffer-overflow atphp_unicode_tolower_full
). (CVE-2020-7065)
MySQLi
- Fixed bug #64032 (mysqli reports different client_version).
MySQLnd
- Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows).
Opcache
- Fixed bug #79252 (preloading causes php-fpm to segfault during exit).
PCRE
- Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
- Fixed bug #79241 (Segmentation fault on
preg_match()
). - Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even if not matched).
PDO_ODBC
- Fixed bug #79038 (
PDOStatement::nextRowset()
leaks column values).
Reflection
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
SQLite3
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::
reset()
).
Standard
- Fixed bug #79329 (
get_headers()
silently truncates after a null byte). (CVE-2020-7066) - Fixed bug #79254 (
getenv()
w/o arguments not showing changes). - Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
Zip
- Fixed bug #79315 (
ZipArchive::addFile
doesn't honor start/length parameters).
Commit List
Anatol Belski
- Update bundled stdxx check macros in 34bab6c9fc
Christoph M. Becker
- Fix #79019: Copied cURL handles upload empty file in 2d0dec91a5
- Next is 7.3.16 in e3632fdc0d
- Fix #66322: COMPersistHelper::SaveToFile can save to wrong location in 5e2ea00b15
- Fix #79242: COM error constants don't match com_exception codes in b9738f5802
- Fix #79247: Garbage collecting variant objects segfaults in b4f61d99cf
- Fix #79248: Traversing empty VT_ARRAY throws com_exception in f649adedfe
- Fix #79254:
getenv()
w/o arguments not showing changes in 7b464ce6f3 - Fix #77569: Write Acess Violation in DomImplementation in cec8b24c84
- Fix typo in recent bugfix in 8308196c97
- Fix #79271: DOMDocumentType::$childNodes is NULL in 0966941130
- Fix # 79171: heap-buffer-overflow in phar_extract_file in 7df594b943
- Fix # 79171: heap-buffer-overflow in phar_extract_file in b01b1f65e7
- Create a new console for each test worker on Windows in e1de11d467
- Fix #79038:
PDOStatement::nextRowset()
leaks column values in 08073b0658 - Add test for bug #78569 in ad000a63e8
- Fix #79294: ::columnType() may fail after SQLite3Stmt::
reset()
in f133f0024e - Fix #79299: com_print_typeinfo prints duplicate variables in 9e6358af36
- Fix #64032: mysqli reports different client_version in 8654c32b58
- Add upgrading node regarding fix for bug #79271 in 49762c84e0
- Fix #79311:
enchant_dict_suggest()
fails on big endian architecture in 6adb885966 - Fix #79332:
php_istreams
are never freed in 2adf1c4d23 - Fix #79333:
com_print_typeinfo()
leaks memory in 53140e5c56 - Update libmagic.patch in f15ab32af8
- Abstract over crypto operations in a7400d5fd3
- Native Windows support for mysqlnd sha256 authentification in a0377021c5
- Fix #79013: Content-Length missing when posting a curlFile with curl in fc8b3ab7cb
- Next is 7.3.17 in 9dda3b9eb2
- Fix #79371:
mb_strtolower
(UTF-32LE): stack-buffer-overflow in 69155120e6 - Fix #79283: Segfault in libmagic patch contains a buffer overflow in 54bccd7345
Derick Rethans
- Update NEWS in 2c24590d6e
- Update versions for PHP 7.4.4 in acfdeccb2e
Dmitry Stogov
- Make opcodes to return de-refereced values of typed references (in the same was as for non-typed) in 5d0ef4c239
- Disable instantiation of zero size FFI\CData objects in 54ecf57fe2
- Fixed incorrect behavior of internal memory debugger in 45b4368d5c
- Fixed incorrect overflow detection in 5b51b633e2
Jakub Zelenka
- Fix bug #77653 (operator displayed instead of the real error message) in 0bc6a66a7a
- Fix bug #79014 (PHP-FPM & Primary script unknown) in 578a8113eb
jsmmo
- Remove hint to security purpose of disable_functions in 038ca4bb07
Mark Plomer
- Fix #63206: Fully support error/exception_handler stacking, even with null or inside the handler in 8c6a7c3326
Michael Voříšek
- Remove value from comment in php.ini files in 61e76927b4
Miguel Xavier Penha Neto
- Fixes #79265: Improper injection of Host header when using fopen for http requests in d0d60503b5
Nikita Popov
- Fixed bug #79188 in 13bfa9f5ac
- PCRE: Check whether start offset is on char boundary in c9e78e6d33
- PCRE: Only remember valid UTF-8 if start offset zero in cd5591a28d
- Fixed bug #79257 in 3a51530963
- Fix Azure MacOS build in 9c8cc480ba
- Mark
bug76348.phpt
as online test in 2826364298 - Don't use VLA in mysqlnd auth in 9d31a42a30
- Update Ubuntu version on Azure in 2b50d905df
- Don't use asm arithmetic under msan in 5a5680c25b
- Reduce code duplication in HTTP header checks in 3d9c02364d
- Don't treat any WS as start of header in 56cdbe63c2
- Add
skipif
for argon2id in test in 6c0a33f2dc - Enable
ext/sodium
in CI in 2d15845ae1 - Add test for bug #60161 in 8c8f8c4193
- Use type-checked ref assignment in UConverter in 6d19acf54b
- Fixed bug #79252 in 30ee3f48d4
- Try to fix intermittent FPM failures in 3c096b51f9
- Fix another flaky FPM test in b2d01e0be8
- Try to fix msvc build in a7de98fb12
- Fixed bug #79062 in 6c48da9a50
- Remove generated lexer in 533633deda
Remi Collet
- bump version to 7.2.29 in 63f6608f89
- Fix #79315
ZipArchive::addFile
doesn't honor start/length parameters in d31fc591e0 - NEWS in 1b40bb76b9
- fix test in 5b82fd491a
- this test needs json in e2b5f18896
Stanislav Malyshev
- Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in d76f7c6c63
- Fix bug #79082 - Files added to tar with
Phar::buildFromIterator
have all-access permissions in e5c95234d8 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 409965fe1c
- Fix bug #79082 - Files added to tar with
Phar::buildFromIterator
have all-access permissions in 6facfa59a5 - Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress in 282bfb109e
- Fix bug #79082 - Files added to tar with
Phar::buildFromIterator
have all-access permissions in bbcb8cab8c - Fixed bug #79282 in 0c77b4307d
- Fix bug #79329 - get_headers should not accept \0 in a33d05b147
- Fix test in 919e91f841
Xinchen Hui
- Fixed bug #79244 (php crashes during parsing INI file). (Laruence) in 6295ff77b7