PHP 8.1.0: Downloads, Changelog, News

Release Information

Release
8.1.0
PHP Version
PHP 8.1
Release Date
Release Type
Security Update
Release Status
Use PHP 8.1.27 instead
Branch Status
Security-Fixes Only

PHP 8.1 is currently only receiving security fixes. PHP 8.1.0 is not the latest version in the series, and using this release is not recommended. PHP 8.1.27 is the latest in the series.

Downloads

Source Code

Git Clone
Use Git to clone the 8.1.0 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.0
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.0-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.0-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.0-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.0-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.0-fpm

ChangeLog

Core

  • Fixed inclusion order for phpize builds on Windows.
  • Added missing hashtable insertion APIs for arr/obj/ref.
  • Implemented FR #77372 (Relative file path is removed from uploaded file).
  • Fixed bug #81607 (CE_CACHE allocation with concurrent access).
  • Fixed bug #81507 (Fiber does not compile on AIX).
  • Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check).
  • Fixed bug #81518 (Header injection via default_mimetype / default_charset).
  • Fixed bug #75941 (Fix compile failure on Solaris with clang).
  • Fixed bug #81380 (Observer may not be initialized properly).
  • Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault).
  • Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
  • Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning).
  • Fixed bug #81342 (New ampersand token parsing depends on new line after it).
  • Fixed bug #81280 (Unicode characters in cli.prompt causes segfault).
  • Fixed bug #81192 ("Declaration should be compatible with" gives incorrect line number with traits).
  • Fixed bug #78919 (CLI server: insufficient cleanup if request startup fails).
  • Fixed bug #81303 (match error message improvements).
  • Fixed bug #81238 (Fiber support missing for Solaris Sparc).
  • Fixed bug #81237 (Comparison of fake closures doesn't work).
  • Fixed bug #81202 (powerpc64 build fails on fibers).
  • Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak).
  • Fixed bug #81163 (__sleep allowed to return non-array).
  • Fixed bug #75474 (function scope static variables are not bound to a unique function).
  • Fixed bug #53826 (__callStatic fired in base class through a parent call if the method is private).
  • Fixed bug #81076 (incorrect debug info on Closures with implicit binds).

CLI

  • Fixed bug #81496 (Server logs incorrect request method).

COM

  • Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT.

Curl

  • Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings).

Date

  • Fixed bug #81458 (Regression Incorrect difference after timezone change).
  • Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
  • Fixed bug #81504 (Incorrect timezone transition details for POSIX data).
  • Fixed bug #80998 (Missing second with inverted interval).
  • Speed up finding timezone offset information.
  • Fixed bug #79580 (date_create_from_format misses leap year).
  • Fixed bug #80963 (DateTimeZone::getTransitions() truncated).
  • Fixed bug #80974 (Wrong diff between 2 dates in different timezones).
  • Fixed bug #80998 (Missing second with inverted interval).
  • Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an offset with seconds).
  • Fixed bug #81106 (Regression in 8.1: add() now truncate ->f).
  • Fixed bug #81273 (Date interval calculation not correct).
  • Fixed bug #52480 (Incorrect difference using DateInterval).
  • Fixed bug #62326 (date_diff() function returns false result).
  • Fixed bug #64992 (dst not handled past 2038).
  • Fixed bug #65003 (Wrong date diff).
  • Fixed bug #66545 (DateTime. diff returns negative values).
  • Fixed bug #68503 (date_diff on two dates with timezone set localised returns wrong results).
  • Fixed bug #69806 (Incorrect date from timestamp).
  • Fixed bug #71700 (Extra day on diff between begin and end of march 2016).
  • Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo').
  • Fixed bug #73460 (Datetime add not realising it already applied DST change).
  • Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in incorrect time).
  • Fixed bug #74274 (Handling DST transitions correctly).
  • Fixed bug #74524 (Date diff is bad calculated, in same time zone).
  • Fixed bug #75167 (DateTime::add does only care about backward DST transition, not forward).
  • Fixed bug #76032 (DateTime->diff having issues with leap days for timezones ahead of UTC).
  • Fixed bug #76374 (Date difference varies according day time).
  • Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from UTC+01:00 to UTC+12:00).
  • Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran).
  • Fixed bug #79452 (DateTime::diff() generates months differently between time zones).
  • Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic -b slim')).
  • Fixed bug #79716 (Invalid date time created (with day "00")).
  • Fixed bug #80610 (DateTime calculate wrong with DateInterval).
  • Fixed bug #80664 (DateTime objects behave incorrectly around DST transition).
  • Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect time).

DBA

  • Fixed bug #81588 (TokyoCabinet driver leaks memory).

DOM

  • Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).

FFI

  • Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).

Filter

  • Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).

FPM

  • Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
  • Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
  • Added openmetrics status format.
  • Enable process renaming on macOS.
  • Added pm.max_spawn_rate option to configure max spawn child processes rate.
  • Fixed bug #65800 (Events port mechanism).

FTP

  • Convert resource<ftp> to object \FTP\Connection.

GD

  • Fixed bug #71316 (libpng warning from imagecreatefromstring).
  • Convert resource<gd font> to object \GdFont.

hash

  • Implemented FR #68109 (Add MurmurHash V3).
  • Implemented FR #73385 (Add xxHash support).

JSON

  • Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1).
  • Fixed bug GH-8238 (Register JSON_ERROR_NON_BACKED_ENUM constant).

LDAP

  • Convert resource<ldap link> to object \LDAP\Connection.
  • Convert resource<ldap result> to object \LDAP\Result.
  • Convert resource<ldap result entry> to object \LDAP\ResultEntry.

MBString

  • Fixed bug #76167 (mbstring may use pointer from some previous request).
  • Fixed bug #81390 (mb_detect_encoding() regression).
  • Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases).
  • Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is specified).

MySQLi

  • Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient).
  • Fixed bug #80330 (Replace language in APIs and source code/docs).
  • Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder (including libmysql)).

MySQLnd

  • Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment).
  • Fixed bug #80761 (PDO uses too much memory).

Opcache

  • Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array).
  • Fixed bug #81255
  • Fixed bug #80959 (infinite loop in building cfg during JIT compilation).
  • Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
  • Fixed bug #81249 (Intermittent property assignment failure with JIT enabled).
  • Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with JIT).
  • Fixed bug #81133 (building opcache with phpize fails).
  • Fixed bug #81136 (opcache header not installed).
  • Added inheritance cache.

OpenSSL

  • Fixed bug #81502 ($tag argument of openssl_decrypt() should accept null/empty string).
  • Bump minimal OpenSSL version to 1.0.2.

PCRE

  • Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
  • Bundled PCRE2 is 10.37.

PDO

  • Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for fetching a BLOB).

PDO MySQL

  • Fixed bug #80908 (PDO::lastInsertId() return wrong).
  • Fixed bug #81037 (PDO discards error message text from prepared statement).

PDO OCI

  • Fixed bug #77120 (Support 'success with info' at connection).

PDO ODBC

  • Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for PDO::getAttribute().

PDO PgSQL

  • Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling closeCursor()).

PDO SQLite

  • Fixed bug GH-38334 (Proper data-type support for PDO_SQLITE).

PgSQL

  • Fixed bug #81509 (pg_end_copy still expects a resource).
  • Convert resource<pgsql link> to object \PgSql\Connection.
  • Convert resource<pgsql result> to object \PgSql\Result.
  • Convert resource<pgsql large object> to object \PgSql\Lob.

Phar

  • Use SHA256 by default for signature.
  • Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature.

phpdbg

  • Fixed bug #81135 (unknown help topic causes assertion failure).

PSpell

  • Convert resource<pspell> to object \PSpell\Dictionary.
  • Convert resource<pspell config> to object \PSpell\Config.

readline

  • Fixed bug #72998 (invalid read in readline completion).

Reflection

  • Fixed bug #81611 (ArgumentCountError when getting default value from ReflectionParameter with new).
  • Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with Internal error).
  • Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass).
  • Fixed bug #81474 (Make ReflectionEnum and related class non-final).
  • Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current value for statics).
  • Fixed bug #80564 (ReflectionProperty::__toString() renders current value, not default value).
  • Fixed bug #80097 (ReflectionAttribute is not a Reflector).
  • Fixed bug #81200 (no way to determine if Closure is static).
  • Implement ReflectionFunctionAbstract::getClosureUsedVariables.

Shmop

  • Fixed bug #81407 (shmop_open won't attach and causes php to crash).

SimpleXML

  • Fixed bug #81325 (Segfault in zif_simplexml_import_dom).

SNMP

  • Implement SHA256 and SHA512 for security protocol.

Sodium

  • Added the XChaCha20 stream cipher functions. (P.I.E. Security Team)
  • Added the Ristretto255 functions, which are available in libsodium 1.0.18. (P.I.E. Security Team)

SPL

  • Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on premature EOF).
  • Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
  • Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1).
  • Fixed bug #81112 (Special json_encode behavior for SplFixedArray).
  • Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject non-existing key).
  • Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE from bitmask).

Standard

  • Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after calling some other method).
  • Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing).
  • Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an associative array).
  • Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes with __serialize()).
  • Fixed bug #81137 (hrtime breaks build on OSX before Sierra).
  • Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).

Streams

  • Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).

XML

  • Fixed bug #79971 (special character is breaking the path in xml function) (CVE-2021-21707).
  • Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).

Zip

  • Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
  • Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
  • Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination) (CVE-2021-21706).
  • Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword).
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.