PHP 8.1.27: Downloads, Changelog, News

Release Information

PHP Version
PHP 8.1
Release Date
Release Type
Bug Fix Release
Release Status
Use PHP 8.1.29 instead
Branch Status
Security-Fixes Only

PHP 8.1 is currently only receiving security fixes. PHP 8.1.27 is not the latest version in the series, and using this release is not recommended. PHP 8.1.29 is the latest in the series.


Source Code

Git Clone
Use Git to clone the 8.1.27 tag from the PHP Git repository.
git clone --depth 1 --branch php-8.1.27
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.27-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.27-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.27-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.27-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.27-fpm



  • Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).
  • Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).
  • Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).


  • Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix).


  • Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).


  • Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).


  • Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).


  • Avoid using uninitialised struct.


  • Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).


  • Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).


  • Fixed bug GH-12763 wrong argument type for pg_untrace.


  • Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).


  • Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).


  • Fix memory leak in syslog device handling.
  • Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost).
  • Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array).


  • Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).


  • Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).

Commit List

Ben Ramsey

  • Merge changes to from PHP-8.2 in 2b4a47ccec

Bob Weinand

Daniil Gentili

  • Fix memory leak in standard syslog device handling in 10b2b4a52c


  • Fix phpGH-12763: PGSQL pg_untrace(): Argument #1 ($connection) must be of type resource or null, PgSql\Connection given in 3f57bd80f6

Dmitry Stogov

  • Backport fix for GH-12512: JIT Assertion `info & (1 << type)' failed in GH-12660
  • Fixed GH-12748: Function JIT emits "could not convert to int" warning at the same time as invalid offset Error in 87107f8688

Florian Engelhardt

  • Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC in GH-12768

Ilija Tovilo

  • Fix undeclared variable in stat tests in db8c91ae9f
  • Disable -fsanitize=function on Clang 17 in f7f9401cc8
  • Fix astat imperciseness excemption in test in fe34dd1b49
  • Automatically mark tests as flaky in 9bdd0f0de9
  • Fix file test race condition in e1e140f2f2
  • Retry tests on deadlock in 2312637496
  • Temporarily disable failing zlib tests on travis in GH-10738
  • Fix use-after-free of name in var-var with malicious error handler in 1fdcfa4ebe
  • Fix in-place modification of filename in php_message_handler_for_zend in daa38dd63e

Jakub Zelenka

  • Initialize syslog device in GINIT in b4208c8f96
  • Skip slow tests on Travis in e41cbd2174
  • Fix bug #79945: Stream wrappers in imagecreatefrompng causes segfault in a7a6151c4f
  • Fix stream fclose_stdiocast_flush_in_progress type in e43ffb5023
  • Fix #50713: openssl_pkcs7_verify() may ignore untrusted CAs in 55e0748487

Mikhail Galanin

Muhammad Moinur Rahman

Niels Dossche

Patrick Allaert

Patrick Prasse

Remi Collet


Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.