PHP 8.1 is currently only receiving security fixes. PHP 8.1.28 is not the latest version in the series, and using this release is not recommended. PHP 8.1.31 is the latest in the series.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.28
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.1.28-cli-alpine
docker pull php:8.1.28-cli
docker pull php:8.1.28-fpm-alpine
docker pull php:8.1.28-apache
docker pull php:8.1.28-fpm
ChangeLog
Standard
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of
proc_open
). (CVE-2024-1874) - Fixed bug GHSA-wpj3-hf5j-x4v4 (Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
Commit List
Ayesh Karunaratne
- ci: update caddy job to use GitHub Releases in 4922b9eb7d
Ben Ramsey
- Update NEWS in 6f63d5f137
- Update versions for PHP 8.1.28 in 9119509142
Jakub Zelenka
- Add
proc_open
escaping for cmd file execution in 7ad6ff7d5c - Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true in 11f2568767
Niels Dossche
- Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in b756b5a461