PHP 8.1 is currently only receiving security fixes. PHP 8.1.30 is not the latest version in the series, and using this release is not recommended. PHP 8.1.33 is the latest in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 8.1.30 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.30How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.1.30-x64NTS.zip (29.33 MiB)
php-8.1.30-x86NTS.zip (26.39 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.1.30-x64TS.zip (29.44 MiB)
php-8.1.30-x86TS.zip (26.36 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.30-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.30-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.30-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.30-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.30-fpmChangeLog
CGI
- Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
FPM
- Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
SAPI
- Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
Commit List
Arnaud Le Blanc
- Fix GHSA-9pqp-7h25-4f32 in d65a1e6f91
Ben Ramsey
- Update NEWS in 557e09f678
- Update versions for PHP 8.1.30 in 773c0eda4a
Jakub Zelenka
- Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be altered in 4580b8b3e1
- Update NEWS with security fixes info in 8d87bc3e26
- Skip GHSA-9pqp-7h25-4f32 test on Windows in 4bcc7d5778
Niels Dossche
- Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 in 4b15f5d4ec
- Fix GHSA-3qgc-jrrr-25jv in 9382673148
- Fix GHSA-w8qr-v226-r27w in 7e0e3cc820
- Fix GHSA-p99j-rfp4-xqvq in 4b9cd27ff5
- Fix GHSA-94p6-54jq-9mwp in c1c14c8a0f