Release Information
- Release Type
- Security Update
- Release Status
- Latest
- Branch Status
- Security-Fixes Only
PHP 8.1 is currently only receiving security fixes, and scheduled to reach EOL on 2025-12-31
Downloads
Source Code
Git Clone
Use Git to clone the 8.1.31 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.31How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.1.31-x64NTS.zip (29.34 MiB)
php-8.1.31-x86NTS.zip (26.39 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.1.31-x64TS.zip (29.44 MiB)
php-8.1.31-x86TS.zip (26.37 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.31-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.31-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.31-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.31-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.31-fpmChangeLog
CLI
- Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
LDAP
- Fixed bug GHSA-g665-fm4p-vhff (OOB access in
ldap_escape). (CVE-2024-8932)
MySQLnd
- Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
PDO DBLIB
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
PDO Firebird
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
Streams
- Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
Commit List
Christoph M. Becker
- Fix failing soap tests on Windows in 5f3e6e346c
- Update Windows CI to use php-sdk-2.3.0 in d9d82377cc
- Patch libcurl.pc for macOS builds in 9196a72eb0
- Need to define BREW_OPT in d6249b6e1f
- Stick with icu4c 74.2 on macOS CI for PHP-8.1 in 9128fb8f1e
- Update FreeBSD CI in 85e23dbbb2
Ilija Tovilo
- Backport CI fixes to security branches in 25c0993902
- Backport nightly.yml and
nightly_matrix.phpto PHP-8.1 in 27e8860594 - [CI] Backport usage of db service for 8.1 in 560a585117
- Partial backport of e7462bf in ed041c3443
- Remove -Werror for libmysql test on 8.1 only in 769947648e
Jakub Zelenka
- Fix failing openssl_private_decrypt tests in 53cc92c85c
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in 426a6d4539
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in 2f5aa9f9d1
- Fix MySQLnd possible buffer over read in auth_protocol in 32f905f1d6
- Update NEWS with security fixes info in a001ad33f0
Niels Dossche
- Backport 0a39890c: Fix libxml2 2.12 build due to API breaks in fa6a0f80f6
- Backport e2d97314: Backport deprecation warning ignores to unbreak CI in dbde99d875
- Backport 4fe82131: Backport libxml2 2.13.2 fixes in GH-14816
- Backport f74f9b07: Update libxml test for the directory field behaviour change in b78618750f
- Backport 3ec5919e: Update error message for libxml 2.13 in 6199289b6e
- Workaround deprecation warning in
zend_teston 8.1 in 5bd04acfe9 - Backport 061058a9: Test fixes for libxml2 2.12.0 in 14c107371c
- Fix error message for newer libxml in 2c40762b4e
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in d9baa9fed8
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 69c5f68fdc
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escapein f9ecf90070 - Fix GHSA-r977-prxv-hc43 in 81030c9bbb
- Fix GHSA-4w77-75f9-2c8w in 7dd336ae83
Patrick Allaert
- Update versions for PHP 8.1.31 in 38123aca18
Saki Takamachi
- Backport 3237b8f4 in 8497400b23