Release Information
- Release Type
- Security Update
- Release Status
- Latest
- Branch Status
- Security-Fixes Only
PHP 8.1 is currently only receiving security fixes, and scheduled to reach EOL on 2025-12-31
Downloads
Source Code
Git Clone
Use Git to clone the 8.1.33 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.33
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.1.33-x64NTS.zip (29.35 MiB)
php-8.1.33-x86NTS.zip (26.4 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.1.33-x64TS.zip (29.45 MiB)
php-8.1.33-x86TS.zip (26.38 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.33-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.33-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.33-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.33-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.33-fpm
ChangeLog
PGSQL
- Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)
SOAP
- Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491)
Standard
- Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)
Commit List
Ahmed Lekssays
- Fix GHSA-453j-q27h-5p8x in 9cb3d8d200
Arnaud Le Blanc
- Add FreeBSD ZTS nightly build in 85522c0d48
Ben Ramsey
- Update versions for PHP 8.1.33 in 1996831969
David Carlier
- backporting C++17 detection support for recent icu4c releases in 3fdd3ed9f7
Ilija Tovilo
- Fix flaky connection count in mysqli test in 00ebd2d7f2
- Drop tidyp from FreeBSD build in 35936bfa79
- Use
--ignore-platform-req
=php+ in community build in 0a42e6fbc5 - Track heap->real_size for USE_TRACKED_ALLOC in 9cacc57350
- Remove bug61371 test in 391bd2a48f
Jakub Zelenka
- Fix typo in GHSA-hgf5-96fm-v528 NEWS entry in 70c2ebb698
- Fix GHSA-3cr5-j632-f35r: Null byte in hostnames in cac8f7f1cf
- Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks in 9376aeef9f
- Update NEWS with entries for security fixes in 7b33b1c916