PHP 8.2.0: Downloads, Changelog, News

Release Information

PHP Version
PHP 8.2
Release Date
Release Type
Security Update
Release Status
Use PHP 8.2.20 instead
Branch Status

PHP 8.2.0 is an old release of PHP 8.2 series. Using the latest version PHP 8.2.20 is highly recommended.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.


Source Code

Git Clone
Use Git to clone the 8.2.0 tag from the PHP Git repository.
git clone --depth 1 --branch php-8.2.0
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.0-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.0-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.0-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.0-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.0-fpm



  • Fixed bug #81496 (Server logs incorrect request method).
  • Updated the mime-type table for the builtin-server.
  • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
  • Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource destruction.
  • Implement built-in web server responding without body to HEAD request on a static resource.
  • Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource.
  • Fixed bug GH-9709 (Null pointer dereference with -w/-s options).


  • Fixed bug GH-8750 (Can not create VT_ERROR variant type).


  • Fixed bug #81380 (Observer may not be initialized properly).
  • Fixed bug GH-7771 (Fix filename/lineno of constant expressions).
  • Fixed bug GH-7792 (Improve class type in error messages).
  • Support huge pages on MacOS.
  • Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
  • Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable warning).
  • Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed enums).
  • Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function calls).
  • Optimised code path for newly created file with the stream plain wrapper.
  • Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows.
  • Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_(), mb_ereg(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString().
  • Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
  • Added error_log_mode ini setting.
  • Updated request startup messages.
  • Fixed bug GH-7900 (Arrow function with never return type compile-time errors).
  • Fixed incorrect double to long casting in latest clang.
  • Added support for defining constants in traits.
  • Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for "{$g{'h'}}".
  • Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching.
  • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
  • Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
  • Fixed bug GH-9285 (Traits cannot be used in readonly classes).
  • Fixed bug GH-9186 (@strict-properties can be bypassed using unserialization).
  • Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword results in a parse error).
  • Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A).
  • Fixed observer class notify with Opcache file_cache_only=1.
  • Fixes segfault with Fiber on FreeBSD i386 architecture.
  • Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable)
  • Fixed bug GH-9589 (dl() segfaults when module is already loaded).
  • Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
  • Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
  • Fixed a bug with preloaded enums possibly segfaulting.
  • Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler).
  • Fixed potential NULL pointer dereference Windows shm*() functions.
  • Fix target validation for internal attributes with constructor property promotion.
  • Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.


  • Added support for CURLOPT_MAXFILESIZE_LARGE.
  • Added new constants from cURL 7.62 to 7.80.
  • New function curl_upkeep().


  • Fixed GH-8458 (DateInterval::createFromDateString does not throw if non-relative items are present).
  • Fixed bug #52015 (Allow including end date in DatePeriod iterations)
  • idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year).
  • Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
  • Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
  • Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
  • Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
  • Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
  • Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
  • Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no errors/warnings).
  • Fixed bug with parsing large negative numbers with the @ notation.


  • Fixed LMDB driver hanging when attempting to delete a non-existing key
  • Fixed LMDB driver memory leak on DB creation failure
  • Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag).


  • Fixed bug GH-9090 (Support assigning function pointers in FFI).


  • Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).


  • Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs.


  • Emit error for invalid port setting.
  • Added extra check for FPM proc dumpable on SELinux based systems.
  • Added support for listening queue on macOS.
  • Changed default for listen.backlog on Linux to -1.
  • Added listen.setfib pool option to set route FIB on FreeBSD.
  • Added access.suppress_path pool option to filter access log entries.
  • Fixed on fpm scoreboard occasional warning on acquisition failure.
  • Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).


  • Fix datetime format string to follow POSIX spec in ftp_mdtm().


  • Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)


  • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).


  • Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
  • Fixed bug GH-10077: Fix compilation on RHEL 7 ppc64le.


  • Update all grandfathered language tags with preferred values
  • Fixed GH-7939 (Cannot unserialize IntlTimeZone objects).
  • Fixed build for ICU 69.x and onwards.
  • Declared Transliterator::$id as readonly to unlock subclassing it.
  • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).


  • Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()).


  • Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).


  • Fixed potential heap corruption due to alignment mismatch.


  • Added oci8.prefetch_lob_size directive to tune LOB query performance
  • Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required.


  • Fixed bug GH-8300 (User input not escaped when building connection string).
  • Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).


  • Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps.
  • Added initial support for JIT performance profiling generation for macOs Instrument.
  • Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
  • Added JIT support improvement for macOs for segments and executable permission bit handling.
  • Added JIT buffer allocation near the .text section on FreeNSD.
  • Fixed bug GH-9371 (Crash with JIT on mac arm64) (jdp1024/David Carlier)
  • Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer overflow).
  • Added indirect call reduction for jit on x86 architectures.


  • Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).


  • Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
  • Fixed bug GH-9310 (SSL local_cert and local_pk do not respect open_basedir).
  • Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD).
  • Added openssl_cipher_key_length function.
  • Fixed bug GH-9517 (Compilation error openssl extension related to PR GH-9366).
  • Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620.
  • Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).


  • Fixed pcntl_(get|set)priority error handling for MacOS.


  • Implemented FR #77726 (Allow null character in regex patterns).
  • Updated bundled libpcre to 10.40.


  • Fixed bug GH-9818 (Initialize run time cache in PDO methods).


  • Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8).


  • Fixed bug #80909 (crash with persistent connections in PDO_ODBC).
  • Fixed bug GH-8300 (User input not escaped when building connection string).
  • Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).
  • Fixed bug GH-9372 (HY010 when binding overlong parameter).


  • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).


  • Added new random extension.
  • Fixed bug GH-9067 (random extension is not thread safe).
  • Fixed bug GH-9055 (segmentation fault if user engine throws).
  • Fixed bug GH-9066 (signed integer overflow).
  • Fixed bug GH-9083 (undefined behavior during shifting).
  • Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when generating uniform integers within a given range).
  • Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct() call twice).
  • Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative $advance).
  • Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode.
  • Splitted Random`Randomizer::getInt()(without arguments) to Random\Randomizer::nextInt()`.
  • Fixed bug GH-9235 (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()).
  • Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when handling large ranges).
  • Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid all-zero state).
  • Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly.
  • Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError).
  • Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1).
  • Fixed Randomizer::getInt() consistency for 32-bit engines.
  • Fixed bug GH-9464 (build on older macOs releases).
  • Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP).


  • Added ReflectionFunction::isAnonymous().
  • Added ReflectionMethod::hasPrototype().
  • Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
  • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).


  • Fixed bug GH-7787 (Improve session write failure message for user error handlers).
  • Fixed GH-9200 (setcookie has an obsolete expires date format).
  • Fixed GH-9584 (Avoid memory corruption when not unregistering custom session handler).
  • Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).


  • Fixed bug GH-9720 (Null pointer dereference while serializing the response).


  • Added TCP_NOTSENT_LOWAT socket option.
  • Added SO_MEMINFO socket option.
  • Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
  • Added ancillary data support for FreeBSD.
  • Added ancillary data support for NetBSD.
  • Added SO_BPF_EXTENSIONS socket option.
  • Added SO_SETFIB socket option.
  • Added TCP_CONGESTION socket option.
  • Added SOL_FILTER socket option for Solaris.
  • Fixed socket constants regression as of PHP 8.2.0beta3.


  • Added sodium_crypto_stream_xchacha20_xor_ic().


  • Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows.
  • Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable.
  • Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
  • Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).


  • Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER.


  • net_get_interfaces() also reports wireless network interfaces on Windows.
  • Finished AVIF support in getimagesize().
  • Fixed bug GH-7847 (stripos with large haystack has bad performance).
  • New function memory_reset_peak_usage().
  • Fixed parse_url(): can not recognize port without scheme.
  • Deprecated utf8_encode() and utf8_decode().
  • Fixed the crypt_sha256/512 api build with clang > 12.
  • Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows.
  • Implemented FR GH-8924 (str_split should return empty array for empty string).
  • Added ini_parse_quantity function to convert ini quantities shorthand notation to int.
  • Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes.
  • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.
  • Fixed bug #65489 (glob() basedir check is inconsistent).
  • Fixed GH-9200 (setcookie has an obsolete expires date format).
  • Fixed GH-9244 (Segfault with array_multisort + array_shift).
  • Fixed bug GH-9296 (ksort behaves incorrectly on arrays with mixed keys).
  • Marked crypt()'s $string parameter as #[\SensitiveParameter].
  • Fixed bug GH-9464 (build on older macOs releases).
  • Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants).
  • Revert "Fixed parse_url(): can not recognize port without scheme."


  • Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
  • Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory).
  • Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
  • Fixed bug GH-9316 ($http_response_header is wrong for long status line).
  • Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
  • Fixed bug GH-9653 (file copy between different filesystems).
  • Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode).


  • Added preliminary support for (cross-)building for ARM64.


  • Added libxml_get_external_entity_loader() function.


  • add ZipArchive::clearError() method
  • add ZipArchive::getStreamName() method
  • add ZipArchive::getStreamIndex() method
  • On Windows, the Zip extension is now built as shared library (DLL) by default.
  • Implement fseek for zip stream when possible with libzip 1.9.1.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.