PHP 8.2 is currently only receiving security fixes. PHP 8.2.18 is not the latest version in the series, and using this release is not recommended. PHP 8.2.28 is the latest in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 8.2.18 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.18How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.2.18-x64NTS.zip (30.31 MiB)
php-8.2.18-x86NTS.zip (27.2 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.2.18-x64TS.zip (30.41 MiB)
php-8.2.18-x86TS.zip (27.18 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.18-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.18-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.18-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.18-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.18-fpmChangeLog
Core
- Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
- Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
- Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM
- Add some missing ZPP checks.
- Fix potential memory leak in XPath evaluation results.
- Fix phpdoc for DOMDocument load methods.
FPM
- Fixed incorrect check in
fpm_shm_free().
GD
- Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext
- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd
- Fix GH-13452 (Fixed handshake response [mysqlnd]).
- Fix incorrect charset length in
check_mb_eucjpms().
Opcache
- Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
- Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
PDO
- Fix various PDORow bugs.
Random
- Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
- Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session
- Fixed bug GH-13680 (Segfault with session_decode and compilation error).
Sockets
- Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name).
SPL
- Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15).
- Fixed bug GH-13685 (Unexpected null pointer in
zend_string.h).
Standard
- Fixed bug GH-11808 (Live filesystem modified by tests).
- Fixed GH-13402 (Added validation of
\nin $additional_headers ofmail()). - Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of
proc_open). (CVE-2024-1874) - Fixed bug GHSA-wpj3-hf5j-x4v4 (Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
XML
- Fixed bug GH-13517 (Multiple test failures when building with
--with-expat).
Commit List
Arnaud Le Blanc
- Fix GH-13508: JITed QM_ASSIGN may be optimized out when op1 is null in GH-13610
- Adjust GC threshold if num_roots is higher than gc_threshold after collection in GH-13758
- Tests are not repeatable in bb6b659aa8
Bob Weinand
- Fix possible segfault with 0x0 shared opcache base in 6fb8b9d721
- Fix GH-13712: Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded in GH-13735
- Properly forward the signal to the original handler if TSRM is shutdown. in GH-10219
David CARLIER
David Carlier
ext/gettext: dcgettext/dcngettext sigabrt on macOs in 9999a0cb75ext/gettext: dcgettext/dcngettext fix for stable branches in 33967aef11- Fix GH-13603
ext/sockets: properly initialised address info data in e3f0d03452 - zend test fix copy_file_range for musl in 334419e157
zend_testfix copy_file_range test for linux 32 bits in db1f7b1286- Fix GH-13727: macro generating invalid call test prototypes fixes in 868257a3de
- CI: update freebsd 13 image in db063cb771
divinity76
- Fix GH-13203: file_put_contents fail on strings over 4GB on Windows in 2343791aff
Gina Peter Banyard
ext/pdo: Fix various PDORow bugs in b4e272c56a
Ilija Tovilo
- Remove MAP_JIT flag in 00f9c5eeb4
Jakub Zelenka
- CI: Continue on error if Caddy download fails in 3d4b36fc9c
- Revert "Fix GH-13519: PGSQL_CONNECT_FORCE_RENEW with persistent connections." in 330b26e04c
- Add
proc_openescaping for cmd file execution in 7a5000a3f7 - Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true in f44c2d9f9e
Michael Orlitzky
- Fix GH-12019: ext/gd/config.m4: don't forget GDLIB_CFLAGS in feature tests in 00799320ec
Niels Dossche
- Fix GH-13517: Multiple test failures when building with
--with-expatin 552ea62e1f - Fix GH-13531: Unable to resize SplfixedArray after being unserialized in PHP 8.2.15 in 8494058a1f
- Fix GH-11808: Live filesystem modified by tests (security) in 7c8a3e426e
- Fix GH-13612: Corrupted memory in destructor with weak references in 39b8d5c871
- Add ZPP checks in DOMNode::{sleep,wakeup} in e3711af8ce
- Fix nightly failure due to type in
file_put_contents_5gb.phptin 65593e10ef - Fix GH-13680: Segfault with session_decode and compilation error in 6985aff7c3
- Fix potential memory leak in XPath evaluation results in 30c58aba0c
- Add missing DOM dependency in config.m4 for
ext/xslin afdabb1247 - Fix GH-13685: Unexpected null pointer in
zend_string.hin aa34e0acb4 - Fix incorrect charset length in
check_mb_eucjpms()in 8ffac997aa - Fix incorrect check in
fpm_shm_free()in GH-13797 - Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in 2b8d049317
Pierrick Charron
- Update NEWS file in 812ac06948
- Update versions for PHP 8.2.18 in d94fdf582e
Remi Collet
- Fix GH-13217 Test failure with zlib-ng in 5e12844d4d
- Fix AX_GCC_FUNC_ATTRIBUTE failure in 09a36812c1
Saki Takamachi
- Removed
REPORT_EXIT_STATUS=noin libmysql tests in 99688dbe7a - Added validation of
\nin $additional_headers ofmail()in 04e8e55f47 - Fixed handshake response charset. in GH-13470
- Changed the test expected value of
mysqli::infoto%sin GH-13723
Shivam Mathur
- Fix brew action in GH-13659
Tim Düsterhus
- random: Fix unknown
mt_srand()compatibility for unknown modes in GH-13544 - random: Initialize the
modefield when seeding inphp_random_default_status()in GH-13690
Vincent Langlet
- Fix phpdoc for DOMDocument load methods in 741570c30f