PHP 8.2.19: Downloads, Changelog, News

Release Information

Release
8.2.19
PHP Version
PHP 8.2
Release Date
Release Type
Security Update
Release Status
Latest Release in 8.2
Branch Status
Supported

Latest release for PHP 8.2. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.2.19 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.19
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.19-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.19-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.19-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.19-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.19-fpm

ChangeLog

Core

  • Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
  • Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
  • Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
  • Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
  • Fixed bug GH-14013 (Erroneous dnl appended in configure).
  • Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
  • Fixed bug GH-13727 (Missing void keyword).

Fibers

  • Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).

FPM

  • Fixed bug GH-13563 (Setting bool values via env in FPM config fails).

Intl

  • Fixed build for icu 74 and onwards.

MySQLnd

  • Fix shift out of bounds on 32-bit non-fast-path platforms.

Opcache

  • Fixed incorrect assumptions across compilation units for static calls.

OpenSSL

  • Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).

PDO SQLite

  • Fix GH-13984 (Buffer size is now checked before memcmp).
  • Fix GH-13998 (Manage refcount of agg_context->val correctly).

Phar

  • Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
  • Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
  • Fix potential NULL pointer dereference before calling EVP_SignInit.

PHPDBG

  • Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).

Posix

  • Fix usage of reentrant functions in ext/posix.

Session

  • Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).
  • Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts).
  • Fixed buffer _read/_write size limit on windows for the file mode.

Streams

  • Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument".
  • Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
  • Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket).
  • Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64).

Treewide

  • Fix gcc-14 Wcalloc-transposed-args warnings.

Commit List

Appla

  • ext/mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT in 5035b85090

Arnaud Le Blanc

  • Fix cookie_seek_function_t signature under musl in GH-13890
  • Fix usage of reentrant functions in ext/posix in GH-13921
  • Use return value of getpwuid_r(), not errno in GH-13969

Ben Ramsey

Bob Weinand

  • Run one testsuite with observers enabled in CI in GH-13869
  • Always load EX(opline) into the current frame in JIT when observers are enabled in af098acd6e
  • Add zend_test.observer.enabled=0 to opcache tests asserting specific TMP count in e48a5c14b9
  • Fix exception IP in JIT in GH-13929

Cristian Rodríguez

  • Fix gcc-14 Wcalloc-transposed-args warnings in 18d70db091

Damian Wójcik

  • Fix file_get_contents() on Windows fails with "errno=22 Invalid argument" in 8421cfda61

David Carlier

  • ext/sockets: socket_create_listen clearing socket data before binding in ba4c82fd80
  • ext/intl: level up c++ runtime std for icu 74 and onwards in cc46a4e6b5
  • ext/session: fix _read/_write buffer limit in 42443b4c2e

Dmitry Stogov

icy17

  • Fix potential NULL pointer dereference before calling EVP_SignInit in 6f8bda0582

Ilija Tovilo

  • Fix opcache dump varying tmps in 97162e92be
  • Fix rename test file name collision in f2cd0d5752
  • Fix clean section in test in a7a7e6d57c
  • Add missing COMPILE_IGNORE_OTHER_FILES check for static calls in 1acd7a0919
  • Fix missing handling of CALLABLE_CONVERT in cleanup_unfinished_calls() in b3e26c3036

Jakub Zelenka

Kévin Dunglas

  • fix: zend-max-execution-timers with negative or high timeout value in GH-13942

Niels Dossche

  • Fix GH-13827: Null pointer access of type 'zval' in phpdbg_frame in d3f1f3ab40
  • Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference in ed8ed714a8
  • Fix GH-13833: Applying zero offset to null pointer in zend_hash.c in 47bb6c1b79
  • Skip test on Windows because of different error output in 5ed5d37f25
  • Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c in 46f45a51b4
  • Fix shift out of bounds on 32-bit non-fast-path platforms in GH-10941
  • Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts in GH-13892
  • Fix persistent local flag in session url updating in GH-13905
  • Fix GH-13860: Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket in 2aae14c8a9
  • Improve stability of test gh13860.phpt in a86256c950
  • Fix GH-13903: ASAN false positive underflow when executing copy() in ea0268264b
  • Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in 093c08af25
  • Fix GH-13931: Applying zero offset to null pointer in Zend/zend_opcode.c in c3acfb1b57
  • Fix GH-13978: Fuzzer readme still mentions obsolete --enable-json flag in GH-13983

Peter Kokot

Saki Takamachi

SATO Kentaro

  • Temporary reset filename and lineno override before autoload in f8b9030b4e

Sergey Panteleev

Tim Düsterhus

  • makedist: Reset tar timestamps to the commit date in GH-13879
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.