PHP 8.2.19 is an old release of PHP 8.2 series. Using the latest version PHP 8.2.21 is highly recommended.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.2.19 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.19How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.2.19-x64NTS.zip (30.31 MiB)
php-8.2.19-x86NTS.zip (27.2 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.2.19-x64TS.zip (30.41 MiB)
php-8.2.19-x86TS.zip (27.18 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.19-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.19-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.19-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.19-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.19-fpmChangeLog
Core
- Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
- Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
- Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
- Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
- Fixed bug GH-14013 (Erroneous dnl appended in configure).
- Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
- Fixed bug GH-13727 (Missing void keyword).
Fibers
- Fixed bug GH-13903 (ASAN false positive underflow when executing
copy()).
FPM
- Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
Intl
- Fixed build for icu 74 and onwards.
MySQLnd
- Fix shift out of bounds on 32-bit non-fast-path platforms.
Opcache
- Fixed incorrect assumptions across compilation units for static calls.
OpenSSL
- Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
PDO SQLite
- Fix GH-13984 (Buffer size is now checked before memcmp).
- Fix GH-13998 (Manage refcount of agg_context->val correctly).
Phar
- Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
- Fixed bug GH-13833 (Applying zero offset to null pointer in
zend_hash.c). - Fix potential NULL pointer dereference before calling EVP_SignInit.
PHPDBG
- Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
Posix
- Fix usage of reentrant functions in
ext/posix.
Session
- Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).
- Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts).
- Fixed buffer _read/_write size limit on windows for the file mode.
Streams
- Fixed
file_get_contents()on Windows fails with "errno=22 Invalid argument". - Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
- Fixed bug GH-13860 (Incorrect
PHP_STREAM_OPTION_CHECK_LIVENESScase in ext/openssl/xp_ssl.c - causing use of dead socket). - Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64).
Treewide
- Fix gcc-14 Wcalloc-transposed-args warnings.
Commit List
Appla
ext/mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT in 5035b85090
Arnaud Le Blanc
- Fix cookie_seek_function_t signature under musl in GH-13890
- Fix usage of reentrant functions in
ext/posixin GH-13921 - Use return value of
getpwuid_r(), not errno in GH-13969
Ben Ramsey
- Update NEWS in de4f7f9321
Bob Weinand
- Run one testsuite with observers enabled in CI in GH-13869
- Always load EX(opline) into the current frame in JIT when observers are enabled in af098acd6e
- Add zend_test.observer.enabled=0 to opcache tests asserting specific TMP count in e48a5c14b9
- Fix exception IP in JIT in GH-13929
Cristian Rodríguez
- Fix gcc-14 Wcalloc-transposed-args warnings in 18d70db091
Damian Wójcik
- Fix
file_get_contents()on Windows fails with "errno=22 Invalid argument" in 8421cfda61
David Carlier
ext/sockets: socket_create_listen clearing socket data before binding in ba4c82fd80ext/intl: level up c++ runtime std for icu 74 and onwards in cc46a4e6b5ext/session: fix _read/_write buffer limit in 42443b4c2e
Dmitry Stogov
- Fixed missed exception in 5f9b9c4e23
icy17
- Fix potential NULL pointer dereference before calling EVP_SignInit in 6f8bda0582
Ilija Tovilo
- Fix opcache dump varying tmps in 97162e92be
- Fix rename test file name collision in f2cd0d5752
- Fix clean section in test in a7a7e6d57c
- Add missing COMPILE_IGNORE_OTHER_FILES check for static calls in 1acd7a0919
- Fix missing handling of CALLABLE_CONVERT in
cleanup_unfinished_calls()in b3e26c3036
Jakub Zelenka
- Fix GH-13563: Setting bool values via env in FPM config fails in d0a8d41eee
- Fix NEWS for the last FPM change in cd6a58114e
- Fix GH-13264: Part 1 - Memory leak on filter failure in c087398cc2
- Fix GH-10495: feof on OpenSSL stream hangs indefinitely in c1bd9a932a
- Fix test for GH-10495: feof on OpenSSL stream hangs in 100258ffd6
- Fix GH-13620: Failing openssl_private_decrypt tests in 11caf094f1
- Fix FPM tester default env vars change in 9b1d2e93b8
- Add
proc_openescaping for cmd file execution in e3c784f2bf - Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true in 0ba5229a3f
- Revert "
ext/mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT" in 3b93f13199 - Set streams NEWS category for file_get_contents fix in c618d3e84b
- Fix GH-13806: openssl_x509_parse_basic test fails with OpenSSL 3.2+ in GH-13961
Kévin Dunglas
- fix: zend-max-execution-timers with negative or high timeout value in GH-13942
Niels Dossche
- Fix GH-13827: Null pointer access of type 'zval' in phpdbg_frame in d3f1f3ab40
- Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference in ed8ed714a8
- Fix GH-13833: Applying zero offset to null pointer in
zend_hash.cin 47bb6c1b79 - Skip test on Windows because of different error output in 5ed5d37f25
- Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c in 46f45a51b4
- Fix shift out of bounds on 32-bit non-fast-path platforms in GH-10941
- Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts in GH-13892
- Fix persistent local flag in session url updating in GH-13905
- Fix GH-13860: Incorrect
PHP_STREAM_OPTION_CHECK_LIVENESScase in ext/openssl/xp_ssl.c - causing use of dead socket in 2aae14c8a9 - Improve stability of test
gh13860.phptin a86256c950 - Fix GH-13903: ASAN false positive underflow when executing
copy()in ea0268264b - Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in 093c08af25
- Fix GH-13931: Applying zero offset to null pointer in Zend/zend_opcode.c in c3acfb1b57
- Fix GH-13978: Fuzzer readme still mentions obsolete
--enable-jsonflag in GH-13983
Peter Kokot
- Fix erroneous dnl appended in configure in GH-14013
- Fix GH-13727: Building with -Werror=strict-prototypes in GH-14029
Saki Takamachi
- NEWS: remove ZWSP in 20959c38ad
- Fix GH-13984: Buffer size is now checked before memcmp in GH-13991
- Fix GH-13998: Manage refcount of agg_context->val correctly in GH-14004
SATO Kentaro
- Temporary reset filename and lineno override before autoload in f8b9030b4e
Sergey Panteleev
- Update versions for PHP 8.2.19 in 2d641982fd
Tim Düsterhus
- makedist: Reset tar timestamps to the commit date in GH-13879