PHP 8.2.19 is an old release of PHP 8.2 series. Using the latest version PHP 8.2.24 is highly recommended.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.19
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.2.19-cli-alpine
docker pull php:8.2.19-cli
docker pull php:8.2.19-fpm-alpine
docker pull php:8.2.19-apache
docker pull php:8.2.19-fpm
ChangeLog
Core
- Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
- Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
- Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
- Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
- Fixed bug GH-14013 (Erroneous dnl appended in configure).
- Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
- Fixed bug GH-13727 (Missing void keyword).
Fibers
- Fixed bug GH-13903 (ASAN false positive underflow when executing
copy()
).
FPM
- Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
Intl
- Fixed build for icu 74 and onwards.
MySQLnd
- Fix shift out of bounds on 32-bit non-fast-path platforms.
Opcache
- Fixed incorrect assumptions across compilation units for static calls.
OpenSSL
- Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
PDO SQLite
- Fix GH-13984 (Buffer size is now checked before memcmp).
- Fix GH-13998 (Manage refcount of agg_context->val correctly).
Phar
- Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
- Fixed bug GH-13833 (Applying zero offset to null pointer in
zend_hash.c
). - Fix potential NULL pointer dereference before calling EVP_SignInit.
PHPDBG
- Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
Posix
- Fix usage of reentrant functions in
ext/posix
.
Session
- Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).
- Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts).
- Fixed buffer _read/_write size limit on windows for the file mode.
Streams
- Fixed
file_get_contents()
on Windows fails with "errno=22 Invalid argument". - Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
- Fixed bug GH-13860 (Incorrect
PHP_STREAM_OPTION_CHECK_LIVENESS
case in ext/openssl/xp_ssl.c - causing use of dead socket). - Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64).
Treewide
- Fix gcc-14 Wcalloc-transposed-args warnings.
Commit List
Appla
ext/mysqlnd
: support ER_CLIENT_INTERACTION_TIMEOUT in 5035b85090
Arnaud Le Blanc
- Fix cookie_seek_function_t signature under musl in GH-13890
- Fix usage of reentrant functions in
ext/posix
in GH-13921 - Use return value of
getpwuid_r()
, not errno in GH-13969
Ben Ramsey
- Update NEWS in de4f7f9321
Bob Weinand
- Run one testsuite with observers enabled in CI in GH-13869
- Always load EX(opline) into the current frame in JIT when observers are enabled in af098acd6e
- Add zend_test.observer.enabled=0 to opcache tests asserting specific TMP count in e48a5c14b9
- Fix exception IP in JIT in GH-13929
Cristian Rodríguez
- Fix gcc-14 Wcalloc-transposed-args warnings in 18d70db091
Damian Wójcik
- Fix
file_get_contents()
on Windows fails with "errno=22 Invalid argument" in 8421cfda61
David Carlier
ext/sockets
: socket_create_listen clearing socket data before binding in ba4c82fd80ext/intl
: level up c++ runtime std for icu 74 and onwards in cc46a4e6b5ext/session
: fix _read/_write buffer limit in 42443b4c2e
Dmitry Stogov
- Fixed missed exception in 5f9b9c4e23
icy17
- Fix potential NULL pointer dereference before calling EVP_SignInit in 6f8bda0582
Ilija Tovilo
- Fix opcache dump varying tmps in 97162e92be
- Fix rename test file name collision in f2cd0d5752
- Fix clean section in test in a7a7e6d57c
- Add missing COMPILE_IGNORE_OTHER_FILES check for static calls in 1acd7a0919
- Fix missing handling of CALLABLE_CONVERT in
cleanup_unfinished_calls()
in b3e26c3036
Jakub Zelenka
- Fix GH-13563: Setting bool values via env in FPM config fails in d0a8d41eee
- Fix NEWS for the last FPM change in cd6a58114e
- Fix GH-13264: Part 1 - Memory leak on filter failure in c087398cc2
- Fix GH-10495: feof on OpenSSL stream hangs indefinitely in c1bd9a932a
- Fix test for GH-10495: feof on OpenSSL stream hangs in 100258ffd6
- Fix GH-13620: Failing openssl_private_decrypt tests in 11caf094f1
- Fix FPM tester default env vars change in 9b1d2e93b8
- Add
proc_open
escaping for cmd file execution in e3c784f2bf - Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true in 0ba5229a3f
- Revert "
ext/mysqlnd
: support ER_CLIENT_INTERACTION_TIMEOUT" in 3b93f13199 - Set streams NEWS category for file_get_contents fix in c618d3e84b
- Fix GH-13806: openssl_x509_parse_basic test fails with OpenSSL 3.2+ in GH-13961
Kévin Dunglas
- fix: zend-max-execution-timers with negative or high timeout value in GH-13942
Niels Dossche
- Fix GH-13827: Null pointer access of type 'zval' in phpdbg_frame in d3f1f3ab40
- Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference in ed8ed714a8
- Fix GH-13833: Applying zero offset to null pointer in
zend_hash.c
in 47bb6c1b79 - Skip test on Windows because of different error output in 5ed5d37f25
- Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c in 46f45a51b4
- Fix shift out of bounds on 32-bit non-fast-path platforms in GH-10941
- Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts in GH-13892
- Fix persistent local flag in session url updating in GH-13905
- Fix GH-13860: Incorrect
PHP_STREAM_OPTION_CHECK_LIVENESS
case in ext/openssl/xp_ssl.c - causing use of dead socket in 2aae14c8a9 - Improve stability of test
gh13860.phpt
in a86256c950 - Fix GH-13903: ASAN false positive underflow when executing
copy()
in ea0268264b - Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in 093c08af25
- Fix GH-13931: Applying zero offset to null pointer in Zend/zend_opcode.c in c3acfb1b57
- Fix GH-13978: Fuzzer readme still mentions obsolete
--enable-json
flag in GH-13983
Peter Kokot
- Fix erroneous dnl appended in configure in GH-14013
- Fix GH-13727: Building with -Werror=strict-prototypes in GH-14029
Saki Takamachi
- NEWS: remove ZWSP in 20959c38ad
- Fix GH-13984: Buffer size is now checked before memcmp in GH-13991
- Fix GH-13998: Manage refcount of agg_context->val correctly in GH-14004
SATO Kentaro
- Temporary reset filename and lineno override before autoload in f8b9030b4e
Sergey Panteleev
- Update versions for PHP 8.2.19 in 2d641982fd
Tim Düsterhus
- makedist: Reset tar timestamps to the commit date in GH-13879