Release Information
- Release Type
- Security Update
- Release Status
- Latest Release in 8.2
- Branch Status
- Supported
Latest release for PHP 8.2. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.24
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.2.24-cli-alpine
docker pull php:8.2.24-cli
docker pull php:8.2.24-fpm-alpine
docker pull php:8.2.24-apache
docker pull php:8.2.24-fpm
ChangeLog
CGI
- Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
Core
- Fixed bug GH-15408 (MSan false-positve on
zend_max_execution_timer
). - Fixed bug GH-15515 (Configure error grep illegal option q).
- Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
- Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).
- Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
- Fixed bug GH-15330 (Do not scan generator frames more than once).
- Fixed uninitialized lineno in constant AST of internal enums.
Curl
- FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
DOM
- Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/
xml_common
.h).
Fileinfo
- Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument).
FPM
- Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
MySQLnd
- Fixed bug GH-15432 (Heap corruption when querying a vector).
Opcache
- Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).
- Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
SAPI
- Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
SOAP
- Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form).
Standard
- Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c).
Streams
- Fixed bug GH-15628 (
php_stream_memory_get_buffer()
not zero-terminated).
Commit List
Arnaud Le Blanc
- Do not scan generator frames more than once in GH-15330
- Fix GHSA-9pqp-7h25-4f32 in 19b49258d0
Bernd Kuhls
- Fix GH-15587: Autotools: fix configure check for aarch64 CRC32 API in 5947db6bb8
Christoph M. Becker
- Fix test expectation in 1b52ecd78a
- Fix GH-15432: Heap corruption when querying a vector in b1211c1e4a
- Fix GH-15628:
php_stream_memory_get_buffer()
not zero-terminated in 93021c635d - Fix GH-15552: Signed integer overflow in ext/standard/scanf.c in 08841bf79c
Daniel Scherzer
- Fix GH-15752:
finfo_file()
- parameter validation error messages in c5e0a6aaab
David Carlier
- Checks getrandom availability on solaris in 5c9c275743
- Fixed GH-15547: curl_multi_wait expects a signed int for timeout in cc67220ea3
- Fix GH-15653: fgetcsv overflow on length parameter in 7db1a5843f
Derick Rethans
- Updated to version 2024.2 (2024b) in 5fc37b1ec6
Dmitry Stogov
- Fix GH-15502: Crash with JIT and Excimer in GH-15601
- Fix GH-15497: Opcache with file_cache and JIT enabled crashes in GH-15635
- Don't set IS_STR_PERMANENT flag for strings stored in the file cache in GH-15643
- Fix GH-15652: Segmentation fault in the Zend engine when JIT enabled in GH-15717
- Fix GH-15820: Core dumped with jit.opcache=1245 in 5cf045d357
Go Kudo
- Fix MSan false-positive in
zend_max_execution_timer
in GH-15408 zend_max_execution_timer
: fix gcc compatibility in GH-15447- standard: supress msan in GH-15665
- Fix OPcache tests under specific conditions in bca5f6e74f
- Fix OPcache tests under specific conditions in d966c296d0
Ilija Tovilo
- Fix uninitialized lineno in constant AST of internal enums in 08e0729c57
- Intercept strlcpy and strlcat for msan on Clang 17 in GH-12674
- Fix uouv in
array_column
in 24a294922b - Fix uninitialized EG(user_error_handler_error_reporting) in b9fdc0bdcd
- Fix uninitialized CG(
zend_lineno
) in 1f35e2a999 - Fix MSAN
getservbyport()
false positive in 0faa1d2017
Jakub Zelenka
- Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be altered in 1f8e16172c
- Update NEWS with security fixes info in c4d7f1b43d
- Skip GHSA-9pqp-7h25-4f32 test on Windows in c70e256308
Máté Kocsis
- Add missing return for DatePeriod::__unserialize in 6cab76986d
Niels Dossche
- Fix GH-15551: Segmentation fault (access null pointer) in ext/dom/
xml_common
.h in 9af574c26e - Fix GH-15565:
--disable-ipv
6 during compilation produces error EAI_SYSTEM not found in 4b6575a1f9 - Fix SOAP test failure on libxml2 2.13 in 979e68a2ec
- Fix GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c in 86ef8d5466
- Fix GH-15658: Segmentation fault in Zend/zend_vm_execute.h in c1ffd4b484
- Fix buffer size configuration for AArch64 in bcd1f23b30
- Fix bug #73182: PHP SOAPClient does not support stream context HTTP headers in array form in 72a2cbcc7f
- Fix GHSA-p99j-rfp4-xqvq in abcfd980bf
- Fix GHSA-94p6-54jq-9mwp in 48808d98f4
Peter Kokot
- Fix GH-15515: Configure error grep illegal option q in GH-15516
- Fix bug GH-15514 (Configure error: genif.sh: syntax error) in 48a18e5be7
- Fix iconv_open basic test in GH-15611
Pierrick Charron
- Update versions for PHP 8.2.24 in 12ccdff196