PHP 8.2.25: Downloads, Changelog, News

Release Information

Release
8.2.25
PHP Version
PHP 8.2
Release Date
Release Type
Security Update
Release Status
Use PHP 8.2.27 instead
Branch Status
Security-Fixes Only

PHP 8.2 is currently only receiving security fixes. PHP 8.2.25 is not the latest version in the series, and using this release is not recommended. PHP 8.2.27 is the latest in the series.

Downloads

Source Code

Git Clone
Use Git to clone the 8.2.25 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.25
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.25-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.25-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.25-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.25-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.25-fpm

ChangeLog

Calendar

  • Fixed GH-16240: jdtounix overflow on argument value.
  • Fixed GH-16241: easter_days/easter_date overflow on year argument.
  • Fixed GH-16263: jddayofweek overflow.
  • Fixed GH-16234: jewishtojd overflow.

CLI

  • Fixed bug GH-16137: duplicate http headers when set several times by the client.

Core

  • Fixed bug GH-15712: zend_strtod overflow with precision INI set on large value.
  • Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER).
  • Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception).
  • Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame).
  • Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c).
  • Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c).
  • Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline).

Date

  • Fixed bug GH-15582: Crash when not calling parent constructor of DateTimeZone.
  • Fixed regression where signs after the first one were ignored while parsing a signed integer, with the DateTimeInterface::modify() function.

DOM

  • Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c).
  • Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).

GD

  • Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream).
  • Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
  • Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream).

LDAP

  • Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()).
  • Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list).
  • Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.).
  • Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary).

MBString

  • Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).

OpenSSL

  • Fixed stub for openssl_csr_new.

PCRE

  • Fixed bug GH-16189 (underflow on offset argument).
  • Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).

PHPDBG

  • Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs).
  • Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).

Reflection

  • Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).

SAPI

  • Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).

SimpleXML

  • Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).

Sockets

  • Fixed bug GH-16267 (socket_strerror overflow on errno argument).

SOAP

  • Fixed bug #62900 (Wrong namespace on xsd import error message).
  • Fixed bug GH-16237 (Segmentation fault when cloning SoapServer).
  • Fix Soap leaking http_msg on error.
  • Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
  • Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).

Standard

  • Fixed bug GH-15613 (overflow on unpack call hex string repeater).
  • Fixed bug GH-15937 (overflow on stream timeout option value).
  • Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c).

Streams

  • Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
  • Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).

TSRM

  • Prevent closing of unrelated handles.

XML

  • Fixed bug GH-15868 (Assertion failure in xml_parse_into_struct after exception).

Commit List

Arnaud Le Blanc

Ayesh Karunaratne

  • ext/curl: mark certain tests as xfail on curl 8.10.0 in 0bdc4b8c24

Calvin Buckley

  • Cast big endian byte shuffling to uint in 792a0e6dec

Christoph M. Becker

Daniel Scherzer

  • Fix GH-16187: ReflectionClass::__toString() with packed properties hash table in 331da7e869

David Carlier

Derick Rethans

  • Fix GH-15582: Crash when not calling parent constructor of DateTimeZone in f752e23cff
  • Import timelib 2022.12 in 40d06fb645
  • Fixed regression: Using more than one sign is now OK again when using modify() in 8a8859bce7
  • Backport fix from PHP 8.3: The exception handler already takes care of destroying the return value in fecad54d74

Dmitry Stogov

Gina Peter Banyard

Ilija Tovilo

  • Mark some phar tests as flaky on macOS in 4e12189604
  • Fix GA macOS brew warnings in 664e039069
  • Fix nightly for 8.2 in 50d5e96edb
  • Add missing CI services for 8.2 in b7ee484f2b
  • Fix failed assertion when promoting Serialize deprecation to exception in 15a0c3a9d4
  • Reduce regex backtracking in phpinfo.phpt in c4c45da4b9
  • Fix printing backtrace of fake generator frame in 706bcdbc1a

Jakub Zelenka

Niels Dossche

Sergey Panteleev

Yuya Hamada

Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.

Support PHP.Watch — If you find the articles, version information, Codex, and other PHP.Watch contributions useful, consider supporting through GitHub Sponsors. Your sponsorship helps dedicate more time to creating valuable content and improving the PHP community. Together, we can keep the momentum going — thank you for your support!

Thanks to the highest tier sponsor: @TomasVotruba for your generous support to keep PHP.Watch moving 💜