PHP 8.2 is currently only receiving security fixes. PHP 8.2.25 is not the latest version in the series, and using this release is not recommended. PHP 8.2.27 is the latest in the series.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.25
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.2.25-cli-alpine
docker pull php:8.2.25-cli
docker pull php:8.2.25-fpm-alpine
docker pull php:8.2.25-apache
docker pull php:8.2.25-fpm
ChangeLog
Calendar
- Fixed GH-16240: jdtounix overflow on argument value.
- Fixed GH-16241: easter_days/easter_date overflow on year argument.
- Fixed GH-16263: jddayofweek overflow.
- Fixed GH-16234: jewishtojd overflow.
CLI
- Fixed bug GH-16137: duplicate http headers when set several times by the client.
Core
- Fixed bug GH-15712:
zend_strtod
overflow with precision INI set on large value. - Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER).
- Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception).
- Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame).
- Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c).
- Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c).
- Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline).
Date
- Fixed bug GH-15582: Crash when not calling parent constructor of DateTimeZone.
- Fixed regression where signs after the first one were ignored while parsing a signed integer, with the
DateTimeInterface::modify()
function.
DOM
- Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c).
- Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
GD
- Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream).
- Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
- Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream).
LDAP
- Fixed bug GH-16032 (Various NULL pointer dereferencements in
ldap_modify_batch()
). - Fixed bug GH-16101 (Segfault in
ldap_list()
,ldap_read()
, andldap_search()
when LDAPs array is not a list). - Fix GH-16132 (
php_ldap_do_modify()
attempts to free pointer not allocated by ZMM.). - Fix GH-16136 (Memory leak in
php_ldap_do_modify()
when entry is not a proper dictionary).
MBString
- Fixed bug GH-16261 (Reference invariant broken in
mb_convert_variables()
).
OpenSSL
- Fixed stub for openssl_csr_new.
PCRE
- Fixed bug GH-16189 (underflow on offset argument).
- Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
PHPDBG
- Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs).
- Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
Reflection
- Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
SAPI
- Fixed bug GH-15395 (php-fpm:
zend_mm_heap
corrupted with cgi-fcgi request).
SimpleXML
- Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
Sockets
- Fixed bug GH-16267 (socket_strerror overflow on errno argument).
SOAP
- Fixed bug #62900 (Wrong namespace on xsd import error message).
- Fixed bug GH-16237 (Segmentation fault when cloning SoapServer).
- Fix Soap leaking http_msg on error.
- Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
- Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
Standard
- Fixed bug GH-15613 (overflow on unpack call hex string repeater).
- Fixed bug GH-15937 (overflow on stream timeout option value).
- Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c).
Streams
- Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in
streams.c
). - Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
TSRM
- Prevent closing of unrelated handles.
XML
- Fixed bug GH-15868 (Assertion failure in
xml_parse_into_struct
after exception).
Commit List
Arnaud Le Blanc
- Fix removal of optimization cflags in debug builds in GH-9647
- Do not remove -O0 in the middle of a flag in c639614346
- Fix GHSA-9pqp-7h25-4f32 in d65a1e6f91
- Fix assertion failure in generator dtor in GH-16025
- Fix
array_merge_recursive()
:convert_to_array()
may need separation in GH-16061 - Handle references properties of the Exception class in c2115a43e3
- NEWS for GH-16196 in df4db5c1b4
Ayesh Karunaratne
ext/curl
: mark certain tests asxfail
on curl 8.10.0 in 0bdc4b8c24
Calvin Buckley
- Cast big endian byte shuffling to uint in 792a0e6dec
Christoph M. Becker
- Run snmp tests in Windows CI, again in b26e610777
- Fix GH-15901: phpdbg: Assertion failure on
i funcs
in 422aa17b9b - Prevent closing of unrelated handles in f303840a86
- Fix GH-15980: Signed integer overflow in main/streams/streams.c in 6a04c79e41
- Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c" in ee95ee7216
- Mark failing curl test on macOS x64 as
xfail
in fc06e0c0d8 - Adapt labeler.yml to v4 syntax in 89b5cc3668
- Fix GH-15980: Signed integer overflow in main/streams/streams.c in 81916758ec
- Fix
bug71610.phpt
in de51612ba5 - Fix GH-15905: Assertion failure for TRACK_VARS_SERVER in 87d59d7fdd
- Fix failing soap tests on Windows in 5f3e6e346c
- Fix potential parallel test conflicts in f5649556ea
- Fix GH-16181: phpdbg: exit in exception handler reports fatal error in f14e5cfaaa
- Update Windows CI to use php-sdk-2.3.0 in d9d82377cc
- Install 32bit Firebird server on x86 in c3434091de
Daniel Scherzer
- Fix GH-16187: ReflectionClass::__toString() with packed properties hash table in 331da7e869
David Carlier
- Fix GH-15613: unpack on format hex strings repeater value in 791a6ef19c
- Fix GH-15712: overflow on float print with precision ini large value in 503d9145e0
- Fix ubsan build on freebsd regarding float in 5feb29ea03
- Fix GH-15937: stream timeout option overflow in 332b067c5e
- Fix GH-16189: underflow on preg_match/preg_match_all start_offset in f453d1ae2a
- Fix GH-16137: "Deduplicate" http headers values but Set-Cookie in 3d80d98a10
- Fix GH-16231 jdtounix overflow on argument value in f4d2dd038b
- Fix GH-16232: bitshift overflow on wbmp file content reading in 54973c9366
- Fix GH-16228 overflow on easter_days/easter_date year argument in a3ff092c12
- fix build warning for GH-16228 in 6d9903f3e6
- Fix GH-16260: overflow/underflow on imagerotate degrees argument in 2d05da2e94
- Fix GH-16258 overflow on jddayofweek argument in a5e8ac62d9
- Fix GH-16234 jewishtojd overflow on year argument in e3015de741
- Fix GH-16267 socket_strerror overflow on argument value in 8537aa687e
- Fix GH-16257 imagescale underflow on RGB channels in a2bdfeff4f
Derick Rethans
- Fix GH-15582: Crash when not calling parent constructor of DateTimeZone in f752e23cff
- Import timelib 2022.12 in 40d06fb645
- Fixed regression: Using more than one sign is now OK again when using
modify()
in 8a8859bce7 - Backport fix from PHP 8.3: The exception handler already takes care of destroying the return value in fecad54d74
Dmitry Stogov
- Fix GH-15973: Segmentation fault in JIT mode 1135 in GH-16006
- Fix possible NULL dereference in 24d5912a30
Gina Peter Banyard
ext/ldap
: Fix GH-16032 (Various NULL pointer dereferencements inldap_modify_batch()
) in f4c45ee376ext/ldap
: Fix GH-16101 (Segfaults inphp_ldap_do_search()
when LDAPs is not a list) in 19bba83715ext/ldap
: Fix GH-16132 (Freeing pointer not allocated by ZMM) in c910e78c39ext/ldap
: Fix GH-16136 (Memory leak inphp_ldap_do_modify()
) in 21260318c6- NEWS entries for LDAP bug fixes in f8b925b617
Ilija Tovilo
- Mark some phar tests as flaky on macOS in 4e12189604
- Fix GA macOS brew warnings in 664e039069
- Fix nightly for 8.2 in 50d5e96edb
- Add missing CI services for 8.2 in b7ee484f2b
- Fix failed assertion when promoting Serialize deprecation to exception in 15a0c3a9d4
- Reduce regex backtracking in
phpinfo.phpt
in c4c45da4b9 - Fix printing backtrace of fake generator frame in 706bcdbc1a
Jakub Zelenka
- Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be altered in 4580b8b3e1
- Update NEWS with security fixes info in 8d87bc3e26
- Skip GHSA-9pqp-7h25-4f32 test on Windows in 4bcc7d5778
- Fix stub for openssl_csr_new in dce0d97640
- Fix GH-15395: php-fpm:
zend_mm_heap
corrupted with cgi-fcgi request in 5a47f27021 - Fix failing openssl_private_decrypt tests in 53cc92c85c
Niels Dossche
- Fix bug #62900: Wrong namespace on xsd import error message in 7a67fb0315
- Fix GH-15837: Segmentation fault in ext/simplexml/simplexml.c in b5834c12d4
- Update libxml test for the directory field behaviour change in f74f9b073a
- Update error message for libxml 2.13 in 3ec5919e14
- Update test for changed error message format in libxml 2.13 in 3354cc6e89
- Fix GH-15868: Assertion failure in
xml_parse_into_struct
after exception in ac8db36543 - Fix GH-15908 and GH-15026: leak / assertion failure in
streams.c
in 018c0b3d14 - Fix GHSA-p99j-rfp4-xqvq in 4b9cd27ff5
- Fix GHSA-94p6-54jq-9mwp in c1c14c8a0f
- Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c in 043b9e1f13
- Fix GH-16151: Assertion failure in ext/dom/parentnode/tree.c in 066d18f2e8
- Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c in c4bb07552e
- Fix GH-16237: Segmentation fault when cloning SoapServer in 809a58bc1b
- Fix Soap leaking http_msg on error in a9dada29e7
- Add
SKIPIF
for ZendMM forobserver_fiber_functions_03.phpt
in fbb1001d84 - Fix GH-16256: Assertion failure in ext/soap/php_encoding.c:460 in 922b9d6798
- Fixed GH-16233: Observer segfault when calling user function in internal function via trampoline in e715dd0afb
- Fix GH-16259: Soap segfault when classmap instantiation fails in 71222f799d
- Fix GH-16261: Reference invariant broken in
mb_convert_variables()
in bf70d9ba0d
Sergey Panteleev
- Update versions for PHP 8.2.25 in 33657c01d3
Yuya Hamada
- Fix GH-16229: Address overflowed in
mb_send_mail
when empty string in d840200cea