Release Information
- Release Type
- Security Update
- Release Status
- Latest Release in 8.2
- Branch Status
- Supported
Latest release for PHP 8.2. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.26
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.2.26-cli-alpine
docker pull php:8.2.26-cli
docker pull php:8.2.26-fpm-alpine
docker pull php:8.2.26-apache
docker pull php:8.2.26-fpm
ChangeLog
CLI
- Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang).
- Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
COM
- Fixed out of bound writes to SafeArray data.
Core
- Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).
- Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646).
- Fixed bug GH-16515 (Incorrect propagation of
ZEND_ACC_RETURN_REFERENCE
for call trampoline). - Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
- Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes).
- Fixed bug GH-16648 (Use-after-free during array sorting).
- Fixed bug GH-15915 (overflow with a high value for precision INI). (David Carlier / cmb)
Curl
- Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).
Date
- Fixed bug GH-16454 (Unhandled INF in
date_sunset()
with tiny $utcOffset). - Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c).
- Fixed bug GH-14732 (
date_sun_info()
fails for non-finite values).
DBA
- Fixed bug GH-16390 (
dba_open()
can segfault for "pathless" streams).
DOM
- Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
- Fixed bug GH-16473 (dom_import_simplexml stub is wrong).
- Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element).
- Fixed bug GH-16535 (UAF when using document as a child).
- Fixed bug GH-16593 (Assertion failure in DOM->replaceChild).
- Fixed bug GH-16595 (Another UAF in DOM -> cloneNode).
EXIF
- Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file).
FFI
- Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
Filter
- Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen).
FPM
- Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement).
GD
- Fixed bug GH-16334 (imageaffine overflow on matrix elements).
- Fixed bug GH-16427 (Unchecked libavif return values).
- Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
GMP
- Fixed bug GH-16411 (
gmp_export()
can cause overflow). - Fixed bug GH-16501 (
gmp_random_bits()
can cause overflow). - Fixed segfaults and other issues related to operator overloading with GMP objects.
LDAP
- Fixed bug GHSA-g665-fm4p-vhff (OOB access in
ldap_escape
). (CVE-2024-8932)
MBstring
- Fixed bug GH-16361 (
mb_substr
overflow on start/length arguments).
MySQLnd
- Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
OpenSSL
- Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
- Fixed bug GH-16433 (Large values for
openssl_csr_sign()
$days overflow). - Fix various memory leaks on error conditions in openssl_x509_parse().
PDO DBLIB
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
PDO Firebird
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
PDO ODBC
- Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values).
Phar
- Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808).
PHPDBG
- Fixed bug GH-16174 (Empty string is an invalid expression for ev).
Reflection
- Fixed bug GH-16601 (Memory leak in Reflection constructors).
Session
- Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
- Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
SOAP
- Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
Sockets
- Fixed bug with overflow socket_recvfrom $length argument.
SPL
- Fixed bug GH-16337 (Use-after-free in SplHeap).
- Fixed bug GH-16464 (Use-after-free in
SplDoublyLinkedList::offsetSet()
). - Fixed bug GH-16479 (Use-after-free in
SplObjectStorage::setInfo()
). - Fixed bug GH-16478 (Use-after-free in
SplFixedArray::unset()
). - Fixed bug GH-16588 (UAF in Observer->serialize).
- Fix GH-16477 (Segmentation fault when calling debugInfo() after failed SplFileObject::constructor).
- Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()).
- Fixed bug GH-14687 (segfault on SplObjectIterator instance).
- Fixed bug GH-16604 (Memory leaks in SPL constructors).
- Fixed bug GH-16646 (UAF in
ArrayObject::unset()
andArrayObject::exchangeArray()
).
Standard
- Fixed bug GH-16293 (Failed assertion when throwing in
assert()
callback with bail enabled).
Streams
- Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
SysVMsg
- Fixed bug GH-16592 (
msg_send()
crashes when a type does not properly serialized). (David Carlier / cmb)
SysVShm
- Fixed bug GH-16591 (Assertion error in shm_put_var).
XMLReader
- Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
Zlib
- Fixed bug GH-16326 (Memory management is broken for bad dictionaries.)
Commit List
Arnaud Le Blanc
- Fix handling of invalid iterator in
zend_weakmap_iterator_get_current_key()
in 1d94fb86b7
Christoph M. Becker
- Fix out of bound writes to SafeArray data in 1ee56bdd5a
- Fix GH-16174: Empty string is an invalid expression for phpdbg-ev in 6bcba24eb0
- Fix GH-16357: openssl may modify member types of certificate arrays in 549bcdb7fb
- Fix GH-16388: UB when freeing a cloned _ZendTestFiber in a3eb1fd86d
- Fix GH-16326: Memory management is broken for bad dictionaries in d94be24f30
- Fix GH-16427: Unchecked libavif return values in b817a4f718
- Fix GH-16411:
gmp_export()
can cause overflow in ab595c0764 - Fix GH-16433: Large values for
openssl_csr_sign()
$days overflow in 2bdf2f9100 - Download enchant dict from downloads.php.net in 5ef3fe218c
- Fix GH-16454: Unhandled INF in
date_sunset()
with tiny $utcOffset in 9bc34182b6 - Fix GH-16390:
dba_open()
can segfault for "pathless" streams in d3b0efe9d7 - Fix GH-16266: _ZendTestClass::
test()
segfaults on named parameter in b73bcaa47c - Fix GH-16523: FILTER_FLAG_HOSTNAME accepts ending hyphen in f9ce5e79da
- Fix GH-16450: PDO_ODBC can inject garbage into field values in c9eafc1954
- Properly initialize _override executor globals in ec68d3c608
- Fix GH-14732:
date_sun_info()
fails for non-finite values in f9453a889d - Patch libcurl.pc for macOS builds in 15cc4424bb
- Need to define BREW_OPT in 5a55ef021c
- Adapt
ext/intl
tests for ICU 75.1 and 76.1 in 5284abd383
David Carlier
- Fix GH-16322: overflow on imageaffine matrix argument in 05114265fb
- Revert "Fix GH-16322: overflow on imageaffine matrix argument." in 93a2fe8aac
- Fix GH-16360
mb_substr
overflow on start and length arguments in c34d4fbbf4 - Fix GH-16322: imageaffine overflow on affine argument in f2859a4050
- Fix socket_recvfrom overflow on buffer size in e583890af0
- Fix GH-16290: session cookie_lifetime ini value overflow in 84a8fea251
ext/gmp
: gmp_pow fix FPE with large values in d70b7811b0- Fix GH-16501: gmp_random_bits overflow in 9ca68e037c
ext/gmp
: gmp_pow fix FPE with large values in e0a0e216a9- Fix GH-14687 segfault on debugging a freed SplObjectIterator instance in eeec0939e0
- Fix GH-16592
msg_send()
crashes when the type does not serialize as expected in 90aac521fd
Derick Rethans
- Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c) in b2b294a2b2
Dmitry Stogov
- Fix GH-16393: Assertion failure in ext/opcache/jit/zend_jit.c:2897 in bf786d0d28
- Fix GH-16499: [JIT] Undefined to null coercion issues for return in fe513655dc
Gina Peter Banyard
- Fix GH-16477 (Segmentation fault when calling debugInfo() after failed SplFileObject::constructor) in a19029fc8b
ext/gmp
: Add behavioural tests for operator overloading in fe02fd5095ext/gmp
: Fix segfault when null is encountered on an overloaded operator in 5253647500
Ilija Tovilo
- Skip shebang in cli-server router script in 06efe44c2e
- Fix exception in
assert()
callback with bail enabled in b5c09b1a61 - Fix segfault in
zend_test_execute_internal()
in 5c798415cd - Fix segfault on
debug_backtrace()
in _ZendTestFiber in 5955ce8987 - Fix uaf in
SplDoublyLinkedList::offsetSet()
in 8820a10360 - Fix use-after-free in
SplObjectStorage::setInfo()
in 12c987fae2 - Fix uaf in
SplFixedArray::unset()
in 7fe168d855 - Fix propagation of
ZEND_ACC_RETURN_REFERENCE
for call trampoline in 8720063c4e - Fix handling of nested generator in
zend_test
observer in 69bcbdc3c5 - Fix lineno in function redeclaration error in de7ef3fa66
- Fix lineno for inheritance errors of early bound classes in 2d068c4f47
- Backport CI fixes to security branches in 25c0993902
- Fix icu dependency for macos build in e3de1a1a21
- Backport nightly.yml and
nightly_matrix.php
to PHP-8.1 in 27e8860594 - [CI] Backport usage of db service for 8.1 in 560a585117
- Partial backport of e7462bf in ed041c3443
- Remove -Werror for libmysql test on 8.1 only in 769947648e
- Fix array going away during sorting in 2bdce61390
- Postpone
zend_array_sort()
in ext-intl in 845cdbce67 - Fix use-after-free in
ArrayObject::unset()
with destructor in 8910ac800d - Also fix same issue in
ArrayObject::exchangeArray()
in f7222bd2de - Add NEWS entry in 418f820f5d
Jakub Zelenka
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in cf6700e86d
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in 6c0e2eb2f8
- Make MySQLnd protocol stmt test work on 32bit in abc6de0dde
- Fix MySQLnd possible buffer over read in auth_protocol in 913031c844
- Update NEWS with security fixes info in ce961b52f3
Niels Dossche
- Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282 in 5c1249391b
- Fix GH-16316: DOMXPath breaks when not initialized properly in 1d0fbdf449
- Fix GH-16168: php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15 in e2e2b3ab62
- Fix GH-16385: Unexpected null returned by session_set_cookie_params in 7cdd1302c3
- Fix GH-16337: Use-after-free in SplHeap in a56ff4fec7
- Backport 0a39890c: Fix libxml2 2.12 build due to API breaks in fa6a0f80f6
- Backport e2d97314: Backport deprecation warning ignores to unbreak CI in dbde99d875
- Backport 4fe82131: Backport libxml2 2.13.2 fixes in GH-14816
- Backport f74f9b07: Update libxml test for the directory field behaviour change in b78618750f
- Backport 3ec5919e: Update error message for libxml 2.13 in 6199289b6e
- Workaround deprecation warning in
zend_test
on 8.1 in 5bd04acfe9 - Backport 061058a9: Test fixes for libxml2 2.12.0 in 14c107371c
- Fix error message for newer libxml in 2c40762b4e
- Fix GH-16409: Segfault in exif_thumbnail when not dealing with a real file in 3843f0ecfe
- Fix GH-16397: Segmentation fault when comparing FFI object in GH-16401
- Fix GH-16429: Segmentation fault (access null pointer) in SoapClient in d613c0ed30
- Fix GH-16406: Assertion failure in ext/phar/phar.c:2808 in 6a8d0a054d
- Fix GH-16473: dom_import_simplexml stub is wrong in 41af9335b7
- Fix GH-16533: Segfault when adding attribute to parent that is not an element in a0a7361b64
- Fix GH-16535: UAF when using document as a child in 51b642f2c9
- Fix GH-16559: UBSan abort in ext/gd/libgd/gd_interpolation.c:1007 in e1e1e64a32
- Fix GH-16588: UAF in Observer->serialize in 144d2ee29a
- Fix GH-16591: Assertion error in shm_put_var in 992ac1c25a
- Fix GH-16589: UAF in SplDoublyLinked->serialize() in 8f60309a78
- Fix GH-16593: Assertion failure in DOM->replaceChild in d89dd28d3b
- Fix GH-16595: Another UAF in DOM -> cloneNode in 9d8983c061
- Fix GH-16604: Memory leaks in SPL constructors in 886a5287ca
- Fix GH-16601: Memory leak in Reflection constructors in f0f666ba3f
- Fix GH-16628: FPM logs are getting corrupted with this log statement in e643129bbb
- Fix various memory leaks on error conditions in
openssl_x509_parse()
in 5ddb75660d - Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in 7742f79a8a
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 2dbe1425c5
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escape
in 90c851a8b1 - Fix GHSA-r977-prxv-hc43 in a6c84cd7ef
- Fix GHSA-4w77-75f9-2c8w in 3ec6ac482e
Pierrick Charron
- Update versions for PHP 8.2.26 in a3695d49e8
Saki Takamachi
- Backport 3237b8f4 in 8497400b23
Tim Düsterhus
- curl: Prevent a CurlMultiHandle from holding onto a CurlHandle if
add_handle
fails in GH-16302