Release Information
- Release Type
- Security Update
- Release Status
- Latest
- Branch Status
- Security-Fixes Only
PHP 8.2 is currently only receiving security fixes, and scheduled to reach EOL on 2026-12-31
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.27
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.2.27-cli-alpine
docker pull php:8.2.27-cli
docker pull php:8.2.27-fpm-alpine
docker pull php:8.2.27-apache
docker pull php:8.2.27-fpm
ChangeLog
Calendar
- Fixed jdtogregorian overflow.
- Fixed cal_to_jd julian_days argument overflow.
COM
- Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core
- Fail early in *nix configuration build script.
- Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
- Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
- Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
- Fix
is_zend_ptr()
huge block comparison. - Fixed potential OOB read in
zend_dirname()
on Windows.
Curl
- Fix various memory leaks in curl mime handling.
FPM
- Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD
- Fixed GH-16776 (imagecreatefromstring overflow).
GMP
- Revert
gmp_pow()
overly restrictive overflow checks.
Hash
- Fixed GH-16711: Segfault in mhash().
Opcache
- Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
- Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
- Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
OpenSSL
- Prevent unexpected array entry conversion when reading key.
- Fix various memory leaks related to openssl exports.
- Fix memory leak in
php_openssl_pkey_from_zval()
.
PDO
- Fixed memory leak of
setFetchMode()
.
Phar
- Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG
- Fixed bug GH-15208 (Segfault with breakpoint map and
phpdbg_clear()
).
SAPI
- Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML
- Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input).
SNMP
- Fixed bug GH-16959 (snmget modifies the object_id array).
Standard
- Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties).
Streams
- Fixed network connect poll interuption handling.
Windows
- Fixed bug GH-16849 (Error dialog causes process to hang).
Commit List
Ayesh Karunaratne
- CI: FreeBSD on VM - set
copyback: false
in b263f351c4
Christoph M. Becker
- Skip tests if
ldap_set_rebind_proc()
is not available in d276ea54f4 - Fix rename_variation12*.phpt parallel test conflicts in 03eeec16f0
- Patch libcurl.pc for macOS builds in 9196a72eb0
- Need to define BREW_OPT in d6249b6e1f
- Stick with icu4c 74.2 on macOS CI for PHP-8.1 in 9128fb8f1e
- Update FreeBSD CI in 85e23dbbb2
- Adapt
ext/intl
tests for ICU 75.1 and 76.1 in f725f504e8 - Skip
file_put_contents_variation7.phpt
on Windows in 3656a84c39 - Fix potential conflict of
copy_variation5-win32.phpt
in 12ef3da381 - Fix GH-16849: Error dialog causes process to hang in e75061b512
- Fix GH-16991: Getting typeinfo of non DISPATCH variant segfaults in 9bae8933a3
- Fix potential OOB read in
zend_dirname()
on Windows in 94fa2a4ce1
David Carlier
- Fix GH-16235 jdtogregorian overflow in fde053bb92
- Fix oss-fuzz report triggered by GH-15712 commit in e74e66e3f7
- Fix introduced leaks from GH-15715 in 875a9dc4c4
- Fix GH-16771: imagecreatefromstring overflow on invalid format in 4124b04e34
- Fix GH-16834: cal_from_jd overflow on julian_day argument in 80894d87d5
- Revert "
ext/gmp
: gmp_pow fix FPE with large values." in 45140e527f - Revert "
ext/gmp
: gmp_pow fix FPE with large values." in 7e8d6f941c - Fix GH-16959: snmpget modifies the
object_id
(as array) in 73ebc92617
Derick Rethans
- Fixed CS in d1b9d7ee83
Dmitry Stogov
- Fix incorrect handling of
ZEND_ACC_FINAL
flag in JIT in GH-16778 - Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64 in 79aaeeafe5
- Fixed test in 71403558d3
- Backport JIT fix: set valid EX(opline) before calling
gc_possible_root()
in GH-16858 - Use the immutable twin of temporary op_array in GH-16861
Dylan K. Taylor
- Fix GH-16851: JIT_G(enabled) not set correctly on other threads in ff3b4eca0e
Gina Peter Banyard
ext/hash
: Add failing tests for GH-16711 in fc8f30d312ext/hash
: Fix GH-16711: Segfault inmhash()
in 1b379f5e55
Hans Krentel (hakre)
- Fail early in *nix configuration build script in c075546320
Ilija Tovilo
- Move FreeBSD build to GitHub actions with QEMU in aca88baf5f
Jakub Zelenka
- Fix GH-16432: PHP-FPM 8.2 SIGSEGV in fpm_get_status in 065bde1e13
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in 426a6d4539
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in 2f5aa9f9d1
- Run labeler only in php/php-src repository in cae2582416
- Fix MySQLnd possible buffer over read in auth_protocol in 32f905f1d6
- Update NEWS with security fixes info in a001ad33f0
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in d7fe40868e
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in c595455300
- Make MySQLnd protocol stmt test work on 32bit in a21e48a93a
- Fix MySQLnd possible buffer over read in auth_protocol in d37a20c4a2
- Update NEWS with security fixes info in 78c201a310
- Make MySQLnd protocol stmt test work on 32bit in c70b97d8eb
- Change port for mysqli fake server auth message test in 51f5539914
- Increase MySQLi fake server read timeout for ASAN job in eb951b3d11
- Fix network connect poll interuption handling in 69765d9220
Michael Orlitzky
- Backport GH-14962 to stable versions in ae84b81bfa
Niels Dossche
- Fix test with shared
zend_test
in GH-16705 - Prevent unexpected array entry conversion when reading key in ac8d0e57d9
- Fix various memory leaks related to openssl exports in 2f4f09f7e6
- Fix memory leak in
php_openssl_pkey_from_zval()
in 994e866cf2 - Fix GH-16695: phar:// tar parser and zero-length file header blocks in 72c0222926
- Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp) in 02ee521e20
- Fix GH-16770: Tracing JIT type mismatch when returning UNDEF in cbb3b9371d
- Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469 in 553d79c709
- Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input in fbb0061993
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in d9baa9fed8
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 69c5f68fdc
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escape
in f9ecf90070 - Fix GHSA-r977-prxv-hc43 in 81030c9bbb
- Fix GHSA-4w77-75f9-2c8w in 7dd336ae83
- Fix GH-16630: UAF in lexer with encoding translation and heredocs in fc1db70f10
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in 4a79a5a59a
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 7a25e7728d
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escape
in fba659abb9 - Fix GHSA-r977-prxv-hc43 in f3ade203d7
- Fix GHSA-4w77-75f9-2c8w in f18d429b20
- Fix GH-16908: _ZendTestMagicCallForward does not handle references well in 99f5653ebb
- Fix GH-16902: Set of opcache tests fail zts+aarch64 (8.2-8.3) in de96b43d2a
- Fix
is_zend_ptr()
huge block comparison in 18674e39ad - Fix various memory leaks in curl mime handling in a80f0b515a
- Fix GH-15208: Segfault with breakpoint map and
phpdbg_clear()
in 97b03186c4 - Fix GH-16905: Internal iterator functions can't handle UNDEF properties in e1b4534790
- Fix GH-16998: UBSAN warning in rfc1867 in aab784263d
- Fix some MariaDB test failures in 1a6f8a0b79
Saki Takamachi
- Added gc_handler to properly handle circular references. in GH-16703
Sergey Panteleev
- Update versions for PHP 8.2.27 in 769e1b521b