Release Information
- Release Type
- Security Update
- Release Status
- Latest Release in 8.2
- Branch Status
- Supported
Latest release for PHP 8.2. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.2 continues to receive bug fixes and security fixes until 2024-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.2.27 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.27How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.2.27-x64NTS.zip (30.33 MiB)
php-8.2.27-x86NTS.zip (27.22 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.2.27-x64TS.zip (30.44 MiB)
php-8.2.27-x86TS.zip (27.20 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.27-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.2.27-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.2.27-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.2.27-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.2.27-fpmChangeLog
Calendar
- Fixed jdtogregorian overflow.
- Fixed cal_to_jd julian_days argument overflow.
COM
- Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core
- Fail early in *nix configuration build script.
- Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
- Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
- Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
- Fix
is_zend_ptr()huge block comparison. - Fixed potential OOB read in
zend_dirname()on Windows.
Curl
- Fix various memory leaks in curl mime handling.
FPM
- Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD
- Fixed GH-16776 (imagecreatefromstring overflow).
GMP
- Revert
gmp_pow()overly restrictive overflow checks.
Hash
- Fixed GH-16711: Segfault in mhash().
Opcache
- Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
- Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
- Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
OpenSSL
- Prevent unexpected array entry conversion when reading key.
- Fix various memory leaks related to openssl exports.
- Fix memory leak in
php_openssl_pkey_from_zval().
PDO
- Fixed memory leak of
setFetchMode().
Phar
- Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG
- Fixed bug GH-15208 (Segfault with breakpoint map and
phpdbg_clear()).
SAPI
- Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML
- Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input).
SNMP
- Fixed bug GH-16959 (snmget modifies the object_id array).
Standard
- Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties).
Streams
- Fixed network connect poll interuption handling.
Windows
- Fixed bug GH-16849 (Error dialog causes process to hang).
Commit List
Ayesh Karunaratne
- CI: FreeBSD on VM - set
copyback: falsein b263f351c4
Christoph M. Becker
- Skip tests if
ldap_set_rebind_proc()is not available in d276ea54f4 - Fix rename_variation12*.phpt parallel test conflicts in 03eeec16f0
- Patch libcurl.pc for macOS builds in 9196a72eb0
- Need to define BREW_OPT in d6249b6e1f
- Stick with icu4c 74.2 on macOS CI for PHP-8.1 in 9128fb8f1e
- Update FreeBSD CI in 85e23dbbb2
- Adapt
ext/intltests for ICU 75.1 and 76.1 in f725f504e8 - Skip
file_put_contents_variation7.phpton Windows in 3656a84c39 - Fix potential conflict of
copy_variation5-win32.phptin 12ef3da381 - Fix GH-16849: Error dialog causes process to hang in e75061b512
- Fix GH-16991: Getting typeinfo of non DISPATCH variant segfaults in 9bae8933a3
- Fix potential OOB read in
zend_dirname()on Windows in 94fa2a4ce1
David Carlier
- Fix GH-16235 jdtogregorian overflow in fde053bb92
- Fix oss-fuzz report triggered by GH-15712 commit in e74e66e3f7
- Fix introduced leaks from GH-15715 in 875a9dc4c4
- Fix GH-16771: imagecreatefromstring overflow on invalid format in 4124b04e34
- Fix GH-16834: cal_from_jd overflow on julian_day argument in 80894d87d5
- Revert "
ext/gmp: gmp_pow fix FPE with large values." in 45140e527f - Revert "
ext/gmp: gmp_pow fix FPE with large values." in 7e8d6f941c - Fix GH-16959: snmpget modifies the
object_id(as array) in 73ebc92617
Derick Rethans
- Fixed CS in d1b9d7ee83
Dmitry Stogov
- Fix incorrect handling of
ZEND_ACC_FINALflag in JIT in GH-16778 - Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64 in 79aaeeafe5
- Fixed test in 71403558d3
- Backport JIT fix: set valid EX(opline) before calling
gc_possible_root()in GH-16858 - Use the immutable twin of temporary op_array in GH-16861
Dylan K. Taylor
- Fix GH-16851: JIT_G(enabled) not set correctly on other threads in ff3b4eca0e
Gina Peter Banyard
ext/hash: Add failing tests for GH-16711 in fc8f30d312ext/hash: Fix GH-16711: Segfault inmhash()in 1b379f5e55
Hans Krentel (hakre)
- Fail early in *nix configuration build script in c075546320
Ilija Tovilo
- Move FreeBSD build to GitHub actions with QEMU in aca88baf5f
Jakub Zelenka
- Fix GH-16432: PHP-FPM 8.2 SIGSEGV in fpm_get_status in 065bde1e13
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in 426a6d4539
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in 2f5aa9f9d1
- Run labeler only in php/php-src repository in cae2582416
- Fix MySQLnd possible buffer over read in auth_protocol in 32f905f1d6
- Update NEWS with security fixes info in a001ad33f0
- Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection in d7fe40868e
- Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads in c595455300
- Make MySQLnd protocol stmt test work on 32bit in a21e48a93a
- Fix MySQLnd possible buffer over read in auth_protocol in d37a20c4a2
- Update NEWS with security fixes info in 78c201a310
- Make MySQLnd protocol stmt test work on 32bit in c70b97d8eb
- Change port for mysqli fake server auth message test in 51f5539914
- Increase MySQLi fake server read timeout for ASAN job in eb951b3d11
- Fix network connect poll interuption handling in 69765d9220
Michael Orlitzky
- Backport GH-14962 to stable versions in ae84b81bfa
Niels Dossche
- Fix test with shared
zend_testin GH-16705 - Prevent unexpected array entry conversion when reading key in ac8d0e57d9
- Fix various memory leaks related to openssl exports in 2f4f09f7e6
- Fix memory leak in
php_openssl_pkey_from_zval()in 994e866cf2 - Fix GH-16695: phar:// tar parser and zero-length file header blocks in 72c0222926
- Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp) in 02ee521e20
- Fix GH-16770: Tracing JIT type mismatch when returning UNDEF in cbb3b9371d
- Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469 in 553d79c709
- Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input in fbb0061993
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in d9baa9fed8
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 69c5f68fdc
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escapein f9ecf90070 - Fix GHSA-r977-prxv-hc43 in 81030c9bbb
- Fix GHSA-4w77-75f9-2c8w in 7dd336ae83
- Fix GH-16630: UAF in lexer with encoding translation and heredocs in fc1db70f10
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes in 4a79a5a59a
- Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes in 7a25e7728d
- Fix GHSA-g665-fm4p-vhff: OOB access in
ldap_escapein fba659abb9 - Fix GHSA-r977-prxv-hc43 in f3ade203d7
- Fix GHSA-4w77-75f9-2c8w in f18d429b20
- Fix GH-16908: _ZendTestMagicCallForward does not handle references well in 99f5653ebb
- Fix GH-16902: Set of opcache tests fail zts+aarch64 (8.2-8.3) in de96b43d2a
- Fix
is_zend_ptr()huge block comparison in 18674e39ad - Fix various memory leaks in curl mime handling in a80f0b515a
- Fix GH-15208: Segfault with breakpoint map and
phpdbg_clear()in 97b03186c4 - Fix GH-16905: Internal iterator functions can't handle UNDEF properties in e1b4534790
- Fix GH-16998: UBSAN warning in rfc1867 in aab784263d
- Fix some MariaDB test failures in 1a6f8a0b79
Saki Takamachi
- Added gc_handler to properly handle circular references. in GH-16703
Sergey Panteleev
- Update versions for PHP 8.2.27 in 769e1b521b