Release Information
- Release Type
- Security Update
- Release Status
- Latest
- Branch Status
- Security-Fixes Only
PHP 8.2 is currently only receiving security fixes, and scheduled to reach EOL on 2026-12-31
Downloads
Source Code
Git Clone
Use Git to clone the 8.2.30 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.2.30How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.2.30-x64NTS.zip
Size: 30.38 MiB SHA256:
8a6e409adb5f7fb196c07315c69195c4eb87eec8acae2e74a0e04ec50745a055 php-8.2.30-x86NTS.zip
Size: 27.27 MiB SHA256:
6f00e490c4cad59f0ebe2f6891208e0630a14af54e81070b20480ecc5f67912b Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.2.30-x64TS.zip
Size: 30.49 MiB SHA256:
abf3b5c31dc93fc0141cf7844e3322fd862b8510a091099599a16b3847fc58c1 php-8.2.30-x86TS.zip
Size: 27.25 MiB SHA256:
e380bc8e635b4c7e5ff423465e71e2cc3f5b7fe7cea1ee301dcea658fe1029de ChangeLog
Curl
- Fix curl build and test failures with version 8.16.
Opcache
- Reset global pointers to prevent use-after-free in
zend_jit_status().
PDO
- Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). - Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) - Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)
Commit List
Ahmed Lekssays
- Fix GHSA-453j-q27h-5p8x in 9cb3d8d200
- Fix GHSA-453j-q27h-5p8x in 0298837252
Arnaud Le Blanc
- Add unique entry point for extra tests in b633720585
- Upgrade Alpine in nightly job in 66708de841
Derick Rethans
- Update timelib to 2022.14 in a0329dbab0
- Update NEWS in b42bd2a359
- Revert "Update timelib to 2022.14" in be5784dfec
Dmitry Stogov
- Disable inlining and inter-procedure-analyses for
zend_string_equal_val()function that may be overriden for valgrind in GH-13099
Florian Engelhardt
- Reset global pointers to prevent use-after-free in 3aaa8d3526
George Wang
- fix pipe detection for STDERR in a757f276f9
- fix pipe detection for STDERR in 828080146b
Ilija Tovilo
- Disable JIT on Apple Silicon + ZTS in b6660634b4
- Upgrade to macOS 14 and backport necessary changes in e9e432a35d
- COMMUNTIY build grouping adjustments in a63e97667e
- Fix ERROR_CODE handling in COMMUNITY build in 2cd9233e42
- Fix curl 8.16.0 compilation with zts in da75e41a6f
- Fix more curl 8.16 issues in b810a23587
- Backport more curl 8.16 fixes in 1edcce5554
- Create separate workflow for nightly slack notification in 90bc40ecc0
- Revert "Fix Windows test for openssl-3.5 upgrade (#19384)" in 3f6c86a885
- Suppress libxml deprecations in f7fb13eb07
- Fix yet another xml deprecation in fe070fcc75
- Update clang in macOS build in cb413b5d5f
- Fix xcode-select in 6cdb8bf0a2
- Fix curl protocols test expectation in 06b8b75d2e
Jakub Zelenka
- Fix GHSA-3cr5-j632-f35r: Null byte in hostnames in cac8f7f1cf
- Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks in 9376aeef9f
- Update NEWS with entries for security fixes in 7b33b1c916
- Fix GHSA-3cr5-j632-f35r: Null byte in hostnames in 27e67cc371
- Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks in a2cdff5583
- Update NEWS with entries for security fixes in 165e5169a9
- Revert "fix pipe detection for STDERR." in c0f8bb6622
- Fix
curl_setopt_ssltest for curl 8.16 in 36859ad977 - Update NEWS with info about curl 8.16 compat fixes in 742b7d8e55
- Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref in 727a4ddc39
- Update NEWS with info about security issues in c48a9f42d3
Max Kellermann
- sapi/fpm: remove use of variable-length arrays in GH-10645
Michael Orlitzky
- ext/pcre/tests: support libpcre2-10.47 in bdf62b55bb
Niels Dossche
- Fix test conflict between chmod_variation2 and file_variation5 in 605ee05491
- Run FreebSD CI under 13.5 in be88192594
- Fix curl build failure on macOS+curl 8.16 in 1c8363d2bf
- Update zlib test to use separate file for
flock()in c3d6bf65d5 - dom: Fix compile warning due to misplaced const cast in bd67ba66a8
- Fix deprecation warning for libxml SAX header in GH-18594
- xml: Backport more deprecation fixes in dd2179433c
- dom: Backport test for libxml changes in 688902d455
- intl: Fix tests for icu update in 2b04e0831a
- xml: Fix deprecation properly by backporting the modern-but-actually-old implementation in d635c8788b
- Make
bug70417.phptless flaky in 2bf2411976 - Fix GH-20584: Information Leak of Memory in c5f28c7cf0
- Fix GHSA-h96m-rvf9-jgm2 in 8b801151bd
- Fix GHSA-www2-q4fc-65wf in ed70b1ea43
Pierrick Charron
- Update versions for PHP 8.2.30 in b233e9d063
Shivam Mathur
- Fix master branch check in find-target-branch.bat in GH-19385
- Change master branch check to 8.6 in 107075605d
- Skip
lc_ctype_inheritance.phpton macos 15+ in 2f2fb1fbf1 - Fix Windows test for openssl-3.5 upgrade in GH-19384
Tim Düsterhus
ext/xml: Suppress libxml deprecation for_xmlParserCtxt.inStatein GH-19131- Update GitHub Action workflows to
actions/checkout@v5in 2650248a92 - CI: Do not save ccache for PRs for LINUX_X32 in db65d22ce2
- github: Bust the nightly CI cache on Sunday instead of Monday in GH-20242