Release Information
- Release Type
- Security Update
- Release Status
- QA Release
- Branch Status
- Upcoming Release
PHP 8.3 is a development version, and is not recommended for production use. PHP 8.3 is scheduled to reach General Availability on 2023-11-23.
PHP 8.3.0RC3 is the latest QA release in PHP 8.3.
Downloads
Source Code
Git Clone
Use Git to clone the 8.3.0alpha1 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.0alpha1
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.3.0alpha1-x64NTS.zip (30.56 MiB)
php-8.3.0alpha1-x86NTS.zip (27.45 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.3.0alpha1-x64TS.zip (30.7 MiB)
php-8.3.0alpha1-x86TS.zip (27.43 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.0alpha1-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.3.0alpha1-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.0alpha1-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.3.0alpha1-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.3.0alpha1-fpm
ChangeLog
CLI
- Added pdeathsig to builtin server to terminate workers when the master process is killed.
- Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without a script).
Core
- Fixed bug GH-9388 (Improve unset property and __get type incompatibility error message).
- SA_ONSTACK is now set for signal handlers to be friendlier to other in-process code such as Go's cgo.
- SA_ONSTACK is now set when signals are disabled.
- Fix GH-9649: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM.
- Fixed potential NULL pointer dereference Windows shm*() functions.
- Added shadow stack support for fibers.
- Fix bug GH-9965 (Fix accidental caching of default arguments with side effects).
- Implement GH-10217 (Use
strlen()
for determining the class_name length). - Fix bug GH-8821 (Improve line numbers for errors in constant expressions).
- Fix bug GH-10083 (Allow comments between & and parameter).
- Zend Max Execution Timers is now enabled by default for ZTS builds on Linux.
- Fix bug GH-10469 (Disallow .. in
open_basedir
paths set at runtime). - Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return values).
- Fix bug GH-10935 (Use of trait doesn't redeclare static property if class has inherited it from its parent).
- Fix bug GH-11154 (Negative indices on empty array don't affect next chosen index).
- Fix bug GH-8846 (Implement delayed early binding for classes without parents).
- Fix bug #79836 (Segfault in concat_function).
- Fix bug #81705 (type confusion/UAF on set_error_handler with concat operation).
- Fix GH-11348 (Closure created from magic method does not accept named arguments).
Date
- Implement More Appropriate Date/Time Exceptions RFC.
DOM
- Fix bug GH-8388 (DOMAttr unescapes character reference).
- Fix bug GH-11308 (getElementsByTagName() is O(N^2)).
Exif
- Removed unneeded codepaths in exif_process_TIFF_in_JPEG().
Fileinfo
- Upgrade bundled libmagic to 5.43.
FPM
- The status.listen shared pool now uses the same
php_values
(including expose_php) andphp_admin_value
as the pool it is shared with.
GD
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
Hash
- Fixed bug #81738: buffer overflow in
hash_update()
on long parameter. (CVE-2022-37454)
Intl
- Added pattern format error infos for numfmt_set_pattern.
- Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for the Spoofchecker's class.
- Updated datefmt_set_timezone/
IntlDateformatter::setTimezone
returns type. - Updated
IntlBreakInterator::setText
return type. - Updated
IntlChar::enumCharNames
return type.
JSON
- Added
json_validate()
.
MBString
mb_detect_encoding
is better able to identify the correct encoding for Turkish text.mb_detect_encoding
's "non-strict" mode now behaves as described in the documentation. Previously, it would return false if the same byte (for example, the first byte) of the input string was invalid in all candidate encodings. More generally, it would eliminate candidate encodings from consideration when an invalid byte was seen, and if the same input byte eliminated all remaining encodings still under consideration, it would return false. On the other hand, if all candidate encodings but one were eliminated from consideration, it would return the last remaining one without regard for how many encoding errors might be encountered later in the string. This is different from the behavior described in the documentation, which says: "If strict is set to false, the closest matching encoding will be returned."mb_strtolower
,mb_strtotitle
, andmb_convert_case
implement conditional casing rules for the Greek letter sigma. Formb_convert_case
, conditional casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE.mb_detect_encoding
is better able to identify UTF-8 and UTF-16 strings with a byte-order mark.mb_decode_mimeheader
interprets underscores in QPrint-encoded MIME encoded words as required by RFC 2047; they are converted to spaces. Underscores must be encoded as "=5F" in such MIME encoded words.mb_encode_mimeheader
no longer drops NUL (zero) bytes when QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted bymb_encode_mimeheader
.
mysqli
- mysqli_fetch_object raises a ValueError instead of an Exception.
Opcache
- Added start, restart and force restart time to opcache's phpinfo section.
- Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root.
- Made opcache.preload_user always optional in the cli and phpdbg SAPIs.
- Allows W/X bits on page creation on FreeBSD despite system settings.
- Added memfd api usage, on Linux, for
zend_shared_alloc_create_lock()
to create an abstract anonymous file for the opcache's lock.
OpenSSL
- Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types.
- Fixed GH-11054: Reset OpenSSL errors when using a PEM public key.
PCNTL
- SA_ONSTACK is now set for pcntl_signal.
- Added SIGINFO constant.
PGSQL
- pg_fetch_object raises a ValueError instead of an Exception.
- Added GH-9344, pipeline mode support.
- pg_cancel use thread safe PQcancel api instead.
- pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE contants support.
- pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant.
- pg_convert/pg_insert E_WARNING on type errors had been converted to ValueError/TypeError exceptions.
- Added pg_set_error_context_visibility to set the context's visibility within the error messages.
Phar
- Fix memory leak in
phar_rename_archive()
.
Posix
- Added posix_sysconf.
- Added posix_pathconf.
- Added posix_fpathconf.
- Fixed
zend_parse_arg_long
's bool pointer argument assignment. - Added posix_eaccess.
Random
- Added
Randomizer::getBytesFromString()
. - Added
Randomizer::nextFloat()
, ::getFloat(), and IntervalBoundary. - Fix GH-10292 (Made the default value of the first param of
srand()
andmt_srand()
nullable). - Enable
getrandom()
for NetBSD (from 10.x).
Reflection
- Fix GH-9470 (ReflectionMethod constructor should not find private parent method).
- Fix GH-10259 (
ReflectionClass::getStaticProperties
doesn't need null return type). - Fix Segfault when using ReflectionFiber suspended by an internal function.
SAPI
- Fixed GH-11141 (Could not open input file: should be sent to stderr).
Sockets
- Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control over socket binding for a cpu core.
- Added SKF_AD_QUEUE for cbpf filters.
- Added socket_atmark if send/recv needs using MSG_OOB.
- Added TCP_QUICKACK constant, to give tigher control over ACK delays.
- Added DONTFRAGMENT support for path MTU discovery purpose.
- Added AF_DIVERT for raw socket for divert ports.
- Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite protocol support.
- Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants.
- Added TCP_REPAIR for quietly close a connection.
- Added SO_REUSEPORT_LB freebsd constant.
- Added IP_BIND_ADDRESS_NO_PORT.
Standard
- E_NOTICEs emitted by
unserialize()
have been promoted to E_WARNING. unserialize()
now emits a new E_WARNING if the input contains unconsumed bytes.- Make
array_pad
's $length warning less confusing. - E_WARNING emitted by strtok in the caase both arguments are not provided when starting tokenisation.
password_hash()
will now chain the original RandomException to the ValueError on salt generation failure.- Fix GH-10239 (
proc_close
afterproc_get_status
always returns -1). - Improve the warning message for
unpack()
in case not enough values were provided. - Fix GH-11010 (
parse_ini_string()
now preserves formatting of unquoted strings starting with numbers when the INI_SCANNER_TYPED flag is specified). - Fix GH-10742 (http_response_code emits no error when headers were already sent).
Streams
- Fixed bug #51056: blocking
fread()
will block even if data is available. - Added storing of the original path used to open xport stream.
XSLTProcessor
- Fixed bug #69168 (
DomNode::getNodePath()
returns invalid path).