PHP 8.3.0alpha1: Downloads, Changelog, News

Release Information

PHP Version
PHP 8.3
Release Date
Release Type
Security Update
Release Status
QA Release
Branch Status
Upcoming Release

PHP 8.3 is a development version, and is not recommended for production use. PHP 8.3 is scheduled to reach General Availability on 2023-11-23.
PHP 8.3.0RC3 is the latest QA release in PHP 8.3.


Source Code

Git Clone
Use Git to clone the 8.3.0alpha1 tag from the PHP Git repository.
git clone --depth 1 --branch php-8.3.0alpha1
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.0alpha1-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.3.0alpha1-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.0alpha1-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.3.0alpha1-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.3.0alpha1-fpm



  • Added pdeathsig to builtin server to terminate workers when the master process is killed.
  • Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without a script).


  • Fixed bug GH-9388 (Improve unset property and __get type incompatibility error message).
  • SA_ONSTACK is now set for signal handlers to be friendlier to other in-process code such as Go's cgo.
  • SA_ONSTACK is now set when signals are disabled.
  • Fix GH-9649: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM.
  • Fixed potential NULL pointer dereference Windows shm*() functions.
  • Added shadow stack support for fibers.
  • Fix bug GH-9965 (Fix accidental caching of default arguments with side effects).
  • Implement GH-10217 (Use strlen() for determining the class_name length).
  • Fix bug GH-8821 (Improve line numbers for errors in constant expressions).
  • Fix bug GH-10083 (Allow comments between & and parameter).
  • Zend Max Execution Timers is now enabled by default for ZTS builds on Linux.
  • Fix bug GH-10469 (Disallow .. in open_basedir paths set at runtime).
  • Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return values).
  • Fix bug GH-10935 (Use of trait doesn't redeclare static property if class has inherited it from its parent).
  • Fix bug GH-11154 (Negative indices on empty array don't affect next chosen index).
  • Fix bug GH-8846 (Implement delayed early binding for classes without parents).
  • Fix bug #79836 (Segfault in concat_function).
  • Fix bug #81705 (type confusion/UAF on set_error_handler with concat operation).
  • Fix GH-11348 (Closure created from magic method does not accept named arguments).


  • Implement More Appropriate Date/Time Exceptions RFC.


  • Fix bug GH-8388 (DOMAttr unescapes character reference).
  • Fix bug GH-11308 (getElementsByTagName() is O(N^2)).


  • Removed unneeded codepaths in exif_process_TIFF_in_JPEG().


  • Upgrade bundled libmagic to 5.43.


  • The status.listen shared pool now uses the same php_values (including expose_php) and php_admin_value as the pool it is shared with.


  • Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)



  • Added pattern format error infos for numfmt_set_pattern.
  • Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for the Spoofchecker's class.
  • Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type.
  • Updated IntlBreakInterator::setText return type.
  • Updated IntlChar::enumCharNames return type.


  • Added json_validate().


  • mb_detect_encoding is better able to identify the correct encoding for Turkish text.
  • mb_detect_encoding's "non-strict" mode now behaves as described in the documentation. Previously, it would return false if the same byte (for example, the first byte) of the input string was invalid in all candidate encodings. More generally, it would eliminate candidate encodings from consideration when an invalid byte was seen, and if the same input byte eliminated all remaining encodings still under consideration, it would return false. On the other hand, if all candidate encodings but one were eliminated from consideration, it would return the last remaining one without regard for how many encoding errors might be encountered later in the string. This is different from the behavior described in the documentation, which says: "If strict is set to false, the closest matching encoding will be returned."
  • mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional casing rules for the Greek letter sigma. For mb_convert_case, conditional casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE.
  • mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings with a byte-order mark.
  • mb_decode_mimeheader interprets underscores in QPrint-encoded MIME encoded words as required by RFC 2047; they are converted to spaces. Underscores must be encoded as "=5F" in such MIME encoded words.
  • mb_encode_mimeheader no longer drops NUL (zero) bytes when QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted by mb_encode_mimeheader.


  • mysqli_fetch_object raises a ValueError instead of an Exception.


  • Added start, restart and force restart time to opcache's phpinfo section.
  • Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root.
  • Made opcache.preload_user always optional in the cli and phpdbg SAPIs.
  • Allows W/X bits on page creation on FreeBSD despite system settings.
  • Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() to create an abstract anonymous file for the opcache's lock.


  • Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types.
  • Fixed GH-11054: Reset OpenSSL errors when using a PEM public key.


  • SA_ONSTACK is now set for pcntl_signal.
  • Added SIGINFO constant.


  • pg_fetch_object raises a ValueError instead of an Exception.
  • Added GH-9344, pipeline mode support.
  • pg_cancel use thread safe PQcancel api instead.
  • pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant.
  • pg_convert/pg_insert E_WARNING on type errors had been converted to ValueError/TypeError exceptions.
  • Added pg_set_error_context_visibility to set the context's visibility within the error messages.


  • Fix memory leak in phar_rename_archive().


  • Added posix_sysconf.
  • Added posix_pathconf.
  • Added posix_fpathconf.
  • Fixed zend_parse_arg_long's bool pointer argument assignment.
  • Added posix_eaccess.


  • Added Randomizer::getBytesFromString().
  • Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary.
  • Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() nullable).
  • Enable getrandom() for NetBSD (from 10.x).


  • Fix GH-9470 (ReflectionMethod constructor should not find private parent method).
  • Fix GH-10259 (ReflectionClass::getStaticProperties doesn't need null return type).
  • Fix Segfault when using ReflectionFiber suspended by an internal function.


  • Fixed GH-11141 (Could not open input file: should be sent to stderr).


  • Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control over socket binding for a cpu core.
  • Added SKF_AD_QUEUE for cbpf filters.
  • Added socket_atmark if send/recv needs using MSG_OOB.
  • Added TCP_QUICKACK constant, to give tigher control over ACK delays.
  • Added DONTFRAGMENT support for path MTU discovery purpose.
  • Added AF_DIVERT for raw socket for divert ports.
  • Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite protocol support.
  • Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants.
  • Added TCP_REPAIR for quietly close a connection.
  • Added SO_REUSEPORT_LB freebsd constant.


  • E_NOTICEs emitted by unserialize() have been promoted to E_WARNING.
  • unserialize() now emits a new E_WARNING if the input contains unconsumed bytes.
  • Make array_pad's $length warning less confusing.
  • E_WARNING emitted by strtok in the caase both arguments are not provided when starting tokenisation.
  • password_hash() will now chain the original RandomException to the ValueError on salt generation failure.
  • Fix GH-10239 (proc_close after proc_get_status always returns -1).
  • Improve the warning message for unpack() in case not enough values were provided.
  • Fix GH-11010 (parse_ini_string() now preserves formatting of unquoted strings starting with numbers when the INI_SCANNER_TYPED flag is specified).
  • Fix GH-10742 (http_response_code emits no error when headers were already sent).


  • Fixed bug #51056: blocking fread() will block even if data is available.
  • Added storing of the original path used to open xport stream.


  • Fixed bug #69168 (DomNode::getNodePath() returns invalid path).
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.