PHP 8.3.12 is an old release of PHP 8.3 series. Using the latest version PHP 8.3.14 is highly recommended.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.12
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.3.12-cli-alpine
docker pull php:8.3.12-cli
docker pull php:8.3.12-fpm-alpine
docker pull php:8.3.12-apache
docker pull php:8.3.12-fpm
ChangeLog
CGI
- Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
Core
- Fixed bug GH-15408 (MSan false-positve on
zend_max_execution_timer
). - Fixed bug GH-15515 (Configure error grep illegal option q).
- Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
- Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).
- Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
- Fixed bug GH-15330 (Do not scan generator frames more than once).
- Fixed uninitialized lineno in constant AST of internal enums.
Curl
- FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
DOM
- Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/
xml_common
.h). - Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
Fileinfo
- Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument).
FPM
- Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
MySQLnd
- Fixed bug GH-15432 (Heap corruption when querying a vector).
Opcache
- Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).
- Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
SAPI
- Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
Standard
- Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c).
Streams
- Fixed bug GH-15628 (
php_stream_memory_get_buffer()
not zero-terminated).
Commit List
Arnaud Le Blanc
- Do not scan generator frames more than once in GH-15330
- Fix GHSA-9pqp-7h25-4f32 in dd15693e90
Bernd Kuhls
- Fix GH-15587: Autotools: fix configure check for aarch64 CRC32 API in 5947db6bb8
Christoph M. Becker
- Fix GH-15432: Heap corruption when querying a vector in b1211c1e4a
- Fix GH-15628:
php_stream_memory_get_buffer()
not zero-terminated in 93021c635d - Mark
gd14930.phpt
as dynamicxfail
in ac4039df20 - Fix GH-15552: Signed integer overflow in ext/standard/scanf.c in 08841bf79c
- Fix
run-tests.php
to propagate status code on Windows in 71b908748a
Daniel Scherzer
- Fix GH-15752:
finfo_file()
- parameter validation error messages in c5e0a6aaab
David Carlier
- Checks getrandom availability on solaris in 5c9c275743
- Checks getrandom availability on solaris in f1e5c63837
- Fixed GH-15547: curl_multi_wait expects a signed int for timeout in cc67220ea3
- Fix GH-15653: fgetcsv overflow on length parameter in 7db1a5843f
Derick Rethans
- Updated to version 2024.2 (2024b) in 5fc37b1ec6
- Empty merge in d31a9474b0
- Updated to version 2024.2 (2024b) in 7023fb9d93
Dmitry Stogov
- Fix GH-15502: Crash with JIT and Excimer in GH-15601
- Fix GH-15497: Opcache with file_cache and JIT enabled crashes in GH-15635
- Restore error message incorrectly removed by commit 10d43c4 (related to GH-15497) in c15bb9afe2
- Prevent possible incorrect optimization caused by
ZEND_ASSUME()
in bf98023f1a - Don't set IS_STR_PERMANENT flag for strings stored in the file cache in GH-15643
- Fix GH-15652: Segmentation fault in the Zend engine when JIT enabled in GH-15717
- Fix GH-15820: Core dumped with jit.opcache=1245 in 5cf045d357
Eric Mann
- Update versions for PHP 8.3.12 in b4ecd9aa2e
Go Kudo
- Fix MSan false-positive in
zend_max_execution_timer
in GH-15408 zend_max_execution_timer
: fix gcc compatibility in GH-15447zend_max_execution_timer
: fix gcc compatibility in GH-15447- standard: supress msan in GH-15665
- Fix OPcache tests under specific conditions in bca5f6e74f
- Fix OPcache tests under specific conditions in d966c296d0
Ilija Tovilo
- Disable LSAN for crashing SOAP tests (GH-14562) in 65a101f3a7
- Fix uninitialized lineno in constant AST of internal enums in 08e0729c57
- Intercept strlcpy and strlcat for msan on Clang 17 in GH-12674
- Fix uouv in
array_column
in 24a294922b - Fix uninitialized EG(user_error_handler_error_reporting) in b9fdc0bdcd
- Fix uninitialized CG(
zend_lineno
) in 1f35e2a999 - Fix MSAN
getservbyport()
false positive in 0faa1d2017
Jakub Zelenka
- Revert fix for GH-14930: truncating readdir output in GH-15533
- Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be altered in 0accd7240c
- Update NEWS with security fixes info in bbe593816a
- Skip GHSA-9pqp-7h25-4f32 test on Windows in 3ee90ab84e
Máté Kocsis
- Add missing return for DatePeriod::__unserialize in 6cab76986d
Niels Dossche
- Fix GH-15551: Segmentation fault (access null pointer) in ext/dom/
xml_common
.h in 9af574c26e - Fix GH-15565:
--disable-ipv
6 during compilation produces error EAI_SYSTEM not found in 4b6575a1f9 - Fix GH-15654: Signed integer overflow in ext/dom/nodelist.c in 9cb23a3dec
- Fix SOAP test failure on libxml2 2.13 in 979e68a2ec
- Fix GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c in 86ef8d5466
- Fix GH-15658: Segmentation fault in Zend/zend_vm_execute.h in c1ffd4b484
- Fix buffer size configuration for AArch64 in bcd1f23b30
- Fix GHSA-p99j-rfp4-xqvq in 1c9f4d1aff
- Fix GHSA-94p6-54jq-9mwp in 61c8b7851b
Peter Kokot
- Fix GH-15515: Configure error grep illegal option q in GH-15516
- Fix bug GH-15514 (Configure error: genif.sh: syntax error) in 48a18e5be7
- Fix iconv_open basic test in GH-15611