PHP 8.3.21: Downloads, Changelog, News

Release Information

Release
8.3.21
PHP Version
PHP 8.3
Release Date
Release Type
Bug Fix Release
Release Status
Latest Release in 8.3
Branch Status
Supported

Latest release for PHP 8.3.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.3.21 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.21
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.21-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.3.21-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.21-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.3.21-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.3.21-fpm

ChangeLog

Core

  • Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault).
  • Fix some leaks in php_scandir.

Filter

  • Fixed bug GH-18309 (ipv6 filter integer overflow).

GD

  • Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop().
  • Fixed GH-18243 imagettftext() overflow/underflow on font size value.

Intl

  • Fix reference support for intltz_get_offset().

LDAP

  • Fixed bug GH-17776 (LDAP_OPT_XTLS* options can't be overridden).
  • Fix NULL deref on high modification key.

libxml

  • Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.

OpenSSL

  • Fix memory leak in openssl_sign() when passing invalid algorithm.
  • Fix potential leaks when writing to BIO fails.

PDO Firebird

  • Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted" with setAttribute()

SPL

  • Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).

Standard

  • Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
  • Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS).
  • Fixed bug GH-18212 (fseek with SEEK_CUR whence value and negative offset leads to negative stream position).
  • Fix resource leak in iptcembed() on error.

Zip

  • Fix uouv when handling empty options in ZipArchive::addGlob().
  • Fix memory leak when handling a too long path in ZipArchive::addGlob().

Commit List

David Carlier

Eric Mann

Gina Peter Banyard

  • ext/libxml: Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message in 61f704f269

haszi

  • Mark ob_start callback parameter nullable in 701f3a1af6

Ilija Tovilo

  • Implement benchmark diff commit fallback in f994c2f1fa
  • Use-after-free in extract() with EXTR_REFS in a21065e6eb

Jakub Zelenka

Niels Dossche

  • Add missing EXTENSIONS section to intl test in 13d51f895b
  • Fix memory leak in openssl_sign() when passing invalid algorithm in 74720a22f3
  • Fix openssl_random_pseudo_bytes() always setting strong_result to true in 0dc600c69a
  • Fix inverted call to php_openssl_store_errors() in 5e68671f88
  • Fix resource leak in iptcembed() on error in 8a1f6711bf
  • Fix potential leaks when writing to BIO fails in 29f96fb1f1
  • Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault in ba0853888d
  • Fix GH-18309: ipv6 filter integer overflow in 8849a5336e
  • Fix GH-18322: SplObjectStorage debug handler mismanages memory in 67503870ca
  • Fix uouv when handling empty options in ZipArchive::addGlob() in 0a6326c6ac
  • Fix memory leak when handling a too long path in ZipArchive::addGlob() in 91c6c727d5
  • Fix NULL deref on high modification key in c905d59106
  • Fix reference support for intltz_get_offset() in bf4b470098
  • Fix some leaks in php_scandir in 81d9a27c47

Remi Collet

Saki Takamachi

  • Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted" with setAttribute() in GH-18280
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.