PHP 8.3.23: Downloads, Changelog, News

Release Information

Release
8.3.23
PHP Version
PHP 8.3
Release Date
Release Type
Security Update
Release Status
Latest Release in 8.3
Branch Status
Supported

Latest release for PHP 8.3. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.3.23 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.23
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

ChangeLog

Core

  • Fixed GH-18695 (zend_ast_export() - float number is not preserved).
  • Do not delete main chunk in zend_gc.
  • Fix compile issues with zend_alloc and some non-default options.

Curl

  • Fix memory leak when setting a list via curl_setopt fails.
  • Fix incorrect OpenSSL version detection.

Date

  • Fix leaks with multiple calls to DatePeriod iterator current().

FPM

  • Fixed GH-18662 (fpm_get_status segfault).

Hash

  • Fixed bug GH-14551 (PGO build fails with xxhash).

Intl

  • Fix memory leak in intl_datetime_decompose() on failure.
  • Fix memory leak in locale lookup on failure.

ODBC

  • Fix memory leak on php_odbc_fetch_hash() failure.

Opcache

  • Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).

OpenSSL

  • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
  • Fixed bug #74796 (Requests through http proxy set peer name).

Phar

  • Add missing filter cleanups on phar failure.
  • Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek).

PHPDBG

  • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0.

PDO ODBC

  • Fix memory leak if WideCharToMultiByte() fails.

PGSQL

  • Fix warning not being emitted when failure to cancel a query with pg_cancel_query().
  • Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)

Random

  • Fix reference type confusion and leak in user random engine.

Readline

  • Fix memory leak when calloc() fails in php_readline_completion_cb().

Soap

  • Fix memory leaks in php_http.c when call_user_function() fails.
  • Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP ExtensionAdd commentMore actions via Large XML Namespace Prefix). (CVE-2025-6491)

Standard

Tidy

  • Fix memory leak in tidy output handler on error.
  • Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory.

Commit List

Ahmed Lekssays

Daniil Gentili

  • Do not delete main chunk in zend_gc in 9a9d98e02f

David Carlier

  • Fix GH-18617: socket_import_file_descriptor return check in c30bddc18f
  • ext/ldap: simplify ldap_connect() workflow, fix url leak in 5d4846b241
  • ext/tidy: anticipate tidyOptIsReadOnly retirement in e13ba36abb

Eric Mann

Gina Peter Banyard

  • ext/pgsql: Fix warning not being emittedd when failure to cancel a query in 40422e9c55
  • tests: Fix expectations in 7f2299c8eb

Jakub Zelenka

Máté Kocsis

  • Fix build on Apple Clang 17+ in GH-18629

Niels Dossche

  • Add missing filter cleanups on phar failure in 910aeaafc1
  • Fix memory leak in intl_datetime_decompose() in d6836fb345
  • Fix memory leak when calloc() fails in php_readline_completion_cb() in c9781111e1
  • Fix memory leaks in php_http.c when call_user_function() fails in a44e3f442f
  • Fix leaks with multiple calls to DatePeriod iterator current() in ff2c7dc0f8
  • Fix memory leak in tidy output handler on error in b39e17b06c
  • Backport fix for GH-17687 in fab0a6d75c
  • Fix GH-18642: Signed integer overflow in ext/phar fseek in 61884c3b52
  • Fix potential NULL deref in dd856d5ad9
  • Fix memory leak when curl_slist_append() fails in d9d991928f
  • Fix reference type confusion and leak in user random engine in 75cea65c99
  • Fix memory leak in lookup_loc_range() in d39d261b7e
  • Fix test failures in engine_unsafe_empty_string.phpt in GH-18727
  • Fix ext/enchant test SKIPIFs in 9187caeab1
  • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure in 08a9579883
  • Fix compile without ZEND_MM_STORAGE in 4162c20787
  • Fix memory leak on php_odbc_fetch_hash() failure in ef92e06de1
  • pdo_odbc: Fix memory leak if WideCharToMultiByte() fails in 786090b35d
  • Fix GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22 in b3c8afe272
  • Fix test conflict between copy_variation2-win32-mb.phpt and copy_variation2-win32.phpt in 186a8116be
  • zend_alloc: Fix compile with ZEND_MM_STAT=0 in d11f9717fd
  • Fix technically incorrect sizeof in fe3bea090e
  • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0 in 0cd3ebfc40
  • Fix GH-14551: PGO build fails with xxhash in afb1c57470

Oleg Efimov

  • Fix GH-18695: float numbers zero fraction is now preserved in zend_ast_export() in GH-18699

Peter Kokot

  • Fix linking ext/curl against OpenSSL in GH-13262

txuna

Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.