Release Information
- Release Type
- Security Update
- Release Status
- Latest Release in 8.3
- Branch Status
- Supported
Latest release for PHP 8.3. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.3.23 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.23
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.3.23-x64NTS.zip (30.71 MiB)
php-8.3.23-x86NTS.zip (27.59 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.3.23-x64TS.zip (30.85 MiB)
php-8.3.23-x86TS.zip (27.56 MiB)
ChangeLog
Core
- Fixed GH-18695 (
zend_ast_export()
- float number is not preserved). - Do not delete main chunk in zend_gc.
- Fix compile issues with
zend_alloc
and some non-default options.
Curl
- Fix memory leak when setting a list via
curl_setopt
fails. - Fix incorrect OpenSSL version detection.
Date
- Fix leaks with multiple calls to DatePeriod iterator current().
FPM
- Fixed GH-18662 (fpm_get_status segfault).
Hash
- Fixed bug GH-14551 (PGO build fails with xxhash).
Intl
- Fix memory leak in
intl_datetime_decompose()
on failure. - Fix memory leak in locale lookup on failure.
ODBC
- Fix memory leak on
php_odbc_fetch_hash()
failure.
Opcache
- Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
OpenSSL
- Fix memory leak of
X509_STORE
inphp_openssl_setup_verify()
on failure. - Fixed bug #74796 (Requests through http proxy set peer name).
Phar
- Add missing filter cleanups on phar failure.
- Fixed bug GH-18642 (Signed integer overflow in
ext/phar
fseek).
PHPDBG
- Fix 'phpdbg
--help
' segfault on shutdown withUSE_ZEND_ALLOC
=0.
PDO ODBC
- Fix memory leak if WideCharToMultiByte() fails.
PGSQL
- Fix warning not being emitted when failure to cancel a query with
pg_cancel_query()
. - Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)
Random
- Fix reference type confusion and leak in user random engine.
Readline
- Fix memory leak when
calloc()
fails inphp_readline_completion_cb()
.
Soap
- Fix memory leaks in
php_http.c
whencall_user_function()
fails. - Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP ExtensionAdd commentMore actions via Large XML Namespace Prefix). (CVE-2025-6491)
Standard
- Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)
Tidy
- Fix memory leak in tidy output handler on error.
- Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory.
Commit List
Ahmed Lekssays
- Fix GHSA-453j-q27h-5p8x in 026ab919d0
Daniil Gentili
- Do not delete main chunk in
zend_gc
in 9a9d98e02f
David Carlier
- Fix GH-18617:
socket_import_file_descriptor
return check in c30bddc18f ext/ldap
: simplifyldap_connect()
workflow, fix url leak in 5d4846b241ext/tidy
: anticipate tidyOptIsReadOnly retirement in e13ba36abb
Eric Mann
- Update versions for PHP 8.3.23 in ad881e7539
Gina Peter Banyard
ext/pgsql
: Fix warning not being emittedd when failure to cancel a query in 40422e9c55- tests: Fix expectations in 7f2299c8eb
Jakub Zelenka
- Fix bug #74796: Requests through http proxy set peer name in 42f6c15186
- Skip OpenSSL proxy test for bug #74796 on Windows in 444cc78a3e
- Fix GHSA-3cr5-j632-f35r: Null byte in hostnames in c074645ac3
- Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks in 65eade719f
- Update NEWS with entries for security fixes in 5e5b164bb4
Máté Kocsis
- Fix build on Apple Clang 17+ in GH-18629
Niels Dossche
- Add missing filter cleanups on phar failure in 910aeaafc1
- Fix memory leak in
intl_datetime_decompose()
in d6836fb345 - Fix memory leak when
calloc()
fails inphp_readline_completion_cb()
in c9781111e1 - Fix memory leaks in
php_http.c
whencall_user_function()
fails in a44e3f442f - Fix leaks with multiple calls to DatePeriod iterator
current()
in ff2c7dc0f8 - Fix memory leak in tidy output handler on error in b39e17b06c
- Backport fix for GH-17687 in fab0a6d75c
- Fix GH-18642: Signed integer overflow in
ext/phar
fseek in 61884c3b52 - Fix potential NULL deref in dd856d5ad9
- Fix memory leak when
curl_slist_append()
fails in d9d991928f - Fix reference type confusion and leak in user random engine in 75cea65c99
- Fix memory leak in
lookup_loc_range()
in d39d261b7e - Fix test failures in
engine_unsafe_empty_string.phpt
in GH-18727 - Fix
ext/enchant
test SKIPIFs in 9187caeab1 - Fix memory leak of
X509_STORE
inphp_openssl_setup_verify()
on failure in 08a9579883 - Fix compile without
ZEND_MM_STORAGE
in 4162c20787 - Fix memory leak on
php_odbc_fetch_hash()
failure in ef92e06de1 - pdo_odbc: Fix memory leak if WideCharToMultiByte() fails in 786090b35d
- Fix GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22 in b3c8afe272
- Fix test conflict between
copy_variation2-win32-mb.phpt
andcopy_variation2-win32.phpt
in 186a8116be zend_alloc
: Fix compile withZEND_MM_STAT
=0 in d11f9717fd- Fix technically incorrect sizeof in fe3bea090e
- Fix 'phpdbg
--help
' segfault on shutdown withUSE_ZEND_ALLOC
=0 in 0cd3ebfc40 - Fix GH-14551: PGO build fails with xxhash in afb1c57470
Oleg Efimov
Peter Kokot
- Fix linking
ext/curl
against OpenSSL in GH-13262
txuna
- Fix GH-18595: fpm_get_status segfault in 48b492269b