PHP 8.3.25: Downloads, Changelog, News

Release Information

Release
8.3.25
PHP Version
PHP 8.3
Release Date
Release Type
Bug Fix Release
Release Status
Latest Release in 8.3
Branch Status
Supported

Latest release for PHP 8.3.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.3.25 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.25
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.25-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.3.25-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.25-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.3.25-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.3.25-fpm

ChangeLog

Core

  • Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
  • Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
  • Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
  • Fixed bug GH-19305 (Operands may be being released during comparison).
  • Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
  • Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
  • Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
  • Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
  • Fixed zend call stack size for macOs/arm64.
  • Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).

Calendar

  • Fixed bug GH-19371 (integer overflow in calendar.c).

FTP

  • Fix theoretical issues with hrtime() not being available.

GD

  • Fix incorrect comparison with result of php_stream_can_cast().

Hash

  • Fix crash on clone failure.

Intl

  • Fixed GH-19261: msgfmt_parse_message leaks on message creation failure.
  • Fix return value on failure for resourcebundle count handler.

LDAP

  • Fixed bug GH-18529 (additional inheriting of TLS int options).

LibXML

  • Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).

MbString

  • Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).

Opcache

  • Reset global pointers to prevent use-after-free in zend_jit_status().

OpenSSL

  • Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
  • Fix error return check of EVP_CIPHER_CTX_ctrl().
  • Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param).

PDO Pgsql

  • Fixed dangling pointer access on _pdo_pgsql_trim_message helper.

Readline

  • Fixed bug GH-19250 and bug #51360 (Invalid conftest for rl_pending_input).

SOAP

  • Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).

Sockets

  • Fix some potential crashes on incorrect argument value.

Standard

  • Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
  • Fix theoretical issues with hrtime() not being available.
  • Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).

Windows

  • Free opened_path when opened_path_len >= MAXPATHLEN.

Commit List

Arnaud Le Blanc

  • Add unique entry point for extra tests in b633720585
  • Prevent operands from being released during comparison in bc4b6ce7a8
  • Prevent resumption of generator suspended in yield from in 0406a55c92
  • Prevent throwing in running generator in 6fa8a25a40

Arndt Kaiser

  • Fix filtering of INI directives to respect leading whitespaces in 9d29283392

David Carlier

  • Fixed GH-19261: msgfmt_parse_message leaks on message format failure in e1c4a0ae51
  • zend call stack fixing stack limit for macOs arm64 in bd2766ce79

dixyes

  • Free opened_path when opened_path_len >= MAXPATHLEN in 5dd965117a
  • ext/pdo_pgsql: Fix _pdo_pgsql_trim_message bad access in e16df981bf

Eric Mann

Florian Engelhardt

  • Reset global pointers to prevent use-after-free in 3aaa8d3526

Gina Peter Banyard

  • ext/gd: Fix comparison with result of php_stream_can_cast() in 83b8d2c290
  • ext/intl: Fix return value on failure for resourcebundle count handler in 6b0a80903b

Ilija Tovilo

  • Leak in failed unserialize() with opcache in 5d1636e40b
  • Coerce numeric string keys from iterators when argument unpacking in 23ec35bf4a
  • Fix failed assertion with throwing __toString in binary const expr in 80022c035b
  • Fix circumvented type check with return by ref + finally in d0fad34230
  • Upgrade to macOS 14 and backport necessary changes in e9e432a35d
  • COMMUNTIY build grouping adjustments in a63e97667e
  • Fix ERROR_CODE handling in COMMUNITY build in 2cd9233e42

Jakub Zelenka

Niels Dossche

  • Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check in a8086be81c
  • Fix memleak on failure in collator_get_sort_key() in b495ce0371
  • Fix error return check of EVP_CIPHER_CTX_ctrl() in cd8722304c
  • ext/hash: Remove incorrect zval_ptr_dtor in bdca73cc14
  • ext/socket: Remove incorrect zval_ptr_dtor in d11099ae32
  • NEWS for GH-19162 in 86aaded7e5
  • Fix GH-19098: libxml<2.13 segmentation fault caused by php_libxml_node_free in 312869381a
  • Fix GH-18640: heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref in 6cc4ae1f1d
  • Fix test conflict between chmod_variation2 and file_variation5 in 605ee05491
  • Add missing cc clobber in 13c781f04d
  • Run FreebSD CI under 13.5 in be88192594
  • Fix arginfo/zpp violation if zend_hrtime is not available in ad2143f3b0
  • Handle broken hrtime in ftp in beeeee2978
  • NEWS for hrtime in FTP and standard in f94c11fff8
  • Fix GH-19303: Unpacking empty packed array into uninitialized array causes assertion failure in 5bd5f352e5
  • Fix GH-19300: Nested array_multisort invocation with error breaks in a96b05e63f
  • Fix GH-19371: integer overflow in calendar.c in 5cf45ba5ab
  • Fix GH-19397: mb_list_encodings() can cause crashes on shutdown in cc93bbb765
  • Fix GH-19383: php-8.3.24: Missing type in function definition: fpm_event_kqueue_clean in b57578f3b1
  • Fix GH-19065: Long match statement can segfault compiler during recursive SSA renaming in 9b86533ce4

Peter Kokot

Petr Sumbera

Shivam Mathur

  • Fix master branch check in find-target-branch.bat in GH-19385

Tim Düsterhus

  • ext/xml: Suppress libxml deprecation for _xmlParserCtxt.inState in GH-19131
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.