Release Information
- Release Type
- Bug Fix Release
- Release Status
- Latest Release in 8.3
- Branch Status
- Supported
Latest release for PHP 8.3.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.3.27 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.27How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.3.27-x64NTS.zip (30.72 MiB)
php-8.3.27-x86NTS.zip (27.59 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.3.27-x64TS.zip (30.86 MiB)
php-8.3.27-x86TS.zip (27.57 MiB)
ChangeLog
Core
- Fixed bug GH-19765 (
object_properties_load()bypasses readonly property checks). - Fixed hard_timeout with
--enable-zend-max-execution-timers. - Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
- Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
- Fixed bug GH-19839 (Incorrect
HASH_FLAG_HAS_EMPTY_INDflag on userland array). - Fixed bug GH-19480 (error_log php.ini cannot be unset when
open_basediris configured). - Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI
- Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl
- Fix cloning of
CURLOPT_POSTFIELDSwhen using the clone operator instead of thecurl_copy_handle()function to clone a CurlHandle. - Fix curl build and test failures with version 8.16.
Date
- Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DBA
- Fixed GH-19885 (
dba_fetch()overflow on skip argument).
GD
- Fixed GH-19955 (
imagefttext()memory leak).
MySQLnd
- Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Phar
- Fix memory leak and invalid continuation after tar header writing fails.
- Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML
- Fixed bug GH-19988 (
zend_string_initwith NULL pointer in simplexml (UB)).
Soap
- Fixed bug GH-19784 (SoapServer memory leak).
- Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard
- Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
- Fixed bug GH-19701 (Serialize/deserialize loses some data).
- Fixed bug GH-19801 (leaks in
var_dump()anddebug_zval_dump()). - Fixed bug GH-20043 (
array_uniqueassertion failure with RC1 array causing an exception on sort). - Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
- Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams
- Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
- Fixed bug GH-17345 (Bug GH-35916 was not completely fixed).
- Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream. (bukka/David Carlier)
XMLReader
- Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip
- Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
- Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
Zlib
- Fixed bug GH-19922 (Double free on gzopen).
Commit List
Alexandre Daubois
- Fix GH-19801: address leak when calling
var_dump()with recursion in__debugInfo()in GH-19837 - Fix GH-16319: protect fiber backtrace with null filename from crashing in GH-19973
- Fix GH-19926: reset internal pointer earlier while splicing array while COW violation flag is still set in GH-19929
Appla
- Fix hard_timeout when zend-max-execution-timers is enabled in ed9430a5d1
Arnaud Le Blanc
- Upgrade Alpine in nightly job in 66708de841
David Carlier
- Fix GH-19885:
dba_fetch()overflow on skip argument in 933e087843 - Fix GH-19932: Zip::setEncryptionName()/setEncryptionIndex() memory leak in 3ee56f68ed
- Fix GH-19922:
gzopen()double free in 93bac8cb1a - Fix GH-19955:
imagefttext()memory leak in e029f8f45b - Fix GH-19705: do not flush/write buffer on non writeable stream in 175afc4085
Derick Rethans
- Update timelib to 2022.14 in a0329dbab0
- Update NEWS in b42bd2a359
- Update NEWS in e1bd1b2780
- Revert "Update timelib to 2022.14" in be5784dfec
Eric Mann
- Update versions for PHP 8.3.27 in ae65e645b7
George Wang
- fix pipe detection for STDERR in a757f276f9
- fix pipe detection for STDERR in 828080146b
Guillaume Outters
- Fix broken build on *BSD with MSAN in 26ca363a13
Ilija Tovilo
- Fix incorrect
HASH_FLAG_HAS_EMPTY_INDflag on userland array in f045716288 - Fix use-of-uninitialized-value in
zend_get_arg_offset_by_name()in 6eb3faef3b - Fix curl 8.16.0 compilation with zts in 266cb7d892
- Fix more curl 8.16 issues in a885372a08
- Automatically skip tty tests if not on tty in 831597748b
- Fix curl 8.16.0 compilation with zts in da75e41a6f
- Fix more curl 8.16 issues in b810a23587
Jakub Zelenka
- Revert "fix pipe detection for STDERR." in c0f8bb6622
- Add stream filter convert.* tests in GH-19976
- Fix GH-19248: Use strerror_r instead of strerror in main in b7fdfb7147
- Do not use errno_t as it is not defined on musl in GH-20037
- Prevent use after stack scope in stream strerr code in GH-20040
- Fix
curl_setopt_ssltest for curl 8.16 in 36859ad977 - Update NEWS with info about curl 8.16 compat fixes in 742b7d8e55
- Update NEWS entry for curl 8.16 update in 78a24ffc03
Leo Gaskin
- Treat accept failing with
SOCK_EAGAINas success in CLI web server in 7e7d6d6380
Niels Dossche
- Fix GH-12265: Cloning an object breaks serialization recursion in f6f17484ab
- Fix GH-19688: Remove pattern overflow in zip addGlob() in 901f71e6e3
- Fix GH-19792: SCCP causes UAF for return value if both warning and exception are triggered in 2ad0b5cf05
- Fix GH-19701: Serialize/deserialize loses some data in 4974d5ef49
- Fix GH-19784: SoapServer memory leak in d30dd1b47b
- Fix curl build failure on macOS+curl 8.16 in b46681d686
- Fix GH-19653: Closure named argument unpacking between temporary closures can cause a crash in 22252954ef
- Fix GH-19480: error_log php.ini cannot be unset when
open_basediris configured in 7a1bb71127 - Fix GH-19988:
zend_string_initwith NULL pointer in simplexml (UB) in d94846c3b4 - Fix NEWS order in 190f427198
- Fix GH-19998:
ext/standard/tests/file/bug46347.phptsometimes fails: racy in parallel in 21c2c07a24 - Fix bug #67563: mysqli compiled with mysqlnd does not take ipv6 adress as parameter in 6db12e7cd8
- Fix NEWS formatting in d9ee711baf
- Fix GH-20009: XMLReader leak on RelaxNG schema failure in c617afd6d6
- Fix memory leak and invalid continuation after tar header writing fails in 7c859268c0
- Fix GH-17345: Bug GH-35916 was not completely fixed in 0ffa337a54
- Fix GH-20011: Array of SoapVar of unknown type causes crash in eab2c2007b
- Fix GH-20043:
array_uniqueassertion failure with RC1 array causing an exception on sort in 4fed57e746 - phar: Fix memory leaks when creating temp file fails when applying zip signature in 66c833444c
- Fix GH-19570: unable to fseek in /dev/zero and /dev/null in b7aeb0a69f
- Fix curl build failure on macOS+curl 8.16 in 1c8363d2bf
Shivam Mathur
- Change master branch check to 8.6 in 107075605d
Tim Düsterhus
zend_API: Do not overwritereadonlyproperties inobject_properties_load()in GH-19767- curl: Fix cloning of POST fields in GH-19813
- CI: Do not save ccache for PRs for LINUX_X32 in db65d22ce2
- gdbinit: Fix printing of variable names in
print_cvsin GH-20077