PHP 8.3.5 is an old release of PHP 8.3 series. Using the latest version PHP 8.3.14 is highly recommended.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.
Downloads
Source Code
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.5
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Docker/Podman Containers
docker pull php:8.3.5-cli-alpine
docker pull php:8.3.5-cli
docker pull php:8.3.5-fpm-alpine
docker pull php:8.3.5-apache
docker pull php:8.3.5-fpm
ChangeLog
Core
- Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
- Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
- Fixed bug GH-13446 (Restore exception handler after it finishes).
- Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
- Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM
- Add some missing ZPP checks.
- Fix potential memory leak in XPath evaluation results.
FPM
- Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
- Fixed incorrect check in
fpm_shm_free()
.
GD
- Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext
- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd
- Fix GH-13452 (Fixed handshake response [mysqlnd]).
- Fix incorrect charset length in
check_mb_eucjpms()
.
Opcache
- Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
- Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
Random
- Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
- Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session
- Fixed bug GH-13680 (Segfault with session_decode and compilation error).
SPL
- Fixed bug GH-13685 (Unexpected null pointer in
zend_string.h
).
Standard
- Fixed bug GH-11808 (Live filesystem modified by tests).
- Fixed GH-13402 (Added validation of
\n
in $additional_headers ofmail()
). - Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of
proc_open
). (CVE-2024-1874) - Fixed bug GHSA-wpj3-hf5j-x4v4 (Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
- Fixed bug GHSA-fjp9-9hwx-59fq (
mb_encode_mimeheader
runs endlessly for some inputs). (CVE-2024-2757)
Commit List
Alex Dowad
- Fix infinite loop in
mb_encode_mimeheader
in f7e73704ad
Arnaud Le Blanc
- Fix GH-13569: GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps in 6b57e2d988
- Fix GH-13508: JITed QM_ASSIGN may be optimized out when op1 is null in GH-13610
- Adjust GC threshold if num_roots is higher than gc_threshold after collection in GH-13758
- Tests are not repeatable in bb6b659aa8
Bob Weinand
- Use
ZEND_API
inzend_hrtime
in GH-13288 - Fix possible segfault with 0x0 shared opcache base in 6fb8b9d721
- Fix GH-13712: Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded in GH-13735
- Properly forward the signal to the original handler if TSRM is shutdown. in GH-10219
David CARLIER
David Carlier
ext/gettext
: dcgettext/dcngettext sigabrt on macOs in 9999a0cb75ext/gettext
: dcgettext/dcngettext fix for stable branches in 33967aef11- Fix GH-13603
ext/sockets
: properly initialised address info data in e3f0d03452 - zend test fix copy_file_range for musl in 334419e157
zend_test
fix copy_file_range test for linux 32 bits in db1f7b1286- Fix GH-13727: macro generating invalid call test prototypes fixes in 868257a3de
- CI: update freebsd 13 image in db063cb771
divinity76
- Fix GH-13203: file_put_contents fail on strings over 4GB on Windows in 2343791aff
Eric Mann
- Update NEWS file in 9df068821b
- Update versions for PHP 8.3.5 in 9a9c7197c4
Ilija Tovilo
- Remove MAP_JIT flag in 00f9c5eeb4
- Fix ASan build in 697d1a1c63
- Restore error handler after running it in 3301d9602a
Jakub Zelenka
- Fix GH-11086: FPM: config test runs twice in daemonised mode in a19267d488
- Add
proc_open
escaping for cmd file execution in 0d89b54759 - Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true in 6a5c04d01d
Michael Orlitzky
- Fix GH-12019: ext/gd/config.m4: don't forget GDLIB_CFLAGS in feature tests in 00799320ec
Niels Dossche
- Fix GH-11808: Live filesystem modified by tests (security) in 7c8a3e426e
- Fix GH-13612: Corrupted memory in destructor with weak references in 39b8d5c871
- Add ZPP checks in DOMNode::{sleep,wakeup} in e3711af8ce
- Fix nightly failure due to type in
file_put_contents_5gb.phpt
in 65593e10ef - Fix GH-13680: Segfault with session_decode and compilation error in 6985aff7c3
- Fix potential memory leak in XPath evaluation results in 30c58aba0c
- Add missing DOM dependency in config.m4 for
ext/xsl
in afdabb1247 - Fix GH-13685: Unexpected null pointer in
zend_string.h
in aa34e0acb4 - Fix incorrect charset length in
check_mb_eucjpms()
in 8ffac997aa - Fix incorrect check in
fpm_shm_free()
in GH-13797 - Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in f77e5794c4
- Adapt regression test in 88953d1361
Peter Kokot
- Move CODEOWNERS to .github in GH-13591
Remi Collet
- Fix GH-13217 Test failure with zlib-ng in 5e12844d4d
- Fix AX_GCC_FUNC_ATTRIBUTE failure in 09a36812c1
Saki Takamachi
- Removed
REPORT_EXIT_STATUS=no
in libmysql tests in 99688dbe7a - Added validation of
\n
in $additional_headers ofmail()
in 04e8e55f47 - Fixed handshake response charset. in GH-13470
- Fixed handshake response charset. in GH-13470
- NEWS in 72779e6d64
- Changed the test expected value of
mysqli::info
to%s
in GH-13723
Shivam Mathur
- Fix brew action in GH-13659
Tim Düsterhus
- random: Fix unknown
mt_srand()
compatibility for unknown modes in GH-13544 - random: Initialize the
mode
field when seeding inphp_random_default_status()
in GH-13690
Vincent Langlet
- Fix phpdoc for DOMDocument load methods in 741570c30f