PHP 8.3.6 is an old release of PHP 8.3 series. Using the latest version PHP 8.3.19 is highly recommended.
PHP 8.3 continues to receive bug fixes and security fixes until 2025-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.3.6 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.3.6How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.3.6-x64NTS.zip (30.66 MiB)
php-8.3.6-x86NTS.zip (27.54 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.3.6-x64TS.zip (30.81 MiB)
php-8.3.6-x86TS.zip (27.52 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.6-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.3.6-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.3.6-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.3.6-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.3.6-fpmChangeLog
Core
- Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
- Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
- Fixed bug GH-13446 (Restore exception handler after it finishes).
- Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
- Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM
- Add some missing ZPP checks.
- Fix potential memory leak in XPath evaluation results.
FPM
- Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
- Fixed incorrect check in
fpm_shm_free().
GD
- Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext
- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd
- Fix GH-13452 (Fixed handshake response [mysqlnd]).
- Fix incorrect charset length in
check_mb_eucjpms().
Opcache
- Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
- Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
Random
- Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
- Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session
- Fixed bug GH-13680 (Segfault with session_decode and compilation error).
SPL
- Fixed bug GH-13685 (Unexpected null pointer in
zend_string.h).
Standard
- Fixed bug GH-11808 (Live filesystem modified by tests).
- Fixed GH-13402 (Added validation of
\nin $additional_headers ofmail()). - Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of
proc_open). (CVE-2024-1874) - Fixed bug GHSA-wpj3-hf5j-x4v4 (Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
- Fixed bug GHSA-fjp9-9hwx-59fq (
mb_encode_mimeheaderruns endlessly for some inputs). (CVE-2024-2757)
Commit List
David Carlier
- Fix GH-13932: Attempt to fix mbstring on windows build (msvc) in 7e4519670a
Eric Mann
- Update NEWS in da3e483261
- Update versions for PHP 8.3.6 in 6e8a26fba3