Release Information
- Release Type
- Bug Fix Release
- Release Status
- Latest Release in 8.4
- Branch Status
- Supported
Latest release for PHP 8.4.
PHP 8.4 continues to receive bug fixes and security fixes until 2026-12-31.
Downloads
Source Code
Git Clone
Use Git to clone the 8.4.23 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.4.23How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.4.23-x64NTS.zip
Size: 33.07 MiB SHA256:
826efa189b21f46314ad497ff31467de9f0953292f42b235542be4feea182b48 php-8.4.23-x86NTS.zip
Size: 29.82 MiB SHA256:
3369dcc975b6e1b0241999374b7b34debb7157fbd4b4ad278c66e699ab559069 Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.4.23-x64TS.zip
Size: 33.23 MiB SHA256:
6cb93c23c5e87237881f2b3d8b93fdd70ff04a4a32bc16c9cf846aeb17f518dc php-8.4.23-x86TS.zip
Size: 29.84 MiB SHA256:
e7fa00b45d2c3cf32fb27214d744673e98af35def342742b104c683dda095799 Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.4.23-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.4.23-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.4.23-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.4.23-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.4.23-fpmChangeLog
Core
- Fixed bug GH-22280 (Incorrect compile error for goto to label preceding try/finally block).
- Fixed bug GH-22290 (AST pretty printing does not correctly handle strings containing NUL).
BCMath
- Fixed issues with oversized allocations and signed overflow in
bcround()andBcMath\Number::round().
Date
- Fix incorrect recurrence check of
DatePeriod::createFromISO8601String().
DOM
- Fix GH-22219 (
Dom\XMLDocument::schemaValidatefails to resolve xs:QName with prefix from imported schema).
Exif
- Read correct value for single and double tags.
GD
- Fixed bug GH-22121 (Double free in gdImageSetStyle() after overflow-triggered early return).
- Fixed bug GH-19666 (
imageconvolution()unexpected nan filter value). - Fixed bug GH-19739 (imageellipse/imagefilledellipse overflow).
- Fixed bug GH-19730 (imageaffine overflow).
Intl
- Fix incorrect argument positions for uninitialized calendar arguments in
IntlCalendar::equals(), ::before(), ::after(), and ::isEquivalentTo(), and for invalid start/end arguments intransliterator_transliterate(). - Fixed
IntlTimeZone::getDisplayName()to synchronize object error state for invalid display types. - Fixed Spoofchecker restriction-level APIs to only be exposed with ICU 53 and later.
mysqli
- Fix stmt->query leak in
mysqli_execute_query()validation errors.
Opcache
- Fixed bug GH-20469 (Unsafe inheritance cache replay with reentrant autoloading).
- Fixed bug GH-22158 (Tracing JIT dispatches the observer begin handler through the wrong run_time_cache slot on megamorphic calls).
OpenSSL
- Fixed bug GH-22187 (Memory corruption (
zend_mm_heapcorrupted) in openssl_encrypt with AES-WRAP-PAD).
Phar
- Fixed a bypass of the magic ".phar" directory protection in
Phar::addEmptyDir()for paths starting with "/.phar", while allowing non-magic directory names that merely share the ".phar" prefix. - Fixed an integer underflow when parsing ZIP extra fields.
Reflection
- Preserve class-name case in
ReflectionClass::getProperty()error messages and autoloading.
Sqlite
- Fix error checks for column retrieval.
Zlib
- Fixed memory leak if deflate initialization fails and there is a dict.
- Fixed memory leak in
inflate_add().
Zip
- Fixed error-related memory leaks.
Commit List
Calvin Buckley
- Update versions for PHP 8.4.23 in 52cee85adf
David Carlier
- Fix GH-21986:
PharData::getContent()crash on infinite recursion with symlinks in b2de3cf170 - Fix GH-19666:
imageconvolution()unexpected nan filter value in ec8342c222 - Fix GH-19739: imageellipse/imagefilledellipse overflow in 5dd3909422
- Fix GH-22138: skip libxml/xmlreader tests on non-ASCII paths in 673cb6d7a3
- Fix GH-19730: undefined behavior in
gd_interpolation.cin cb8f7bd434 ext/mysqli: Fix stmt->query leak inmysqli_execute_query()validation errors in 6501051883ext/dom: resolve in-scope prefixed QName values during document validation in 3b5eeb92dfext/openssl:openssl_encrypt()zend mm heap overflow on AES-WRAP-PAD mode in 1692268474
Ilia Alshanetsky
- Fix GH-22121: double-free in gdImageSetStyle() after overflow early return in 6b68d9433f
- intl: Fix memory leak in
IntlChar::getFC_NFKC_Closure()in d70568ea9f - readline: Fix memory leak in interactive shell INI directive in 43838c4ca2
- mbstring: Fix memory leak in mail header parsing in 61a1b9afd6
- Fix use-after-free when ArrayObject sort comparator replaces backing store in 2210fda0e1
- Fix
zend_stringleak on case-variant duplicatesetcookie()options in 0c52780287
Jorg Adam Sowa
- Preserve class-name case in
ReflectionClass::getProperty()in GH-22272
lamentxu
ext/soap: Fix integer overflow when decoding SOAP array indexes in f5db09db14
LamentXU123
ext/intl: Guard Spoofchecker restriction-level APIs at ICU 53 in edde16948a
Levi Morrison
ndossche
- zlib: fix memory leak if deflate initialization fails and there is a dict in b0ef5fcaa1
- zlib: no need to free dict on inflate init error in 98a644c02d
- zlib: Fix memory leak in
inflate_add()in 73d9145ef5 - zip: Fix file descriptor leak when
php_zip_add_file()fails in 4c54dce2bc - zip: Fix name leaks when path length check fails in
php_zip_pcre()in c4d4ceab2d - zip: Fix leak when
zip_fread()fails in 17f67529fd - date: Fix typo in condition in
date_period_init_iso8601_string()in f11c1facb4 - sqlite: fix error checks for column retrieval in 407c45debc
- exif: read from the correct pointer in d4a9726a2f
Nora Dossche
- zlib: fix test
skipifsections in GH-22099
Pratik Bhujel
Shivam Mathur
- Make curl brotli and zstd optional on Windows in GH-21925
- Switch to VS18 for the master branch in GH-22094
Tim Düsterhus
- dom: Update contributor name in CREDITS in 83cddbb98b
Volker Dusch
ext/bcmath: bounds-check$precisioninbcround()andNumber::round()in GH-22182
Weilin Du
ext/intl: Sync IntlTimeZone object errors for invalid display types in 9e68cf888aext/intl: Fix argument positions intransliterator_transliterate()error message in d8e741838aext/opcache: unwrap reference wrappers in typed by-value returns in GH-21973
“LamentXU123”
ext/intl: Fix argument position for uninitialized calendar arguments in 27d593e546ext/phar: improve .phar madic directory preservation logic inphar::addEmptyDir()in 3064540134