PHP 8.4.3: Downloads, Changelog, News

Release Information

Release
8.4.3
PHP Version
PHP 8.4
Release Date
Release Type
Security Update
Release Status
Latest
Branch Status
Supported (Latest)

Latest PHP release in the latest version. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.4 continues to receive bug fixes and security fixes until 2026-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.4.3 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.4.3
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.4.3-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.4.3-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.4.3-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.4.3-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.4.3-fpm

ChangeLog

BcMath

  • Fixed bug GH-17049 (Correctly compare 0 and -0).
  • Fixed bug GH-17061 (Now Number::round() does not remove trailing zeros).
  • Fixed bug GH-17064 (Correctly round rounding mode with zero edge case).
  • Fixed bug GH-17275 (Fixed the calculation logic of dividend scale).

Core

  • Fixed bug OSS-Fuzz #382922236 (Duplicate dynamic properties in hooked object iterator properties table).
  • Fixed unstable get_iterator pointer for hooked classes in shm on Windows.
  • Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization).
  • Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
  • Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly).
  • Fixed bug GH-17200 (Incorrect dynamic prop offset in hooked prop iterator).
  • Fixed bug GH-17216 (Trampoline crash on error).

DBA

  • Skip test if inifile is disabled.

DOM

  • Fixed bug GH-17145 (DOM memory leak).
  • Fixed bug GH-17201 (Dom\TokenList issues with interned string replace).
  • Fixed bug GH-17224 (UAF in importNode).

Embed

  • Make build command for program using embed portable.

FFI

  • Fixed bug #79075 (FFI header parser chokes on comments).
  • Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure.
  • Fixed bug GH-16013 and bug #80857 (Big endian issues).

Fileinfo

  • Fixed bug GH-17039 (PHP 8.4: Incorrect MIME content type).

FPM

  • Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)).
  • Fixed bug GH-17112 (Macro redefinitions).
  • Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).

GD

  • Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
  • Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs).

Gettext

  • Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()).

Iconv

  • Fixed bug GH-17047 (UAF on iconv filter failure).

LDAP

  • Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes).

LibXML

  • Fixed bug GH-17223 (Memory leak in libxml encoding handling).

MBString

  • Fixed bug GH-17112 (Macro redefinitions).

Opcache

  • opcache_get_configuration() properly reports jit_prof_threshold.
  • Fixed bug GH-17140 (Assertion failure in JIT trace exit with ZEND_FETCH_DIM_FUNC_ARG).
  • Fixed bug GH-17151 (Incorrect RC inference of op1 of FETCH_OBJ and INIT_METHOD_CALL).
  • Fixed bug GH-17246 (GC during SCCP causes segfault).
  • Fixed bug GH-17257 (UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c).

PCNTL

  • Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry.

PgSql

  • Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument).
  • Fixed further ArgumentCountError for calls with flexible number of arguments.

Phar

  • Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c).

SimpleXML

  • Fixed bug GH-17040 (SimpleXML's unset can break DOM objects).
  • Fixed bug GH-17153 (SimpleXML crash when using autovivification on document).

Sockets

  • Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). (David Carlier / cmb)
  • Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option().

SPL

  • Fixed bug GH-17198 (SplFixedArray assertion failure with get_object_vars).
  • Fixed bug GH-17225 (NULL deref in spl_directory.c).

Streams

  • Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling).
  • Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value).
  • Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds).

Windows

  • Hardened proc_open() against cmd.exe hijacking.

XML

  • Fixed bug GH-1718 (unreachable program point in zend_hash).

Commit List

Arnaud Le Blanc

Calvin Buckley

  • Fix FD getting code on big endian in GH-17259

Christoph M. Becker

David Carlier

  • Fix GH-16809: fopen HTTP wrapper timeout stream context option overflow in 301b8e24c1
  • ext/sockets: socket_strerror follow-up on GH-16267 fix in 3bea6a2ddb
  • ext/pgsql fixing further calls with flexible arguments number in 0a3442fbe6
  • fix new pgsql test in 1bb4bd657f
  • fix pgsql config inclusion in 171cc5c6e0
  • ext/sockets: socket_set_option switch from convert_to_long to zval_get_long in 8a649a8343
  • Fix GH-14709 overflow on recurrences for DatePeriod::__construct in 16c0e57530

Derick Rethans

  • These were 6bone experimental network allocations, which have been returned to IANA (RFC 3701) in f2fdcfc8c3
  • Fixed GH-16944: Refactor IP ranges by using the tables from RFC 6890 in d25aac29ce
  • Include changes from RFC 6890 errata in 9d1deb97ff
  • Per RFC 6890, these are explicitly not reserved ranges in e54c9e6cd3
  • Consistent naming for test titles in 3b154eb88c

Dmitry Stogov

Gina Peter Banyard

  • ext/pcntl: Fix memory leak in cleanup code of pcntl_exec() in 2df9f32732

Ilija Tovilo

  • Drop intl on macOS + PHP 8.1 build in e675c1a467
  • Fix duplicate dynamic properties in hooked object iterator properties table in 84917300b2
  • Fix unstable get_iterator pointer for hooked classes in shm on Windows in 792f63df45
  • Backport flaky flag for phar tests in 8a9d45b86f
  • Fix ZEND_MATCH_ERROR misoptimization in cdfd960150
  • Hide xfail/xleak test summary in e7af08d625
  • Fix incorrect dynamic prop offset in hooked prop iterator in f0441744db
  • Add tests for GH-17151 in cbe9d67efc

Jakub Zelenka

  • Use empheral port for mysqli fake server tests in 39c292b1eb
  • Fix GH-13437: FPM: ERROR: scoreboard: failed to lock (already locked) in 3490ac0cb3
  • Introduce FPM_TEST_DEBUG_FILTER env var and extend multi request tracing in e0b79cdc5c
  • Fix GH-16955: Use empheral ports for OpenSSL server client tests in b8731767d8
  • Port OpenSSL gh10495, gh13860 and gh9310 test to use ephemeral ports in 37504f123d
  • Port stream bug51056 and gh11418 tests to use ephemeral ports in 19e2e4d5af

Michael Orlitzky

  • ext/dba/tests/gh16390.phpt: skip if inifile is disabled in def271aaa7
  • ext/gettext/gettext.c: handle NULLs from bindtextdomain() in 0221ceeccd
  • ext/gettext/tests: fix libintl return values under musl in bfb0e367f2
  • ext/gettext/config.m4: symlink en_US.UTF-8 test bits to en_US for musl in 471e94ce61

Niels Dossche

Saki Takamachi

  • Correctly compare 0 and -0 in GH-17051
  • Now Number::round() does not remove trailing zeros in GH-17063
  • Correctly round rounding mode with zero edge case in GH-17065
  • Fixed GH-17275: Fixed the calculation logic of dividend scale in GH-17279
  • Update versions for PHP 8.4.3 in 092e536850
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.

Support PHP.Watch — If you find the articles, version information, Codex, and other PHP.Watch contributions useful, consider supporting through GitHub Sponsors. Your sponsorship helps dedicate more time to creating valuable content and improving the PHP community. Together, we can keep the momentum going — thank you for your support!

Thanks to the highest tier sponsor: @TomasVotruba for your generous support to keep PHP.Watch moving 💜