PHP 8.5.0RC1: Downloads, Changelog, News

Release Information

Release: 8.5.0RC1
PHP Version: PHP 8.5
Release Date: 2025 Sep 25
Release Type: Bug Fix Release
Release Status: QA Release Latest
Branch Status: Upcoming Release

PHP 8.5 is a development version, and is not recommended for production use. PHP 8.5 is scheduled to reach General Availability on 2025-11-20. This is the latest QA release in the series.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-8.5.0RC1-x64NTS.zip (32.97 MiB)

php-8.5.0RC1-x86NTS.zip (29.47 MiB)

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-8.5.0RC1-x64TS.zip (33.09 MiB)

php-8.5.0RC1-x86TS.zip (29.52 MiB)

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.5.0RC1-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:8.5.0RC1-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.5.0RC1-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:8.5.0RC1-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:8.5.0RC1-fpm

ChangeLog

Core

Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
The __sleep() and __wakeup() magic methods have been deprecated.
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when using OPcache).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-19719 (Allow empty statements before declare(strict_types)).
Casting floats that are not representable as ints now emits a warning.
Casting NAN to other types now emits a warning.

Bz2

Fixed bug GH-19810 (Broken bzopen() stream mode validation).

Curl

Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.

Date

Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
The __wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method.

Exif

Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop).
Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header).
Various hardening fixes to HEIF parsing.

FPM

Fixed GH-8157 (post_max_size evaluates .user.ini too late in php-fpm).

Iconv

Extends the ICONV_CONST preprocessor for illumos/solaris.

Opcache

Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).

OpenSSL

Fixed build when --with-openssl-legacy-provider set.

MBstring

Updated Unicode data tables to Unicode 17.0.

Reflection

ReflectionConstant is no longer final.

SAPI

Fixed bug GH-18582 and #81451: http_response_code() does not override the status code generated by header().

Standard

Passing strings which are not one byte long to ord() is now deprecated.
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their data on serialize()).

URI

Fixed bug GH-19780 (InvalidUrlException should check $errors argument).
Prevent modifying Uri\WhatWg\Url and Uri\Rfc3986\Uri objects by manually calling __construct() or __unserialize().
Add new Uri\UriError exception that is thrown for internal error conditions.
Further clean up the internal API.
Fixed bug GH-19892 (Refcounting on zend_empty_array).
Fixed handling of port numbers > 65535 with the internal php_uri_parse_to_struct() API.
Fix Uri\WhatWg\Url::withHost().

Windows

Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).

Commit List

Alexandre Daubois

Cleanup and clarify session.c in GH-19631
Add a 1-char fastpath to implode() in GH-19276
Fix GH-19801: address leak when calling var_dump() with recursion in __debugInfo() in GH-19837
Fix GH-14402: Add support for serialization in SplPriorityQueue, SplMinHeap and SplMaxHeap in GH-19447

Appla

Fix hard_timeout when zend-max-execution-timers is enabled in ed9430a5d1

Arnaud Le Blanc

Fix deoptimization after exit during inc/dec in 4e0e88a140
Fix deoptimization after exit during inc/dec in 75945580bc
NEWS in 41538c9ff4
Handle references after FETCH_OBJ_R with REG destination in 32c919b474

Ayesh Karunaratne

CI: update push.yml ignore-paths to use YAML anchors aliases in 4a58cf3671

Bob Weinand

Make the call VM read the opline back after interrupts in GH-19890

Calvin Buckley

Fix Uri\WhatWg\Url::withHost() in GH-19935

Daniel Scherzer

Prepare for PHP 8.5.0RC1 in ea580760f0
Update versions for PHP 8.5.0RC1 in da775b8332

David CARLIER

ext/ldap: [RFC] Deprecate build with Oracle Instance Client version. in GH-19809

David Carlier

Fix GH-19885: dba_fetch() overflow on skip argument in 933e087843

Derick Rethans

Regenerate timelib parser files with --output <filename> in 62eaa71c4b
Update timelib to 2022.14 in a0329dbab0
Update NEWS in b42bd2a359
Update NEWS in e1bd1b2780
Update NEWS in e3d45803ad
Update NEWS in 908a3cce92
Revert "Update timelib to 2022.14" in be5784dfec

Dmitry Stogov

Update IR in 2ff7a18bdc
Update IR in ef202cc4b7
Update IR in 1302b9f6da

Dylan K. Taylor

Fix GH-19722: Windows: _get_osfhandle asserts in debug mode when given a socket in 36057b93f3

George Wang

fix pipe detection for STDERR in a757f276f9
fix pipe detection for STDERR in 828080146b

Gina Peter Banyard

Zend: Deprecate __sleep() in GH-19682
Update NEWS/UPGRADING for __sleep() deprecation in 4191843f6a
Zend: Deprecate __wakeup() in GH-19435
Update NEWS/UPGRADING for __wakeup() in 49fdf496e2
Check for __unserialize pointer first in 9659f3e53f
Add missing extension dependencies for tests in 05eda4318d
ext/standard: Deprecate passing string which are not one byte long to ord() in GH-19440
Update NEWS/UPGRADING for ord() deprecation in 569b003327
core: Warn when non-representable floats are coerced to int in GH-19760
Update NEWS and UPGRADING for OOB floats to int casts in 2a19375dd0
ext/date: Deprecate __wakeup() methods in favour of __unserialize() in GH-19827
Update NEWS and UPGRADING for __wakeup() deprecation of date classes in 4bc060c0f3
core: Add new test for coercions from NAN in d27e1e1723
core: Warn when coercing NAN to other types in 320fe2975b

Ilija Tovilo

Fix incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array in f045716288
Fix use-of-uninitialized-value in zend_get_arg_offset_by_name() in 6eb3faef3b
Fix refcounting on zend_empty_array in ext-uri (GH-19908) in 5897071ab6
Fix curl 8.16.0 compilation with zts in 266cb7d892
Fix bzopen() stream mode validation in 1aafd3e4eb
Mark enums and static fake closures as not collectable in 6e1b1900f0
Warn on http_response_code() after header('HTTP/...') in f389aded6a
Fix more curl 8.16 issues in a885372a08
Fix CGI with auto_globals_jit=0 in 8b51bcaa18

Jacob Adams

ext/iconv: Build fix for illumos distributions and solaris in 9fe6fb2566

Jakub Zelenka

Revert "fix pipe detection for STDERR." in c0f8bb6622
Fix missing OpenSSL libctx name fetch conversions in GH-19830
Fix GH-8157: post_max_size evaluates .user.ini too late in php-fpm in 1ac68e7b07
Rename php_uri_parser free to destroy in GH-19888
Fix build when --with-openssl-legacy-provider set in dcc4b0ff07

James Titcumb

Add composer.json.in to ext/skeleton for PIE support in GH-19853

Marc Bennewitz

ext/standard: set[raw]cookie: No format call needed for constant expires in GH-19900

Niels Dossche

Fix GH-19780: InvalidUrlException should check $errors argument in GH-19781
Fix GH-12265: Cloning an object breaks serialization recursion in f6f17484ab
Fix deprecation warning in test in c15d51f747
Fix GH-19688: Remove pattern overflow in zip addGlob() in 901f71e6e3
Fix GH-19792: SCCP causes UAF for return value if both warning and exception are triggered in 2ad0b5cf05
Fix GH-19701: Serialize/deserialize loses some data in 4974d5ef49
uri: Remove outdated docs in WhatWG uri parser in GH-19806
Fix fuzzer runner in GH-19676
Fix OSS-Fuzz #442954659: zero-size box in HEIF file causes infinite loop in GH-19724
Fix GH-19784: SoapServer memory leak in d30dd1b47b
Fix curl build failure on macOS+curl 8.16 in b46681d686
exif/heic: Avoid undefined behaviour in address calculations in 4123b8e108
exif/heic: Fix bound check in loop in 4e70d41698
exif/heic: Avoid overflow when adding box size and checking against file size in 518c2a8c16
exif/heic: Prevent overflow when computing meta bounds in 9c901145f7
exif/heic: Ensure file is at least 16 bytes to prevent underflow in eba4140bc4
Fix OSS-Fuzz #442954659: Crash in exif_scan_HEIF_header in 7a6a763f57
exif/heic: Make sure pos is always initialized in 6cc1a11045
exif/heic: Make offset size_t in fb3d4becf5
Fix GH-19653: Closure named argument unpacking between temporary closures can cause a crash in 22252954ef
Fix GH-19480: error_log php.ini cannot be unset when open_basedir is configured in 7a1bb71127
Allow empty statements before declare(strict_types) in 1f6ac30769

Peter Kokot

GH-15630 follow-up: Remove redundant undefs in GH-19783

Remi Collet

Mark test as ONLINE in GH-19776
Mark test as ONLINE in GH-19776

Ruoyu Zhong

Fix naming clash with libxml macro in 8774e96bd4

sasezaki

Make ReflectionConstant non-final in 78c997f36f

Shivam Mathur

Fix early exit condition in phpize.bat in GH-19886

tekimen

ext/mbstring: Update to Unicode 17.0 in GH-19796

Tim Düsterhus

zend_API: Do not overwrite readonly properties in object_properties_load() in GH-19767
uri: Do not treat arbitrary error codes as syntax errors in uri_parser_rfc3986 in GH-19779
uri: Remove useless layer of indirection in php_uri_get_parser() in GH-19774
uri: Clean up naming of public symbols in GH-19794
zend_vm_gen: Fix line numbers for --with-lines in GH-19789
zend_vm_gen: Track line numbers on a per-file basis in GH-19799
uri: Do not pass uri_internal_t to property handlers in GH-19805
uri: Optimize php_uri_get_*() in GH-19807
curl: Fix cloning of POST fields in GH-19813
uri: Throw when trying to modify URI objects after creation in GH-19768
uri: NEWS for GH-19794, GH-19768, and others in e6c6333c8e
zend_builtin_functions: Do not allocate to store name of FLF when fetching backtrace in GH-19842
zend_hash: Assert that the interned parameter is not a lie in GH-19843
Implement curl_copy_handle in terms of object cloning in GH-19841
uri: Throw UriError for unexpected failures in GH-19850
main: Disable $_SERVER JIT when register_argc_argv=1 in GH-19833
uri: Pass uri_object_t instead of zend_object where possible in GH-19854
uri: Clean up logic in uri_unserialize() in GH-19903
uri: Fix const-correctness violation in uri_*_from_obj in GH-19907
uri: Fix handling of large port numbers in URI struct in GH-19905
uri: Inline parser and uri into uri_object_t in GH-19906
uri: Clean up naming of remaining public symbols in GH-19917