PHP 8.5.2: Downloads, Changelog, News

Release Information

Release
8.5.2
PHP Version
PHP 8.5
Release Date
Release Type
Security Update
Release Status
Latest
Branch Status
Supported (Latest)

Latest PHP release in the latest version. This release contains security fixes, and it is recommended to update as soon as possible.
PHP 8.5 continues to receive bug fixes and security fixes until 2027-12-31.

Downloads

Source Code

Git Clone
Use Git to clone the 8.5.2 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.5.2
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.5.2-x64NTS.zip
Size: 33.32 MiB SHA256: acb844830aee008a7dde4092f6aab62b09541b3f16260806beff4e4dcc7d9617
php-8.5.2-x86NTS.zip
Size: 29.8 MiB SHA256: 6d52684520ef79421f678c8d70792bfe746df31e0b76224ac39d3107f5f89daa
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.5.2-x64TS.zip
Size: 33.45 MiB SHA256: a44bda6ae67fe20cb5da8d38d228601d48459f857d95b54251d12365bd428dfe
php-8.5.2-x86TS.zip
Size: 29.85 MiB SHA256: 7fd2816819165b3504275140e040e13e7f55e1f146641188257715d063eeeecf

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.5.2-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.5.2-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.5.2-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.5.2-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.5.2-fpm

ChangeLog

Core

  • Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
  • Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
  • Fixed bug GH-20714 (Uncatchable exception thrown in generator).
  • Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
  • Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).

DOM

  • Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
  • Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).

EXIF

  • Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).

Intl

  • Fix leak in umsg_format_helper().

LDAP

  • Fix memory leak in ldap_set_options().

Lexbor

  • Fixed bug GH-20668 (`Uri\WhatWg\Url::withHost()` crashes (SEGV) for URLs using the file: scheme).

Mbstring

  • Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).

OpenSSL

  • Fixed bug GH-20802 (undefined behavior with invalid SNI_server_certs options).

PCNTL

  • Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.

Phar

  • Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
  • Fix SplFileInfo::openFile() in write mode.
  • Fix build on legacy OpenSSL 1.1.0 systems.
  • Fixed bug #74154 (Phar extractTo creates empty files).

Session

  • Fix support for MM module.

Sqlite3

  • Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).

Standard

  • Fix error check for proc_open() command.
  • Fix memory leak in mail() when header key is numeric.
  • Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).

URI

  • Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string).

Zlib

  • Fix OOB gzseek() causing assertion failure.

Commit List

Alexandre Daubois

  • Fix GH-20370: forbid user stream filters to violate typed property constraints in GH-20373

Arnaud Le Blanc

  • Fix zend_vm_gen.php when executed with PHP 8.5 in d3ef80649e

Bob Weinand

  • Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings) in GH-20746

Calvin Buckley

  • Fix skipif for mkfifo usage in gh20582.phpt in GH-20804

Daniel Scherzer

David Carlier

Dmitry Stogov

Gina Peter Banyard

  • Fix GH-20553: PDO::FETCH_CLASSTYPE ignores $constructorArgs in PHP 8.5.0 in a3454b80e6
  • ext/standard: Fix memory leak in mail() when header key is numeric in 20f9772063

Giovanni Giacobbi

  • Use EVP_MD_CTX_destroy() instead of EVP_MD_CTX_free() for compatibility and consistency in f89a3503bf
  • gen_stub: Fix php-parser package download in GH-20775

Ilija Tovilo

  • Suppress libxml deprecations in f7fb13eb07
  • Fix yet another xml deprecation in fe070fcc75
  • Fix warning on 8.5 in f39ae2fc67
  • Fix dumping function signature with dynamic class const lookup default argument in 26c0cbd93c
  • Update clang in macOS build in cb413b5d5f
  • Fix xcode-select in 6cdb8bf0a2
  • Fix curl protocols test expectation in 06b8b75d2e
  • Fix uncatchable exception thrown in generator in fb1ec9a5a7

Jakub Zelenka

Kamil Tekiela

Linus Groh

  • opcache: Remove unused sys/ipc.h include from ZendAccelerator.c in GH-20662

Max Kellermann

  • sapi/fpm: remove use of variable-length arrays in GH-10645

Michael Orlitzky

  • ext/session/mod_mm.c: add a few missing ZSTR macros in 0eb6a4d32f

Michael Telgmann

  • fix: Allow variadic syntax in PHPDoc parameter annotation in gen_stub.php in GH-20342

Niels Dossche

Oblivionsage

Remi Collet

  • Fix header for uriBaseRuntimeVersionA prototype in e35fefbfdb
  • Fix missing liburiparser linker option in 872ff820cb

Sharad Chandran R

  • Fix variable assignment for PHP argument escaping in run-tests.php in GH-20799

Takuya Aramaki

  • Fix TypeError message of setlocale() in GH-20625

Tim Düsterhus

  • uri: Update to uriparser-0.9.9-79-gf47a7f0 in GH-20671
  • lexbor: Cherry pick "URL: fixed "heap-buffer-overflow" for scheme is "file"." in 3e7710c97d
  • uri: Update to uriparser-0.9.9-85-g9a31011 in GH-20707
  • uri: Update to uriparser-1.0.0 in GH-20715
  • Update GitHub Action workflows to actions/checkout@v6 in bb70c5589a
  • Update GitHub Action workflows to actions/cache@v5 in 6f61244a03
  • Update GitHub Action workflows to actions/checkout@v6 (8.2) in 61c35928fa
  • Update GitHub Action workflows to actions/checkout@v6 (8.3) in 7c1830b056
  • Update GitHub Action workflows to actions/checkout@v6 (8.4) in 302aed78ee
  • Update GitHub Action workflows to actions/labeler@v6 in 034ee3f47b
  • Update GitHub Action workflows to actions/upload-artifact@v6 in eb1c0177fd
  • Update GitHub Action workflows to actions/checkout@v6 (8.5) in 872c9bd41d
  • Update GitHub Action workflows to actions/upload-artifact@v6 (8.5) in 874727b41f

Yuya Hamada

Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.