PHP full changelog
PHP 8.5.3
released Feb 13, 2026 (New Release)
Core:
Fixed bug GH-20806 (preserve_none feature compatiblity with LTO).
Fixed bug GH-20767 (build failure with musttail/preserve_none feature on macOs).
Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
Fixed bug GH-20914 (Internal enums can be cloned and compared).
Fix OSS-Fuzz #474613951 (Leaked parent property default value).
Fixed bug GH-20895 (ReflectionProperty does not return the PHPDoc of a property if it contains an attribute with a Closure).
Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
Fixed bug GH-20479 (Hooked object properties overflow).
Date:
Update timelib to 2022.16.
DOM:
Fixed GH-21041 (DomHTMLDocument corrupts closing tags within scripts).
MbString:
Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is invalid in the encoding).
Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
Opcache:
Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
OpenSSL:
Fix memory leaks when sk_X509_new_null() fails.
Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
Phar:
Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
PGSQL:
Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible UB.
Readline:
Fixed bug GH-18139 (Memory leak when overriding some settings via readline_info()).
SPL:
Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration).
Standard:
Fixed bug #74357
Fixed bug GH-20806 (preserve_none feature compatiblity with LTO).
Fixed bug GH-20767 (build failure with musttail/preserve_none feature on macOs).
Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
Fixed bug GH-20914 (Internal enums can be cloned and compared).
Fix OSS-Fuzz #474613951 (Leaked parent property default value).
Fixed bug GH-20895 (ReflectionProperty does not return the PHPDoc of a property if it contains an attribute with a Closure).
Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
Fixed bug GH-20479 (Hooked object properties overflow).
Date:
Update timelib to 2022.16.
DOM:
Fixed GH-21041 (DomHTMLDocument corrupts closing tags within scripts).
MbString:
Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is invalid in the encoding).
Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
Opcache:
Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
OpenSSL:
Fix memory leaks when sk_X509_new_null() fails.
Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
Phar:
Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
PGSQL:
Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible UB.
Readline:
Fixed bug GH-18139 (Memory leak when overriding some settings via readline_info()).
SPL:
Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration).
Standard:
Fixed bug #74357
PHP 8.5.2
released Feb 11, 2026 (New Release)
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (DomXMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
EXIF:
Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Lexbor:
Fixed bug GH-20668 (UriWhatWgUrl::withHost() crashes (SEGV) for URLs using the file: scheme).
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
Session:
Fix support for MM module.
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
URI:
Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string).
Zlib:
Fix OOB gzseek() causing assertion failure.
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (DomXMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
EXIF:
Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Lexbor:
Fixed bug GH-20668 (UriWhatWgUrl::withHost() crashes (SEGV) for URLs using the file: scheme).
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
Session:
Fix support for MM module.
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
URI:
Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string).
Zlib:
Fix OOB gzseek() causing assertion failure.
PHP 8.5.3
released Feb 11, 2026 (New Release)
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (DomXMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
EXIF:
Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Lexbor:
Fixed bug GH-20668 (UriWhatWgUrl::withHost() crashes (SEGV) for URLs using the file: scheme).
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
Session:
Fix support for MM module.
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
URI:
Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string).
Zlib:
Fix OOB gzseek() causing assertion failure.
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (DomXMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
EXIF:
Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Lexbor:
Fixed bug GH-20668 (UriWhatWgUrl::withHost() crashes (SEGV) for URLs using the file: scheme).
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
Session:
Fix support for MM module.
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
URI:
Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string).
Zlib:
Fix OOB gzseek() causing assertion failure.
PHP 8.5.2
released Jan 16, 2026 (New Release)
Core:
Added the #[NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
Added the (void) cast to indicate that not using a value is intentional.
Added get_error_handler(), get_exception_handler() functions.
Added support for casts in constant expressions.
Added the pipe (|>) operator.
Added the #[DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
Added support for `final` with constructor property promotion.
Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Added PHP_BUILD_PROVIDER constant.
Added PHP_BUILD_DATE constant.
Added support for Closures and first class callables in constant expressions.
Add support for backtraces for fatal errors.
Add clone-with support to the clone() function.
Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
Fixed AST printing for immediately invoked Closure.
Properly handle __debugInfo() returning an array reference.
Properly handle reference return value from __toString().
Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
Fixed bug GH-19352 (Cross-compilation with musl C library).
Fixed bug GH-19765 (object_properties_load() bypasses readonly prope
Added the #[NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
Added the (void) cast to indicate that not using a value is intentional.
Added get_error_handler(), get_exception_handler() functions.
Added support for casts in constant expressions.
Added the pipe (|>) operator.
Added the #[DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
Added support for `final` with constructor property promotion.
Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Added PHP_BUILD_PROVIDER constant.
Added PHP_BUILD_DATE constant.
Added support for Closures and first class callables in constant expressions.
Add support for backtraces for fatal errors.
Add clone-with support to the clone() function.
Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
Fixed AST printing for immediately invoked Closure.
Properly handle __debugInfo() returning an array reference.
Properly handle reference return value from __toString().
Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
Fixed bug GH-19352 (Cross-compilation with musl C library).
Fixed bug GH-19765 (object_properties_load() bypasses readonly prope
PHP 8.5.1
released Dec 17, 2025 (New Release)
Core:
Added the #[NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
Added the (void) cast to indicate that not using a value is intentional.
Added get_error_handler(), get_exception_handler() functions.
Added support for casts in constant expressions.
Added the pipe (|>) operator.
Added the #[DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
Added support for `final` with constructor property promotion.
Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Added PHP_BUILD_PROVIDER constant.
Added PHP_BUILD_DATE constant.
Added support for Closures and first class callables in constant expressions.
Add support for backtraces for fatal errors.
Add clone-with support to the clone() function.
Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
Fixed AST printing for immediately invoked Closure.
Properly handle __debugInfo() returning an array reference.
Properly handle reference return value from __toString().
Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
Fixed bug GH-19352 (Cross-compilation with musl C library).
Fixed bug GH-19765 (object_properties_load() bypasses readonly prope
Added the #[NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
Added the (void) cast to indicate that not using a value is intentional.
Added get_error_handler(), get_exception_handler() functions.
Added support for casts in constant expressions.
Added the pipe (|>) operator.
Added the #[DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
Added support for `final` with constructor property promotion.
Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Added PHP_BUILD_PROVIDER constant.
Added PHP_BUILD_DATE constant.
Added support for Closures and first class callables in constant expressions.
Add support for backtraces for fatal errors.
Add clone-with support to the clone() function.
Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
Fixed AST printing for immediately invoked Closure.
Properly handle __debugInfo() returning an array reference.
Properly handle reference return value from __toString().
Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
Fixed bug GH-19352 (Cross-compilation with musl C library).
Fixed bug GH-19765 (object_properties_load() bypasses readonly prope
PHP 8.5.0
released Nov 20, 2025 (New Release)
Core:
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
PHP 8.4.15
released Nov 18, 2025 (New Release)
Core:
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
PHP 8.4.14
released Oct 22, 2025 (New Release)
Core:
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
PHP 8.4.13
released Oct 7, 2025 (New Release)
Core:
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fixed bug GH-19280 (Stale array iterator position on rehashing).
Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).
Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c).
FTP:
Fix theoretical issues with hrtime() not being available.
GD:
Fix incorrect comparison with result of php_stream_can_cast().
Hash:
Fix crash on clone failure.
Intl:
Fix memleak on failure in collator_get_sort_key().
Fix return value on failure for resourcebundle count handler.
LDAP:
Fixed bug GH-18529 (additional inheriting of TLS int options).
LibXML:
Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).
MbString:
Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).
Opcache:
Reset global pointers to prevent use-after-free in zend_jit_status().
Fix issue with JIT restart and hooks.
Fix crash with dynamic function defs in hooks during preload.
OpenSSL:
Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
Fix error return check of EVP_CIPHER_CTX_ctrl().
Fixed bug GH-19428 (openssl_pkey_derive se
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fixed bug GH-19280 (Stale array iterator position on rehashing).
Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).
Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c).
FTP:
Fix theoretical issues with hrtime() not being available.
GD:
Fix incorrect comparison with result of php_stream_can_cast().
Hash:
Fix crash on clone failure.
Intl:
Fix memleak on failure in collator_get_sort_key().
Fix return value on failure for resourcebundle count handler.
LDAP:
Fixed bug GH-18529 (additional inheriting of TLS int options).
LibXML:
Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).
MbString:
Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).
Opcache:
Reset global pointers to prevent use-after-free in zend_jit_status().
Fix issue with JIT restart and hooks.
Fix crash with dynamic function defs in hooks during preload.
OpenSSL:
Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
Fix error return check of EVP_CIPHER_CTX_ctrl().
Fixed bug GH-19428 (openssl_pkey_derive se
PHP 8.4.11
released Jul 31, 2025 (New Release)
Core:
Fixed GH-18480 (array_splice with large values for offset/length arguments).
Partially fixed GH-18572 (nested object comparisons leading to stack overflow).
Fixed OSS-Fuzz #417078295.
Fixed OSS-Fuzz #418106144.
Curl:
Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL).
Date:
Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct) (JiriJozif).
Fixed bug GH-18481 (date_sunrise with unexpected nan value for the offset).
DOM:
Backport lexbor/lexbor#274.
Intl:
Fix various reference issues.
LDAP:
Fixed bug GH-18529 (ldap no longer respects TLS_CACERT from ldaprc in ldap_start_tls()).
Opcache:
Fixed bug GH-18417 (Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size).
Fixed bug GH-18297 (Exception not handled when jit guard is triggered).
Fixed bug GH-18408 (Snapshotted poly_func / poly_this may be spilled).
Fixed bug GH-18567 (Preloading with internal class alias triggers assertion failure).
Fixed bug GH-18534 (FPM exit code 70 with enabled opcache and hooked properties in traits).
Fix leak of accel_globals->key.
OpenSSL:
Fix missing checks against php_set_blocking() in xp_ssl.c.
SPL:
Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator).
Standard:
Fixed bug GH-17403 (Potential deadlock when putenv fails).
Fixed bug GH-18400 (http_build_query type error is inaccurate).
Fixed bug GH-18509 (Dynamic calls to assert() ignore zend.assertions).
Windows:
Fix leak+crash with sapi_windows_set_ctrl_handler().
Zip:
Fixed bug GH-18431 (Registering ZIP progress callback twice doesn't work).
Fixed bug GH-18438 (Handling of empty data and errors in ZipArchive::addPattern).
Fixed GH-18480 (array_splice with large values for offset/length arguments).
Partially fixed GH-18572 (nested object comparisons leading to stack overflow).
Fixed OSS-Fuzz #417078295.
Fixed OSS-Fuzz #418106144.
Curl:
Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL).
Date:
Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct) (JiriJozif).
Fixed bug GH-18481 (date_sunrise with unexpected nan value for the offset).
DOM:
Backport lexbor/lexbor#274.
Intl:
Fix various reference issues.
LDAP:
Fixed bug GH-18529 (ldap no longer respects TLS_CACERT from ldaprc in ldap_start_tls()).
Opcache:
Fixed bug GH-18417 (Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size).
Fixed bug GH-18297 (Exception not handled when jit guard is triggered).
Fixed bug GH-18408 (Snapshotted poly_func / poly_this may be spilled).
Fixed bug GH-18567 (Preloading with internal class alias triggers assertion failure).
Fixed bug GH-18534 (FPM exit code 70 with enabled opcache and hooked properties in traits).
Fix leak of accel_globals->key.
OpenSSL:
Fix missing checks against php_set_blocking() in xp_ssl.c.
SPL:
Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator).
Standard:
Fixed bug GH-17403 (Potential deadlock when putenv fails).
Fixed bug GH-18400 (http_build_query type error is inaccurate).
Fixed bug GH-18509 (Dynamic calls to assert() ignore zend.assertions).
Windows:
Fix leak+crash with sapi_windows_set_ctrl_handler().
Zip:
Fixed bug GH-18431 (Registering ZIP progress callback twice doesn't work).
Fixed bug GH-18438 (Handling of empty data and errors in ZipArchive::addPattern).
PHP for Windows 7 - free download notice
Windows 7 Download periodically updates software information of PHP from the publisher.
« BACK
My Account
Help
Windows 7 Software Coupons
-
MacX Video Converter Pro
56% Off -
WinX MediaTrans
63% Off -
WinX DVD Copy Pro
42% Off -
WinX HD Video Converter
56% Off -
MacX Media Management Bundle
70% Off
My Saved Stuff
You have not saved any software.
Click "Save" next to each software.
Click "Save" next to each software.
Would you like to receive announcements of new versions of your software by email or by RSS reader? Register for FREE!
Windows 7 Downloads Picks
- Simply Fortran 3.41 Build 4438
- PHP 8.5.3
- Code::Blocks for Windows 20.03 Build Apr 3 20
- Qt 6.10.2
- Easy Code for MASM 1.07.0.0009
- Python 3.14.3
- FreeBasic for Windows (x64 bit) 1.10.1
- Free Pascal 3.2.2
- FreeBasic for Windows 1.10.1
- Wing IDE Personal 10.0.4.0
- Easy Code for GoAsm 1.07.0.0009
- Open Fortran Parser 0.8.3
- Code::Blocks forMac OS X 20.03 Build Apr 3 20
- Wing IDE Professional 10.0.4.0
- PureBasic 6.30.0
- wxDEV-C++ 4.9.9.2
- DIFileFinder 6.13.0
- PythonCard 0.8.2
- haXe 3.4.2
- Agena 4.2.6
Popular Tags
coding language
efficient
microsoft visual studio community free download
user-friendly
exe
microsoft visual studio professional
visual studio
basic language
pascal
development
programming language
software
debug console
language
environment
microsoft visual studio community
compile
application development
download microsoft visual studio community
debug
basic
ide
decompiler
create application
free
download microsoft visual studio professional
java
microsoft visual studio professional free download
programming
compiler
Popular Windows 7 Software
- Simply Fortran 3.41 Build 4438
- PHP 8.5.3
- dotConnect for MySQL Professional 10.0.0
- dotConnect for Oracle Professional Edition 11.0.0
- Miraplacid Text Driver SDK 8.0
- dbForge Documenter for SQL Server 2025.3
- Turbo C++ 3.0
- Windows Installer 4.5
- StyleControls 5.86
- Software Ideas Modeler Portable 15.25
- Free OCR C# 2022.8.7804
- Windows Post-Install 8.7.2
- Review Assistant 4.1
- Java SE Development Kit (JDK) 8 Update 221
- Software Ideas Modeler Portable x64 14.55
© 2026 Windows7Download.com - All logos, trademarks, art and other creative works are and remain copyright and property of their respective owners. Microsoft Windows is a registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with windows7download.com.