PHP is an open source general-purpose server-side scripting language originally designed for Web development to produce dynamic Web pages. It is one of the first developed server-side scripting languages to be embedded into an HTML source document rather than calling an external file to process data. The code is interpreted by a Web server with a PHP processor module which generates the resulting Web page. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.

If you are new to PHP and want to get some idea of how it works, try the introductory tutorial.

After that, check out the online manual.

What's New

Build:

  • Fixed bug GH-11522 (PHP version check fails with '-' separator).

CLI:

  • Fix interrupted CLI output causing the process to exit.

Core:

  • Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
  • Fixed line number of JMP instruction over else block.
  • Fixed use-of-uninitialized-value with ??= on assert.
  • Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).
  • Fixed build for FreeBSD before the 11.0 releases.

Curl:

  • Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.

Date:

  • Fixed bug GH-11368 (Date modify returns invalid datetime).
  • Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters).
  • Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with extra space).

DOM:

  • Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version).

Fileinfo:

  • Fixed bug GH-11298 (finfo returns wrong mime type for xz files).

FTP:

  • Fix context option check for "overwrite".
  • Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).

GD:

  • Fix most of the external libgd test failures.

Intl:

  • Fix memory leak in MessageFormatter::format() on failure.

Libxml:

  • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)

MBString:

  • Fix GH-11300 (license issue: restricted unicode license headers).

Opcache:

  • Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).
  • Prevent potential deadlock if accelerated globals cannot be allocated.

PCNTL:

  • Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).

PDO:

  • Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).

PDO SQLite:

  • Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).

Phar:

  • Add missing check on EVP_VerifyUpdate() in phar util.
  • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)

PHPDBG:

  • Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option).

Session:

  • Removed broken url support for transferring session ID.

Standard:

  • Fix serialization of RC1 objects appearing in object graph twice.

Streams:

  • Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself).

SQLite3:

  • Fix replaced error handling in SQLite3Stmt::__construct.

XMLReader:

  • Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active).