This Release is Outdated

The latest release of PHP 8.4 is PHP 8.4.22 . It is recommended to upgrade to the latest release.

PHP 8.4.10 Release Announcement

The PHP development team announces the immediate availability of PHP 8.4.10. This is a security release.

Version 8.4.9 was skipped because it was tagged without including security patches.

All PHP 8.4 users are encouraged to upgrade to this version.

For source downloads of PHP 8.4.10 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

Source Code

PHP 8.4.10 (tar.gz)

sha256: bd25c40ece60d1b3c879c11f517d335b8d6a872174c32ebb088b9494d8bb2cf2
PHP 8.4.10 (tar.bz2)

sha256: 8815d10659cde5f03be4d169205d62b7b29ed0edc7cdd84b6384cda0310c3108
PHP 8.4.10 (tar.xz)

sha256: 14983a9ef8800e6bc2d920739fd386054402f7976ca9cd7f711509496f0d2632

Change Log

bcmath
- Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
core
- Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute evaluation) and GH-18464 (Recursion protection for deprecation constants not released on bailout).
- Fixed GH-18695 (zend_ast_export() - float number is not preserved).
- Fix handling of references in zval_try_get_long().
- Do not delete main chunk in zend_gc.
- Fix compile issues with zend_alloc and some non-default options.
curl
- Fix memory leak when setting a list via curl_setopt fails.
date
- Fix leaks with multiple calls to DatePeriod iterator current().
dom
- Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by clone keyword).
fpm
- Fixed GH-18662 (fpm_get_status segfault).
hash
- Fixed bug GH-14551 (PGO build fails with xxhash).
intl
- Fix memory leak in intl_datetime_decompose() on failure.
- Fix memory leak in locale lookup on failure.
opcache
- Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
odbc
- Fix memory leak on php_odbc_fetch_hash() failure.
openssl
- Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
- Fixed bug #74796 (Requests through http proxy set peer name).
pdo odbc
- Fix memory leak if WideCharToMultiByte() fails.
pdo sqlite
- Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an incorrect return type.
phar
- Add missing filter cleanups on phar failure.
- Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek).
phpdbg
- Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0.
pgsql
- Fix warning not being emitted when failure to cancel a query with pg_cancel_query().
random
- Fix reference type confusion and leak in user random engine.
readline
- Fix memory leak when calloc() fails in php_readline_completion_cb().
simplexml
- Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes).
soap
- Fix memory leaks in php_http.c when call_user_function() fails.
tidy
- Fix memory leak in tidy output handler on error.
- Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory.