This Release is Outdated

The latest release of PHP 8.4 is PHP 8.4.22 . It is recommended to upgrade to the latest release.

PHP 8.4.13 Release Announcement

The PHP development team announces the immediate availability of PHP 8.4.13. This is a bug fix release.

All PHP 8.4 users are encouraged to upgrade to this version.

For source downloads of PHP 8.4.13 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

Source Code

PHP 8.4.13 (tar.gz)

sha256: ba323619b322125dbd7bf09eefbd572863797359c7d127f986c58a71c872d531
PHP 8.4.13 (tar.bz2)

sha256: 85181ddca7b3e03f148521b043bd62411950d468c667db6400479f1b10812194
PHP 8.4.13 (tar.xz)

sha256: b4f27adf30bcf262eacf93c78250dd811980f20f3b90d79a3dc11248681842df

Change Log

core
- Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
- Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
- Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
- Fixed bug GH-19613 (Stale array iterator pointer).
- Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
- Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
- Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
cli
- Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
date
- Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
dba
- Fixed bug GH-19706 (dba stream resource mismanagement).
dom
- Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
fpm
- Fixed failed debug assertion when php_admin_value setting fails.
intl
- Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
opcache
- Fixed bug GH-19493 (JIT variable not stored before YIELD).
openssl
- Fixed bug GH-19245 (Success error message on TLS stream accept failure).
pgsql
- Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
phar
- Fixed memory leaks when verifying OpenSSL signature.
- Fix memory leak in phar tar temporary file error handling code.
- Fix metadata leak when phar convert logic fails.
- Fix memory leak on failure in phar_convert_to_other().
- Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
standard
- Fixed bug GH-16649 (UAF during array_splice).
- Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
streams
- Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
- Fix OSS-Fuzz #385993744.
zip
- Fix memory leak in zip when encountering empty glob result.