PHP 8.3.26RC1 and 8.4.13RC1 packages for Fedora/RHEL released

Fedora Linux 9174 Published 2025-09-12 14:15 by Philipp Esselbach

News

Remi Collet has announced the availability of RPMs for PHP versions 8.3.26RC1 and 8.4.13RC1 on Fedora and Enterprise Linux (RHEL/CentOS/Alma/Rocky) systems, allowing users to test these new versions. The RPMs are available as Software Collections (SCL) in the remi-test repository and as base packages in the remi-modular-test repository for Fedora 41-43 and Enterprise Linux 8 and higher. PHP 8.4.13RC1 fixes several critical bugs, including issues with repeated file inclusion and garbage collection, while PHP 8.3.26 addresses problems with array iterator pointers and weak references. The new versions also include various enhancements and fixes for other components, such as CLI, date and time, DOM, FPM, GD Graphics Library, and more.

PHP 8.3.26 and PHP 8.4.13RC1 Now Available for Testing on Fedora and RHEL-Based Systems

Remi Collet has announced the availability of RPMs for PHP versions 8.3.26RC1 and 8.4.13RC1, which can be installed on Fedora and Enterprise Linux (RHEL/CentOS/Alma/Rocky and other clones) systems. These RPMs are provided in Software Collections format, allowing for parallel installation, and as base packages.

Availability of RPMs

The PHP 8.4.13RC1 RPMs are available:

As base packages in the remi-modular-test repository for Fedora 41-43 and Enterprise Linux 8 and higher.
In the remi-test repository as Software Collections (SCL).

Similarly, the PHP 8.3.26RC1 RPMs are available:

As base packages in the remi-modular-test repository for Fedora 41-43 and Enterprise Linux 8 and higher.
In the remi-test repository as Software Collections (SCL).

Supported Architectures

The RPMs are available for both x86_64 and AArch64 architectures.

PHP 8.2 Update

It's worth noting that PHP 8.2 is now in security mode only, which means no further release candidate (RC) versions will be made available.

Installation Instructions

To install the new PHP versions, follow the instructions provided in the wizard.

Announcements and Updates

PHP 8.4.13RC1

The PHP team has fixed several critical bugs in this version:

GH-18850: A bug that caused repeated inclusion of files with __halt_compiler() to trigger a "Constant already defined" warning has been fixed.
GH-19542: The scanning of string literals over 2GB now works correctly, avoiding signed int overflow errors.
GH-19544: The garbage collector (GC) was corrected to treat ZEND_WEAKREF_TAG_MAP references as WeakMap references.
GH-19613: A stale array iterator pointer issue was resolved, preventing potential crashes.
GH-19679: PHP's expansion path, PHP_EXPAND_PATH, now works correctly with bash 5.3.0.
GH-19720: An assertion failure occurred when an error handler threw while accessing a deprecated constant.

Additionally, the following fixes have been made:

Core Fixes:
- GH-19461: The error message for listening errors with IPv6 addresses was improved.
- Date Fixes: date_sunrise() and date_sunset() now work correctly with partial-hour UTC offsets.
- DBA Fixes: A bug in the management of DBA stream resources was fixed.
- DOM Fixes: A libxml2 tree dictionary bug was mitigated.
- FPM Fixes: Failed debug assertion when setting php_admin_value is no longer triggered.
CLI Fixes: The error message for listening errors with IPv6 addresses was improved.
Date and Time Fixes: date_sunrise() and date_sunset() now correctly handle partial-hour UTC offsets.
DOM Bug Fix: A bug in libxml2 tree dictionaries has been mitigated to prevent potential crashes.
FPM Stability Improvements: Failed debug assertions when setting php_admin_value have been fixed, enhancing FPM's stability.

PHP 8.3.26

The core team has fixed several critical bugs:

Repeated inclusion of files with __halt_compiler() now correctly handles "Constant already defined" warnings.
Scanning of string literals exceeding 2GB no longer fails due to signed integer overflow.
Weak references are properly handled by the garbage collector.
Stale array iterator pointers have been fixed, preventing potential crashes.

Additionally, several enhancements and fixes have been made:

CLI Enhancements: The CLI team has improved error messages for IPv6 address listening errors, providing more informative output.
Date and Time Fixes: date_sunrise() and date_sunset() now correctly handle partial-hour UTC offsets, ensuring accurate calculations.
DOM Bug Fix: A bug in libxml2 tree dictionaries has been mitigated to prevent potential crashes.
FPM Stability Improvements: Failed debug assertions when setting php_admin_value have been fixed, enhancing FPM's stability.
GD Graphics Library Fixes: imagefilledellipse() now handles width arguments correctly, preventing underflow errors.
Internationalization and Localization Updates: Locale strings are properly canonicalized for IntlDateFormatter and NumberFormatter, ensuring correct formatting.
OpenSSL Security Enhancements: Success error messages on TLS stream accept failures have been improved, providing more accurate output.
PGSQL Database Driver Fixes: Potential use-after-free errors when using persistent pgsql connections have been addressed, improving connection reliability.
Phar Archive File System Improvements: Memory leaks in OpenSSL signature verification and phar tar temporary file error handling have been fixed. Metadata leaks during failed phar convert logic have also been resolved.
Standard PHP Library Fixes: UAF (Use After Free) errors during array_splice() operations have been fixed, enhancing array manipulation safety. Integer overflows in LimitIterator when using small offsets and PHP_INT_MAX have been avoided, preventing potential crashes.
Streams Improvements: An incorrect call to zval_ptr_dtor() has been removed from user_wrapper_metadata(), improving metadata handling.
Tidy HTML Parser Fixes: A build issue with libtidy related to tidyOptIsReadonly deprecation and TidyInternalCategory availability has been resolved.
Zip Archive System Improvements: Memory leaks in zip when encountering empty glob results have been fixed, enhancing zip handling stability.