Remi Collet has released updated Fedora packages for PHP 8.3.28 and 8.4.15, which address various issues, including bugs in the core code and its extensions. These updates are available through the remi-modular repository and can be installed on Fedora systems running version 41 or higher, as well as Red Hat Enterprise Linux (RHEL), AlmaLinux, CentOS Stream, and Rocky Linux. The bug fixes resolve problems with auto_globals_jit, assertion failures, memory leaks, and security vulnerabilities in extensions such as DOM, Exif, FPM, GD, Intl, MySQLnd, Opcache, PgSql, Phar, Random, SimpleXML, Streams API, Tidy, XMLReader, and Windows extensions. Installing these updates can help maintain the security and stability of your PHP setup.

PHP 8.3.28 and 8.4.15 Fedora/RHEL Packages released

Remi Collet has released updated Fedora packages for PHP. Specifically, versions 8.3.28 and 8.4.15 are now available.

These updates roll out to Fedora systems running version 41 or higher, as well as Red Hat Enterprise Linux (RHEL), AlmaLinux, CentOS Stream, and Rocky Linux on compatible architectures. The main point is they resolve issues: bugs in the core PHP code itself or within its various extensions.

The remi-modular repository hosts these new RPMs. So now, users of those systems can grab the latest security patches and bug fixes for PHP directly from there. It's a straightforward update meant to keep things running smoothly.

Digging into what changed:

• For the core code, it includes fixes like resolving a problem with auto_globals_jit set low (CGI) related to an empty tag, seen in GH-19934.
• Also fixed within PHP were some tricky assertion failures: one happened during certain offset operations on WeakMaps involving references (GH-20073), and another occurred when handling exceptions from lazy object get_properties methods inside a foreach loop (GH-20085).

Beyond just the core, many key extensions got attention too. Updates covered PHP's DOM extension for parsing HTML documents; Exif for handling image metadata; FPM (FastCGI Process Manager) itself had an important enhancement; GD for image manipulation; Intl for internationalization; MySQLnd for database connectivity; Opcache to speed up execution; PgSql for PostgreSQL support; Phar for archive handling; Random number generation, SimpleXML, Streams API, XMLReader, and Tidy. Each got its own set of bug fixes, leak patches, or security tweaks.

On the specific bugs front:

• There was a potential memory leak in Exif when dealing with empty tags.
• A serious segfault (segmentation fault) affecting FPM's status export during parallel execution has been fixed.
• In GD, imagefilter() could run into trouble if given an invalid filter type, but it's handled properly now.

And these aren't just one-offs. The fixes spanned other important components like Intl, LibXML, MySQLnd, Opcache, PgSql (PostgreSQL), Phar, Random, SimpleXML, Streams, Tidy, XMLReader, Windows extensions, and Zip handling. Memory leaks were addressed across the board as well.

These packages work on systems using either x86_64 or AArch64 chipsets. If you're running Fedora 41+ or one of those other RHEL-family distros (RHEL, AlmaLinux, CentOS Stream, Rocky Linux), pointing your package manager towards the remi-modular repository should provide you with access to these updates. Installing them helps maintain security and stability for your PHP setup.

️ PHP version 8.3.28 and 8.4.15

RPMs of PHP version 8.4.15 are available in the remi-modular repository for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

️ PHP version 8.3.28 and 8.4.15