Ondřej Surý has released updated Debian packages for PHP users, including the latest versions of PHP 8.5.2, 8.4.17, and 8.3.30. These updates address several security vulnerabilities, fix long-standing bugs, and improve efficiency and resource usage, such as clearing potential memory leaks in LDAP and Intl systems. The new packages are now available for Debian 11 (Bullseye) LTS users, Debian 12 (Bookworm), and Debian 13 (Trixie). To add the repository to your Debian installation, you can follow a series of commands listed in the text or refer to the deb.sury.org website for further details.
PHP 8.5.2, PHP 8.4.17, and 8.3.30 Debian packages released
Ondřej Surý has released new Debian packages for PHP users. He's updated the packages to bring you the latest version of PHP 8.5.2, along with fixes for 8.4.17 and 8.3.30.
The security angle got a favorable look-in in these changes. And yeah, a specific shout-out goes to ndossche; their bug reports really helped shape what was fixed, especially some critical ones addressed by the most recent version, PHP 8.5.2. For example, it tackles a potential problem known as a use-after-free vulnerability related to php_output_handler_free.
Beyond patching security holes, though, this latest update also smooths out regular day-to-day stuff. People like developer ndossche found some issues needing attention too. Consider the use of SplFileInfo::openFile() in write mode; we have now fixed the long-standing bug. Then there's something about how Phar builds interact with older OpenSSL 1.1.0 versions, where a little adjustment helps things run better.
Efficiency and resource usage were another big part of this release as well. The team put effort into clearing potential memory leaks spread across different parts of the system, looking at LDAP and Intl, for instance. And they also touched up how INI input gets handled by parse_ini_string() to dial back its memory footprint.
If you use Debian GNU/Linux, these new packages should significantly improve your experience. They're now available for Debian 11 (Bullseye) LTS users looking to stay current longer. Then there's also support in Debian 12 (Bookworm). And let’s not forget the updates are ready for Debian 13 (Trixie), of course.
To add the repository to your Debian installation:
# To add this repository please do:
if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi
${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update
For further details, please refer to the deb.sury.org website. A dedicated bug tracker for the packages can be accessed here.
