• PHP: Hypertext Preprocessor

    • Home
    • Downloads
    • QA Releases
    • Snapshots
    • Team
    • Php.net site

    • PHP For Windows

      This site is dedicated to supporting PHP on Microsoft Windows. It also supports ports of PHP extensions or features as well as providing special builds for the various Windows architectures.

      If you like to build your own PHP binaries, instructions can be found on the Wiki.

      PECL For Windows

      PECL extensions for Windows is being worked on. Windows DLL can be downloaded right from the PECL website.

      The PECL extension release and snapshot build directories are browsable directly.

      Which version do I choose?


      IIS

      If you are using PHP as FastCGI with IIS you should use the Non-Thread Safe (NTS) versions of PHP.

      Apache

      Please use the Apache builds provided by Apache Lounge. They provide VC9, VC11 and VC14 builds of Apache for x86 and x64. We use their binaries to build the Apache SAPIs.

      If you are using PHP as module with Apache builds from apache.org (not recommended) you need to use the older VC6 versions of PHP compiled with the legacy Visual Studio 6 compiler. Do NOT use VC9+ versions of PHP with the apache.org binaries.

      With Apache you have to use the Thread Safe (TS) versions of PHP.

      VC9, VC11 & VC14

      More recent versions of PHP are built with VC9, VC11 or VC14 (Visual Studio 2008, 2012 or 2015 compiler respectively) and include improvements in performance and stability.

      - The VC9 builds require you to have the Visual C++ Redistributable for Visual Studio 2008 SP1 x86 or x64 installed

      - The VC11 builds require to have the Visual C++ Redistributable for Visual Studio 2012 x86 or x64 installed

      - The VC14 builds require to have the Visual C++ Redistributable for Visual Studio 2015 x86 or x64 installed

      TS and NTS

      TS refers to multithread capable builds. NTS refers to single thread only builds. Use case for TS binaries involves interaction with a multithreaded SAPI and PHP loaded as a module into a web server. For NTS binaries the widespread use case is interaction with a web server through the FastCGI protocol, utilizing no multithreading (but also for example CLI).

      What is PGO?

      Profile Guided Optimization is an optimization feature available in Microsoft's Visual C++ compiler that allows you to optimize an output file based on profiling data collected during test runs of the application or module.

      Links:

      • PGO on MSDN
      • Visual C++ Team Blog - PGO with PHP
      • PHP PGO build for maximum performance (old)

      x86_64 Builds

      The x64 builds of PHP 5 for Windows are experimental, and do not provide 64-bit integer or large file support.

      PHP 7 provides full 64-bit support. The x64 builds of PHP 7 support native 64-bit integers, LFS, memory_limit and much more.


      Archives

      Past releases are available from our archives, older versions not found there can be found at the Museum.

    • OpenSSL security update

      20-Mar-2015

      The OpenSSL Security Advisory [19 Mar 2015] announces the availability of the OpenSSL 0.9.8zf and 1.0.1m which fix twelve security vulnerabilities. The latest PHP releases 5.4.39, 5.5.23 and 5.6.7 already contain the updated OpenSSL library. All PHP users are strongly encouraged to upgrade to the corresponding patch versions.

      Alternatively, the updated OpenSSL dependency DLLs can be downloaded separately as replacement for the older PHP and Apache versions.

      • http://windows.php.net/downloads/php-sdk/deps/vc9/x86/openssl-0.9.8zf-vc9-x86.zip
      • http://windows.php.net/downloads/php-sdk/deps/vc11/x86/openssl-1.0.1m-vc11-x86.zip
      • http://windows.php.net/downloads/php-sdk/deps/vc11/x64/openssl-1.0.1m-vc11-x64.zip

      OpenSSL security update

      10-Apr-2014

      The OpenSSL Security Advisory [07 Apr 2014] announces the availability of the OpenSSL 1.0.1g which fixes CVE-2014-0160. In this regard the latest PHP release 5.5.11 was rebuilt with the OpenSSL 1.0.1g. All PHP users are strongly encouraged to upgrade to PHP 5.5.11. If you already have downloaded this version before 10-Apr-2014, please redownload. The existing private keys should be regenerated as soon as possible.

      Alternatively, the updated OpenSSL dependency DLLs can be downloaded separately as replacement for the older PHP versions. Though be aware that this issue affects only OpenSSL 1.0.x and the DLL packages are only applicable to PHP 5.5 and upper.

      • http://windows.php.net/downloads/php-sdk/deps/vc11/x86/openssl-1.0.1g-vc11-x86.zip
      • http://windows.php.net/downloads/php-sdk/deps/vc11/x64/openssl-1.0.1g-vc11-x64.zip
      PHP 5.4 and lower is not affected by this issue.

      PHP 5.5.0 Release Announcement

      20-Jun-2013

      The PHP development team is proud to announce the immediate availability of PHP 5.5.0. This release includes a large number of new features and bug fixes.

      The key features of PHP 5.5.0 include:

      • Added generators and coroutines.
      • Added the finally keyword.
      • Added a simplified password hashing API.
      • Added support for constant array/string dereferencing.
      • Added scalar class name resolution via ::class.
      • Added support for using empty() on the result of function calls and other expressions.
      • Added support for non-scalar Iterator keys in foreach.
      • Added support for list() constructs in foreach statements.
      • Added the Zend OPcache extension for opcode caching.
      • The GD library has been upgraded to version 2.1 adding new functions and improving existing functionality.
      • A lot more improvements and fixes.

      Changes that affect compatibility:

      • PHP logo GUIDs have been removed.
      • Windows XP and 2003 support dropped.
      • Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules.

      For users upgrading from PHP 5.4, a migration guide is available detailing the changes between 5.4 and 5.5.0.

      For a full list of changes in PHP 5.5.0, see the ChangeLog.

      PHP 5.4.0 Release Announcement

      1-Mar-2012

      The PHP development team is proud to announce the immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes.

      The key features of PHP 5.4.0 include:

      • New language syntax including Traits, shortened array syntax and more
      • Improved performance and reduced memory consumption
      • Support for multibyte languages now available in all builds of PHP at the flip of a runtime switch
      • Built-in webserver in CLI mode to simplify development workflows and testing
      • Cleaner code base thanks to the removal of multiple deprecated language features
      • Many more improvements and fixes

      Changes that affect compatibility:

      • Register globals, magic quotes and safe mode were removed
      • The break/continue $var syntax was removed
      • The ini option allow_call_time_pass_reference was removed
      • The PHP default_charset is now "UTF-8"

      Extensions moved to PECL:

      • ext/sqlite (ext/sqlite3 and ext/pdo_sqlite are not affected)

      PHP 5.4 series will be the last versions to support Windows XP and Windows 2003. We will not provide binary packages for these Windows versions anymore after PHP 5.4.

      For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between those releases and PHP 5.4.0.

      For a full list of changes in PHP 5.4.0, see the ChangeLog.

      PHP 5.3.6 Released!

      [17-Mar-2011]

      The PHP development team would like to announce the immediate availability of PHP 5.3.6. This release focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related.

      Security Enhancements and Fixes in PHP 5.3.6:

      • Enforce security in the fastcgi protocol parsing with fpm SAPI.
      • Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
      • Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
      • Fixed bug #54055 (buffer overrun with high values for precision ini setting).
      • Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
      • Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

      Key enhancements in PHP 5.3.6 include:

      • Upgraded bundled Sqlite3 to version 3.7.4.
      • Upgraded bundled PCRE to version 8.11.
      • Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization.
      • Added options to debug backtrace functions.
      • Changed default value of ini directive serialize_precision from 100 to 17.
      • Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime error).
      • Fixed Bug #53958 (Closures can't 'use' shared variables by value and by reference).
      • Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
      • Over 60 other bug fixes.

      Windows users: please mind that we do no longer provide builds created with Visual Studio C++ 6. It is impossible to maintain a high quality and safe build of PHP for Windows using this unmaintained compiler.

      For Apache SAPIs (php5_apache2_2.dll), be sure that you use a Visual Studio C++ 9 version of Apache. We recommend the Apache builds as provided by ApacheLounge. For any other SAPI (CLI, FastCGI via mod_fcgi, FastCGI with IIS or other FastCGI capable server), everything works as before. Third party extension providers must rebuild their extensions to make them compatible and loadable with the Visual Studio C++9 builds that we now provide.

      All PHP users should note that the PHP 5.2 series is NOT supported anymore. All users are strongly encouraged to upgrade to PHP 5.3.6.

      For a full list of changes in PHP 5.3.6, see the ChangeLog. For source and binaries downloads please visit our downloads page.

      PHP 5.3.2 released

      04-Mar-2010

      The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

      Security Enhancements and Fixes in PHP 5.3.2:

      • Improved LCG entropy. (Rasmus, Samy Kamkar)
      • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
      • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

      Key Bug Fixes in PHP 5.3.2 include:

      • Added support for SHA-256 and SHA-512 to php's crypt.
      • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
      • Fixed bug #51059 (crypt crashes when invalid salt are given).
      • Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
      • Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
      • Fixed bug #50723 (Bug in garbage collector causes crash).
      • Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
      • Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
      • Fixed bug #50540 (Crash while running ldap_next_reference test cases).
      • Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
      • Over 60 other bug fixes.

      The SNMP extension is now available in VC9 versions. The cURL and MPIR libraries have been updated.

      For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

      Further information and downloads:

      For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.

      PHP 5.2.13 released

      25-Feb-2010

      The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

      Security Enhancements and Fixes in PHP 5.2.13:

      • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
      • Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
      • Improved LCG entropy. (Rasmus, Samy Kamkar)

      Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

      The libcURL library has been updated to 7.20.0, which fixes important bugs fixes as well as a security flaw, see the advisory here and the full changelog here.

      PHP 5.3.1 released

      19-Nov-2009

      The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.

      Security Enhancements and Fixes in PHP 5.3.1:

      • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
      • Added missing sanity checks around exif processing.
      • Fixed a safe_mode bypass in tempnam().
      • Fixed a open_basedir bypass in posix_mkfifo().
      • Fixed failing safe_mode_include_dir.

      Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

      The OpenSSL library has been updated to 0.9.8l, which fixes important bugs fixes (see the OpenSSL website for details.

      PHP 5.2.11 released

      17-Sept-2009

      The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

      Security Enhancements and Fixes in PHP 5.2.11:

      • Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
      • Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
      • Added missing sanity checks around exif processing. (Ilia)
      • Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

      Key enhancements in PHP 5.2.11 include:

      • Fixed regression in cURL extension that prevented flush of data to output defined as a file handle.
      • A number of fixes for the FILTER_VALIDATE_EMAIL validation rule
      • Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
      • Fixed bug #48696 (ldap_read() segfaults with invalid parameters)
      • Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities).
      • Fixed bug #48619 (imap_search ALL segfaults).
      • Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag).
      • Fixed bug #47351 (Memory leak in DateTime).
      • Over 60 other bug fixes.

      On windows, the cURL library has been updated to its latest version (7.19.6) to fix the flaws described here.

      Further details about the PHP 5.2.11 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

      PHP 5.3.0 released

      30-Jun-2009

      The PHP development team is proud to announce the immediate release of PHP 5.3.0. This release is a major improvement in the 5.X series, which includes a large number of new features and bug fixes.

      Some of the key new features include: namespaces, late static binding, closures, optional garbage collection for cyclic references, new extensions (like ext/phar, ext/intl and ext/fileinfo), over 140 bug fixes and much more.

      For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.0.

      Further details about the PHP 5.3.0 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

      PHP 5.2.10 released

      18-Jun-2009

      The PHP development team would like to announce the immediate availability of PHP 5.2.10. This release focuses on improving the stability of the PHP 5.2.x branch with over 100 bug fixes, one of which is security related. All users of PHP are encouraged to upgrade to this release.

      Security Enhancements and Fixes in PHP 5.2.10:

      • Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)

      Further details about the PHP 5.2.10 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

      PHP 5.2.9-2 (Windows) released

      07-Apr-2009

      The PHP Development Team would like to announce the availability of a new Windows build for PHP - PHP 5.2.9-2

      This release focuses on fixing security flaws in the included OpenSSL library (CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789). The security advisory is available here.

      The OpenSSL library has been updated to 0.9.8k, which includes fixes for these flaws.

      Note: Only the Windows binaries are affected. There are no changes to the PHP sources, therefore no source releases are necessary.

      Binaries are available in our downloads page

      PHP 5.2.9-1 (Windows) released

      10-Mar-2009

      The PHP Development Team would like to announce the availability of a new Windows build of PHP - PHP 5.2.9-1

      This release focuses on fixing a security flaw introduced by the cURL library (CVE-2009-0037). Please see the following for a full description: http://curl.haxx.se/docs/adv_20090303.html

      Please note that the cURL related function is disabled when open_basedir or safe_mode enabled.

      Note: Only the Windows packages are affected.

      Binaries are available in our downloads page

      PHP 5.2.9 released

      26-Feb-2009

      PHP 5.2.9 is now available. Get it here.

      The OpenSSL library has been updated to its latest version, 0.9.8j

      This release has been the occasion to greatly improve the installer, it should now work smoothly on every supported platform.

      For the full list of changes, see the announcement .

      PHP 5.2.9RC3 released

      19-Feb-2009

      PHP 5.2.9RC3 is now available for testing. Get it here.

      Installer and non thread safe builds available for the snapshots

      23-Oct-2008

      The NTS builds and the installers are now available for all php branches and builds.

      Snapshots are now online

      08-Oct-2008

      The snapshots are back online, with more choices and quality builds. The new Visual c++ 2008 builds are now available for PHP 5.3 and 6.0!

      x64 experimental snapshots should be available in the next days

      New website for PHP Windows

      01-Sep-2008


      The PHP Windows Development team would like to announce this new website. Here you will find information specifically related to Windows, such as downloads, snapshots and documentation.

      Only the downloads are available for now.

  • Copyright © 2001-2016 The PHP Group
    All rights reserved.

    Last updated: Mon Sept 1 12:03:37 2008 EDT