Author: Sergey Panteleev (saundefined)
Date: 2026-05-07T18:43:00+03:00
Commit:
https://github.com/php/web-php/commit/9166b554d687f5cd52f54a1250f402e08044788c
Raw diff:
https://github.com/php/web-php/commit/9166b554d687f5cd52f54a1250f402e08044788c.diff
Announce PHP 8.2.31
Changed paths:
A archive/entries/2026-05-07-3.xml
A releases/8_2_31.php
M ChangeLog-8.php
M archive/archive.xml
M include/releases.inc
M include/version.inc
Diff:
diff --git a/ChangeLog-8.php b/ChangeLog-8.php
index 474d457fc0..0ee56b01d5 100644
--- a/ChangeLog-8.php
+++ b/ChangeLog-8.php
@@ -5868,6 +5868,45 @@
<a id="PHP_8_2"></a>
+<section class="version" id="8.2.31"><!-- {{{ 8.2.31 -->
+<h3>Version 8.2.31</h3>
+<b><?php release_date('07-May-2026'); ?></b>
+<ul><li>Curl:
+<ul>
+ <li>Add support for brotli and zstd on Windows.</li>
+</ul></li>
+<li>FPM:
+<ul>
+ <li>Fixed <?php githubsecurityl('php/php-src', '7qg2-v9fj-4mwv'); ?> (XSS
within status endpoint). (CVE-2026-6735)</li>
+</ul></li>
+<li>MBString:
+<ul>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'wm6j-2649-pv75'); ?> (Null
pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()).
(CVE-2026-7259)</li>
+</ul></li>
+<li>OpenSSL:
+<ul>
+ <li>Fix compatibility issues with OpenSSL 4.0.</li>
+</ul></li>
+<li>PDO_Firebird:
+<ul>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'w476-322c-wpvm'); ?> (SQL
injection via NUL bytes in quoted strings). (CVE-2025-14179)</li>
+</ul></li>
+<li>SOAP:
+<ul>
+ <li>Fixed <?php githubsecurityl('php/php-src', '85c2-q967-79q5'); ?> (Stale
SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'm33r-qmcv-p97q'); ?>
(Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION).
(CVE-2026-7261)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'hmxp-6pc4-f3vv'); ?> (Broken
Apache map value NULL check). (CVE-2026-7262)</li>
+</ul></li>
+<li>Standard:
+<ul>
+ <li>Fixed <?php githubsecurityl('php/php-src', '96wq-48vp-hh57'); ?> (Signed
integer overflow of char array offset). (CVE-2026-7568)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'm8rr-4c36-8gq4'); ?>
(Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258)</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
+
+
<section class="version" id="8.2.30"><!-- {{{ 8.2.30 -->
<h3>Version 8.2.30</h3>
<b><?php release_date('18-Dec-2025'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
index 1b5a424c05..7c22de456f 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>http://php.net/contact</uri>
<email>[email protected]</email>
</author>
+ <xi:include href="entries/2026-05-07-3.xml"/>
<xi:include href="entries/2026-05-07-2.xml"/>
<xi:include href="entries/2026-05-07-1.xml"/>
<xi:include href="entries/2026-05-04-1.xml"/>
diff --git a/archive/entries/2026-05-07-3.xml b/archive/entries/2026-05-07-3.xml
new file mode 100644
index 0000000000..561ba8065d
--- /dev/null
+++ b/archive/entries/2026-05-07-3.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom";>
+ <title>PHP 8.2.31 Released!</title>
+ <id>https://www.php.net/archive/2026.php#2026-05-07-3</id>
+ <published>2026-05-07T15:41:42+00:00</published>
+ <updated>2026-05-07T15:41:42+00:00</updated>
+ <link href="https://www.php.net/index.php#2026-05-07-3"; rel="alternate"
type="text/html"/>
+ <link href="https://www.php.net/archive/2026.php#2026-05-07-3"; rel="via"
type="text/html"/>
+ <category term="releases" label="New PHP release"/>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml";><p>The PHP development team
announces the immediate availability of PHP 8.2.31. This is a security
release.</p>
+
+<p>All PHP 8.2 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.2.31 please visit our <a
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can also be found <a
href="https://www.php.net/downloads.php?os=windows&version=8.2";>there</a>.
+The list of changes is recorded in the <a
href="https://www.php.net/ChangeLog-8.php#8.2.31";>ChangeLog</a>.
+</p> </div>
+ </content>
+</entry>
diff --git a/include/releases.inc b/include/releases.inc
index 05407c8790..2e93680e69 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,43 @@
$OLDRELEASES = array (
8 =>
array (
+ '8.2.30' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/8_2_30.php',
+ ),
+ 'tags' =>
+ array (
+ 0 => 'security',
+ ),
+ 'date' => '18 Dec 2025',
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-8.2.30.tar.gz',
+ 'name' => 'PHP 8.2.30 (tar.gz)',
+ 'sha256' =>
'a0fa6673ba4b0c8335fbab08afb7c2e13a3791f2b5a0928c7ad3d7ad872edf26',
+ 'date' => '18 Dec 2025',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-8.2.30.tar.bz2',
+ 'name' => 'PHP 8.2.30 (tar.bz2)',
+ 'sha256' =>
'104820b6c8fc959dde4b3342135f42bdabf246e86918a16381a17d8447c866fa',
+ 'date' => '18 Dec 2025',
+ ),
+ 2 =>
+ array (
+ 'filename' => 'php-8.2.30.tar.xz',
+ 'name' => 'PHP 8.2.30 (tar.xz)',
+ 'sha256' =>
'bc90523e17af4db46157e75d0c9ef0b9d0030b0514e62c26ba7b513b8c4eb015',
+ 'date' => '18 Dec 2025',
+ ),
+ ),
+ 'museum' => false,
+ ),
'8.4.20' =>
array (
'announcement' =>
diff --git a/include/version.inc b/include/version.inc
index 55f3015f07..4eec5648be 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -58,13 +58,13 @@ $RELEASES = (function () {
/* PHP 8.2 Release */
$data['8.2'] = [
- 'version' => '8.2.30',
- 'date' => '18 Dec 2025',
+ 'version' => '8.2.31',
+ 'date' => '07 May 2026',
'tags' => ['security'], // Set to ['security'] for security releases.
'sha256' => [
- 'tar.gz' =>
'a0fa6673ba4b0c8335fbab08afb7c2e13a3791f2b5a0928c7ad3d7ad872edf26',
- 'tar.bz2' =>
'104820b6c8fc959dde4b3342135f42bdabf246e86918a16381a17d8447c866fa',
- 'tar.xz' =>
'bc90523e17af4db46157e75d0c9ef0b9d0030b0514e62c26ba7b513b8c4eb015',
+ 'tar.gz' =>
'083c2f61cc5f527eb293c4c468a91af46a9678785957e023b2796a9db290d870',
+ 'tar.bz2' =>
'948183fa04cf261c9b9363c02f428977b9ddf8c0bfdff8e8e1fba816ed570803',
+ 'tar.xz' =>
'95eae411d594fe6f6e5678b76645dc13ae47d3c0a5325c1d969b58dea56ee45a',
]
];
diff --git a/releases/8_2_31.php b/releases/8_2_31.php
new file mode 100644
index 0000000000..45a267791a
--- /dev/null
+++ b/releases/8_2_31.php
@@ -0,0 +1,16 @@
+<?php
+$_SERVER['BASE_PAGE'] = 'releases/8_2_31.php';
+include_once __DIR__ . '/../include/prepend.inc';
+site_header('PHP 8.2.31 Release Announcement');
+?>
+<h1>PHP 8.2.31 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP
8.2.31. This is a security release.</p>
+
+<p>All PHP 8.2 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.2.31 please visit our <a
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can also be found <a
href="https://www.php.net/downloads.php?os=windows&version=8.2";>there</a>.
+The list of changes is recorded in the <a
href="https://www.php.net/ChangeLog-8.php#8.2.31";>ChangeLog</a>.
+</p>
+<?php site_footer();
