PHP 8.2.32 and 8.3.32 Released to Fix Critical OpenSSL Memory Corruption Bug

Published by

PHP versions 8.2.32 and 8.3.32 have been released to address a critical memory corruption bug in the OpenSSL library related to AES-WRAP-PAD encryption, which could potentially lead to crashes across a significant number of websites. While PHP 8.5 is the latest feature release, all supported versions will continue to receive monthly security updates, and developers are urged to update to the new versions immediately. Despite the ongoing "PHP is dead" rhetoric, PHP continues to power 70.8% of all websites with a server-side language and is actively maintained across multiple versions. The PHP team is committed to improving security and performance, with plans for ongoing updates and new features, while legacy versions still pose security risks



PHP 8.2.32 and 8.3.32 Released to Fix Critical OpenSSL Memory Corruption Bug

PHP 8.2.32 and 8.3.32 have been released to patch a critical memory corruption bug in openssl_encrypt when handling AES-WRAP-PAD encryption. Given that PHP still powers 70.8% of all websites with a known server-side language, the fix addresses a vulnerability that could cascade into crashes across a massive portion of the internet. While PHP 8.5 remains the current feature release and newer branches will miss this specific patch, all supported versions continue to receive monthly security updates from the active development team. Developers on 8.2 or 8.3 should update immediately via the official download page, while the broader ecosystem continues to stabilize around modern standards despite lingering legacy installations.

PHP 8.2.32 and 8.3.32 Released to Fix Critical OpenSSL Memory Corruption Bug @ Linux Compatible