PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals.
This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivatives. Although it is possible to compile PHP from source, installing it from an APT repository as explained below is often faster and more secure because these repositories will provide the latest bug fixes and security updates in the future.
PHP 8.4 is not available in current Debian and Ubuntu software repositories. This guide uses the repositories maintained by Ondřej Surý. Ondrej's PHP repositories have been the de-facto repositories for PHP on Ubuntu, Debian, and their derivatives for several years.
Potential Backward Compatibility Impact in PHP 8.4
PHP 8.4 brings several new features such as property hooks, asymmetric visibility, improvements in DOM, Curl, PCRE extensions, and more.
However, PHP 8.4 also deprecates some PHP functionality and removes four PHP extensions from PHP core to PECL. This can affect existing PHP applications to emit additional PHP notices/warnings, or fail in certain conditions.
Some of the notable changes that are likely to affect existing applications include:
- Implicitly nullable parameter declarations deprecated
- E_STRICT constant deprecated
- Extensions moved from PHP core to PECL: Pspell, IMAP, OCI8, and PDO_OCI.
When a PHP extension is moved from PHP core to PECL, the extension will follow its own release cycle. The repositories used in the guide will provide updates for them if the PECL project for that extension releases updates. However, this also means the PECL extension can (and often does) fall behind on maintenance.
Before continuing, make sure to backup the system. This guide installs PHP 8.4 side-by-side along any existing PHP installations, which offers an easy way to switch back to the other PHP installation if necessary.
This step only applies when upgrading an existing PHP setup. The following command lists all installed PHP packages with the text php in its name, shows it on screen, and writes it to a file called packages.txt. This file comes in handy at a later step when installing the PHP 8.4 packages, to ensure the same list of PHP 8.4 versions of the extensions are installed.
dpkg -l | grep php | tee packages.txt
2. Add ondrej/php PPA/DPA
Because PHP 8.4 packages are not available in any of the current Debian or Ubuntu software repositories, the PHP packages must come from another repo.
Ondřej Surý maintains a package archive that contains compiled binaries of all current PHP versions, for Ubuntu and Debian. It also ships several PECL extensions including PECL extensions for PHP core extensions unbundled in PHP 8.4.
Once this repository is added, the initial installation and updates can be done with the standard apt commands.
Ubuntu PPA
dpkg -l | grep php | tee packages.txt
Debian DPA
sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php # Press enter to confirm.sudo apt update
3. Install PHP 8.4 Server API packages
In the Ondrej's PPA and DPA, PHP 8.4 packages follow the php8.1-NAME pattern. PECL and shared PHP extensions also follow the same pattern.
Before installing PHP extensions, make sure to install one of the following PHP Server API (SAPI) packages:
Install PHP-CLI only
To install PHP CLI, install the php8.1-cli package, along with the extensions desired.
sudo apt-get updatesudo apt-get -y install lsb-release ca-certificates curl apt-transport-httpssudo curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.debsudo dpkg -i /tmp/debsuryorg-archive-keyring.debsudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'sudo apt-get update
PHP-CLI and PHP as an Apache module
To install PHP CLI and PHP 8.4 as an Apache module, install the libapache2-mod-php8.4 package:
sudo apt install php8.4-cli
Unless the PHP application requires PHP to be installed as an Apache module, consider installing PHP-FPM instead.
PHP CLI and PHP-FPM (recommended)
It is recommended to install PHP-FPM to integrate PHP with web-servers such as Apache, Nginx, and Caddy.
sudo apt install php8.4-cli libapache2-mod-php8.4
This installs the php8.4-fpm service and automatically enables it. See the FPM web-server integration section for the additional steps required later.
5. Check Installation
For a quick check of the PHP installation, run the following:
sudo apt install php8.4-cli php8.4-fpm
It should show the PHP version, build time, and more information:
If the PHP-FPM service is installed, its status can be checked as follows:
php -v
If the PHP-FPM server is running successfully, it should show an output similar to below:
4. Install PHP Extensions
All of the shared PHP extensions and PECL extensions follow the php8.4-EXTNAME pattern, where extname is the name of the extension.
When upgrading an existing system, refer to the packages.txt file created in the first step to check the existing PHP 8.3 or older PHP extensions.
To install a PHP extension, use the apt install command with the PHP extension name with the php-8.4- prefix. For example, the gd extension is installed with the php8.4-gd package:
sudo systemctl status php8.4-fpm
The following command installs a set of most common PHP extensions required by a majority of PHP libraries and frameworks:
sudo apt install php8.4-gd
To search for additional PHP extensions, use the apt search command:
dpkg -l | grep php | tee packages.txt
Development Tools
Development tooling such as Xdebug and code coverage tools can also be installed following the same package naming convention.
This step is not recommended on production servers.
Xdebug
sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php # Press enter to confirm.sudo apt update
PCOV
sudo apt-get updatesudo apt-get -y install lsb-release ca-certificates curl apt-transport-httpssudo curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.debsudo dpkg -i /tmp/debsuryorg-archive-keyring.debsudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'sudo apt-get update
5. Web Server Integration
Depending on the server API installed in step 3, web server integration might require additional configuration for the PHP 8.4 upgrade to take effect.
PHP-FPM
When using PHP-FPM (by installing the php8.4-fpm package), the web server needs to be reconfigured to communicate with the PHP 8.4 FPM server over the updated the socket path.
Apache: This configuration change is made easy by switching on the PHP 8.4 configuration file:
sudo apt install php8.4-cli
Nginx: Update the fastcgi_pass directive from the old PHP FPM socket path to the new PHP 8.4 path:
sudo apt install php8.4-cli libapache2-mod-php8.4
See Nginx documentation for more information
Caddy Server: Update the reverse_proxy directive to use the new PHP 8.4 FPM server socket path:
sudo apt install php8.4-cli php8.4-fpm
See How to use Caddy Server with PHP for more configuration details.
PHP as an Apache module
If PHP is installed as an Apache module, the following command disables the previous PHP module (8.3 in this example) and enables the new PHP version:
php -v
The above is the detailed content of PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian. For more information, please follow other related articles on the PHP Chinese website!
How can you protect against Cross-Site Scripting (XSS) attacks related to sessions?Apr 23, 2025 am 12:16 AMTo protect the application from session-related XSS attacks, the following measures are required: 1. Set the HttpOnly and Secure flags to protect the session cookies. 2. Export codes for all user inputs. 3. Implement content security policy (CSP) to limit script sources. Through these policies, session-related XSS attacks can be effectively protected and user data can be ensured.
How can you optimize PHP session performance?Apr 23, 2025 am 12:13 AMMethods to optimize PHP session performance include: 1. Delay session start, 2. Use database to store sessions, 3. Compress session data, 4. Manage session life cycle, and 5. Implement session sharing. These strategies can significantly improve the efficiency of applications in high concurrency environments.
What is the session.gc_maxlifetime configuration setting?Apr 23, 2025 am 12:10 AMThesession.gc_maxlifetimesettinginPHPdeterminesthelifespanofsessiondata,setinseconds.1)It'sconfiguredinphp.iniorviaini_set().2)Abalanceisneededtoavoidperformanceissuesandunexpectedlogouts.3)PHP'sgarbagecollectionisprobabilistic,influencedbygc_probabi
How do you configure the session name in PHP?Apr 23, 2025 am 12:08 AMIn PHP, you can use the session_name() function to configure the session name. The specific steps are as follows: 1. Use the session_name() function to set the session name, such as session_name("my_session"). 2. After setting the session name, call session_start() to start the session. Configuring session names can avoid session data conflicts between multiple applications and enhance security, but pay attention to the uniqueness, security, length and setting timing of session names.
How often should you regenerate session IDs?Apr 23, 2025 am 12:03 AMThe session ID should be regenerated regularly at login, before sensitive operations, and every 30 minutes. 1. Regenerate the session ID when logging in to prevent session fixed attacks. 2. Regenerate before sensitive operations to improve safety. 3. Regular regeneration reduces long-term utilization risks, but the user experience needs to be weighed.
How do you set the session cookie parameters in PHP?Apr 22, 2025 pm 05:33 PMSetting session cookie parameters in PHP can be achieved through the session_set_cookie_params() function. 1) Use this function to set parameters, such as expiration time, path, domain name, security flag, etc.; 2) Call session_start() to make the parameters take effect; 3) Dynamically adjust parameters according to needs, such as user login status; 4) Pay attention to setting secure and httponly flags to improve security.
What is the main purpose of using sessions in PHP?Apr 22, 2025 pm 05:25 PMThe main purpose of using sessions in PHP is to maintain the status of the user between different pages. 1) The session is started through the session_start() function, creating a unique session ID and storing it in the user cookie. 2) Session data is saved on the server, allowing data to be passed between different requests, such as login status and shopping cart content.
How can you share sessions across subdomains?Apr 22, 2025 pm 05:21 PMHow to share a session between subdomains? Implemented by setting session cookies for common domain names. 1. Set the domain of the session cookie to .example.com on the server side. 2. Choose the appropriate session storage method, such as memory, database or distributed cache. 3. Pass the session ID through cookies, and the server retrieves and updates the session data based on the ID.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
Dreamweaver Mac version
Visual web development tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
