PHP 8.3 Release

Executive summary. PHP 8.3 is the latest iteration of the PHP runtime and became generally available on 23 November 2023. It introduces new language constructs and functions that signal the ongoing maturity of the language. Major highlights include typed class constants to enforce type consistency, a new #[\Override] attribute that ensures method overrides align with parent class definitions, deep cloning of readonly properties to allow mutation within __clone(), a high‑performance json_validate() function for checking JSON payloads, and expanded randomness APIs in the Randomizer class. These features build on the momentum of PHP 8.0’s JIT compiler and prior releases, offering developers increased reliability and expressiveness while retaining backward‑compatibility.

Overview of PHP 8.3 release

PHP 8.3 is classified as a minor release, but it delivers significant upgrades. General availability was announced on November 23 2023 after a regular development cycle that included multiple alpha and beta versions. Although it doesn’t introduce a new JIT engine, the release emphasizes type enforcement and developer tooling. The addition of typed class constants means you can now specify types for class constants, ensuring they adhere to expected scalar or object types at compile time. Meanwhile, the new #[\Override] attribute helps catch mistakes where a method aims to override an inherited method but does not match the signature, reducing bugs during refactoring. These additions, coupled with other syntax refinements, encourage more strong code and better static analysis. PHP 8.3 also continues the work of PHP 8.2 by improving readonly properties, enabling deep cloning and reducing unintended immutability.

New language features

Typed class constants. Prior to PHP 8.3, class constants could not declare a type. Developers often enforced type at runtime or relied on comments and static analysis. PHP 8.3 introduces type declarations for class constants, allowing scalar types (int, float, string, bool), array types, and even class types. If a constant value doesn’t match its declared type, a compile‑time error is thrown. This change improves reliability and clarifies API expectations. It also aligns constants with properties and parameters, which have supported type declarations for several versions.

#[\Override] attribute. Refactoring complex object hierarchies often leads to unintentional method signature mismatches. The new #[\Override] attribute signals that a method must override a method in a parent class or implement an interface method. If it doesn’t, PHP generates a fatal error at compile time. This feature helps developers catch typos and signature mismatches early, improving maintainability. It is especially valuable when implementing interfaces or abstract classes across large codebases.

Deep cloning of readonly properties. PHP 8.1 introduced the readonly modifier, indicating that a property can only be written once. However, cloning objects with readonly properties had limitations: the cloned object’s readonly properties couldn’t be modified within the __clone() method. PHP 8.3 removes this restriction, allowing deep cloning of objects with readonly properties. During the cloning process, the __clone() method can now assign values to readonly properties, enabling proper deep copies while preserving immutability outside of cloning. This feature addresses a common pain point for immutable data structures and helps safer cloning patterns.

Other language improvements include better warnings for msql_connect() deprecation, small adjustments to the interpreter for stability, and refinements to attributes and enums that clarify error messages and edge cases.

New functions and APIs

json_validate() function. Before PHP 8.3, validating whether a string contained valid JSON required calling json_decode() and checking for errors, which parsed the JSON into PHP data structures and consumed memory. PHP 8.3 introduces json_validate(), a new function that quickly checks the validity of a JSON string without decoding it. This function returns a boolean and operates in constant memory, making it ideal for validating large JSON payloads in APIs or processing pipelines. It can dramatically reduce the overhead of input validation, especially in microservices that handle JSON at scale.

Expanded Randomizer API. PHP 8.2 introduced the Random\Randomizer class to modernize randomness in PHP. PHP 8.3 extends it with methods such as getBytesFromString(), getFloat(), and getInt(). getBytesFromString() produces a random string of bytes from a provided character set, enabling generation of random tokens or IDs. getFloat() returns an unbiased random floating‑point number within a given range, useful for simulations and scientific computing. getInt() allows generation of random integers with inclusive bounds. These improvements make the Randomizer class more versatile and pave the way for secure random generation across many applications.

DOM and string utilities. PHP 8.3 introduces DOM\XMLDocument::canonicalize(), which generates a canonical form of an XML document, ensuring consistent formatting for digital signatures and comparisons. The str_increment() function increments alphanumeric strings, simplifying tasks such as generating sequential IDs. These additions round out the API improvements and provide developers with more tools for everyday tasks.

Performance and other improvements

Although PHP 8.3 doesn’t introduce a new JIT compiler, it brings various performance optimizations. There are improvements to the interpreter’s handling of readonly properties and typed class constants, which reduce overhead. The release also includes optimizations in the Hash and Array functions and ensures that error messages are more descriptive, reducing debugging time. Also, the randomness API improvements avoid bias when generating floating‑point numbers, yielding more statistically uniform results. Collectively, these incremental upgrades make PHP 8.3 faster and more reliable than its predecessors.

Upgrade considerations

Upgrading to PHP 8.3 is generally straightforward for projects already on PHP 8.1 or 8.2. However, developers should be aware of a few considerations. First, typed class constants may cause incompatibilities if existing code relies on implicit coercion of constant values. It’s advisable to run static analysis tools like PHPStan or Psalm to detect any mismatched constant types. Second, the #[\Override] attribute will trigger fatal errors if incorrectly used on methods that do not actually override a parent method. Teams should introduce the attribute incrementally and run full test suites. Third, while deep cloning of readonly properties enables new patterns, misuse can undermine immutability guarantees. Careful design and code reviews remain essential. Lastly, verify that dependencies and frameworks, such as Laravel or Symfony, are compatible with PHP 8.3. Many major frameworks announced support shortly after release, but older versions may not yet be compatible.

Implications for developers and teams

For individual developers, PHP 8.3’s new features improve productivity and reduce bugs. Typed class constants and the #[\Override] attribute support better self‑documenting code and allow IDEs and static analyzers to catch issues at compile time. The improved randomness API and json_validate() make it easier to write secure and efficient code for web services, cryptography, and microservices. For teams, upgrading to PHP 8.3 can improve performance, reduce technical debt and improve security posture. The combination of language improvements and API improvements reduces the need for custom workarounds, enabling teams to focus on business logic. Teams should plan for upgrade cycles, allocate time for testing, and update CI pipelines to run tests under PHP 8.3. They should also communicate with third‑party vendors and hosting providers to ensure environment compatibility.

Our analysis

From a strategic perspective, PHP 8.3 shows that the language continues to evolve in tandem with modern development practices. The focus on type safety and explicitness aligns with industry trends toward statically typed languages. For enterprises building large applications in PHP, typed class constants and the #[\Override] attribute will pay dividends in maintainability and bug reduction. The ability to perform deep cloning of readonly properties allows developers to embrace immutable data structures without sacrificing flexibility. Meanwhile, the introduction of json_validate() and the expanded randomness API reflect a growing emphasis on performance and security in API‑driven architectures. At We, we recommend that engineering teams begin evaluating PHP 8.3 in staging environments. They should update static analysis rules, revisit design patterns to use deep cloning, and plan for a rolling upgrade to reduce risk. Overall, PHP 8.3 is a compelling upgrade that blends incremental improvements with meaningful new capabilities.

Related articles

Curated signals from the same pillar or overlapping topics.

Developer · Credibility 88/100 · December 25, 2023

Ruby 3.3 Release

Ruby 3.3.0 launched on 25 December 2023 with the Prism parser preview, YJIT optimizations, and experimental RJIT, requiring runtime validation for application servers and buildpacks.

Developer · Credibility 88/100 · April 23, 2024

Node.js 22.0.0 Release

Node.js 22 dropped on April 23, 2024 with V8 12.4, stable WebSocket support, and better permission controls. If you are waiting for the October LTS cut, start testing now—there are some good upgrades here.

Developer · Credibility 87/100 · February 16, 2021

Go 1.16 Embraces Modules and Embed

Go 1.16 cemented modules, embed, and io/fs as default tooling patterns while adding Apple silicon builds and linker optimizations that language, platform, and security teams must incorporate into governance and delivery…

Developer · Credibility 91/100 · October 14, 2019

Python 3.8.0 release

Python 3.8 dropped on October 14, 2019, and the walrus operator (:=) is the headline feature. Assignment expressions let you grab values mid-expression, which makes some loops cleaner but can also make code harder to…

Developer · Credibility 91/100 · November 8, 2023

GitHub Code Scanning Autofix Reaches General Availability for JavaScript and TypeScript

GitHub announced general availability of Code Scanning Autofix on November 8, 2023, enabling developers to apply AI-generated fixes for JavaScript and TypeScript vulnerabilities directly in pull requests with security…

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Secure Software Supply Chain Tooling Guide

  Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…

• AI-Assisted Development Governance Guide

  Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…

• Developer Enablement & Platform Operations Guide

  Plan AI-assisted development, secure SDLC controls, and runtime upgrades using our research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

Coverage intelligence

Published

November 23, 2023

Coverage pillar

Developer

Source credibility

88/100 — high confidence

Topics

PHP 8.3 · Runtime release · Language features

Sources cited

3 sources (php.net, kinsta.com, iso.org)

Reading time

7 min

References

1. PHP 8.3 Release Announcement — PHP Foundation
2. PHP 8.3: What’s New and What’s Changed — Kinsta Blog
3. ISO/IEC 27034-1:2011 — Application Security — International Organization for Standardization