1.27.1 (2018-07-10) #

Security Notes #

  • rustdoc would execute plugins in the /tmp/rustdoc/plugins directory when running, which enabled executing code as some other user on a given machine. This release fixes that vulnerability; you can read more about this on the blog. The associated CVE is CVE-2018-1000622.

    Thank you to Red Hat for responsibly disclosing this vulnerability to us.

Compatibility Notes #

  • The borrow checker was fixed to avoid an additional potential unsoundness when using match ergonomics: #51415, #49534.