1.27.1 (2018-07-10) #
Security Notes #
rustdoc would execute plugins in the /tmp/rustdoc/plugins directory when running, which enabled executing code as some other user on a given machine. This release fixes that vulnerability; you can read more about this on the blog. The associated CVE is CVE-2018-1000622.
Thank you to Red Hat for responsibly disclosing this vulnerability to us.