X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=RELEASES.md;h=1e1ae4a8b6af955f84b8f627e93b55f96afcc9af;hb=f2b5583f6084c68cf1f46a1554db7ee3f0252ec1;hp=cf80c166759bfbef1f66cfd4e77ce7df5b818947;hpb=6cc42a4488d5dbc4c4109ed4a2f2ea81efa77f86;p=rust.git diff --git a/RELEASES.md b/RELEASES.md index cf80c166759..1e1ae4a8b6a 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -140,6 +140,29 @@ Compatibility Notes [`{Any + Send + Sync}::downcast_ref`]: https://doc.rust-lang.org/std/any/trait.Any.html#method.downcast_ref-2 [`{Any + Send + Sync}::is`]: https://doc.rust-lang.org/std/any/trait.Any.html#method.is-2 +Version 1.27.1 (2018-07-10) +=========================== + +Security Notes +-------------- + +- rustdoc would execute plugins in the /tmp/rustdoc/plugins directory + when running, which enabled executing code as some other user on a + given machine. This release fixes that vulnerability; you can read + more about this on the [blog][rustdoc-sec]. The associated CVE is [CVE-2018-1000622]. + + Thank you to Red Hat for responsibily disclosing this vulnerability to us. + +Compatibility Notes +------------------- + +- The borrow checker was fixed to avoid an additional potential unsoundness when using + match ergonomics: [#51415][51415], [#49534][49534]. + +[51415]: https://github.com/rust-lang/rust/issues/51415 +[49534]: https://github.com/rust-lang/rust/issues/49534 +[rustdoc-sec]: https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html +[CVE-2018-1000622]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2018-1000622 Version 1.27.0 (2018-06-21) ========================== @@ -3064,7 +3087,7 @@ Language [RFC 1513](https://github.com/rust-lang/rfcs/blob/master/text/1513-less-unwinding.md). * [Add a new crate type, 'cdylib'](https://github.com/rust-lang/rust/pull/33553). cdylibs are dynamic libraries suitable for loading by non-Rust hosts. - [RFC 1510](https://github.com/rust-lang/rfcs/blob/master/text/1510-rdylib.md). + [RFC 1510](https://github.com/rust-lang/rfcs/blob/master/text/1510-cdylib.md). Note that Cargo does not yet directly support cdylibs. Stabilized APIs