Skip to content

Rust 1.34.2 release announcement #386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 14, 2019
Merged

Rust 1.34.2 release announcement #386

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f4f04af
blog post for Rust 1.34.2
pietroalbini May 14, 2019
fd145bc
Update posts/2019-05-14-Rust-1.34.2.md
pietroalbini May 14, 2019
1e7c88d
Update posts/2019-05-14-Rust-1.34.2.md
pietroalbini May 14, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions posts/2019-05-14-Rust-1.34.2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
layout: post
title: "Announcing Rust 1.34.2"
author: The Rust Release Team
release: true
---

The Rust team has published a new point release of Rust, 1.34.2. Rust is a
programming language that is empowering everyone to build reliable and
efficient software.

If you have a previous version of Rust installed via rustup, getting Rust
1.34.2 is as easy as:

```console
$ rustup update stable
```

If you don't have it already, you can [get `rustup`][install] from the
appropriate page on our website.

[install]: https://www.rust-lang.org/install.html
[notes]: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-TODO

## What's in 1.34.2 stable

Sean McArthur reported a [security vulnerability][ml] affecting the standard
library that caused the [`Error::downcast`][Error::downcast] family of methods
to perform unsound casts when a manual implementation of the
[`Error::type_id`][Error::type_id] method returned the wrong
[`TypeId`][TypeId], leading to security issues such as out of bounds
reads/writes/etc.

The [`Error::type_id`][Error::type_id] method was recently stabilized as part
of Rust 1.34.0. This point release **destabilizes** it, preventing any code on
the stable and beta channels to implement or use it, awaiting future plans that
will be discussed in [issue #60784][60784].

An in-depth explaination of this issue was posted in yesterday's [security
advisory][ml]. The assigned CVE for the vulnerability is [CVE-2019-12083][cve].

[ml]: https://groups.google.com/forum/#!topic/rustlang-security-announcements/aZabeCMUv70
[Error::downcast]: https://doc.rust-lang.org/stable/std/error/trait.Error.html#method.downcast
[Error::type_id]: https://doc.rust-lang.org/stable/std/error/trait.Error.html#method.type_id
[TypeId]: https://doc.rust-lang.org/stable/std/any/struct.TypeId.html
[60784]: https://github.com/rust-lang/rust/issues/60784
[cve]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12083