The Rust programming language released version 1.58.1, addressing a critical race condition in the std::fs::remove_dir_all function of its standard library. This vulnerability, tracked as CVE-2022-21658, posed significant security risks, enabling attackers to exploit privileged programs to delete files or directories that they would not normally have access to. The issue impacted all Rust versions from 1.0 through 1.58, urging developers to update their toolchains immediately to ensure secure program builds.
Beyond security, Rust 1.58.1 also tackled several regressions introduced in the previous version. One notable update was to the non_send_fields_in_send_ty Clippy lint, which had generated excessive false positives. To mitigate disruptions, the lint was moved to the experimental “nursery” group, where it can be refined further. This change exemplifies Rust’s commitment to balancing innovation with usability.
Other fixes included enhancements to the useless_format Clippy lint, which was updated to accommodate captured identifiers in format strings, a feature introduced in Rust 1.58. Additionally, a regression in Rustfmt, which had prevented the formatting of files passed through standard input, was resolved. This fix ensures that Rustfmt continues to streamline code formatting workflows for developers.
Rust 1.58.1 also corrected an error in the rustc compiler that displayed incorrect error messages in certain cases. These updates reflect the Rust community’s focus on maintaining a robust and developer-friendly ecosystem. With this release, Rust continues to uphold its reputation for delivering high-quality, secure, and developer-centric tools.