Rust 1.96.0 introduces new features for systems programming and WebAssembly development.
CVE-2026-5223 is a Cargo vulnerability where symlinks in third-party crate tarballs can override other crates' source code.
Cargo's sparse index URL normalization enables credential theft.
The Rust Project completed 41 project goals in the 2025H2 period, with 13 designated as Flagship Goals, advancing language ergonomics and compilation speed.
The Rust Project announces participation in Outreachy, a mentorship program for underrepresented people in the tech industry.
Rust 1.97 is raising the baseline requirements for NVIDIA GPU compilation targets.
The Rust Project announced 13 accepted proposals for Google Summer of Code 2026, reflecting significant growth in community participation and open source contributions.
Rust 1.95.0 releases with new language features and API stabilizations.
Rust is removing the --allow-undefined flag from WebAssembly target linking, changing how undefined symbols are handled.
docs.rs will change its default documentation build behavior on May 1, 2026, building only the default target instead of five targets by default.
Rust 1.94.1 is a point release that fixes three regressions introduced in 1.94.0 and resolves two security vulnerabilities.
The Rust Security Response Team disclosed CVE-2026-33056, a vulnerability in the tar crate used by Cargo that allows malicious packages to change permissions on arbitrary filesystem directories.
