Rust 1.94.1 is a point release that fixes three regressions introduced in 1.94.0 and resolves two security vulnerabilities.
The Rust Security Response Team disclosed CVE-2026-33056, a vulnerability in the tar crate used by Cargo that allows malicious packages to change permissions on arbitrary filesystem directories.
The Rust Vision Doc team shares challenges identified through ~70 developer interviews, covering both universal and domain-specific pain points.
Cargo is requesting community testing of a new build directory layout (v2) via the `-Zbuild-dir-new-layout` nightly flag.
rustup 1.29.0 introduces concurrent component downloads and unpacking for faster Rust toolchain installation.
Rust 1.94.0 introduces array_windows, Cargo config inclusion, and TOML 1.1 support alongside several stabilized APIs.
The 2025 State of Rust Survey (10th edition) collected 7,156 responses reflecting key trends in the Rust developer community.
The Rust team is launching a debugging survey to identify pain points and improve the debugging experience for Rust developers.
The Rust Project announces its participation in Google Summer of Code (GSoC) 2026 for the third consecutive year.
The crates.io team announces a policy change regarding notifications for malicious crates detected on the registry.
