The developers of Rust released 1.58.1, the first quick fix for the recently released 1.58.
The update patches a single security vulnerability and multiple bugs. CVE-2022-21658 is the most significant issue fixed. The vulnerability stems from function ‘std::fs::remove_dir_all’, allowing hackers to use a privileged program to delete files or directories.
Rust’s developers advise all users to update their toolchain immediately and rebuild their programs with the updated compiler. The vulnerability is present in all versions prior to 1.58.1.
Clippy ribbon fixes
Other fixes introduced by v1.58.1 include a reduction of false positives generated by the ‘non_send_fields_in_send_ty’ Clippy ribbon. Furthermore, the Clippy ribbon can now handle captured identifiers in format strings.
Additionally, a regression in Rustfmt was fixed. The regression prevented generated files from being formatted when passed through standard input. Finally, a bug causing rustc to show an incorrect message has been squashed.