Jonqui Stack
ArticlesCategories
Technology

Rust 1.94.1 Release: Key Fixes and Security Update

Published 2026-05-03 18:52:12 · Technology

Introduction to the Latest Rust Point Release

The Rust team has rolled out Rust 1.94.1, a new point release designed to enhance reliability and security for developers building efficient software. This update addresses several regressions introduced in the previous version and includes a critical security fix. If you're already using Rust via rustup, upgrading is straightforward. For those new to Rust, you can install it from the official website.

Rust 1.94.1 Release: Key Fixes and Security Update
Source: blog.rust-lang.org

How to Upgrade to Rust 1.94.1

To update your existing Rust installation, simply run the following command in your terminal:

rustup update stable

If you haven't installed Rust yet, visit the appropriate page on our website to get started with rustup.

What's in Rust 1.94.1?

This release focuses on resolving three regressions that were introduced in Rust 1.94.0, along with one security vulnerability. Below are the details of each fix.

Fix for std::thread::spawn on wasm32-wasip1-threads

A regression in the isize_to_thread_count function caused std::thread::spawn to behave incorrectly on the wasm32-wasip1-threads target. This has been corrected, ensuring proper spawning of threads on WebAssembly platforms that support threading.

Removal of New Methods from std::os::windows::fs::OpenOptionsExt

In Rust 1.94.0, new unstable methods were added to the std::os::windows::fs::OpenOptionsExt trait. However, since this trait is not sealed, adding non-default methods would break existing implementations. The team has reverted these methods to preserve backward compatibility. Developers who need these features should track the associated tracking issue for future stabilization.

Clippy: Fix for ICE in match_same_arms

The Clippy linter experienced an internal compiler error (ICE) when analyzing match_same_arms on certain patterns. This regression has been resolved, restoring stable linting functionality.

Cargo: Downgrade curl-sys to 0.4.83

To fix certificate validation errors on some FreeBSD systems, the Cargo team has downgraded the curl-sys dependency from version 0.4.84 to 0.4.83. Users on affected FreeBSD versions will now experience correct certificate validation. For more details, see the associated GitHub issue.

Security Fix in Cargo

Rust 1.94.1 also addresses two CVEs in the tar crate used by Cargo:

  • CVE-2026-33055
  • CVE-2026-33056

The tar dependency has been updated to version 0.4.45, which includes patches for these vulnerabilities. It is important to note that users of crates.io are not affected. The full details are available in the release blog post.

Contributors to Rust 1.94.1

This release would not have been possible without the dedicated efforts of the Rust community. We extend our heartfelt thanks to all contributors who helped identify, fix, and test these issues.

Conclusion

Rust 1.94.1 ensures a more stable and secure experience for developers. We recommend upgrading at your earliest convenience to benefit from these fixes. For a complete list of changes, refer to the release notes.

Related

Categories

    Explore

    Python 3.14.2 and 3.13.11: Quick Fixes for Regressions and Security IssuesNavigating the 2026 Coal Landscape: A Guide to Understanding the Limited 'Return to Coal' Amid the Iran CrisisAstronaut with Unmatched Space Industry Resume Set for July Launch to ISS10 Critical Insights Into Anthropic's Mythos and the Future of CybersecurityUnderstanding the Surprising Fat Metabolism Discovery: A How-To Guide for Researchers and Health Enthusiasts