Release notes for 0.92.2 (#1348)

devyn · web-flow · commit 659780b5e61c · 2024-04-10T23:54:33.000+02:00
* release notes for 0.92.2

* fix

* improve links, add warning box
diff --git a/blog/2024-04-10-nushell_0_92_2.md b/blog/2024-04-10-nushell_0_92_2.md
@@ -0,0 +1,36 @@
+---
+title: Nushell 0.92.2 (hot-fix)
+author: The Nu Authors
+author_site: https://twitter.com/nu_shell
+author_image: https://www.nushell.sh/blog/images/nu_logo.png
+excerpt: Today, we're releasing version 0.92.2 of Nu. This release fixes a security vulnerability present in 0.92.1 on Windows.
+---
+
+# Nushell 0.92.2
+
+Nushell, or Nu for short, is a new shell that takes a modern, structured approach to your command line. It works seamlessly with the data from your filesystem, operating system, and a growing number of file formats to make it easy to build powerful command line pipelines.
+
+Today, we're releasing version 0.92.2 of Nu, a hotfix release for 0.92.1. This hot-fix addresses a security concern with how arguments are passed to external commands on Windows.
+
+The underlying vulnerability was found in the interaction of the Rust standard library we use and the Windows command invocation logic and documented as [CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-24576). For further reading:
+
+- [CVE-2024-24576 on the Rust blog](https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html)
+- [the writeup on the BatBadBut bug](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/), exposed by [@ryotkak](https://twitter.com/ryotkak) of [Flatt Security](https://flatt.tech/).
+
+To address this concern we have updated the version of the Rust compiler and standard library used to build Nushell to the latest stable version (1.77.2).
+
+::: warning
+Distributors of Nushell also need to upgrade their Rust toolchain to provide a Nushell build with the patch included.
+:::
+
+For convenience, we are providing full patched builds for Windows, Linux, and macOS. Be sure you have the [requirements](https://www.nushell.sh/book/installation.html#dependencies) to enable all capabilities.
+
+# Where to get it
+
+Nu 0.92.2 is available as [pre-built binaries](https://github.com/nushell/nushell/releases/tag/0.92.2) or from [crates.io](https://crates.io/crates/nu). If you have Rust installed you can install it using `cargo install nu`.
+
+::: tip Note
+The optional dataframe functionality is available by `cargo install nu --features=dataframe`.
+:::
+
+As part of this release, we also publish a set of optional plugins you can install and use with Nu. To install, use `cargo install nu_plugin_<plugin name>`.
