File tree 1 file changed +23
-0
lines changed
1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change @@ -140,6 +140,29 @@ Compatibility Notes
140140[ `{Any + Send + Sync}::downcast_ref` ] : https://doc.rust-lang.org/std/any/trait.Any.html#method.downcast_ref-2
141141[ `{Any + Send + Sync}::is` ] : https://doc.rust-lang.org/std/any/trait.Any.html#method.is-2
142142
143+ Version 1.27.1 (2018-07-10)
144+ ===========================
145+
146+ Security Notes
147+ --------------
148+
149+ - rustdoc would execute plugins in the /tmp/rustdoc/plugins directory
150+ when running, which enabled executing code as some other user on a
151+ given machine. This release fixes that vulnerability; you can read
152+ more about this on the [ blog] [ rustdoc-sec ] . The associated CVE is [ CVE-2018 -1000622] .
153+
154+ Thank you to Red Hat for responsibily disclosing this vulnerability to us.
155+
156+ Compatibility Notes
157+ -------------------
158+
159+ - The borrow checker was fixed to avoid an additional potential unsoundness when using
160+ match ergonomics: [ #51415 ] [ 51415 ] , [ #49534 ] [ 49534 ] .
161+
162+ [ 51415 ] : https://github.com/rust-lang/rust/issues/51415
163+ [ 49534 ] : https://github.com/rust-lang/rust/issues/49534
164+ [ rustdoc-sec ] : https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html
165+ [ CVE-2018-1000622 ] : https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2018-1000622
143166
144167Version 1.27.0 (2018-06-21)
145168==========================
You can’t perform that action at this time.
0 commit comments