The Rust team has announced the release of Rust 1.58.1, which includes some important fixes for features introduced in Rust 1.58.0.

It fixes a race condition in the library “std::fs::remove_dir_all,” otherwise known as the vulnerability CVE-2022-21658. According to the Rust team, an attacker could exploit the vulnerability to trick a privileged program into deleting files or directories. 

The team recommends users update to this latest version and then rebuild their programs with the updated compiler. 

Other new updates relating to features from the 1.58.0 release include:

  • The “non_send_fields_in_send_ty” Clippy lint had too many false positives so it was moved to the nursery, which is an experimental lints group
  • The “useless_format” Clippy lint can now handle captured identifiers in format strings
  • A fix for a regression in Rustfmt that prevented generated files from being formatted when passed through the standard input
  • A fix for an incorrect error message that rustc displayed

More information about this latest point release is available here