Rust 1.96.1 Fixes 3 Security Flaws and Cargo, MIR Bugs
Updated
Updated · InfoWorld · Jun 30
Rust 1.96.1 Fixes 3 Security Flaws and Cargo, MIR Bugs
1 articles · Updated · InfoWorld · Jun 30
Summary
Rust 1.96.1 was published June 30 as a point release that patches Cargo’s HTTP client, a MIR optimization miscompilation, and three security vulnerabilities.
The fixes target missing retries and timeouts in Cargo, a code-generation issue in MIR, and libssh2-related CVEs tracked as CVE-2025-15661, CVE-2026-55199, and CVE-2026-55200.
The patch follows Rust 1.96.0, released May 28, which introduced new core::range::Range* types designed to replace legacy iterator-based ranges and allow Copy semantics.
Rust 1.96.0 also added assert_matches! and debug_assert_matches! macros and tightened WebAssembly linking by turning undefined symbols into linker errors instead of implicit imports.