Rest 1.77.2

Rust is a programming language created by Graydon Hoare and originally developed by Mozilla. It is partly inspired by the C programming language, but has syntactic and semantic differences. It focuses on security and aims to use modern computer systems more efficiently. It is used by Cloudflare, OVH, Mozilla, Deliveroo, Coursera, AppSignal and Threema, among others. Version 1.77.2 has been released and the release notes for that release can be found below.

What's in 1.77.2

This release includes a fix for CVE-2024-24576 . Before this release, the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping.

This vulnerability is CRITICAL if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected. You can learn more about the vulnerability in the dedicated advisory.