Rust 1.94.1 Release: Key Fixes and Security Update
By
<h2>Introduction to the Latest Rust Point Release</h2>
<p>The Rust team has rolled out <strong>Rust 1.94.1</strong>, a new point release designed to enhance reliability and security for developers building efficient software. This update addresses several regressions introduced in the previous version and includes a critical security fix. If you're already using Rust via <code>rustup</code>, upgrading is straightforward. For those new to Rust, you can install it from the official website.</p><figure style="margin:20px 0"><img src="https://www.rust-lang.org/static/images/rust-social-wide.jpg" alt="Rust 1.94.1 Release: Key Fixes and Security Update" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: blog.rust-lang.org</figcaption></figure>
<h2>How to Upgrade to Rust 1.94.1</h2>
<p>To update your existing Rust installation, simply run the following command in your terminal:</p>
<pre><code>rustup update stable</code></pre>
<p>If you haven't installed Rust yet, visit the appropriate page on our website to get started with <code>rustup</code>.</p>
<h2 id="whats-in">What's in Rust 1.94.1?</h2>
<p>This release focuses on resolving three regressions that were introduced in Rust 1.94.0, along with one security vulnerability. Below are the details of each fix.</p>
<h3>Fix for <code>std::thread::spawn</code> on <code>wasm32-wasip1-threads</code></h3>
<p>A regression in the <code>isize_to_thread_count</code> function caused <code>std::thread::spawn</code> to behave incorrectly on the <code>wasm32-wasip1-threads</code> target. This has been corrected, ensuring proper spawning of threads on WebAssembly platforms that support threading.</p>
<h3>Removal of New Methods from <code>std::os::windows::fs::OpenOptionsExt</code></h3>
<p>In Rust 1.94.0, new unstable methods were added to the <code>std::os::windows::fs::OpenOptionsExt</code> trait. However, since this trait is not sealed, adding non-default methods would break existing implementations. The team has reverted these methods to preserve backward compatibility. Developers who need these features should track the associated tracking issue for future stabilization.</p>
<h3>Clippy: Fix for ICE in <code>match_same_arms</code></h3>
<p>The Clippy linter experienced an internal compiler error (ICE) when analyzing <code>match_same_arms</code> on certain patterns. This regression has been resolved, restoring stable linting functionality.</p>
<h3>Cargo: Downgrade <code>curl-sys</code> to 0.4.83</h3>
<p>To fix certificate validation errors on some FreeBSD systems, the Cargo team has downgraded the <code>curl-sys</code> dependency from version 0.4.84 to 0.4.83. Users on affected FreeBSD versions will now experience correct certificate validation. For more details, see the associated <a href="https://github.com/rust-lang/cargo/issues/14567">GitHub issue</a>.</p>
<h2>Security Fix in Cargo</h2>
<p>Rust 1.94.1 also addresses two CVEs in the <code>tar</code> crate used by Cargo:</p>
<ul>
<li><strong>CVE-2026-33055</strong></li>
<li><strong>CVE-2026-33056</strong></li>
</ul>
<p>The <code>tar</code> dependency has been updated to version 0.4.45, which includes patches for these vulnerabilities. It is important to note that users of <code>crates.io</code> are not affected. The full details are available in the <a href="https://blog.rust-lang.org/2026/02/Rust-1.94.1.html">release blog post</a>.</p>
<h2>Contributors to Rust 1.94.1</h2>
<p>This release would not have been possible without the dedicated efforts of the Rust community. We extend our heartfelt thanks to all contributors who helped identify, fix, and test these issues.</p>
<h2>Conclusion</h2>
<p>Rust 1.94.1 ensures a more stable and secure experience for developers. We recommend upgrading at your earliest convenience to benefit from these fixes. For a complete list of changes, refer to the <a href="https://github.com/rust-lang/rust/blob/stable/RELEASES.md">release notes</a>.</p>