Rust 1.96.0 release notes: Stability & Security Boost

Rust 1.96.0 shipped quietly, but it packs a punch for language stability and tooling. These rust 1.96.0 release notes reveal a focus on fixing regressions, hardening security, and polishing the compiler. The team closed two CVEs in Cargo, stabilized 11 new APIs including assert_matches!, and improved debuginfo for Windows GNU targets. If you write Rust code, this release keeps your workflow smooth without breaking your existing projects.

This maintenance release is recommended for all Rust developers. It fixes regressions, patches two cargo security vulnerabilities, and adds iterators over NonZero integer ranges. Upgrading ensures you benefit from these stability improvements and the newly stabilized APIs like assert_matches!.

What Changed

Language: Allow constants of type ManuallyDrop as patterns. Fixes a regression from 1.94.0.
Compiler: Enable link relaxation for LoongArch Linux targets. Update riscv64gc baseline to RVA22 with vector support.
Libraries: Support iterating over ranges of NonZero integers. Fix SGX delayed host lookup via ToSocketAddr.
Stabilized APIs: assert_matches!(), debug_assert_matches!(), new Range iterators, From implementations for AssertUnwindSafe, LazyCell, and LazyLock.
Cargo: Dependencies can specify both a git repo and an alternate registry. Fixed CVE-2026-5222 and CVE-2026-5223.
Rustdoc: Deprecation notes now render as standard markdown. Sidebar separates methods from associated functions.

Why It Matters

Maintenance release: no specific features or changes documented in release notes. Yet the fixes and new APIs save you time. assert_matches!() replaces verbose match arms. NonZero iterators eliminate manual range loops. The Cargo fixes stop supply chain attacks.

Who Should Upgrade

This release is particularly relevant for systems programmers, embedded developers, and anyone using Rust for security-sensitive applications. The Cargo CVE fixes make it essential for teams managing dependencies. New API users will benefit from iterators over NonZero integers. Compiler improvements for LoongArch and RISC-V targets assist cross-platform projects.

How to Upgrade

Run rustup update stable to get the latest stable release.
Verify your version: rustc --version should output 1.96.0.
For Cargo fixes, update your project’s lockfile: cargo update.
Review the compatibility notes on repr(Int) enum layout and c_double on AVR targets.
Check that external LLVM is version 21 or later.

Usage Examples

assert_matches!: Replace match blocks with a single macro. Great for testing and guarding invariants.
NonZero integer ranges: Iterate over NonZeroU8::from(1)..NonZeroU8::from(5) without manual offsetting.
Git + registry dependencies: In Cargo.toml, specify both a git URL and a registry. Cargo uses git locally and registry on publish.
Rustdoc sidebar: Methods and associated functions now appear separately. Faster navigation in large APIs.
LoongArch link relaxation: Enables more efficient binary linking on LoongArch Linux. Run cargo build --target loongarch64-unknown-linux-gnu to see the difference.

Feature Flow

Breaking Changes

repr(Int) enum layout: Fixes edge cases with fields of uninhabited zero-sized types. May change binary representation of some enums.
c_double on AVR targets: Changed from f64 to f32 to match C’s 32-bit double. Update FFI bindings.
Minimum LLVM raised to 21: Older LLVM versions no longer supported. Update your toolchain builder.
Uninhabited static lint: Now deny-by-default and reported for dependencies. Fix or silence these warnings.
-Csoft-float removed: Use target features or -C target-feature=+soft-float instead.