Rust 1.96.0 Release Notes: Stability and Security

Rust 1.96.0 ships with a focus on stability and backend polish. The rust 1.96.0 release notes highlight compiler updates for LoongArch and Fuchsia targets, plus new stabilized APIs like assert_matches!. Cargo gets two security fixes for CVEs. This release keeps the language solid without adding flashy features.

This maintenance release is recommended for all Rust developers. It fixes bugs, stabilizes useful macros, and hardens Cargo against two security vulnerabilities. Upgrade to keep your toolchain current and secure.

What Changed

Language: Allow passing expr metavariable to cfg. Coerce never types in tuple expressions. Support s390x vector registers in inline assembly. Allow constants of type ManuallyDrop as patterns (fixes regression from 1.94.0).
Compiler: Enable link relaxation for LoongArch Linux. Update riscv64gc-unknown-fuchsia baseline to RVA22 + vector.
Libraries: Support iterating over ranges of NonZero integers. Exclude null from ‘valid for read/write’ definition. Fix SGX delayed host lookup via ToSocketAddr.
Stabilized APIs: assert_matches!, debug_assert_matches!, From<T> for AssertUnwindSafe<T>, From<T> for LazyCell<T, F>, From<T> for LazyLock<T, F>, and core range types (RangeToInclusive, RangeFrom, Range, and their iterators).
Cargo: Allow dependencies specifying both git and registry. Add target.'cfg(..)'.rustdocflags support. Fix CVE-2026-5222 and CVE-2026-5223.
Rustdoc: Deprecation notes render as normal docs. Don’t emit missing_doc_code_examples lint on impl items. Separate methods and associated functions in sidebar.
Compatibility: Fix #[repr(Int)] enum layouts with uninhabited ZSTs. Prevent unsize-coercing into Pin<Foo> without Deref. Stop passing --allow-undefined on wasm. Gate accidentally stabilized #![reexport_test_harness_main]. Error on too-private RPITITs. Report uninhabited_static lint in dependencies. Distributed builds include non-split debuginfo for windows-gnu. Check const generic argument types in more positions. Remove -Csoft-float. Disallow ::{self as name} imports from structs. First duplicate attribute (export_name, link_name, link_section) now takes precedence. Update minimum external LLVM to 21. Change c_double to f32 on AVR targets.

Why It Matters

The assert_matches! macro is now stable. You can write assert_matches!(value, Pattern) without needing the nightly feature. This reduces boilerplate in tests.
Cargo fixed two security vulnerabilities. The rust 1.96.0 release notes detail CVE-2026-5222 and CVE-2026-5223. Update now to stay protected.
Iterating over NonZero integers works out of the box. No more manual conversions.
Rustdoc now separates methods from associated functions in the sidebar. It improves navigation.

Who Should Upgrade

This release applies to all Rust developers. If you write tests, you will benefit from the stable assert_matches! macro. Teams using Cargo should upgrade for the security fixes. Developers targeting LoongArch, Fuchsia, or AVR platforms gain specific compiler updates.

How to Upgrade

Open your terminal.
Run rustup update stable to get version 1.96.0.
Verify with rustc --version. It should print 1.96.0.

Usage Examples

Use assert_matches!(x, Some(5)) in tests instead of a manual match.
Iterate over NonZeroU8::new(1)..=NonZeroU8::new(5) to get only non-zero values.
In Cargo.toml, specify a git dependency with an alternate registry: foo = { git = "https://...", registry = "alternative" }.

Breaking Changes

AVR target c_double changed to f32. This matches C’s default 32-bit double on AVR. If your code uses c_double on AVR, update your FFI bindings.
Duplicate attributes now use the first occurrence. If you have multiple #[export_name("...")] on a function, the first one takes effect. Fix any duplicates.
No more -Csoft-float flag. Use target features instead.
Structs cannot be imported with ::{self as name}. Use a module or rename directly.