rust v1.96.0: Stability and Security

The rust 1.96.0 release notes landed today. This maintenance release focuses on backend improvements and critical security patches. It ships two CVEs (CVE-2026-5222 and CVE-2026-5223) fixes, cargo configuration additions, and several type system corrections. Teams should pay close attention to the compatibility notes before upgrading.

This maintenance release is recommended for all Rust developers. It patches two security vulnerabilities, stabilizes 11 new APIs, and brings multiple compiler, library, and rustdoc improvements. Upgrade now to benefit from the bug fixes and security patches.

What Changed

• assert_matches! and debug_assert_matches!: Two new macros stabilized for concise pattern matching assertions.
• From implementations: New conversions for AssertUnwindSafe, LazyCell, and LazyLock.
• Range types: core::range module now includes RangeToInclusive, RangeFrom, Range, and their iterator types, all stabilized.
• Cargo: git + registry: Dependencies can now specify both a git repository and an alternate registry.
• Cargo: rustdocflags: Added target.’cfg(..)’.rustdocflags support.
• Security fixes: CVE-2026-5222 and CVE-2026-5223 resolved in Cargo.
• LLVM update: Minimum external LLVM bumped to 21.
• Deprecation rendering: Rustdoc now renders deprecation notes like other documentation.
• Sidebar separation: Methods and associated functions appear in separate sidebar sections.

Why It Matters

• Security first: Two Cargo CVEs receive patches, protecting your supply chain.
• Cleaner code: Stabilized assert_matches! cuts boilerplate from test suites.
• Git workflows: The cargo git+registry feature reduces friction for developers using private forks.
• Better docs: Rustdoc improvements make multi-line deprecation notes predictable.

Who Should Upgrade

This release is particularly relevant for API developers building integrations and DevOps teams managing deployments. If you maintain public crates or handle sensitive builds, the fixed CVEs demand immediate action. Developers working with range iterators or Lazy types will find the new stabilized conversions useful.

How to Upgrade

1. Update your Rust toolchain: rustup update stable
2. Verify the update: rustc --version should return rustc 1.96.0
3. For cargo users: cargo update inside your project directory.
4. Check the compatibility notes above if you use #[repr(Int)] enums, wasm targets, or struct self imports.

Usage Examples

• assert_matches!: Replace verbose match expressions in tests with a single macro call.
• Range iterators: Use core::range::Range to iterate with type safety over non-zero integers.
• Dual-source dependencies: Specify a git repo for local development while keeping the registry version for publishing.

Breaking Changes

• enum layout: Fix for #[repr(Int)] enums with uninhabited zero-sized types may change ABI.
• softfloat targets: aarch64 softfloat targets now require rustc_abi = "softfloat".
• c_double on AVR: Changed to f32 to match C. Update any FFI code that uses double on AVR.
• struct self imports: use S::{self as Other} is no longer allowed.
• Duplicate attributes: When multiple export_name, link_name, or link_section attributes exist on the same item, the first now takes precedence.
• wasm linking: --allow-undefined no longer passed. Update wasm targets accordingly.
• RPITIT privacy: Return-position-impl-trait-in-traits with private types now errors.

Known Issues

• No known issues reported in official notes.

Feature Flow

Official Release Notes

View full release notes on GitHub →

🛠️ Try These Free Tools

See all free tools →