This point release arriving January 20, 2022, just days after Rust 1.58, fixes a race condition in the std::fs::remove_dir_all standard library function. This vulnerability is tracked at CVE-2022-21658 and there was an advisory published. An attacker could use this security issue to trick a privileged program into deleting files and directories that the attacker otherwise could not access or delete. Rust versions 1.0 through 1.58 are affected by this vulnerability. Users are advised to update their toolchains and build programs with the updated compiler.
Rust 1.58.1 also addresses several regressions in diagnostics and tools introduced in Rust 1.58:
- The
non_send_fields_in_send_tyClippy lint was found to have too many false positives and has been moved to the experimental lints group called “nursery”. - The
useless_formatClippy lint was updated to handle captured identifiers in format strings, introduced in Rust 1.58. - A regression in
Rustfmtpreventing generated files from being formatted when passed through the standard input has been fixed. - An incorrect error message displayed by
rustcin some cases has been fixed.