Rust 1.94.1 is a minor point release that addresses three regressions introduced in version 1.94.0 along with a critical security fix. This update ensures continued stability for Rust users, particularly those on wasm32-wasip1-threads, Windows, or FreeBSD systems. If you already have Rust installed via rustup, simply run rustup update stable to upgrade. Below are the most important changes and fixes you need to know.
How do I update to Rust 1.94.1?
If you already have Rust installed via rustup, updating is simple. Open your terminal and run:
rustup update stableThis command will automatically download and install Rust 1.94.1. If you don't have rustup yet, you can get it from the official Rust website. After updating, you can verify the new version by running rustc --version, which should show 1.94.1.
What regressions does Rust 1.94.1 fix?
Version 1.94.1 resolves three specific regressions that were introduced in the previous 1.94.0 release. These regressions affected different parts of the Rust ecosystem:
- WebAssembly threading: A fix for
std::thread::spawnon thewasm32-wasip1-threadstarget. - Windows filesystem API: Removal of newly added unstable methods in
OpenOptionsExtthat broke the trait’s contract. - Clippy: An internal compiler error (ICE) in the
match_same_armslint was eliminated.
These fixes restore expected behavior for users affected by the regressions.
What was fixed for std::thread::spawn on wasm32-wasip1-threads?
Rust 1.94.0 introduced a regression that broke std::thread::spawn on the wasm32-wasip1-threads target, a platform for WebAssembly with threading support. The issue caused threads to fail to spawn correctly, limiting concurrent execution on that target. The Rust team identified the problem and applied a targeted fix in 1.94.1. If you are building applications that rely on WebAssembly threads using this target, updating will restore full threading functionality. No further configuration changes are needed.
Why were new methods removed from OpenOptionsExt on Windows?
In Rust 1.94.0, several new methods were added to the std::os::windows::fs::OpenOptionsExt trait. While these methods were marked as unstable, the trait itself is not sealed—meaning external implementations could exist. Adding non-default methods to an unsealed trait is a breaking change under Rust’s stability guarantees. To maintain compatibility and avoid unintended breakage for any existing external implementations, the Rust team removed these methods in 1.94.1. The methods may be reintroduced in a future release through a proper RFC or by sealing the trait.
What Clippy issue was resolved in this release?
Clippy, Rust’s linter, experienced an internal compiler error (ICE) when processing certain code patterns involving the match_same_arms lint. This lint flags arms in a match expression that are identical. The ICE occurred in specific edge cases, causing Clippy to crash instead of providing useful feedback. The fix in Rust 1.94.1 resolves the ICE, allowing Clippy to run smoothly again. Users who encountered Clippy crashes after upgrading to 1.94.0 should now see normal behavior. Just update Rust and re-run cargo clippy on your projects.
Why did Cargo downgrade curl-sys?
In Rust 1.94.0, Cargo updated its dependency on curl-sys to a newer version. However, that update caused certificate validation errors for some users on certain versions of FreeBSD. These errors prevented Cargo from fetching or publishing crates. To restore correct behavior, Rust 1.94.1 downgrades curl-sys from the problematic version back to 0.4.83, which works reliably on FreeBSD. If you are on FreeBSD and experienced HTTPS-related errors with Cargo, this fix will resolve them. Users on other operating systems should see no change in functionality.
What security fixes does Rust 1.94.1 include?
Rust 1.94.1 updates the tar crate to version 0.4.45 within Cargo. This update addresses two security vulnerabilities: CVE-2026-33055 and CVE-2026-33056. These vulnerabilities could potentially be exploited when unpacking specially crafted tar archives. Notably, users of crates.io are not affected because the server-side handling is separate. Only users directly processing tar files via Cargo (e.g., when unpacking crate tarballs) are impacted. While the risk is low for typical workflows, the Rust team strongly recommends updating to 1.94.1 to ensure full protection. For more details, please see the official security advisory blog post.