|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Announcing Rust 1.68.2" |
| 4 | +author: The Rust Release Team |
| 5 | +release: true |
| 6 | +--- |
| 7 | + |
| 8 | +The Rust team has published a new point release of Rust, 1.68.2. Rust is a |
| 9 | +programming language that is empowering everyone to build reliable and |
| 10 | +efficient software. |
| 11 | + |
| 12 | +If you have a previous version of Rust installed via rustup, you can get 1.68.2 with: |
| 13 | + |
| 14 | +``` |
| 15 | +rustup update stable |
| 16 | +``` |
| 17 | + |
| 18 | +If you don't have it already, you can [get `rustup`][install] |
| 19 | +from the appropriate page on our website, and check out the |
| 20 | +[detailed release notes for 1.68.2][notes] on GitHub. |
| 21 | + |
| 22 | +[install]: https://www.rust-lang.org/install.html |
| 23 | +[notes]: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1682-2023-03-28 |
| 24 | + |
| 25 | +## What's in 1.68.2 stable |
| 26 | + |
| 27 | +Rust 1.68.2 addresses [GitHub's recent rotation of their RSA SSH host |
| 28 | +key](https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/), which |
| 29 | +happened on March 24th 2023 after their previous key accidentally leaked: |
| 30 | + |
| 31 | +* [GitHub's RSA key bundled in Cargo has been |
| 32 | + updated](https://github.com/rust-lang/cargo/pull/11883), to ensure systems |
| 33 | + that haven't interacted with GitHub yet won't connect trusting the leaked |
| 34 | + key. |
| 35 | + |
| 36 | +* [The leaked key has been hardcoded as revoked in |
| 37 | + Cargo](https://github.com/rust-lang/cargo/pull/11889), to ensure the key |
| 38 | + won't be used by Cargo even on systems that still trust the key. |
| 39 | + |
| 40 | +[Support for `@revoked` entries in |
| 41 | +`.ssh/known_hosts`](https://github.com/rust-lang/cargo/pull/11635) (along with |
| 42 | +a better error message when the unsupported `@cert-authority` entries are used) |
| 43 | +is also included in Rust 1.68.2, as that change was a pre-requisite for |
| 44 | +backporting the hardcoded revocation. |
| 45 | + |
| 46 | +If you cannot upgrade to Rust 1.68.2, we recommend [following GitHub's |
| 47 | +instructions](https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/#what-you-can-do) |
| 48 | +on updating the trusted keys in your system. Note that the keys bundled in |
| 49 | +Cargo are only used if no trusted key for `github.com` is found on the system. |
| 50 | + |
| 51 | +### Contributors to 1.68.2 |
| 52 | + |
| 53 | +Many people came together to create Rust 1.68.2. We couldn't have done it |
| 54 | +without all of you. [Thanks!](https://thanks.rust-lang.org/rust/1.68.2/) |
0 commit comments