Rust 1.94.1 is a point release that addresses several regressions introduced in version 1.94.0 and includes important security patches. This update ensures greater stability for the Rust programming language, which continues to empower developers building reliable and efficient software. If you're using an earlier version via rustup, upgrading is straightforward.

What is Rust 1.94.1 and why was it released?

Rust 1.94.1 is a stability-focused point release that corrects three regressions uncovered in the previous 1.94.0 update. Regressions are unintended breaks in functionality that can disrupt development workflows or runtime behavior. Additionally, this release includes a critical security fix for Cargo's dependency on the tar crate. By addressing both stability and security, the Rust team ensures that users can continue building software with confidence. This version is recommended for all current Rust users.

How can I update to Rust 1.94.1?

If you already have Rust installed through rustup, simply run the command rustup update stable in your terminal. This will automatically fetch and apply the latest stable release, including 1.94.1. For those who haven't installed Rust yet, visit the official Rust website's download page to get rustup. The process is designed to be quick and seamless, requiring no manual configuration. After updating, you can verify the version by typing rustc --version.

What regressions were fixed in this release?

Three regressions from Rust 1.94.0 have been resolved:

• wasm32-wasip1-threads: The std::thread::spawn function now works correctly on WebAssembly targets that use this thread model.
• Windows OpenOptionsExt: Newly added but unstable methods were removed because the trait OpenOptionsExt is not sealed and cannot be extended with non-default methods without breaking changes.
• Clippy: A false positive that caused an internal compiler error (ICE) in the match_same_arms lint has been fixed.

These fixes restore expected behavior and improve the overall developer experience.

What security fixes are included?

Cargo's dependency on the tar crate has been updated to version 0.4.45. This addresses two CVEs: CVE-2026-33055 and CVE-2026-33056. However, users of crates.io are not affected by these vulnerabilities because the registry itself does not rely on the problematic code path. The Rust team recommends updating to ensure your local toolchain is fully patched. For detailed technical information, refer to the official security blog post linked from the release announcement.

What was the issue with Cargo and FreeBSD?

Some users on certain versions of FreeBSD encountered certificate validation errors when using Cargo. This occurred because of a regression in the curl-sys crate at version 0.4.84. To resolve this, Cargo has been downgraded to use curl-sys 0.4.83, which restores proper certificate handling. The affected FreeBSD users should now be able to fetch dependencies without errors. This fix ensures consistent network operations across all platforms.

Why were the new methods on OpenOptionsExt removed?

In Rust 1.94.0, several new methods were added to std::os::windows::fs::OpenOptionsExt as unstable (experimental) additions. The trait OpenOptionsExt is not sealed, meaning external crates are allowed to implement it. When a trait is not sealed, adding non-default methods (methods that lack a default implementation) can break existing implementations—those implementations would suddenly be missing required methods. Because the new methods were non-default, they violated the stability guarantees for the trait. Removing them prevents future compilation failures for external implementors. The methods may be reintroduced in a more compatible manner in a future release.

Who contributed to this release?

Rust 1.94.1 was made possible by the collective effort of many community members and the core Rust team. Contributors identified regressions, implemented fixes, reviewed code, and tested the release across diverse environments. The Rust project thrives on such collaboration. If you're interested in contributing, check out the Rust GitHub repository and issue tracker. Thank you to everyone who helped ship this update.