-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport 1.27.1 release notes to master #52310
Backport 1.27.1 release notes to master #52310
Conversation
RELEASES.md
Outdated
- rustdoc would execute plugins in the /tmp/rustdoc/plugins directory | ||
when running, which enabled executing code as some other user on a | ||
given machine. This release fixes that vulnerability; you can read | ||
more about this on the [blog][rustdoc-sec]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add the CVE now that we have a number?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer not to; stable doesn't have the CVE and it feels odd to make those edits to "past" release notes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, we did not have the number when we released 1.27.1, and having it in there would be helpful if someone is searching when the vulnerability was fixed.
Also, we already merged other PRs changing past releases' notes (such as #51997 and #51868), and if we do 1.27.2 we can even get this to stable faster.
e0d3f87
to
4c340a2
Compare
Okay, updated to include the CVE. |
@bors r+ rollup |
📌 Commit 4c340a2 has been approved by |
[beta] Rollup backports Merged and approved: * #51722: Updated RELEASES for 1.28.0 * #52193: step_by: leave time of item skip unspecified * #52194: Remove rustdoc's plugins feature * #52196: rustdoc: Hide struct and enum variant constructor imports * #52310: Backport 1.27.1 release notes to master r? @ghost
…ort-from-stable, r=pietroalbini Backport 1.27.1 release notes to master r? @pietroalbini
…ort-from-stable, r=pietroalbini Backport 1.27.1 release notes to master r? @pietroalbini
Rollup of 16 pull requests Successful merges: - #51962 (Provide llvm-strip in llvm-tools component) - #52003 (Implement `Option::replace` in the core library) - #52156 (Update std::ascii::ASCIIExt deprecation notes) - #52242 (NLL: Suggest `ref mut` and `&mut self`) - #52244 (Don't display default generic parameters in diagnostics that compare types) - #52290 (Deny bare trait objects in src/librustc_save_analysis) - #52293 (Deny bare trait objects in librustc_typeck) - #52299 (Deny bare trait objects in src/libserialize) - #52300 (Deny bare trait objects in librustc_target and libtest) - #52302 (Deny bare trait objects in the rest of rust) - #52310 (Backport 1.27.1 release notes to master) - #52314 (Fix ICE when using a pointer cast as array size) - #52315 (Resolve FIXME(#27942)) - #52316 (task: remove wrong comments about non-existent LocalWake trait) - #52322 (Update llvm-rebuild-trigger in light of LLVM 7 upgrade) - #52332 (dead-code lint: say "constructed", "called" for structs, functions) Failed merges: r? @ghost
…ort-from-stable, r=pietroalbini Backport 1.27.1 release notes to master r? @pietroalbini
Rollup of 17 pull requests Successful merges: - #51962 (Provide llvm-strip in llvm-tools component) - #52003 (Implement `Option::replace` in the core library) - #52156 (Update std::ascii::ASCIIExt deprecation notes) - #52280 (llvm-tools-preview: fix build-manifest) - #52290 (Deny bare trait objects in src/librustc_save_analysis) - #52293 (Deny bare trait objects in librustc_typeck) - #52299 (Deny bare trait objects in src/libserialize) - #52300 (Deny bare trait objects in librustc_target and libtest) - #52302 (Deny bare trait objects in the rest of rust) - #52310 (Backport 1.27.1 release notes to master) - #52315 (Resolve FIXME(#27942)) - #52316 (task: remove wrong comments about non-existent LocalWake trait) - #52322 (Update llvm-rebuild-trigger in light of LLVM 7 upgrade) - #52330 (Don't silently ignore invalid data in target spec) - #52333 (CI: Enable core dump on Linux, and print their stack trace on segfault. ) - #52346 (Fix typo in improper_ctypes suggestion) - #52350 (Bump bootstrap compiler to 1.28.0-beta.10) Failed merges: r? @ghost
☔ The latest upstream changes (presumably #52352) made this pull request unmergeable. Please resolve the merge conflicts. |
r? @pietroalbini