The Rust team has published a new point release of Rust, 1.68.2. Rust is a programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, you can get 1.68.2 with:
rustup update stable
What's in 1.68.2 stable
Rust 1.68.2 addresses GitHub's recent rotation of their RSA SSH host key, which happened on March 24th 2023 after their previous key accidentally leaked:
GitHub's RSA key bundled in Cargo has been updated, to ensure systems that haven't interacted with GitHub yet won't connect trusting the leaked key.
The leaked key has been hardcoded as revoked in Cargo, to ensure the key won't be used by Cargo even on systems that still trust the key.
@revoked entries in
.ssh/known_hosts (along with
a better error message when the unsupported
@cert-authority entries are used)
is also included in Rust 1.68.2, as that change was a pre-requisite for
backporting the hardcoded revocation.
If you cannot upgrade to Rust 1.68.2, we recommend following GitHub's
on updating the trusted keys in your system. Note that the keys bundled in
Cargo are only used if no trusted key for
github.com is found on the system.
Contributors to 1.68.2
Many people came together to create Rust 1.68.2. We couldn't have done it without all of you. Thanks!