Cargo Security Advisories: CVE-2026-5223 and CVE-2026-5222 — Rust Blog

The Rust Security Response Team has issued advisories for Cargo addressing two critical vulnerabilities. CVE-2026-5223 involves mishandling of symlinks within crates, potentially leading to unauthorized file access. CVE-2026-5222 pertains to incorrect URL normalization of third-party dependencies, posing a risk of dependency confusion attacks. Rust developers should update Cargo to the latest version to mitigate these risks and ensure secure package management in their projects.

Introducing RLib: Reducing Rust Compile Times — Rust Users Forum

RLib is a newly introduced zero-overhead precompiled crate manager designed to reduce compile times and disk usage in Rust projects. By stabilizing a new build directory layout, RLib allows developers to manage precompiled crates efficiently, minimizing redundant compilation. This tool is particularly beneficial for large Rust projects, where compile time can be a significant bottleneck. Developers can now leverage RLib to streamline their development workflow and improve productivity.

• TOML Schema proposal, with Cargo.toml as an example [Rust Users Forum]
• [Pre-RFC] Make some feature-detected function-to-fn-pointer casts safe through ZST token types [Rust Internals]
• KGet 1.7.0 – download manager crate with redesigned GUIs, new builder API, WebDAV, yt-dlp, and bug fixes [Rust Users Forum]
• Changelog #329 [rust-analyzer]