T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add release notes for historical patch releases (#5282)

Browse Source 
Figured it'd be reasonable to list these in the notes on `main` to
ensure they're not forgotten.
This commit is contained in:
Alex Crichton
2022-11-16 12:42:12 -06:00
committed by GitHub
parent 07bd8bf34a
commit 5a006674c3
1 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
RELEASES.md
View File

@@ -83,6 +83,28 @@ Unreleased.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
## 2.0.2
Released 2022-11-10.
### Fixed
* [CVE-2022-39392] - modules may perform out-of-bounds reads/writes when the
pooling allocator was configured with `memory_pages: 0`.
* [CVE-2022-39393] - data can be leaked between instances when using the pooling
allocator.
* [CVE-2022-39394] - An incorrect Rust signature for the C API
`wasmtime_trap_code` function could lead to an out-of-bounds write of three
zero bytes.
[CVE-2022-39392]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg
[CVE-2022-39393]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
[CVE-2022-39394]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q
--------------------------------------------------------------------------------
## 2.0.1 ## 2.0.1
Released 2022-10-27. Released 2022-10-27.
@@ -146,6 +168,43 @@ Released 2022-10-20
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
## 1.0.2
Released 2022-11-10.
### Fixed
* [CVE-2022-39392] - modules may perform out-of-bounds reads/writes when the
pooling allocator was configured with `memory_pages: 0`.
* [CVE-2022-39393] - data can be leaked between instances when using the pooling
allocator.
* [CVE-2022-39394] - An incorrect Rust signature for the C API
`wasmtime_trap_code` function could lead to an out-of-bounds write of three
zero bytes.
--------------------------------------------------------------------------------
## 1.0.1
Released 2022-09-26
This is a patch release that incorporates a fix for a miscompilation of an
atomic-CAS operator on aarch64. The instruction is not usable from Wasmtime
with default settings, but may be used if the Wasm atomics extension is
enabled. The bug may also be reachable via other uses of Cranelift. Thanks to
@bjorn3 for reporting and debugging this issue!
### Fixed
* Fixed a miscompilation of `atomic_cas` on aarch64. The output register was
swapped with a temporary register in the register-allocator constraints.
[#4959](https://github.com/bytecodealliance/wasmtime/pull/4959)
[#4960](https://github.com/bytecodealliance/wasmtime/pull/4960)
--------------------------------------------------------------------------------
## 1.0.0 ## 1.0.0
Released 2022-09-20 Released 2022-09-20