Upcoming Security Release for Wasmtime on 2024-10-09

54 views
Skip to first unread message

Alex Crichton

unread,
Oct 3, 2024, 12:51:01 PMOct 3
to sec-an...@bytecodealliance.org
The Wasmtime project would like to announce a forthcoming security release of Wasmtime.

The release will be made available on 2024-10-09 at approximately 19:00 UTC. Additionally, an advisory will be made available on the same date and time at https://github.com/advisories.

The highest severity issue fixed in this release is MODERATE based on the classification scheme defined by CVSS.

Alex Crichton

unread,
Oct 9, 2024, 2:36:19 PMOct 9
to sec-an...@bytecodealliance.org
[Update 2024-10-09] Security releases available

Wasmtime versions 21.0.2, 22.0.1, 23.0.3, 24.0.1, and 25.0.2 are now available on crates.io. Additionally, binary releases are available on Github for the Wasmtime C-API shared library and CLI at https://github.com/bytecodealliance/wasmtime/releases.

This release fixes the following security issues rated MODERATE:
 
  Runtime crash when combining tail calls with stack traces

This release fixes the following security issues rated LOW:

  Race condition could lead to WebAssembly control-flow integrity and type safety violations

Reply all
Reply to author
Forward
0 new messages