chore(deps): update rust crate wasmtime to v36 [security]#348
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update rust crate wasmtime to v36 [security]#348renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
81cf091 to
6cf2cbd
Compare
renovate
bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
6cf2cbd to
fc16a16
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
2 times, most recently
from
fc16a16 to
1e6476b
Compare
renovate
bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
1e6476b to
2a9e6a2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
27.0.0→36.0.0GitHub Vulnerability Alerts
CVE-2025-64345
Impact
Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host (Rust) to the contents of the linear memory. This is not sound for shared linear memories, which could be modified in parallel, and this could lead to a data race in the host.
Wasmtime has a
wasmtime::Memorytype which represents linear memories in a WebAssembly module. Wasmtime also haswasmtime::SharedMemory, however, which represents shared linear memories introduced in the WebAssemblythreadsproposal. The API ofSharedMemorydoes not provide accessors which return&[u8]in Rust, for example, as that's not a sound type signature when other threads could be modifying memory. Thewasmtime::Memorytype, however, does provide this API as it's intended to be used with non-shared memories where static knowledge is available that no concurrent or parallel reads or writes are happening. This means that it's not sound to represent a shared linear memory withwasmtime::Memoryand it must instead be represented withwasmtime::SharedMemory.There were two different, erroneous, methods of creating a
wasmtime::Memorywhich represents a shared memory however:wasmtime::Memory::newconstructor takes aMemoryTypewhich could beshared. This function did not properly reject shared memory types and require usage ofSharedMemory::newinstead.wasmtime::Memory. This means that a core dump would perform an unsynchronized read of shared linear memory, possibly leading to data races.This is a bug in Wasmtime's safe Rust API. It should not be possible to cause unsoundness with Wasmtime's embedding API if
unsafeis not used. Embeddings which do not use the wasm threads proposal nor created shared memories nor actually share shared memories across threads are unaffected. Only if shared memories are created across threads might an embedding be affected.Patches
Patch releases have been issued for all supported versions of Wasmtime, notably: 24.0.5, 36.0.3, 37.0.3, and 38.0.4. These releases reject creation of shared memories via
Memory::newand shared memories are now excluded from core dumps.Workarounds
Embeddings affected by this issue should use
SharedMemory::newinstead ofMemory::newto create shared memories. Affected embeddings should also disable core dumps if they are unable to upgrade. Note that core dumps are disabled by default but the wasm threads proposal (and shared memory) is enabled by default. It's recommended to upgrade to a patched version of Wasmtime, however.Severity
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:NCVE-2026-27204
Impact
Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector where a guest can induce a range of crashing behaviors on the host such as:
Wasmtime's security bug policy considers all of these behaviors a security vulnerability. Wasmtime's implementation of WASI has a number of different ways that resource exhaustion could happen, and fixing any one of them is insufficient from solving this vulnerability. A number of individual issues are grouped within this advisory and as a whole represent the known ways that guests can exhaust resources on the host.
An example of guest-controlled resource exhaustion within Wasmtime's implementation of WASI is guests could repeatedly allocate handles to themselves without limit. Some APIs also caused the host to perform a guest-controlled-sized allocation of a buffer on the host for I/O operations. Other APIs could force the host to buffer arbitrary amounts of data for the guest. Finally the guest could hand arbitrarily large allocations from itself to the host which could cause the host to perform an arbitrarily sized copy of memory which in some situations could result in quadratically sized allocations.
Wasmtime's implementations of WASIp1 and WASIp2 are affected by this vulnerability. Any host API modeled with the Component Model (or WIT) which operates on a
stringorlist<T>type is also affected. Not all WIT and WASI APIs are affected by this issue, but that's more of an exception so it's recommended for all embedders to consider themselves affected.To address this issue a number of mitigations are being applied to limit the behavior of a guest in WASI. All of these mitigations manifest in the form of a limit of some kind applied to various situations, and as such all of these mitigations are backwards-incompatible as they run the risk of breaking preexisting programs. To address this all backports to previous stable releases have these limits tuned to overly-large values. This ensures that preexisting guests do not break while still providing embedders the knobs to prevent this DoS vector as well. The limits added to Wasmtime are:
-Smax-resources=NorResourceTable::set_max_capacity- the maximum number of resources that a guest is allowed to allocate for itself.-Shostcall-fuel=NorStore::set_hostcall_fuel- the maximum amount of data that the guest may copy to the host in a single function call.-Smax-random-size=NorWasiCtxBuilder::max_random_size- the maximum size of the return value ofget-random-bytesandget-insecure-random-bytesin thewasi:randomimplementations.-Smax-http-fields-size=NorWasiHttpCtx::set_max_fields_size- the maximum size of headers for an HTTP request/response.These settings are equally applicable to both WASIp1 and WASIp2. Wasmtime 41.0.x and prior previously did not limit these settings and the knobs being released are set to very large values by default to avoid any breaking behavior. Embedders will need to proactively tune these knobs as appropriate for their embeddings. The default settings in the unreleased Wasmtime 42.0.0 are 1M for max resources, 128MiB for hostcall fuel, 64MiB for max-random-size, and 32KiB for http fields size. Tuning is not expected for Wasmtime 42.0.0+.
Hosts/embedders affected by this issue are encouraged to audit and double-check their own host APIs they have implemented to see whether they are affected by this issue as well. The
-Shostcall-fuelsetting is intended to be a relatively coarse fix for many possible issues by limiting the amount of data for all host APIs at once, so many embedders may not need to take further action beyond updating Wasmtime and configuring it appropriately (if not updating to 42.0.0). Embedders should audit to see, however, if the guest is able to force the host to allocate on its behalf and ensure that the allocation is limited or tracked somehow.Patches
Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 have all been released with the fix for this issue. These versions do not prevent this issue in their default configuration to avoid breaking preexisting behaviors. All versions of Wasmtime have appropriate knobs to prevent this behavior, and Wasmtime 42.0.0-and-later will have these knobs tuned by default to prevent this issue from happening.
Workarounds
There are no known workarounds for this issue without upgrading. Embedders are recommended to upgrade and configure their embeddings as necessary to prevent possibly-malicious guests from triggering this issue.
Resources
Store::set_hostcall_fuelResourceTable::set_max_capacityWasiCtxBuilder::max_random_sizeSeverity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LCVE-2026-27572
Impact
Wasmtime's implementation of the
wasi:http/types.fieldsresource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in thewasmtime-wasi-httpcrate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime.Patches
Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking.
Workarounds
There are no known workarounds at this time, embedders are encouraged to update to a patched version of Wasmtime.
Resources
http::HeaderMapSeverity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:HCVE-2026-34941
Summary
Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte length, which is twice the size of the code units.
This vulnerability can cause the host to read beyond the end of a WebAssembly's linear memory in an attempt to transcode nonexistent bytes. In Wasmtime's default configuration this will read unmapped memory on a guard page, terminating the process with a segfault. Wasmtime can be configured, however, without guard pages which would mean that host memory beyond the end of linear memory may be read and interpreted as UTF-16.
A host segfault is a denial-of-service vulnerability in Wasmtime, and possibly being able to read beyond the end of linear memory is additionally a vulnerability. Note that reading beyond the end of linear memory requires nonstandard configuration of Wasmtime, specifically with guard pages disabled.
Impact
This is an out-of-bounds memory access. Any user running untrusted wasm components that use cross-component string passing (with UTF-16 source and latin1+utf16 destination encodings) is affected.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NCVE-2026-34942
Impact
Wasmtime's implementation of transcoding strings into the Component Model's
utf16orlatin1+utf16encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic is possible to trigger from malicious guests which transfer very specific strings across components with specific addresses.Host panics are considered a DoS vector in Wasmtime as the panic conditions are controlled by the guest in this situation.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LCVE-2026-34943
Impact
Wasmtime contains a possible panic which can happen when a
flags-typed component model value is lifted with theValtype. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting intoVal, not when using theflags!macro. This additionally only affectsflags-typed values which are part of a WIT interface.This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using
wasmtime::component::Valand possibly work with aflagstype in the component model.Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NCVE-2026-34944
On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the
f64x2.splatWebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests.Details
The
f64x2.splatoperator, when operating on a value loaded from a memory (for example with f64.load), compiles with Cranelift to code on x86-64 without SSE3 that loads 128 bits (16 bytes) rather than the expected 64 bits (8 bytes) from memory. When the address is in-bounds for a (correct) 8-byte load but not an (incorrect) 16-byte load, this can load beyond memory by up to 8 bytes. This can result in three different behaviors depending on Wasmtime's configuration:Wasmtime's default configuration is case (2) in this case. That means that Wasmtime, by default, incorrectly executes this
WebAssembly instruction but does not have insecure behavior.
Impact
If signals-based-traps are disabled and guard pages are enabled then guests can trigger an uncaught segfault in the host, likely aborting the host process. This represents, for example, a DoS vector for WebAssembly guests.
This bug does not affect Wasmtime's default configuration and requires signals-based-traps to be disabled. This bug only affects the x86-64 target with the SSE3 feature disabled and the Cranelift backend (Wasmtime's default backend).
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
This bug only affects x86-64 hosts where SSE3 is disabled. If SSE3 is enabled or if a non-x86-64 host is used then hosts are not affect. Otherwise there are no known workarounds to this issue.
Severity
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NCVE-2026-34945
Impact
Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the
table.sizeinstruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive data related to other host-originating operations which is not intended to be disclosed to guests.This bug specifically arose from a mistake where the return value of
table.sizewas statically typed as a 32-bit integer, as opposed to consulting the table's index type to see how large the returned register could be. When combined with details about Wnich's ABI, such as multi-value returns, this can be combined to read stack data from the host, within a guest. This information disclosure should not be possible in WebAssembly, violates spec semantics, and is a vulnerability in Wasmtime.Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
Users of Cranelift are not affected by this issue, but users of Winch have no workarounds other than disabling the
Config::wasm_memory64proposal.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:NCVE-2026-34946
Impact
Wasmtime's Winch compiler contains a vulnerability where the compilation of the
table.fillinstruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability in Wasmtime due to guests being able to trigger a panic.The specific issue is that a historical refactoring, #11254, changed how compiled code referenced tables within the
table.*instructions. This refactoring forgot to update the Winch code paths associated as well, meaning that Winch was using the wrong indexing scheme. Due to the feature support of Winch the only problem that can result is tables being mixed up or nonexistent tables being used, meaning that the guest is limited to panicking the host (using a nonexistent table), or executing spec-incorrect behavior and modifying the wrong table.Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
Users of Cranelift are not affected by this issue, but for users of Winch there is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NCVE-2026-35195
Impact
Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's
reallocis not validated before the host attempts to write through the pointer. This enables a guest to cause the host to write arbitrary transcoded string bytes to an arbitrary location up to 4GiB away from the base of linear memory. These writes on the host could hit unmapped memory or could corrupt host data structures depending on Wasmtime's configuration.Wasmtime by default reserves 4GiB of virtual memory for a guest's linear memory meaning that this bug will by default on hosts cause the host to hit unmapped memory and abort the process due to an unhandled fault. Wasmtime can be configured, however, to reserve less memory for a guest and to remove all guard pages, so some configurations of Wasmtime may lead to corruption of data outside of a guest's linear memory, such as host data structures or other guests's linear memories.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no known workaround for this issue and affected hosts/embeddings are recommended to upgrade.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:NCVE-2026-34987
Impact
Wasmtime with its Winch (baseline) non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox.
This vulnerability requires use of the Winch compiler (
-Ccompiler=winch). By default, Wasmtime uses its Cranelift backend, not Winch. With Winch, the same incorrect assumption is present in theory on both aarch64 and x86-64. The aarch64 case has an observed-working proof of concept, while the x86-64 case is theoretical and may not be reachable in practice.This Winch compiler bug can allow the Wasm guest to access memory before or after the linear-memory region, independently of whether pre- or post-guard regions are configured. The accessible range in the initial bug proof-of-concept is up to 32KiB before the start of memory, or ~4GiB after the start of memory, independently of the size of pre- or post-guard regions or the use of explicit or guard-region-based bounds checking. However, the underlying bug assumes a 32-bit memory offset stored in a 64-bit register has its upper bits cleared when it may not, and so closely related variants of the initial proof-of-concept may be able to access truly arbitrary memory in-process. This could result in a host process segmentation fault (DoS), an arbitrary data leak from the host process, or with a write, potentially an arbitrary RCE.
Patches
Wasmtime 43.0.1, 42.0.2, and 36.0.7 have been released with fixes for this issue.
Workaround
There are no workarounds within the Winch compiler backend while using the affected versions. Users of Wasmtime are encouraged either to upgrade to patched versions or, if that is not possible, use the Cranelift compiler backend.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NCVE-2026-35186
Impact
Wasmtime's Winch compiler backend contains a bug where translating the
table.growoperator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid internal representation of Winch's compiler state compounds into further issues depending on how the value is consumed.One example can be seen when the result of
table.growis used as the address of a load operation. The load operation is tricked into thinking the address is a 64-bit value, not a 32-bit value, which means that the final address to load from is calculated incorrectly. This can lead to a situation where the bytes before the start of linear memory can be loaded/stored to.The primary consequence of this bug is that bytes in the host's address space can be stored/read from. This is only applicable to the 16 bytes before linear memory, however, as the only significant return value of
table.growthat can be misinterpreted is -1. The bytes before linear memory are, by default, unmapped memory. Wasmtime will detect this fault and abort the process, however, because wasm should not be able to access these bytes.Overall this this bug in Winch represents a DoS vector by crashing the host process, a correctness issue within Winch, and a possible leak of up to 16-bytes before linear memory. Wasmtime's default compiler is Cranelift, not Winch, and Wasmtime's default settings are to place guard pages before linear memory. This means that Wasmtime's default configuration is not affected by this issue, and when explicitly choosing Winch Wasmtime's otherwise default configuration leads to a DoS. Disabling guard pages before linear memory is required to possibly leak up to 16-bytes of host data.
Patches
Wasmtime 43.0.1, 42.0.2, and 36.0.7 have been released with fixes for this issue.
Workaround
There are no workarounds within the Winch compiler backend while using the affected versions. Users of Wasmtime are encouraged either to upgrade to patched versions or, if that is not possible, use the Cranelift compiler backend.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:NRelease Notes
bytecodealliance/wasmtime (wasmtime)
v36.0.7Compare Source
36.0.7
Released 2026-04-09.
Fixed
Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift.
GHSA-jhxm-h53p-jm7w
Wasmtime with Winch compiler backend may allow a sandbox-escaping memory
access.
GHSA-xx5w-cvp6-jv83
Out-of-bounds write or crash when transcoding component model strings.
GHSA-394w-hwhg-8vgm
Host panic when Winch compiler executes
table.fill.GHSA-q49f-xg75-m9xw
Wasmtime segfault or unused out-of-sandbox load with
f64x2.splatoperatoron x86-64.
GHSA-qqfj-4vcm-26hv
Improperly masked return value from
table.growwith Winch compiler backend.GHSA-f984-pcp8-v2p7
Panic when transcoding misaligned utf-16 strings.
GHSA-jxhv-7h78-9775
Panic when lifting
flagscomponent value.GHSA-m758-wjhj-p3jq
Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding.
GHSA-hx6p-xpx3-jvvv
Data leakage between pooling allocator instances.
GHSA-6wgr-89rj-399p
Host data leakage with 64-bit tables and Winch.
GHSA-m9w2-8782-2946
v36.0.6Compare Source
36.0.6
Released 2026-02-24.
Changed
consumption on behalf of the guest, such as host-allocated memory. This means
that some behaviors previously allowed by Wasmtime can now disallowed, such as
transferring excessive data from the guest to the host. Additionally calls to
wasi:random/random.get-random-bytes, for example, can have limits in placeto avoid allocating too much memory on the host. To preserve
backwards-compatible behavior these limits are NOT set by default. Embedders
must opt-in to configuring these knobs as appropriate for their embeddings.
For more information on this see the related security advisory with further
details on knobs added and what behaviors can be restricted.
GHSA-852m-cvvp-9p4w
Fixed
wasi:http/types.fieldshas beenresolved
GHSA-243v-98vx-264h
v36.0.5Compare Source
36.0.5
Released 2026-01-26.
Fixed
f64.copysignon x86-64 whereby when combinedwith an
f64.load, the resulting machine code could read 16 bytes ratherthan 8 bytes. This could result in a segfault when Wasmtime is configured
without signals-based traps.
v36.0.4Compare Source
36.0.4
Released 2026-01-14.
Fixed
cmpemission has beenfixed.
#12333
v36.0.3Compare Source
36.0.3
Released 2025-11-11.
Fixed
Memory.CVE-2025-64345
v36.0.2Compare Source
36.0.2
Released 2025-08-26.
Fixed
conditions related to resetting the linear memory of a slot.
#11510
v36.0.1Compare Source
36.0.1
Released 2025-08-21.
Added
wasmtime_wasi::WasiCtxto account for refactorings that happened in thisrelease.
#11473
Changed
assist with redistribution as-is.
#11483
v36.0.0Compare Source
36.0.0
Released 2025-08-20.
Added
Cranelift's has initial support for inlining between functions. Wasmtime
additionally now has support for inlining as well, for example between modules
in a component.
#11210
#11239
#11228
#11269
#11283
The async proposal for the Component Model is now fully implemented in
Wasmtime with a number of WASIp3 interfaces implemented. The implementation
is still off-by-default and the implementation of WASIp3 is not fully
complete, but is remains suitable for testing.
#11127
#11136
#11137
#11238
#11221
#11250
#11257
#11291
#11325
Changed
Users who implemented
WasiHttpView::is_forbidden_headerfromwasmtime-wasi-httpnow need to includeDEFAULT_FORBIDDEN_HEADERS, e.g.DEFAULT_FORBIDDEN_HEADERS.contains(name) || name.as_str() == "custom-forbidden-header"#11292
Cranelift's incremental cache has received some optimizations.
#11186
Wasmtime's internal implementations of WebAssembly primitives has been
refactored to be modeled with safer internal primitives.
#11211
#11212
#11216
#11229
#11215
#11254
#11255
#11319
#11320
Detection of native hardware features has been refactored on s390x.
#11220
Further progress has been made towards an implementation of the WebAssembly
exceptions proposal, although it is not yet complete.
#11230
#11321
Cranelift's assembler for x64 now supports EVEX encoding.
#11153
#11270
#11303
The default implementation of
send_requestin thewasmtime-wasi-httpcrateis now behind an on-by-default feature gate.
#11323
Configuration of the
bindgen!macro has been redesigned to more consistentlyconfigure per-function options such as whether or not it's async.
#11328
Initial support fo
mutatishas been added to Wasmtime's fuzzers.#11290
The
debug-builtinscrate feature ofwasmtimeno compiles onno_stdtargets.
#11304
Fixed
Deserializing external modules no long unnecessarily requires the allocation
to be aligned.
#11306
A CMake linker error and warning when using the C API on macOS has been fixed.
#11293
#11315
The C API declaration of
wasmtime_component_linker_instance_add_funchasbeen fixed.
#11327
The calculation of reachable DWARF has been fixed.
#11338
v35.0.0Compare Source
35.0.0
Released 2025-07-22.
Added
A new
InputFiletype has been added for specifying stdin as a file in WASI.#10968
Conditional branches to unconditional traps are now translated to conditional
traps during legalization.
#10988
The
TEHTTP header can now be specified by guests.#11002
Winch on AArch64 should now pass all WebAssembly MVP tests. Note that it is
still not yet Tier 1 at this time, however.
#10829
#11013
#11031
#11051
The x64 backend now has lowering rules for
{add,sub,or,and} mem, imm#11043
Initial support for WASIp2 in the C API has started to land.
#11055
#11172
Initial support for GC support in the component model has started to land
(note that it is not finished yet).
#10967
#11020
The
wasmtime-wasi-nncrate now has a feature to use a custom ONNX runtime.#11060
Cranelift now optimizes division-by-constant operations to no longer use
division.
#11129
A
native-tlsbackend has been added for the wasi-tls implementation.#11064
Changed
Many more instructions for the x64 backend in Cranelift were migrated to the
new assembler.
#10927
#10928
#10918
#10946
#10954
#10958
#10971
#10942
#10975
#11017
#10898
#10836
... (and more)
Wasmtime internally uses
Pinfor VM data structures to make the internalimplementations more sound to use. This has no effect on the public API of
Wasmtime.
#10934
#10937
#10943
#10959
#11042
Fused adapters between components now transfer the
enumcomponent model typemore efficiently.
#10939
Filenames of
--emit-clifnow match the symbol names found in*.cwasmartifacts and include the function name as well.
#10947
#11040
Wasmtime-internal crates are now all named
wasmtime-internal-*to evenfurther discourage their use.
#10963
Codegen of conditional traps with float compares has been improved.
#10966
More patterns are now optimized in ISLE mid-end rules.
#10978
#10979
#11173
Winch's support for constants/scratch registers has been improved internally.
#10986
#10998
The C API artifacts on Windows are now produced with Clang instead of
cl.exe.#10890
WebAssembly operand types are now taken into account during translation to
optimize codegen better in the face of subtyping.
#11030
The behavior of
blocking-write-and-flushhas been updated during flushingwhen
closedis found.#11018
WASI WITs have been updated to 0.2.6.
#11049
OpenVINO has been updated to v2025.1.
#11054
The size of the
wasmtime.addrmapsection in*.cwasmartifacts has beenshrunk slightly.
#11126
Authorities in
wasmtime-wasi-httpcan now contain the:character.#11145
Wasmtime now requires Rust 1.86 to compile.
#11142
Wasmtime's DRC collector has been optimized and has a new more efficient means
of managing the set of over-approximated roots on the stack.
#11144
#11148
#11167
#11168
#11169
#11175
The
ComponentTypetrait in Wasmtime now requires theSendandSyncbounds for all implementors.
#11160
The
V128type is now usable on platforms other than aarch64 and x86_64.#11165
Wasmtime's policy on
unsafecode and guidelines has been added.#11177
The
stdcrate will no longer implicitly be used oncfg(unix)andcfg(windows)targets when thestdCargo feature is disabled. This meansthat these platforms now require
stdto be enabled to use theplatform-specific implementation of linear memory, for example.
#11152
Fixed
A panic when optimizing
icmpwith vectors has been fixed.#10948
A panic when lowering
scalar_to_vectorwithi16x8types has been fixed.#10949
The vector state register is now considered clobbered by calls on riscv64 to
ensure it's updated across calls.
#11048
An instance of
gdbcrashing on DWARF emitted by Wasmtime has been fixed.#11077
Fix a panic in the host caused by preview1 guests using
fd_renumber.CVE-2025-53901.
Fix a panic in the preview1 adapter caused by guests using
fd_renumber.#11277
v34.0.2Compare Source
34.0.2
Released 2025-07-18.
Fixed
Fix a panic in the host caused by preview1 guests using
fd_renumber.CVE-2025-53901.
Fix a panic in the preview1 adapter caused by guests using
fd_renumber.#11277
34.0.1
Released 2025-06-24.
Fixed
types.
#11103
v34.0.1Compare Source
34.0.1
Released 2025-06-24.
Fixed
types.
#11103
v34.0.0Compare Source
34.0.0
Released 2025-06-20.
Added
Support for SIMD in the Pulley interpreter can now be disabled at compile-time
to shrink the size of the final binary.
#10727
The C API now has
wasmtime_trap_new_codeto create awasm_trap_tfromits code.
#10765
Winch's support for x86_64 is now classified with tier 1 support in Wasmtime.
#10755
Winch's support for aarch64 now implements stack checks to pass many more spec
tests.
#10763
Cranelift's s390x backend now has full support for the
f128type.#10774
Wasmtime's C API for the component model has initial support for calling
functions.
#10697
#10841
#10858
#10864
#10877
The
wasmtime wastcommand now has a--generate-dwarfflag to showfilename/line number information for backtraces.
#10780
Changed
The shape of
bindgen!-generatedadd_to_linkerfunctions has changed withthe removal of
GetHostand replacement of aHasDatatrait. For moreinformation see the associated PR.
#10770
Wasmtime's
Store<T>now requires thatT: 'static. This is done inpreparation for merging WASIp3 work to the main repository with some more
information on the associated PR.
#10760
The
wasmtime::component::Instance::instance_premethod is now public.#10761
Wasmtime and Cranelift's minimnum supported version of Rust (MSRV) is now
1.85.0.
#10785
Cranelift's
debugtrapon aarch64 now generatesbrk #​0xf000for debuggersto recognize it.
#10813
The wasi-http implementation no longer generates a trap if the handle to
receive the response on the host is dropped early.
#10833
The
wasmtime servecommand will now send some boilerplate descriptive HTMLon a 500 server error instead of nothing.
#10851
A significant amount of work has gone into the new assembler for the x64
backend. Too many PRs to list here but progress continues apace at defining
all machine instructions in a standalone crate.
Cranelift will now reject unimplemented big-endian loads/stores on backends
that do not implement this functionality.
#10863
The
wasmtime exploregenerated HTML handles large modules better now.#10892
Wasmtime's internal representation of
wasmtime::Funchas changed and aprevious optimization of
Func::callhas been lost. If affected it'drecommended to use
Func::call_uncheckedinstead or to open an issue.#10897
v33.0.2Compare Source
33.0.2
Released 2025-07-18.
Fixed
Fix a panic in the host caused by preview1 guests using
fd_renumber.CVE-2025-53901.
Fix a panic in the preview1 adapter caused by guests using
fd_renumber.#11277
33.0.1
Released 2025-06-24.
Fixed
types.
#11103
v33.0.1Compare Source
33.0.1
Released 2025-06-24.
Fixed
types.
#11103
v33.0.0Compare Source
33.0.0
Released 2025-05-20.
Added
Cranelift now has initial support for
try_callandtry_call_indirectinstructions, to be used in the future for the WebAssembly exception-handling
proposal. Wasmtime does not yet implement this proposal yet.
#10510
#10557
#10593
Cranelift can now optimize some simple possibly-side-effectful instructions,
such as division.
#10524
Wasmtime now supports
--invokefor components using the WAVE format.#10054
Initial support for the Component Model has landed in Wasmtime's C API. Note
that the API is not yet feature-complete, however.
#10566
#10598
#10651
#10675
Wasmtime's C++ API is now available from this repository and the
bytecodealliance/wasmtime-cpp repository has been archived. Add
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.