Version 0.2.1 is a bugfix release. This release includes a bug fix for a security issue. Users of sudo-rs are advised to upgrade to the latest version as soon a possible. Please see the security advisory for details.

Changed

• Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
• visudo will now resolve EDITOR via PATH
• Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
• Switched several internal API calls from libc to Rust's std library
• The %h escape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file
• Our PAM integration was hardened against allocation failures
• An attempt was made to harden against rowhammer type attacks
• Release builds no longer include debugging symbols

Fixed

• Fixed an invalid parsing when an escaped null byte was present in the sudoers file
• Replaced informal error message in visudo with a proper error message