This new v2.36.1 release brings several security and bug fixes and is the last version supporting legacy Windows 7, 8, 8.1 platforms.

Security patch for RUSTSEC-2024-0437

This release temporarily removes the experimental Cargo feature from the resulting static-web-server binary (but not the Cargo feature itself) to prevent shipping the security vulnerability (RUSTSEC-2024-0437 #530) in this release.

The experimental Cargo feature (that includes experimental features like metrics and in-memory cache) will be restored to be part of the binary again in the next release.

End support for unmaintained Windows 7, 8, 8.1 platforms

As we mentioned a year ago (#447), SWS would not continue supporting legacy Windows 7, 8, and 8.1 platforms for so long as Microsoft stopped support for Windows 7 in 2020 and Rust requires Windows 10 as the minimum supported platform since 1.78.

Today, we announce that v2.36.1 is the last release supporting such legacy platforms and having Rust 1.76.0 as MSRV.
Future releases will bump up the MSRV when convenient and will require Windows 10 as the minimum supported platform.
However, although we will try to provide a patch for users wanting to build SWS manually for those legacy platforms in the future, we cannot fully guarantee that SWS will continue building for the aforementioned platforms.

Fixes

• ad4c171 Bugfix/security dependency updates including tokio, httparse, ring, rustls, bytes, serde and other crates. PR #532.
• 5fbd0c5 CORS: Add missing Origin to the Vary header value when CORS feature is enabled. PR #534 resolves #533 reported by @rbozan.

For more details see the v2.36.1 milestone and the full changelog v2.36.0...v2.36.1.