A key update to the openssl crate now provides support for FIPS-validated cryptography. This change directly addresses a major requirement for building applications in regulated environments.
By enabling FIPS 140-2 compliance, developers in finance, healthcare, and government can more easily meet strict security standards. This update significantly lowers a barrier for Rust's adoption in security-critical software.
In today’s crate updates recap:
> OpenSSL support for FIPS-validated cryptography
> SeaORM 2.0 release candidate API improvements
> Verified Python stubs with pyo3-stub-gen
> Simplified Wasm builds via the getrandom crate
Rust Gets FIPS-Ready with OpenSSL Update
The foundational openssl v0.10.74 crate just landed, bringing a critical feature for building applications in regulated environments. A new aws-lc-fips feature flag now allows projects to link against AWS Libcrypto for FIPS, providing access to FIPS 140-2 validated cryptographic modules.
Why it matters: This update is a major step forward for Rust's adoption in enterprise and government sectors. Developers building applications for finance, healthcare, or public infrastructure can now meet strict compliance requirements natively, solidifying Rust's position as a serious choice for security-critical software.
Here’s a look at what’s inside the full changelog:
FIPS Validated Crypto: Easily enable the
aws-lc-fipsfeature in yourCargo.tomlto build with a FIPS-validated cryptographic backend.Heads-Up on Versioning: This release bumps the minimum required OpenSSL version to 1.0.2. Be sure to check your environment's OpenSSL installation before you update the crate.
Expanded Key Generation: The
pkey_ctxAPI has been enhanced to support generating parameters and keys for DSA, EC, DH, and RSA.
Bottom line: The openssl crate is now more versatile than ever, removing a significant barrier for Rust development in high-compliance environments. Dive into the updated documentation to see how you can leverage these new capabilities in your projects.
SeaORM 2.0 Nears Release with New RC
The popular async ORM SeaORM is gearing up for its next major version with the release of 2.0.0-rc.10. This update brings the highly anticipated 2.0 release one step closer, focusing on developer experience and cleaning up the API, as detailed in their recent blog post.
This release candidate bundles several quality-of-life improvements that you can start testing now.
Flexible Connection Options: You can now directly configure database-specific settings for MySQL, Postgres, and SQLite using new
map_sqlx_*_optsfunctions. This simplifies handling things like requiring SSL for Postgres, giving you more granular control over the underlying SQLx driver. (See the PR)MariaDB
RETURNINGSyntax: A new mariadb-use-returning feature flag adds support for MariaDB’sRETURNINGsyntax, improving compatibility for developers using that database variant. (Relevant changes)Updated Rocket Integration: The companion crate sea-orm-rocket has been updated to v0.6, ensuring compatibility with the latest Rocket v0.5.1 release. (Compatibility PR)
Why it matters: This release candidate demonstrates SeaORM's commitment to refining the developer experience ahead of the stable 2.0 launch. The new connection options reduce boilerplate code for common configurations, while the continued support for frameworks like Rocket keeps the ecosystem integrated. It’s a great signal to start testing the new APIs in your projects.
Python Stubs Get Smarter
Creating reliable Python bindings for your Rust code just became much easier. The pyo3-stub-gen crate, a key tool for generating Python type hints (.pyi files), has been updated to v0.15.0 with a focus on correctness and developer confidence.
The update introduces several welcome improvements for anyone working at the intersection of Rust and Python:
The headline feature is a new integration with
stubtest, which now automatically verifies that generated type hints match the actual signatures in your Rust code.You can now use Python's
@finaldecorator in your stubs to prevent classes and methods from being overridden.Support for the built-in
booltype has been added, closing a gap in type coverage.
Why it matters: This update moves pyo3-stub-gen from a simple generator to a verification tool. By validating stubs against the Rust implementation, you can catch signature mismatches during development instead of discovering them as runtime bugs. This leads to more robust libraries, faster debugging, and a smoother experience for Python developers using your Rust-powered modules.
Wasm Builds Get Easier with getrandom
If you’ve ever fumbled with RUSTFLAGS to get your WebAssembly project to build, we’ve got some good news. The foundational getrandom v0.3.4 crate just dropped, and it removes a common configuration hurdle for developers targeting the browser and Node.js.
Here’s what’s new:
Wasm backend by default: Enabling the
wasm_jsCargo feature now makes it the default backend. You no longer need to manually set--cfg getrandom_backend="wasm_js"in your build flags.New opt-in backends: The release adds an
unsupportedopt-in backend for targets where randomness isn't needed at runtime and awindows_legacybackend for compatibility.Dependency cleanup: The crate now uses the
wasip2dependency instead ofwasiand removes the unstablerustc-dep-of-stdfeature for a cleaner, more modern build.
Why it matters: This is a great developer experience win. By automating the Wasm backend selection, the maintainers have smoothed out a common bump in the road for developers. This change simplifies CI/CD setups and lowers the barrier to entry for building Rust-powered Wasm applications.
The bottom line: A small change in a foundational library creates a big quality-of-life improvement for the entire Rust Wasm ecosystem.
The Shortlist
simple_logger updated to v5.1.0, adding documentation for its init_with_env function and refreshing its minimum dependency versions.
rustls-native-certs added a new load_certs_from_path() interface in version 0.8.2, also fixing how it handles multiple paths in the SSL_CERT_DIR variable.
bb8-redis shipped a new release candidate, v0.25.0-rc.1, introducing support for the upcoming redis v1.0.0-rc for asynchronous connection pooling.
rustls-webpki clarified its extended key usage validation API in the new 0.104.0-alpha.1 release, which also raises the project's minimum supported Rust version to 1.83.