Two milestones bookended Rust's 2025: Rust 1.85.0 shipped the 2024 Edition in February with async closures and lifetime capture fixes, and in December the Linux kernel maintainers declared Rust "no longer experimental". Between these events, a Microsoft Distinguished Engineer set a goal to eliminate all C/C++ by 2030, Google reported ~1000x lower memory-safety vulnerability density in Android's Rust vs C/C++ code, and Ubuntu made sudo-rs the default in 25.10.

The year tested community resilience. The Rust-for-Linux project faced its second major resignation in six months when Hector Martin resigned from Asahi Linux after a heated mailing list exchange with Linus Torvalds over "social media brigading"—following Wedson Almeida Filho's August 2024 departure over "nontechnical nonsense". Supply chain attacks hit crates.io repeatedly—typosquatting malware and OS-specific payloads in Web3 crates affecting 23,000+ downloads across the two largest incidents, plus a later exfiltration attempt and phishing campaigns targeting crate publishers. The Rust Foundation Maintainers Fund announcement prompted questions over undisclosed fund size and eligibility details. Through it all, Rust shipped 9 feature (.0) releases (1.84.0–1.92.0), crossed 2.27 million developers per JetBrains, and remained the most admired language in Stack Overflow's 2025 survey—every year since 1.0 in 2015. Behind the scenes, the Rust Foundation's infrastructure work kept releases flowing: 75% CI cost reduction, out-of-band daily backups for critical assets, and a full-time project manager.

Actions for 2026: migrate to the Rust 2024 Edition, enable Trusted Publishing on crates.io, and evaluate the LLD linker for faster builds on Linux.

January 1 — Axum 0.8.0 removes async_trait requirement—major ergonomic improvement for async web frameworks.

January 9 — Rust 1.84.0 released with MSRV-aware Cargo resolver and new trait solver for coherence. wasm32-wasi removed in favor of wasm32-wasip1/wasm32-wasip2.

January 10 — Kernel DMA maintainer Christoph Hellwig blocks the Rust DMA coherent allocator patch: "Don't force me to deal with your shiny language of the day. Maintaining multi-language projects is a pain I have no interest in dealing with."

January 22 — Rust 2024 Edition enters beta with call for testing.

January 30 — Rust 1.84.1 fixes slow compilation regression from new trait solver.

February 4-6 — Rust-for-Linux governance crisis escalates on LKML. Christoph Hellwig likens cross-language codebases to "cancer": "If you want to make Linux impossible to maintain due to a cross-language codebase, do that in your driver so that you have to do it instead of spreading this cancer to core subsystems." Hector Martin responds on the kernel mailing list: "If shaming on social media does not work, then tell me what does, because I'm out of ideas." Linus Torvalds fires back at Martin: "How about you accept the fact that maybe the problem is you... social media brigading just makes me not want to have anything at all to do with your approach."

February 5 — crates.io development update: crate deletion now available (published <72h, or single-owner + <500 downloads/month + no reverse deps), "Report Crate" button, publish notification emails, and 90-day default API token expiration.

February 7 — Hector Martin removes himself as ARM/Apple Silicon kernel maintainer: "I no longer have any faith left in the kernel development process or community management approach."

February 13 — 2024 State of Rust Survey results published: 45% report non-trivial Rust use in their organization (7 percentage point increase from 2023).

February 14 — Hector Martin resigns as Asahi Linux project lead: "I consider Linus' handling of the integration of Rust into Linux a major failure of leadership." His Mastodon account (social.treehouse.systems/@marcan) goes offline shortly after. See also: Asahi Linux head quits citing kernel leadership failure, Rust drama and the deeper tension Linux faces, analysis of the Rust DMA dispute.

February 19-20 — Rust Nation UK 2025 in London.

February 20 — Rust 1.85.0 and the 2024 Edition released. Key features: async closures (async || {}), #[diagnostic::do_not_recommend], improved RPIT lifetime capture, unsafe_op_in_unsafe_fn warns by default.

February 24 — esp-hal 1.0.0-beta.0 released by Espressif—first vendor-backed Rust SDK for embedded (ESP32 family).

March 1 — async-std officially discontinued; smol recommended as replacement.

March 14 — Rust in Paris.

March 14-28 — European Rust conferences proliferate: RUSTMEET Poland, Rustikon Warsaw.

March 18 — Rust 1.85.1 point release.

March 18 — Rust teams discuss expanding program management capacity for edition and project goals work.

March 26 — Ferrocene Language Specification donated to the Rust Project—formal specification milestone (RFC 3355).

March 28 — RustASIA 2025 in Hong Kong.

April 3 — Rust 1.86.0 released with trait upcasting (&dyn Trait → &dyn Supertrait) and get_disjoint_mut for slices/HashMap enabling safe simultaneous mutable access.

April 9 — Datadog publishes Lambda extension Rust rewrite case study.

April 11 — crates.io security incident: session cookies inadvertently sent to Sentry—sessions invalidated and cookies redacted.

April 20 — Rust Konf Türkiye (Istanbul).

May 6 — Ubuntu announces sudo-rs will be default in 25.10.

May 13-17 — RustWeek 2025 in Utrecht: first All-Hands since 2019, 10th anniversary celebration.

May 15 — Rust 1.87.0 released live from Utrecht on Rust's 10th anniversary. Features: inline assembly labels, std::io::pipe(), safe architecture intrinsics.

June 5 — Rust Summit (Belgrade)—blockchain-focused conference.

June 16 — Rust compiler performance survey launched.

June 21 — Clippy 12-week feature freeze announced—maintenance focus to reduce false positives.

June 23 — 2025H2 Project Goals cycle announced—goals running September–December on shifted schedule.

June 25 — NSA and CISA publish joint guidance recommending adoption of memory-safe languages.

June 26 — Rust 1.88.0 released with let chains (2024 Edition), naked functions (#[naked]) for interrupt handlers, and Cargo garbage collection.

July 11 — crates.io enables Trusted Publishing via OIDC—secure CI/CD without long-lived tokens.

July 15 — DARPA TRACTOR awards $5M for automated C-to-Rust translation using LLMs and formal methods.

July 21 — rustwasm GitHub org sunset announced; wasm-bindgen transfers to new maintainers.

August 7 — Rust 1.89.0 released with const generic _ inference, file locking APIs, and Result::flatten.

August 19 — x86_64-apple-darwin demoted to Tier 2 after GitHub discontinued free macOS x86_64 CI runners.

August 20 — Rust Project Directors election process announced.

August 27-30 — Rust Forge 2025 (Wellington).

September 1 — LLD linker announced as default for x86_64 Linux starting in Rust 1.90.0—benchmarks show up to 40% faster incremental builds for projects like ripgrep.

September 2 — Microsoft announces Rust support for Windows kernel drivers with cargo-wdk and windows-drivers-rs.

September 2 — Ubuntu confirms sudo-rs default for Questing Quokka.

September 2-5 — RustConf 2025 in Seattle.

September 3 — Rust Innovation Lab launched with Rustls as inaugural project.

September 10 — Compiler performance survey results published.

September 12 — crates.io phishing campaign disclosed—fake "rustfoundation.dev" domain targeting crate publishers.

September 18 — Rust 1.90.0 released with LLD default on Linux and workspace publishing (cargo publish --workspace).

September 24 — Malicious crates faster_log and async_println removed—8,400+ downloads, typosquatting for cryptocurrency key theft.

September 30 — Bevy 0.17 released with Solari ray-traced lighting, Feathers UI widgets, and observers event system.

October 9 — Ubuntu 25.10 Questing Quokka released with sudo-rs default.

October 9-10 — EuroRust 2025 in Paris.

October 15 — New Rust Project Directors announced.

October 16 — rust-lang/rust default branch rename plan announced (master → main).

October 16 — docs.rs changed default targets—now includes aarch64-apple-darwin and aarch64-unknown-linux-gnu by default, reflecting the ARM64 shift.

October 22 — Clippy feature freeze retrospective published: 795 rules, 40-60% performance improvements.

October 30 — Rust 1.91.0 released with aarch64-pc-windows-msvc promoted to Tier 1 (Windows ARM64) and 60 stabilized APIs.

November 2-4 — RustLab 2025 in Florence.

November 4 — Rust Foundation Maintainers Fund announced. The initial announcement was short on details—fund size, award amounts, and eligibility criteria to be disclosed later.

November 10 — Rust 1.91.1 point release. rust-lang/rust default branch renamed to main.

November 13 — Google publishes Rust in Android security update: ~1000x lower memory-safety vulnerability density vs C/C++, 4x lower rollback rate, 25% less code review time. Android's 6.12 kernel shipped Google's first production Rust driver.

November 17 — 2025 State of Rust Survey launched.

December 2 — Project Director Update—catch-up edition covering July/August/October Foundation board meeting highlights (Trusted Publishing launch, Innovation Lab approval, C++ interop papers, Maintainer Fund development); also noted two phishing and one malware attack prevented, and work starting to surface vulnerabilities on crates.io.

December 3 — Malicious crates evm-units and uniswap-utils removed—14,600+ downloads, OS-specific payloads. Security analysis reveals Qihoo 360 antivirus evasion checks.

December 5 — Malicious crates finch-rust and sha-rust removed—typosquatting and exfiltration.

December 5 — Linux musl targets updating to musl 1.2.5 announced for Rust 1.93 (January 2026)—breaking change may surface as linker errors for stale dependencies.

December 8 — AWS announces Rust as default for data-plane projects at re:Invent.

December 11 — Rust 1.92.0 released with never type (!) lints deny-by-default, minimum external LLVM updated to 20, and unwind tables on Linux with panic=abort for better crash backtraces.

December 12-15 — Linux kernel declares Rust "no longer experimental" at Maintainer Summit in Tokyo. Miguel Ojeda: "The experiment is done, i.e., Rust is here to stay." See also: Phoronix coverage of Rust permanence in Linux, DevClass analysis of Linux Rust adoption.

December 19 — Rust Blog: "What do people love about Rust?"

December 24 — Microsoft Distinguished Engineer Galen Hunt announces a personal goal to eliminate all C/C++ by 2030 via AI-assisted translation at "1 engineer, 1 month, 1 million lines." He later clarified this is a research project, not an official company-wide plan.

April 11 — crates.io session cookie exposure. Session cookie values were inadvertently sent to Sentry; all sessions were invalidated and cookies were redacted. Full disclosure on the Rust Blog.

September 12 — crates.io phishing campaign. Attackers registered a fake "rustfoundation.dev" domain and sent phishing emails to crate publishers. Full disclosure on the Rust Blog.

September 24 — faster_log and async_println malware. Typosquatting crates accumulated 8,400+ downloads before detection. Payload targeted cryptocurrency wallet keys. Incident report on the Rust Blog.

December 3 — evm-units and uniswap-utils malware. Web3-themed crates with 14,600+ combined downloads delivered OS-specific payloads for Windows, Linux, and macOS. The malware checked for Qihoo 360 antivirus to evade detection in certain regions. Incident report on the Rust Blog.

December 5 — finch-rust and sha-rust malware. Typosquatting crates exfiltrated environment variables and credentials. Incident report on the Rust Blog.

The supply chain attacks prompted accelerated security work. Key mitigations deployed:

The integration of Rust into the Linux kernel faced significant community friction in early 2025, culminating in two high-profile resignations—before ultimately achieving official permanence by year's end.

August 2024 — Wedson Almeida Filho resigns. The Microsoft engineer and Rust-for-Linux co-maintainer stepped down citing "nontechnical nonsense": "After almost 4 years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it's best to leave it up to those who still have it in them."

January 10, 2025 — Christoph Hellwig blocks Rust DMA patch. The kernel DMA maintainer rejected the Rust DMA coherent allocator abstraction: "Don't force me to deal with your shiny language of the day. Maintaining multi-language projects is a pain I have no interest in dealing with."

February 5, 2025 — Hellwig's "cancer" comment. As the dispute continued, Hellwig compared cross-language codebases to cancer: "If you want to make Linux impossible to maintain due to a cross-language codebase, do that in your driver so that you have to do it instead of spreading this cancer to core subsystems." He clarified the comment targeted cross-language complexity, not Rust itself.

February 6, 2025 — Martin appeals to Torvalds. Hector Martin posted on the kernel mailing list: "If shaming on social media does not work, then tell me what does, because I'm out of ideas."

February 6, 2025 — Torvalds rebukes Martin. Linus Torvalds responded sharply: "How about you accept the fact that maybe the problem is you. You think you know better. But the current process works. It has problems, but problems are a fact of life... social media brigading just makes me not want to have anything at all to do with your approach."

February 7, 2025 — Martin resigns as kernel maintainer. Martin submitted a patch removing himself from MAINTAINERS: "I no longer have any faith left in the kernel development process or community management approach."

February 14, 2025 — Martin resigns from Asahi Linux. In a lengthy blog post, Martin announced his departure: "I consider Linus' handling of the integration of Rust into Linux a major failure of leadership." His Mastodon account went offline shortly after. The project transitioned to a seven-person board. See also: Tedium's analysis of the deeper tensions.

December 12-15, 2025 — Rust declared "no longer experimental." At the Linux Kernel Maintainer Summit in Tokyo, developers reached consensus that Rust is now a core part of the kernel. Miguel Ojeda, lead maintainer for Rust-for-Linux: "The experiment is done, i.e., Rust is here to stay."

Despite the February drama, Rust's position in the kernel strengthened throughout the year, with the December declaration marking official permanence.

Rust 1.84.0 (January 9) — MSRV-aware Cargo, trait solver, WASI changes

Rust 1.85.0 (February 20) — Rust 2024 Edition, async closures

Rust 1.86.0 (April 3) — Trait upcasting, get_disjoint_mut

Rust 1.87.0 (May 15) — 10th Anniversary, safe intrinsics

Rust 1.88.0 (June 26) — Let chains, naked functions, Cargo GC

Rust 1.89.0 (August 7) — Const generic inference, file locking

Rust 1.90.0 (September 18) — LLD default on Linux, workspace publishing

Rust 1.91.0 (October 30) — Windows ARM64 Tier 1, 60 APIs

Rust 1.92.0 (December 11) — Never type lints, unwind tables on Linux

45% report non-trivial organizational Rust use — 7 percentage point increase from 2023, per the 2024 State of Rust Survey.

2.27 million developers used Rust over the past 12 months, with 709,000 identifying it as their primary language, per JetBrains.

72% admiration rate — Rust has been Stack Overflow's "most admired" language every year since 1.0 in 2015, though down from 83% in 2024 (a sign of mainstream adoption friction), per the 2025 survey.

TIOBE Index: #13 — Rust reached its all-time high position of #13 in January 2026.

216,000+ crates on crates.io, having served 559 million downloads in a single day (as of January 2026).

Microsoft: "Year of Rust." Win32k graphics code being ported to Rust, with GDI region code already shipping. SymCrypt cryptographic library rewrite in progress with formal verification. Hyperlight VM startup in 1–2ms. A Distinguished Engineer set a personal goal to eliminate all C/C++ by 2030—a research project, not official company policy.

Google: ~1000x lower vulnerability density. Android's Rust code shows ~1000x lower memory-safety vulnerability density than its C/C++ code, with 4x lower rollback rates and 25% less code review time. Android's 6.12 kernel shipped Google's first production Rust driver.

AWS: Rust as default for data-plane projects. At re:Invent, AWS engineers discussed significant performance improvements from Rust migrations.

Linux Kernel: Rust "no longer experimental." At the December 2025 Maintainer Summit, developers concluded "the experiment is done, Rust is here to stay."

Ubuntu: sudo-rs default in 25.10. Questing Quokka released with the memory-safe sudo replacement as default.

Cloudflare: Pingora. Their Rust-based proxy framework open-sourced on GitHub.

When: Now. Edition stable since February 2025.

Context: The Rust 2024 Edition brings async closures, improved lifetime capture for impl Trait, unsafe_op_in_unsafe_fn warnings, and Cargo Resolver v3. Crates compile across editions—migration is low-risk.

Action: Run cargo fix --edition to migrate. Update Cargo.toml to edition = "2024". Test async code for lifetime capture behavior changes.

When: Now. Trusted Publishing available since July 2025.

Context: Three malware incidents plus a phishing campaign hit crates.io in 2025, including typosquatting and Web3-themed packages. Rust's memory safety doesn't protect against supply chain attacks—the ecosystem is now a high-value target.

Action: Enable Trusted Publishing for all crates (OIDC from CI, no long-lived tokens). Audit dependencies with cargo audit and cargo vet. Pin versions with checksums in Cargo.lock. Review crate publishers before adding dependencies.

When: Experimental deployment expected 2026.

Context: The Rust Foundation's 2025 review notes consensus on adopting TUF for Rust releases and crates.io, with an experimental out-of-tree deployment starting in 2026. TUF provides cryptographic verification of package integrity and protects against various supply chain attacks including compromised mirrors and rollback attacks.

Action: Monitor Foundation announcements for TUF rollout timeline. For high-security environments, evaluate signing and verification requirements now.

When: Ongoing. Foundation interop initiative active since 2025.

Context: The Rust Foundation joined WG21 (C++ standards committee) and is authoring/co-authoring proposals for safer interop. Key development: BorrowSanitizer funding to detect memory-safety violations at unsafe Rust/C++ boundaries—critical for incremental adoption in existing C++ codebases.

Action: For teams mixing Rust and C++ code: monitor BorrowSanitizer development for integration into CI pipelines. Track cxx and bindgen updates for interop ergonomics.

When: January 2026. Rust 1.93 (scheduled January 22, 2026).

Context: Linux musl targets updating to musl 1.2.5 includes resolver fixes but introduces a breaking change that can surface as linker errors (often undefined reference to open64) for projects with stale transitive dependencies.

Action: Before upgrading to Rust 1.93: run cargo update to refresh dependencies. If you encounter linker errors, check for crates with outdated C library assumptions. Alpine Linux and other musl-based systems are most affected.

When: Ongoing.

Context: Rust is no longer experimental in the kernel. Android's 6.12 kernel shipped Google's first production Rust driver. The first CVE assigned to Rust code in the kernel (CVE-2025-68260) fixed a race condition in rust_binder that could lead to crashes (DoS). (Phoronix coverage)

Action: For kernel driver development: monitor Rust-for-Linux for stable APIs. Expect Rust-capable toolchain requirements in kernel builds.

When: Now. Default on x86_64 Linux since Rust 1.90.0 (September 2025).

Context: LLD is significantly faster than GNU ld. Benchmarks show up to 40% faster incremental builds and ~20% faster full debug builds. Critical for browser engines, kernel development, and large monorepos.

Action: Verify builds work with LLD. For other platforms, enable manually with -C link-arg=-fuse-ld=lld or [target.*.linker] in config.

When: Now. Tier 1 since Rust 1.91.0 (October 2025).

Context: aarch64-pc-windows-msvc promotion guarantees Rust's full test suite runs on Windows ARM. ARM-based Surface devices and broader industry shift make this production-ready.

Action: Test Windows ARM64 builds for cross-platform applications. Update CI matrices to include ARM64 Windows targets.

When: Evaluate in 2026. async-std discontinued March 2025.

Context: Tokio dominates the async runtime landscape. smol recommended for async-std users. Axum 0.8 removed the async_trait requirement. New ORMs: Toasty (Tokio team), Diesel 2.3 (security reviewed).

Action: Migrate from async-std to Tokio or smol. Evaluate Axum 0.8+ for web services. Plan for TokioConf 2026 (April, Portland).

When: Now. wasm32-wasi removed in Rust 1.84.0 (January 2025).

Context: WASI targets split into wasm32-wasip1 (Tier 2) and wasm32-wasip2 (Tier 3). WASIp3 with native async support in development. wasm-bindgen transferred to new maintainers.

Action: Update target triples from wasm32-wasi to wasm32-wasip1. Monitor WASIp3 for async workloads.

When: Now. esp-hal 1.0.0-beta.0 released February 2025.

Context: First vendor-backed embedded Rust SDK (Espressif). Embassy runs on stable Rust (MSRV 1.75) with HALs for 1400+ STM32 chips, Nordic nRF, RP2040/RP23xx. embedded-hal 1.0 stable.

Action: Evaluate esp-hal for ESP32 projects. Consider Embassy for async embedded. Expect more vendor investment in Rust embedded toolchains.

When: Ongoing. Consortium active since 2024.

Context: The Safety-Critical Rust Consortium continues work on tooling and processes for Rust in IEC 61508 (functional safety), ISO 26262 (automotive), and DO-178C (aviation) environments. Ferrocene—the first qualified Rust toolchain—donated its Language Specification to the Rust Project in March 2025.

Action: For safety-critical domains: monitor Consortium announcements. Evaluate Ferrocene for projects requiring qualified toolchains. Track language specification work (RFC 3355) for compliance documentation.

When: More details expected Q1 2026.

Context: The December 2025 Project Director Update notes a member-company listening session on the Foundation's training course and accreditation program, with more to come in Q1 2026. This addresses employer demand for verifiable Rust competency.

Action: Track Foundation announcements for training program details. Organizations hiring Rust developers: evaluate accreditation as a hiring signal once available.

When: Critical in 2026. Maintainers Fund announced November 2025.

Context: Many Rust contributors are paid by employers to work on Rust full-time. The "tragedy of the commons" in open source intensifies as Rust becomes critical infrastructure.

Action: Organizations using Rust commercially: consider Rust Foundation membership or direct contributor sponsorship via GitHub Sponsors for Rust contributors.

When: Draft slate January, RFC March, announce April 2026.

Context: The Goals team formalized the shift to annual goals with quarterly check-ins. This replaces the six-month cycle and provides clearer planning for contributors and consumers.

Action: If you have a proposal for the 2026 cycle, reach out to the Goals team by January. Track the RFC in March for what the project will prioritize.

When: September 8-11, 2026.

Context: RustConf 2026 in Montreal. First conference in Canada.

Action: Track CFP announcements for submission deadlines.