dev

Do not panic on host calls when CM concurrency support is disabled (#…

v42.0.0: Release Wasmtime 42.0.0 (#12627)

42.0.0

Released 2026-02-20.

Added

• Cranelift now supports bitwise operations on floats on aarch64.
  #12326

• Cranelift now supports NaN canonicalization of f16 and f128.
  #12337

• Wasmtime has gained minimal support to implement fixed-length lists in the
  component model being communicated between composed components.
  #10619

• Wasmtime's Error and Result types are now built-in to the wasmtime crate
  and are no longer defined by the anyhow crate. Wasmtime exports a
  mostly-compatible anyhow-like API at wasmtime::error which is used
  instead. Wasmtime's own Error handles OOM internally and is foundational
  part of Wasmtime's work-in-progress support to gracefully handle OOM.
  #12309

• Wasmtime now exports an extension trait to convert anyhow::Result<T> into
  wasmtime::Result<T>.
  #12255

• Wasmtime supports a new bindgen! option to generate bindings specifically
  with anyhow::Result instead of wasmtime::Result.
  #12331

• The Nvidia-Cuda execution provider is now supported for the wasi-nn onnx
  backend.
  #12044

• Non-exported and private entities can now be accessed through the debugger
  API.
  #12367

• A new Store::try_new API has been added which handles OOM.
  #12415

• Initial configuration knobs for record-and-replay support have been added.
  #12375

• Cranelift's s390x backend now has support for instructions added in z17.
  #12319

• Wasmtime's implementation of fibers can now be compiled on riscv32imac
  platforms.
  #12506

• Wasmtime's implementation of WASI now correctly limits resource consumption on
  behalf of the guest, such as host-allocated memory, by default. This means
  that some behaviors previously allowed by Wasmtime are now disallowed by
  default if they rely on transferring a large amount of data from the guest to
  the host. Additionally calls to wasi:random/random.get-random-bytes, for
  example, now have limits in place by default to avoid allocating too much
  memory on the host. For more information on this see the related security
  advisory with further details on knobs added and what behaviors are now
  restricted by default.
  GHSA-852m-cvvp-9p4w

Changed

• Reentrance rules for WebAssembly components have changed in accordance with
  upstream specification changes. Embeddings are not expected to be affected,
  but please reach out if you find problems.
  #12349

• Wasmtime's Config::async_support option is now removed and no longer
  necessary. Embeddings can likely just remove turning this on and everything
  should keep working like normal.
  #12371

• Wasmtime now supports Config::concurrency_support as a knob to enable or
  disable *_concurrent APIs at runtime when the component-model-async crate
  feature is enabled.
  #12416

• The post_return-style functions in Wasmtime's API are now noops and will be
  removed in the future.
  #12498

• Translation of global.get of a defined, immutable global is now turned into
  a CLIF constant.
  #12234

• The wasmtime-wasi-nn crate's dependency on ort has been updated.
  #12162

• Error bounds requiring using hyper::Error in wasmtime-wasi-http have been
  relaxed to taking E: Into<ErrorCode> instead.
  #12227

• The cranelift-assembler-x64, and cranelift-isle crates now supports
  no_std targets. The cranelift-codegen crate now mostly supports no_std,
  but not entirely.
  #12222
  #12235
  #12236

• Android release binaries are now compiled with a larger page size configured.
  #12246

• Implicit binds are now allowed for WASIp3 sockets.
  #12225

• Wasmtime's implementation of component-model-async now correctly checks for
  whether tasks are allowed to block in all guest-to-guest situations.
  #12282

• The wasmtime-wasi-tls crate now has an OpenSSL backend.
  #12228

• Wasmtime's OutOfMemory error now keeps track of the attempted allocation
  size that failed.
  #12351

• Wasmtime's *_unchecked functions now work with MaybeUninit<ValRaw> instead
  of ValRaw directly.
  #12366

• Wasmtime now requires Rust 1.91.0 to compile.
  #12392

• Wasmtime's management of component-model-async tasks is now consistently done
  in all boundaries between guest/host tasks.
  #12379

Fixed

• The HeapType::matches implementation for NoExn has been fixed.
  #12350

• Enum discriminant validation for composed components has been fixed.
  #12356

• Shifts in some situations on aarch64 with Winch have been fixed.
  #12501

• Debug value locations around cold blocks have been improved.
  #12484

• Panics when adding too many headers to a wasi:http/types.fields has been
  resolved
  GHSA-243v-98vx-264h

v41.0.4: Release Wasmtime 41.0.4 (#12654)

41.0.4

Released 2026-02-24.

Changed

• Wasmtime's implementation of WASI now has the ability to limit resource
  consumption on behalf of the guest, such as host-allocated memory. This means
  that some behaviors previously allowed by Wasmtime can now disallowed, such as
  transferring excessive data from the guest to the host. Additionally calls to
  wasi:random/random.get-random-bytes, for example, can have limits in place
  to avoid allocating too much memory on the host. To preserve
  backwards-compatible behavior these limits are NOT set by default. Embedders
  must opt-in to configuring these knobs as appropriate for their embeddings.
  For more information on this see the related security advisory with further
  details on knobs added and what behaviors can be restricted.
  GHSA-852m-cvvp-9p4w

Fixed

• Panics when adding too many headers to a wasi:http/types.fields has been
  resolved
  GHSA-243v-98vx-264h

• Panic when dropping a [Typed]Func::call_async future.
  GHSA-xjhv-v822-pf94

v40.0.4: Release Wasmtime 40.0.4 (#12655)

40.0.4

Released 2026-02-24.

Changed

• Wasmtime's implementation of WASI now has the ability to limit resource
  consumption on behalf of the guest, such as host-allocated memory. This means
  that some behaviors previously allowed by Wasmtime can now disallowed, such as
  transferring excessive data from the guest to the host. Additionally calls to
  wasi:random/random.get-random-bytes, for example, can have limits in place
  to avoid allocating too much memory on the host. To preserve
  backwards-compatible behavior these limits are NOT set by default. Embedders
  must opt-in to configuring these knobs as appropriate for their embeddings.
  For more information on this see the related security advisory with further
  details on knobs added and what behaviors can be restricted.
  GHSA-852m-cvvp-9p4w

Fixed

• Panics when adding too many headers to a wasi:http/types.fields has been
  resolved
  GHSA-243v-98vx-264h

• Panic when dropping a [Typed]Func::call_async future.
  GHSA-xjhv-v822-pf94

v36.0.6: Release Wasmtime 36.0.6 (#12656)

36.0.6

Released 2026-02-24.

Changed

• Wasmtime's implementation of WASI now has the ability to limit resource
  consumption on behalf of the guest, such as host-allocated memory. This means
  that some behaviors previously allowed by Wasmtime can now disallowed, such as
  transferring excessive data from the guest to the host. Additionally calls to
  wasi:random/random.get-random-bytes, for example, can have limits in place
  to avoid allocating too much memory on the host. To preserve
  backwards-compatible behavior these limits are NOT set by default. Embedders
  must opt-in to configuring these knobs as appropriate for their embeddings.
  For more information on this see the related security advisory with further
  details on knobs added and what behaviors can be restricted.
  GHSA-852m-cvvp-9p4w

Fixed

• Panics when adding too many headers to a wasi:http/types.fields has been
  resolved
  GHSA-243v-98vx-264h

v24.0.6: Release Wasmtime 24.0.6 (#12653)

24.0.6

Released 2026-02-24.

Changed

• Wasmtime's implementation of WASI now has the ability to limit resource
  consumption on behalf of the guest, such as host-allocated memory. This means
  that some behaviors previously allowed by Wasmtime can now disallowed, such as
  transferring excessive data from the guest to the host. Additionally calls to
  wasi:random/random.get-random-bytes, for example, can have limits in place
  to avoid allocating too much memory on the host. To preserve
  backwards-compatible behavior these limits are NOT set by default. Embedders
  must opt-in to configuring these knobs as appropriate for their embeddings.
  For more information on this see the related security advisory with further
  details on knobs added and what behaviors can be restricted.
  GHSA-852m-cvvp-9p4w

Fixed

• Panics when adding too many headers to a wasi:http/types.fields has been
  resolved
  GHSA-243v-98vx-264h

v41.0.3: Release Wasmtime 41.0.3 (#12529)

41.0.3

Released 2026-02-04.

Fixed

• Fix an incorrect mid-end optimization rule that could cause a compiler panic
  due to mismatched types.
  #12504

v41.0.2: Release Wasmtime 41.0.2 (#12499)

41.0.2

Released 2026-02-03.

Fixed

• Reduce the dependencies of the wasmtime-internal-jit-icache-coherence crate.
  #12446

v41.0.1: Release Wasmtime 41.0.1 (#12434)

41.0.1

Released 2026-01-26.

Fixed

• Fixed a bug in lowering of f64.copysign on x86-64 whereby when combined
  with an f64.load, the resulting machine code could read 16 bytes rather
  than 8 bytes. This could result in a segfault when Wasmtime is configured
  without signals-based traps.

v40.0.3: Release Wasmtime 40.0.3 (#12433)

40.0.3

Released 2026-01-26.

Fixed

• Fixed a bug in lowering of f64.copysign on x86-64 whereby when combined
  with an f64.load, the resulting machine code could read 16 bytes rather
  than 8 bytes. This could result in a segfault when Wasmtime is configured
  without signals-based traps.