Releases: bytecodealliance/wasmtime
dev
Do not panic on host calls when CM concurrency support is disabled (#…
v42.0.0: Release Wasmtime 42.0.0 (#12627)
42.0.0
Released 2026-02-20.
Added
-
Cranelift now supports bitwise operations on floats on aarch64.
#12326 -
Cranelift now supports NaN canonicalization of f16 and f128.
#12337 -
Wasmtime has gained minimal support to implement fixed-length lists in the
component model being communicated between composed components.
#10619 -
Wasmtime's
ErrorandResulttypes are now built-in to thewasmtimecrate
and are no longer defined by theanyhowcrate. Wasmtime exports a
mostly-compatibleanyhow-like API atwasmtime::errorwhich is used
instead. Wasmtime's ownErrorhandles OOM internally and is foundational
part of Wasmtime's work-in-progress support to gracefully handle OOM.
#12309 -
Wasmtime now exports an extension trait to convert
anyhow::Result<T>into
wasmtime::Result<T>.
#12255 -
Wasmtime supports a new
bindgen!option to generate bindings specifically
withanyhow::Resultinstead ofwasmtime::Result.
#12331 -
The Nvidia-Cuda execution provider is now supported for the wasi-nn onnx
backend.
#12044 -
Non-exported and private entities can now be accessed through the debugger
API.
#12367 -
A new
Store::try_newAPI has been added which handles OOM.
#12415 -
Initial configuration knobs for record-and-replay support have been added.
#12375 -
Cranelift's s390x backend now has support for instructions added in z17.
#12319 -
Wasmtime's implementation of fibers can now be compiled on riscv32imac
platforms.
#12506 -
Wasmtime's implementation of WASI now correctly limits resource consumption on
behalf of the guest, such as host-allocated memory, by default. This means
that some behaviors previously allowed by Wasmtime are now disallowed by
default if they rely on transferring a large amount of data from the guest to
the host. Additionally calls towasi:random/random.get-random-bytes, for
example, now have limits in place by default to avoid allocating too much
memory on the host. For more information on this see the related security
advisory with further details on knobs added and what behaviors are now
restricted by default.
GHSA-852m-cvvp-9p4w
Changed
-
Reentrance rules for WebAssembly components have changed in accordance with
upstream specification changes. Embeddings are not expected to be affected,
but please reach out if you find problems.
#12349 -
Wasmtime's
Config::async_supportoption is now removed and no longer
necessary. Embeddings can likely just remove turning this on and everything
should keep working like normal.
#12371 -
Wasmtime now supports
Config::concurrency_supportas a knob to enable or
disable*_concurrentAPIs at runtime when thecomponent-model-asynccrate
feature is enabled.
#12416 -
The
post_return-style functions in Wasmtime's API are now noops and will be
removed in the future.
#12498 -
Translation of
global.getof a defined, immutable global is now turned into
a CLIF constant.
#12234 -
The
wasmtime-wasi-nncrate's dependency onorthas been updated.
#12162 -
Error bounds requiring using
hyper::Errorinwasmtime-wasi-httphave been
relaxed to takingE: Into<ErrorCode>instead.
#12227 -
The
cranelift-assembler-x64, andcranelift-islecrates now supports
no_std targets. Thecranelift-codegencrate now mostly supports no_std,
but not entirely.
#12222
#12235
#12236 -
Android release binaries are now compiled with a larger page size configured.
#12246 -
Implicit binds are now allowed for WASIp3 sockets.
#12225 -
Wasmtime's implementation of component-model-async now correctly checks for
whether tasks are allowed to block in all guest-to-guest situations.
#12282 -
The
wasmtime-wasi-tlscrate now has an OpenSSL backend.
#12228 -
Wasmtime's
OutOfMemoryerror now keeps track of the attempted allocation
size that failed.
#12351 -
Wasmtime's
*_uncheckedfunctions now work withMaybeUninit<ValRaw>instead
ofValRawdirectly.
#12366 -
Wasmtime now requires Rust 1.91.0 to compile.
#12392 -
Wasmtime's management of component-model-async tasks is now consistently done
in all boundaries between guest/host tasks.
#12379
Fixed
-
The
HeapType::matchesimplementation forNoExnhas been fixed.
#12350 -
Enum discriminant validation for composed components has been fixed.
#12356 -
Shifts in some situations on aarch64 with Winch have been fixed.
#12501 -
Debug value locations around cold blocks have been improved.
#12484 -
Panics when adding too many headers to a
wasi:http/types.fieldshas been
resolved
GHSA-243v-98vx-264h
v41.0.4: Release Wasmtime 41.0.4 (#12654)
41.0.4
Released 2026-02-24.
Changed
- Wasmtime's implementation of WASI now has the ability to limit resource
consumption on behalf of the guest, such as host-allocated memory. This means
that some behaviors previously allowed by Wasmtime can now disallowed, such as
transferring excessive data from the guest to the host. Additionally calls to
wasi:random/random.get-random-bytes, for example, can have limits in place
to avoid allocating too much memory on the host. To preserve
backwards-compatible behavior these limits are NOT set by default. Embedders
must opt-in to configuring these knobs as appropriate for their embeddings.
For more information on this see the related security advisory with further
details on knobs added and what behaviors can be restricted.
GHSA-852m-cvvp-9p4w
Fixed
-
Panics when adding too many headers to a
wasi:http/types.fieldshas been
resolved
GHSA-243v-98vx-264h -
Panic when dropping a
[Typed]Func::call_asyncfuture.
GHSA-xjhv-v822-pf94
v40.0.4: Release Wasmtime 40.0.4 (#12655)
40.0.4
Released 2026-02-24.
Changed
- Wasmtime's implementation of WASI now has the ability to limit resource
consumption on behalf of the guest, such as host-allocated memory. This means
that some behaviors previously allowed by Wasmtime can now disallowed, such as
transferring excessive data from the guest to the host. Additionally calls to
wasi:random/random.get-random-bytes, for example, can have limits in place
to avoid allocating too much memory on the host. To preserve
backwards-compatible behavior these limits are NOT set by default. Embedders
must opt-in to configuring these knobs as appropriate for their embeddings.
For more information on this see the related security advisory with further
details on knobs added and what behaviors can be restricted.
GHSA-852m-cvvp-9p4w
Fixed
-
Panics when adding too many headers to a
wasi:http/types.fieldshas been
resolved
GHSA-243v-98vx-264h -
Panic when dropping a
[Typed]Func::call_asyncfuture.
GHSA-xjhv-v822-pf94
v36.0.6: Release Wasmtime 36.0.6 (#12656)
36.0.6
Released 2026-02-24.
Changed
- Wasmtime's implementation of WASI now has the ability to limit resource
consumption on behalf of the guest, such as host-allocated memory. This means
that some behaviors previously allowed by Wasmtime can now disallowed, such as
transferring excessive data from the guest to the host. Additionally calls to
wasi:random/random.get-random-bytes, for example, can have limits in place
to avoid allocating too much memory on the host. To preserve
backwards-compatible behavior these limits are NOT set by default. Embedders
must opt-in to configuring these knobs as appropriate for their embeddings.
For more information on this see the related security advisory with further
details on knobs added and what behaviors can be restricted.
GHSA-852m-cvvp-9p4w
Fixed
- Panics when adding too many headers to a
wasi:http/types.fieldshas been
resolved
GHSA-243v-98vx-264h
v24.0.6: Release Wasmtime 24.0.6 (#12653)
24.0.6
Released 2026-02-24.
Changed
- Wasmtime's implementation of WASI now has the ability to limit resource
consumption on behalf of the guest, such as host-allocated memory. This means
that some behaviors previously allowed by Wasmtime can now disallowed, such as
transferring excessive data from the guest to the host. Additionally calls to
wasi:random/random.get-random-bytes, for example, can have limits in place
to avoid allocating too much memory on the host. To preserve
backwards-compatible behavior these limits are NOT set by default. Embedders
must opt-in to configuring these knobs as appropriate for their embeddings.
For more information on this see the related security advisory with further
details on knobs added and what behaviors can be restricted.
GHSA-852m-cvvp-9p4w
Fixed
- Panics when adding too many headers to a
wasi:http/types.fieldshas been
resolved
GHSA-243v-98vx-264h
v41.0.3: Release Wasmtime 41.0.3 (#12529)
41.0.3
Released 2026-02-04.
Fixed
- Fix an incorrect mid-end optimization rule that could cause a compiler panic
due to mismatched types.
#12504
v41.0.2: Release Wasmtime 41.0.2 (#12499)
41.0.2
Released 2026-02-03.
Fixed
- Reduce the dependencies of the
wasmtime-internal-jit-icache-coherencecrate.
#12446
v41.0.1: Release Wasmtime 41.0.1 (#12434)
41.0.1
Released 2026-01-26.
Fixed
- Fixed a bug in lowering of
f64.copysignon x86-64 whereby when combined
with anf64.load, the resulting machine code could read 16 bytes rather
than 8 bytes. This could result in a segfault when Wasmtime is configured
without signals-based traps.
v40.0.3: Release Wasmtime 40.0.3 (#12433)
40.0.3
Released 2026-01-26.
Fixed
- Fixed a bug in lowering of
f64.copysignon x86-64 whereby when combined
with anf64.load, the resulting machine code could read 16 bytes rather
than 8 bytes. This could result in a segfault when Wasmtime is configured
without signals-based traps.