This release fixes a security bug in multi-user operation. It was possible for derivations to cause the mode of files outside of the Nix store to be changed to 444 (read-only but world-readable) by creating hard links to those files (details). There are also the following improvements: New built-in function: builtins.hashString. Build logs are now stored in /nix/var/log/nix/drvs/XX/, where XX is the first two characters of the derivation. This is useful on machines that keep a lot of build logs (such as Hydra servers). The function corepkgs/fetchurl can now make the downloaded file executable. This will allow getting rid of all bootstrap binaries in the Nixpkgs source tree. Language change: The expression "${./path} ..." now evaluates to a string instead of a path.