1.9.12 Enterprise (August 13, 2025)

SECURITY:

• build: Update Go to 1.24.3 to address CVE-2025-47906 [GH-26451]

BUG FIXES:

• alloc exec: Fixed executor panic when exec-ing a rootless raw_exec task [GH-26401]
• client: run all allocrunner postrun (cleanup) hooks, even if any of them error [GH-26271]
• consul: Add AllocIPv6 option to allow IPv6 address being used for service registration [GH-25632]
• jobspec: Validate required hook field in lifecycle block [GH-26285]
• reporting (Enterprise): Fixed a bug where older servers could panic if the leader upgrades to version with offline reporting
• services: Fixed a bug where Nomad services were deleted if a node missed heartbeats and recovered before allocs were migrated [GH-26424]

1.8.16 Enterprise (August 13, 2025)

SECURITY:

• build: Update Go to 1.24.3 to address CVE-2025-47906 [GH-26451]

BUG FIXES:

• client: run all allocrunner postrun (cleanup) hooks, even if any of them error [GH-26271]
• jobspec: Validate required hook field in lifecycle block [GH-26285]
• reporting (Enterprise): Fixed a bug where older servers could panic if the leader upgrades to version with offline reporting
• services: Fixed a bug where Nomad services were deleted if a node missed heartbeats and recovered before allocs were migrated [GH-26424]

1.10.4 (August 13, 2025)

SECURITY:

• build: Update Go to 1.24.3 to address CVE-2025-47906 [GH-26451]

IMPROVEMENTS:

• cli: Added monitor export cli command to retrieve journald logs or the contents of the Nomad log file for a given Nomad agent [GH-26178]
• command: Add historical log capture to nomad operator debug command with -log-lookback and -log-file-export flags [GH-26410]
• metrics: Added node_pool label to blocked_evals metrics [GH-26215]
• sentinel (Enterprise): Added policy scope for csi-volumes [GH-26438]

BUG FIXES:

• alloc exec: Fixed executor panic when exec-ing a rootless raw_exec task [GH-26401]
• cli: Fixed a bug where acl policy self command would output all policies when used with a management token [GH-26396]
• client: run all allocrunner postrun (cleanup) hooks, even if any of them error [GH-26271]
• consul: Add AllocIPv6 option to allow IPv6 address being used for service registration [GH-25632]
• jobspec: Validate required hook field in lifecycle block [GH-26285]
• services: Fixed a bug where Nomad services were deleted if a node missed heartbeats and recovered before allocs were migrated [GH-26424]

1.10.3 (July 08, 2025)

IMPROVEMENTS:

• consul: Added kind field to service block for Consul service registrations [GH-26170]
• docker: Added support for cgroup namespaces in the task config [GH-25927]
• task environment: new NOMAD_UNIX_ADDR env var points to the task API unix socket, for use with workload identity [GH-25598]

BUG FIXES:

• agent: Fixed a bug to prevent a possible panic during graceful shutdown [GH-26018]
• agent: Fixed a bug to prevent panic during graceful server shutdown [GH-26171]
• agent: Fixed bug where agent would exit early from graceful shutdown when managed by systemd [GH-26023]
• cli: Fix panic when restarting stopped job with no scaling policies [GH-26131]
• cli: Fixed a bug in the tls cert create command that always added "<role>.global.nomad"` to the certificate DNS names, even when the specified region was not "global"`. [GH-26086]
• cli: Fixed a bug where the acl token self command only performed lookups for tokens set as environment variables and not by the -token flag. [GH-26183]
• client: Attempt to rollback directory creation when the mkdir plugin fails to perform ownership changes on it [GH-26194]
• client: Fixed bug where drained batch jobs would not be rescheduled if no eligible nodes were immediately available [GH-26025]
• docker: Fixed a bug where very low resources.cpu values could generate invalid cpu weights on hosts with very large client.cpu_total_compute values [GH-26081]
• host volumes: Fixed a bug where volumes with server-terminal allocations could be deleted from clients but not the state store [GH-26213]
• tls: Fixed a bug where reloading the Nomad server process with an updated tls.verify_server_hostname configuration parameter would not apply an update to internal RPC handler verification and require a full server restart [GH-26107]
• vault: Fixed a bug where non-periodic tokens would not have their TTL incremented to the lease duration [GH-26041]

1.9.11 Enterprise (July 8, 2025)

BUG FIXES:

• agent: Fixed a bug to prevent a possible panic during graceful shutdown [GH-26018]
• agent: Fixed a bug to prevent panic during graceful server shutdown [GH-26171]
• agent: Fixed bug where agent would exit early from graceful shutdown when managed by systemd [GH-26023]
• cli: Fixed a bug in the tls cert create command that always added "<role>.global.nomad"` to the certificate DNS names, even when the specified region was not "global"`. [GH-26086]
• client: Fixed bug where drained batch jobs would not be rescheduled if no eligible nodes were immediately available [GH-26025]
• docker: Fixed a bug where very low resources.cpu values could generate invalid cpu weights on hosts with very large client.cpu_total_compute values [GH-26081]
• tls: Fixed a bug where reloading the Nomad server process with an updated tls.verify_server_hostname configuration parameter would not apply an update to internal RPC handler verification and require a full server restart [GH-26107]
• vault: Fixed a bug where non-periodic tokens would not have their TTL incremented to the lease duration [GH-26041]

1.8.15 Enterprise (July 8, 2025)

BUG FIXES:

• agent: Fixed a bug to prevent a possible panic during graceful shutdown [GH-26018]
• agent: Fixed a bug to prevent panic during graceful server shutdown [GH-26171]
• agent: Fixed bug where agent would exit early from graceful shutdown when managed by systemd [GH-26023]
• cli: Fixed a bug in the tls cert create command that always added "<role>.global.nomad"` to the certificate DNS names, even when the specified region was not "global"`. [GH-26086]
• client: Fixed bug where drained batch jobs would not be rescheduled if no eligible nodes were immediately available [GH-26025]
• docker: Fixed a bug where very low resources.cpu values could generate invalid cpu weights on hosts with very large client.cpu_total_compute values [GH-26081]
• encrypter: Fixes a bug where waiting for the active keyset wouldn't return correctly
• tls: Fixed a bug where reloading the Nomad server process with an updated tls.verify_server_hostname configuration parameter would not apply an update to internal RPC handler verification and require a full server restart [GH-26107]
• vault: Fixed a bug where non-periodic tokens would not have their TTL incremented to the lease duration [GH-26041]

1.9.10 Enterprise (June 10, 2025)

BREAKING CHANGES:

• template: Support for the following non-hermetic sprig functions has been removed: sprig_date, sprig_dateInZone, sprig_dateModify, sprig_htmlDate, sprig_htmlDateInZone, sprig_dateInZone, sprig_dateModify, sprig_randAlphaNum, sprig_randAlpha, sprig_randAscii, sprig_randNumeric, sprig_randBytes, sprig_uuidv4, sprig_env, sprig_expandenv, and sprig_getHostByName. [GH-25998]

SECURITY:

• identity: Fixed bug where workflow identity policies are matched by job ID prefix (CVE-2025-4922) [GH-25869]
• template: Bump the consul-template version to resolve CVE-2025-27144, CVE-2025-22869, CVE-2025-22870 and CVE-2025-22872. [GH-25998]
• template: Removed support to the non-hermetic sprig_env, sprig_expandenv, and sprig_getHostByName sprig functions to prevent potential leakage of environment or network information, since they can allow reading environment variables or resolving domain names to IP addresses. [GH-25998]

IMPROVEMENTS:

• reporting (Enterprise): Added support for offline utilization reporting [GH-25844]

BUG FIXES:

• client: Fixed a bug where disconnect.stop_on_client_after timeouts were extended or ignored [GH-25946]
• csi: Fixed -secret values not being sent with the nomad volume snapshot delete command [GH-26022]
• disconnect: Fixed a bug where pending evals for reconnected allocs were not cancelled [GH-25923]
• driver: Allow resources.cpu values above the maximum cpu.share value on Linux [GH-25963]
• job: Ensure sidecar task volume_mounts are added to planning diff object [GH-25878]
• reconnecting client: fix issue where reconcile strategy was sometimes ignored [GH-25799]
• scaling: Set the scaling policies to disabled when a job is stopped [GH-25911]
• scheduler: Fixed a bug where a node with no affinity could be selected over a node with low affinity [GH-25800]
• scheduler: Fixed a bug where planning or running a system job with constraints & previously running allocations would return a failed allocation error [GH-25850]
• telemetry: Fix excess CPU consumption from alloc stats collection [GH-25870]
• telemetry: Fixed a bug where alloc stats were still collected (but not published) if telemetry.publish_allocation_metrics=false. [GH-25870]
• vault: Fixed a bug where poststop tasks could not obtain Vault tokens after the main task failed

1.8.14 Enterprise (June 10, 2025)

BREAKING CHANGES:

• template: Support for the following non-hermetic sprig functions has been removed: sprig_date, sprig_dateInZone, sprig_dateModify, sprig_htmlDate, sprig_htmlDateInZone, sprig_dateInZone, sprig_dateModify, sprig_randAlphaNum, sprig_randAlpha, sprig_randAscii, sprig_randNumeric, sprig_randBytes, sprig_uuidv4, sprig_env, sprig_expandenv, and sprig_getHostByName. [GH-25998]

SECURITY:

• identity: Fixed bug where workflow identity policies are matched by job ID prefix (CVE-2025-4922) [GH-25869]
• template: Bump the consul-template version to resolve CVE-2025-27144, CVE-2025-22869, CVE-2025-22870 and CVE-2025-22872. [GH-25998]
• template: Removed support to the non-hermetic sprig_env, sprig_expandenv, and sprig_getHostByName sprig functions to prevent potential leakage of environment or network information, since they can allow reading environment variables or resolving domain names to IP addresses. [GH-25998]

IMPROVEMENTS:

• reporting (Enterprise): Added support for offline utilization reporting [GH-25844]

BUG FIXES:

• client: Fixed a bug where disconnect.stop_on_client_after timeouts were extended or ignored [GH-25946]
• csi: Fixed -secret values not being sent with the nomad volume snapshot delete command [GH-26022]
• disconnect: Fixed a bug where pending evals for reconnected allocs were not cancelled [GH-25923]
• driver: Allow resources.cpu values above the maximum cpu.share value on Linux [GH-25963]
• job: Ensure sidecar task volume_mounts are added to planning diff object [GH-25878]
• reconnecting client: fix issue where reconcile strategy was sometimes ignored [GH-25799]
• scaling: Set the scaling policies to disabled when a job is stopped [GH-25911]
• scheduler: Fixed a bug where a node with no affinity could be selected over a node with low affinity [GH-25800]
• scheduler: Fixed a bug where planning or running a system job with constraints & previously running allocations would return a failed allocation error [GH-25850]
• telemetry: Fix excess CPU consumption from alloc stats collection [GH-25870]
• telemetry: Fixed a bug where alloc stats were still collected (but not published) if telemetry.publish_allocation_metrics=false. [GH-25870]
• vault: Fixed a bug where poststop tasks could not obtain Vault tokens after the main task failed

1.10.2 (June 09, 2025)

BREAKING CHANGES:

• template: Support for the following non-hermetic sprig functions has been removed: sprig_date, sprig_dateInZone, sprig_dateModify, sprig_htmlDate, sprig_htmlDateInZone, sprig_dateInZone, sprig_dateModify, sprig_randAlphaNum, sprig_randAlpha, sprig_randAscii, sprig_randNumeric, sprig_randBytes, sprig_uuidv4, sprig_env, sprig_expandenv, and sprig_getHostByName. [GH-25998]

SECURITY:

• identity: Fixed bug where workflow identity policies are matched by job ID prefix (CVE-2025-4922) [GH-25869]
• template: Bump the consul-template version to resolve CVE-2025-27144, CVE-2025-22869, CVE-2025-22870 and CVE-2025-22872. [GH-25998]
• template: Removed support to the non-hermetic sprig_env, sprig_expandenv, and sprig_getHostByName sprig functions to prevent potential leakage of environment or network information, since they can allow reading environment variables or resolving domain names to IP addresses. [GH-25998]

IMPROVEMENTS:

• cli: Added job start command to allow starting a stopped job from the cli [GH-24150]
• client: Add gc_volumes_on_node_gc configuration to delete host volumes when nodes are garbage collected [GH-25903]
• client: add ability to set maximum allocation count by adding node_max_allocs to client configuration [GH-25785]
• host volumes: Add -force flag to volume delete command for removing volumes from GC'd nodes [GH-25902]
• identity: Allow ACL policies to be applied to a namespace [GH-25871]
• ipv6: bind and advertise addresses are now made to adhere to RFC-5942 §4 (reference: https://www.rfc-editor.org/rfc/rfc5952.html#section-4) [GH-25921]
• reporting (Enterprise): Added support for offline utilization reporting [GH-25844]
• template: adds ability to specify once mode for job templates [GH-25922]
• wi: new API endpoint for listing workload-attached ACL policies [GH-25588]

BUG FIXES:

• api: Fixed pagination bug which could result in duplicate results [GH-25792]
• client: Fixed a bug where disconnect.stop_on_client_after timeouts were extended or ignored [GH-25946]
• csi: Fixed -secret values not being sent with the nomad volume snapshot delete command [GH-26022]
• disconnect: Fixed a bug where pending evals for reconnected allocs were not cancelled [GH-25923]
• driver: Allow resources.cpu values above the maximum cpu.share value on Linux [GH-25963]
• job: Ensure sidecar task volume_mounts are added to planning diff object [GH-25878]
• reconnecting client: fix issue where reconcile strategy was sometimes ignored [GH-25799]
• scaling: Set the scaling policies to disabled when a job is stopped [GH-25911]
• scheduler: Fixed a bug where a node with no affinity could be selected over a node with low affinity [GH-25800]
• scheduler: Fixed a bug where planning or running a system job with constraints & previously running allocations would return a failed allocation error [GH-25850]
• telemetry: Fix excess CPU consumption from alloc stats collection [GH-25870]
• telemetry: Fixed a bug where alloc stats were still collected (but not published) if telemetry.publish_allocation_metrics=false. [GH-25870]
• ui: Fix incorrect calculation of permissions when ACLs are disabled which meant actions such as client drains were incorrectly blocked [GH-25881]

1.10.1 (May 13, 2025)

BREAKING CHANGES:

• api: The non-functional option -peer-address has been removed from the operator raft remove-peer command and equivalent API [GH-25599]
• core: Errors encountered when reloading agent configuration will now cause agents to exit. Before configuration errors during reloads were only logged. This could lead to agents running but unable to communicate [GH-25721]

SECURITY:

• build: Update Go to 1.24.3 to address CVE-2025-22873 [GH-25818]

IMPROVEMENTS:

• command: added priority flag to job dispatch command [GH-25622]

BUG FIXES:

• agent: Fixed a bug where reloading the agent with systemd notification enabled would cause the agent to be killed by system [GH-25636]
• cli: Respect NOMAD_REGION environment variable in operator debug command [GH-25716]
• client: fix failure cleaning up namespace on batch jobs [GH-25714]
• docker: Fix missing stats for rss, cache and swap memory for cgroups v1 [GH-25741]
• encrypter: Refactor startup decryption task handling to avoid timing problems with task addition on FSM restore [GH-25795]
• java: Fixed a bug where the default task user was set to 'nobody' on Windows [GH-25648]
• metrics: Fixed a bug where RSS and cache stats would not be reported for docker, exec, and java drivers under Linux cgroups v2 [GH-25751]
• scheduler: Fixed a bug in accounting for resources.cores that could prevent placements on nodes with available cores [GH-25705]
• scheduler: Fixed a bug where draining a node with canaries could result in a stuck deployment [GH-25726]
• scheduler: Fixed a bug where updating the rescheduler tracker could corrupt the state store [GH-25698]
• scheduler: Use core ID when selecting cores. This fixes a panic in the scheduler when the reservable_cores is not a contiguous list of core IDs. [GH-25340]
• server: Added a new server configuration option named start_timeout with a default value of 30s. This duration is used to monitor the server setup and startup processes which must complete before it is considered healthy, such as keyring decryption. If these processes do not complete before the timeout is reached, the server process will exit. [GH-25803]
• ui: Fixed a bug where the job list page incorrectly calculated if a job had paused tasks. [GH-25742]