event stream: fixes vulnerability CVE-2025-0937, where using a wildcard namespace to subscribe to the events API grants a user with "read" capabilites on any namespace, the ability to read events from all namespaces. [GH-25089]
IMPROVEMENTS:
auth: adds VerboseLogging option to auth-method config for debugging SSO [GH-24892]
event stream: adds ability to authenticate using workload identities [GH-24849]
BUG FIXES:
agent: Fixed a bug where Nomad error log messages within syslog showed via the notice priority [GH-24820]
agent: Fixed a bug where all syslog entries were marked as notice when using JSON logging format [GH-24865]
client: Fixed a bug where temporary RPC errors cause the client to poll for changes more frequently thereafter [GH-25039]
csi: Fixed a bug where volume context from the plugin would be erased on volume updates [GH-24922]
networking: check network namespaces on Linux during client restarts and fail the allocation if an existing namespace is invalid [GH-24658]
reporting (Enterprise): Updated the reporting metric to utilize node active heartbeat count. [GH-24919]
state store: fix for setting correct status for a job version when reverting, and also fixes an issue where jobs were briefly marked dead during restarts [GH-24974]
ui: Ensure pending service check blocks are filled [GH-24818]
ui: Remove unrequired node read API call when attempting to stream task logs [GH-24973]
vault: Fixed a bug where successful renewal was logged as an error [GH-25040]