releases.shpreview
HashiCorp/Nomad/v1.11.1

v1.11.1

December 9, 2025NomadView original ↗
$npx -y @buildinternet/releases show rel_mYl65W5NzmJHXySZN7sSs

1.11.1 (December 09, 2025)

BREAKING CHANGES:

  • docker: removed deprecated email auth config parameter [GH-27156]

SECURITY:

  • build: Updated toolchain to Go 1.25.5 [GH-27186]

IMPROVEMENTS:

  • connect: allow configuring identities for sidecar_task [GH-25877]
  • landlock: check paths exist on setup [GH-27149]
  • oidc: add support for array-based OIDC claims [GH-26958]
  • qemu: Adds config parameters to modify qemu emulator binary and machine types and removes some hardcoded KVM accelerator settings. Defaults to previously used values of qemu-system-x86_64 and pc. The driver no longer forces machine type "host", or the -smp flag when using resources.cores with the KVM accelerator. [GH-27128]
  • secrets: Adds nomad job ID and namespace to plugin environment [GH-27207]

BUG FIXES:

  • acl: Made /agent and /recommendations endpoints workload-identity-aware [GH-27099]
  • acl: include additional necessary permissions in the course-grained "scale" policy for nomad-autoscaler [GH-27061]
  • api: Fixed a bug in the Go API where an event stream request without a topic filter would require a management token [GH-27065]
  • cli: Fixed the var get command which was incorrectly displaying the variable modify time as the create time [GH-27208]
  • client: return 403 when the caller doesn't have log streaming capabilities [GH-27098]
  • csi: Fixed a bug where reading a volume from the API or event stream could erase its secrets [GH-27176]
  • drain: Fixed a bug where clients configured with leave_on_terminate or leave_on_interrupt and drain_on_shutdown would receive a permission denied error when attempting to leave the cluster and drain themselves [GH-27115]
  • dynamic host volumes: Ensure requested directory permission is correctly applied [GH-27068]
  • dynamic host volumes: fix Windows compatibility [GH-27147]
  • fingerprint: simplify storage fingerprint calculation to just (total disk space - reserved disk) [GH-27019]
  • keyring: Do not mark the key as inactive until all follow-up rekey evals have completed. [GH-27193]
  • keyring: Ensure follow-up rekey evals can be successfully created. [GH-27193]
  • oidc: Add support for RFC9207, requiring an issuer param in authorization response if the provider requires it [GH-27168]
  • reconciler: fixes a bug where stopping a job does not stop all allocations [GH-27175]
  • scheduler (Enterprise): Fixed a bug where tasks were not placed on same numa node as reserved device [GH-27177]
  • scheduler: Fixed a bug that was previously patched incorrectly where rescheduled allocations that could not be placed would later ignore their reschedule policy limits [GH-27129]
  • server: Fixed a bug where a large backlog of unblocking evals could cause backpressure on Raft writes [GH-27184]
  • ui: Fixed the error message presented for invalid Variables definitions [GH-26235]

Fetched April 8, 2026