winget install --id Hashicorp.NomadAbout HashiCorp Nomad
Nomad is a simple and flexible workload orchestrator to deploy and manage containers (docker, podman), non-containerized applications (executable, Java), and virtual machines (qemu) across on-prem and clouds at scale. Nomad provides several key features: - Deploy Containers and Legacy Applications: Nomad’s flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications withou...
What's new in 2.0.1
BREAKING CHANGES: - logging: The allocation logs directory is bind-mounted read-only for task drivers that support with filesystem isolation [GH-27918] SECURITY: - dynamic host volumes: Prevent unintended code execution outside the plugin directory (CVE-2026-7474) [GH-27919] - logging: Protect logging FIFO from symlink swap attacks (CVE-2026-6959) [GH-27918] - sentinel: require sentinel-override ACL capability for overriding soft-mandatory policies on volumes - ui: Upgraded Ember to 6.10 [GH-27674] IMPROVEMENTS: - api: Add "latest" flag for tagging the latest version of a job [GH-27764] - build: Update Go toolchain to 1.26.3 [GH-27924] - cli: Added retry for nomad job run monitoring [GH-27887] - cli: Automatically expand nomad exec -it to -i -t [GH-27906] - cli: job plan now propagates -hcl2-strict=false into the suggested nomad job run -check-index invocation when the user passed it on the plan command line [GH-23656] - cli: add monitoring and verbose option to job dispatch [GH-27541] - drivers: include volume RequestName within mount config information if available [GH-27710] - scheduler: Add a configuration field for the number of nodes that the scheduler considers when spread or affinity is in use. This can improve scheduler performance for some cluster shapes. [GH-27650] - server: RPC dial timeout is configurable [GH-27862] - services: warn on job submit when job has services but no shutdown_delay [GH-27782] BUG FIXES: - api: Fix a bug where the Create Job, Update Job, and Scale Job APIs could fail to respect EnforceIndex under concurrent requests [GH-27832] - core: av...
Version history
| Version | Updated | Notes |
|---|---|---|
| 2.0.1 | Unknown | BREAKING CHANGES: - logging: The allocation logs directory is bind-mounted read-only for task drivers that support with filesystem isolation [GH-27918] SECURITY: - dynamic host volumes: Prevent unintended code execution... |
| 2.0.0 | Unknown | FEATURES: - config: add nonproduction config option for server, license, and reporting config [GH-27646] - core (Enterprise): Enable parsing and reporting with IBM PAO licenses SECURITY: - build: upgrade Go to 1.26.2 [GH... |
| 1.11.3 | Unknown | SECURITY: - security: Upgrade tooling to Go 1.25.8 [GH-27653] IMPROVEMENTS: - acl (Enterprise): Added sentinel policy block to allow managing Sentinel policies without a management token [GH-27556] - acl: Added fine-grai... |
| 1.11.2 | Unknown | SECURITY: - build: Updated toolchain to Go 1.25.6 [GH-27439] - build: Updated toolchain to Go 1.25.7 [GH-27468] IMPROVEMENTS: - acl: Add finer grain permissions for managing job submissions [GH-27287] - build: Add dev-st... |
| 1.11.1 | Unknown | BREAKING CHANGES: - docker: removed deprecated email auth config parameter [GH-27156] SECURITY: - build: Updated toolchain to Go 1.25.5 [GH-27186] IMPROVEMENTS: - connect: allow configuring identities for sidecar_task [G... |
| 1.11.0 | Unknown | FEATURES: - Client Identity: Nomad clients use identities for authenticating and authorizing itself when performing RPC calls. The identities are generated and rotated automatically by Nomad servers with configurable TTL... |
| 1.10.5 | Unknown | SECURITY: - build: Update Go to 1.24.7 to address CVE-2025-47910 [GH-26713] - build: Update go-getter to 1.7.9 to address CVE-2025-8959. Nomad Client Agents with Landlock support are not impacted by this vulnerability. [... |
| 1.10.4 | Unknown | SECURITY: - build: Update Go to 1.24.3 to address CVE-2025-47906 [GH-26451] IMPROVEMENTS: - cli: Added monitor export cli command to retrieve journald logs or the contents of the Nomad log file for a given Nomad agent [G... |
| 1.10.3 | Unknown | IMPROVEMENTS: - consul: Added kind field to service block for Consul service registrations [GH-26170] - docker: Added support for cgroup namespaces in the task config [GH-25927] - task environment: new NOMAD_UNIX_ADDR en... |
| 1.10.2 | Unknown | BREAKING CHANGES: - template: Support for the following non-hermetic sprig functions has been removed: sprig_date, sprig_dateInZone, sprig_dateModify, sprig_htmlDate, sprig_htmlDateInZone, sprig_dateInZone, sprig_dateMod... |
| 1.10.1 | Unknown | BREAKING CHANGES: - api: The non-functional option -peer-address has been removed from the operator raft remove-peer command and equivalent API [GH-25599] - core: Errors encountered when reloading agent configuration wil... |
| 1.10.0 | Unknown | FEATURES: - Dynamic Host Volumes: Nomad now supports creating host volumes via the API [GH-24479] - OIDC Login: Nomad now enables PKCE for OIDC logins, and supports the private key JWT / client assertion option in the OI... |
| 1.9.6 | Unknown | No notes |
| 1.8.0 | Unknown | No notes |
| 1.7.4 | Unknown | No notes |
| 1.7.3 | Unknown | No notes |
| 1.6.1 | Unknown | Release notes |