v2026.4.15: : Windows path separator fix and improved GitHub token detection

Compare Source

A small release with an important Windows fix and an improved GitHub rate-limit warning. Path-list environment variables now use the correct OS-native separator on Windows, and the 403 rate-limit warning now checks all configured GitHub token sources instead of only the GITHUB_TOKEN environment variable.

Fixed

• Path-list environment variables broken on Windows -- Settings that accept colon-separated path lists (MISE_TRUSTED_CONFIG_PATHS, MISE_IGNORED_CONFIG_PATHS, MISE_CEILING_PATHS, MISE_SHARED_INSTALL_DIRS, MISE_TASK_DISABLE_PATHS) always split on :, which conflicts with Windows drive letters (e.g. C:\foo). These settings now use the OS-native path separator (: on Unix, ; on Windows) via std::env::split_paths, matching how PATH itself is handled. #​9058 by @​richardthe3rd

• GitHub 403 warning shown even when a token is configured -- The rate-limit warning that appears on GitHub API 403 errors previously only checked the GITHUB_TOKEN environment variable. Users who configured a token via gh CLI, github_tokens.toml, credential_command, or git credential would still see the misleading "GITHUB_TOKEN is not set" hint. The warning now checks all supported token sources and links to the GitHub tokens documentation. #​9121 by @​jdx

Added

• Registry: podlet -- podlet generates Podman Quadlet files from a Podman command, compose file, or existing object. #​9134 by @​tony-sol
• Registry: maturin -- maturin builds and publishes Rust crates as Python packages with pyo3, cffi, and uniffi bindings. #​9113 by @​Bing-su

New Contributors

• @​Bing-su made their first contribution in #​9113

Full Changelog: jdx/mise@v2026.4.14...v2026.4.15

v2026.4.14: : Fix GitHub attestation verification for some tools

Compare Source

A small patch release that fixes GitHub artifact attestation verification failures affecting some tools installed via the github: backend.

Fixed

• GitHub artifact attestation verification failing for some tools -- Tools installed via the github: backend that use GitHub release attestations (e.g. github:jdx/[email protected], github:jdx/[email protected]) could fail verification because the upstream sigstore-verification library did not handle GitHub release attestation certificates whose Subject Alternative Name (SAN) URL lacked a trailing slash. The dependency has been bumped from 0.2.3 to 0.2.5, which includes the upstream fix. #​9128 by @​jdx

Full Changelog: jdx/mise@v2026.4.13...v2026.4.14

v2026.4.13: : Remote version cache, Go install_before, and task tool objects

Compare Source

This release fixes several backend and schema edge cases, including stale GitHub/GitLab/Forgejo version caches, go: module install_before filtering, vfox plugins pinned to Git commit hashes, and task-local tool options.

Highlights

• Remote version cache settings now apply consistently to GitHub, GitLab, and Forgejo backends, so users can bypass stale release data when needed.
• go: module versions now carry release timestamps, allowing install_before to filter them correctly.
• Task-level tools now accepts object syntax, matching top-level tool declarations for options like Rust targets.

Added

• Object syntax for task-level tools -- Task-local tools entries now support map/object values in addition to strings, matching top-level [tools] behavior. This allows task-specific tool options such as Rust cross-compilation targets without requiring those options globally. #​9087 by @​Binlogo

  [tasks.example]
  tools = { rust = { version = "nightly-2024-12-14", targets = "aarch64-linux-android" } }

Fixed

• MISE_FETCH_REMOTE_VERSIONS_CACHE ignored by GitHub, GitLab, and Forgejo backends -- These backends previously hardcoded a daily API cache duration, ignoring fetch_remote_versions_cache, MISE_FETCH_REMOTE_VERSIONS_CACHE=0, and prefer_offline. They now use the shared setting, matching other backends and allowing users to bypass stale release caches. #​9096 by @​mcncl

• go: module versions ignored install_before -- The Go backend now populates version metadata with release timestamps from the module proxy and go list -m -json, allowing install_before to filter module versions correctly instead of falling back to untimestamped candidates. #​9097 by @​mariusvniekerk

• vfox plugins pinned to Git commit hashes in mise.toml -- mise install could fail for vfox plugins declared with Git URLs and commit hashes because ensure_installed did not share the same install path as mise plugin install. vfox plugin installation now reuses the plugin install logic so both flows behave consistently. #​9099 by @​Oyami-Srk

• Schema support for OS/architecture filters -- The JSON schemas now share reusable tool os filter definitions, including compound os/arch entries such as macos/arm64 and linux/x64, across top-level tools and task-local tools. #​9095 by @​risu729

Changed

• cargo-deny advisory checks unblocked -- Removed a stale RustSec ignore, updated rustls-webpki on the modern rustls stack, and adjusted advisory ignores for the older transitive AWS rustls dependency chain so advisory checks can pass again. #​9112 by @​jdx

New Contributors

• @​Binlogo made their first contribution in #​9087
• @​mariusvniekerk made their first contribution in #​9097
• @​mcncl made their first contribution in #​9096
• @​Oyami-Srk made their first contribution in #​9099

Full Changelog: jdx/mise@v2026.4.12...v2026.4.13

v2026.4.12: : OS/arch filtering, task confirmation defaults, and npm supply chain improvements

Compare Source

This release adds OS/architecture compound filtering for tool configuration, lets task confirmation prompts default to "no" for destructive actions, and upgrades npm supply chain protection to use the recommended --min-release-age flag. It also fixes several bugs including a panic on empty config filename overrides and circular shim symlinks.

Highlights

• Tool os field now supports os/arch compound entries like "macos/arm64" or "linux/x64", letting you restrict tools to specific platform and architecture combinations.
• Task confirm can now default to "no", so destructive tasks require the user to explicitly opt in rather than just pressing Enter.
• npm supply chain protection now uses the purpose-built --min-release-age flag on npm 11.10.0+, aligning with npm's recommended approach.

Added

• OS/architecture compound syntax in tool filtering -- The os field on tool entries now accepts os/arch entries (e.g. os = ["linux", "macos/arm64"]). When an entry contains /, both the OS and architecture must match. Plain OS entries continue to match any architecture. OS aliases (darwin to macos) and arch aliases (aarch64 to arm64, x86_64/amd64 to x64) are normalized automatically. #​9088 by @​RobertDeRose

  [tools]
  # Install on all Linux machines and Apple Silicon Macs, but skip Intel Macs
  hk = { version = "latest", os = ["linux", "macos/arm64"] }

• Task confirmation default -- The confirm field on tasks now accepts a map with message and default keys, allowing you to set whether the prompt defaults to "yes" or "no". This is useful for destructive tasks where you want the user to explicitly confirm. The existing string syntax continues to work and defaults to "yes" for backwards compatibility. #​9089 by @​roele

  [tasks.release]
  confirm = { message = "Are you sure you want to cut a release?", default = "no" }
  run = "scripts/release.sh"

• npm --min-release-age for supply chain protection -- When install_before is configured, mise now uses npm's --min-release-age=<days> flag for npm 11.10.0+, which is the flag npm recommends for supply chain protection. Older npm versions continue to use --before. Sub-day windows also fall back to --before since --min-release-age is day-granular. #​9072 by @​webkaz

• New registry entries -- Added openfga (#​9084 by @​mnm364), copilot (#​9082 by @​risu729), and trzsz-go (#​9083 by @​ZeroAurora).

Fixed

• Panic on empty MISE_OVERRIDE_CONFIG_FILENAMES -- Setting MISE_OVERRIDE_CONFIG_FILENAMES="" (e.g. to clear it for a child process) caused a panic because the empty string was injected as a config path, which resolved to the filesystem root and had no parent directory. Empty segments from empty strings, leading/trailing colons, and consecutive colons are now filtered out. #​9076 by @​baby-joel

• Circular shim symlinks when shims are on PATH -- When mise activate --shims put the shims directory on PATH and a mise shim existed (e.g. from having core:rust in the toolset after a cargo install), reshim would create shims pointing to the mise shim instead of the real binary, including a circular mise to mise symlink that broke all shims. doctor would also falsely report all shims as "missing". Both now use which_no_shims to resolve the real mise binary. #​9071 by @​kevinswiber

• __MISE_EXE not exported in bash activate -- The __MISE_EXE variable was not exported in the bash activation script, so child shells couldn't access it and the mise function failed. Additionally, when ARGV0 was a bare name (e.g. mise) instead of an absolute path, PATH changes could break execution. The variable is now properly exported and bare names are resolved via which. #​9081 by @​fru1tworld

• Aliased installs sharing a backend were deduplicated -- When multiple tool aliases (e.g. iii and iii-console) resolved to the same backend and version (e.g. github:iii-hq/iii@latest), the install scheduler collapsed them into a single job and skipped the second install. The dependency graph now keys on the configured tool name plus version, so alias-specific options like asset_pattern and bin_path are preserved. #​9093 by @​jdx

New Contributors

• @​kevinswiber made their first contribution in #​9071
• @​webkaz made their first contribution in #​9072
• @​RobertDeRose made their first contribution in #​9088

Full Changelog: jdx/mise@v2026.4.11...v2026.4.12

v2026.4.11: : Task dependency templates and npm semver range support

Compare Source

A small release with two meaningful bug fixes: task dependency templates with {{usage.*}} references now resolve correctly even when the task is called without arguments, and package.json devEngines version fields are now parsed as full npm semver ranges instead of being simplified into prefix matches.

Fixed

• Task dependency templates now render without arguments -- When a task declared dependencies using {{usage.*}} templates (e.g. depends = ["child {{usage.app}}"]), those templates were only rendered if the task received explicit CLI arguments. If the usage spec defined defaults but no args were passed, the templates were left unresolved and the dependencies were silently dropped, causing the task to run with no dependencies at all. The guard now checks whether dependencies contain usage references rather than whether args are non-empty. #​9062 by @​MatthiasGrandl

• npm semver ranges in devEngines -- mise previously simplified package.json devEngines version fields by stripping range operators (>=, ^, ~) and trimming trailing .0 segments to produce a prefix for fuzzy matching. This was lossy and incorrect in many cases (e.g. ^20.0.1 was simplified to 20, matching 20.0.0). mise now preserves the original range string and resolves it against available versions using proper npm semver semantics via the nodejs-semver crate. Compound ranges (>=20 <21 || >=22), caret/tilde ranges, and wildcard segments all work correctly. #​9061 by @​risu729

• Documentation typo in Go backend -- The docs for Go build tags incorrectly showed --tags instead of the correct -tags flag. #​9065 by @​dolmen

New Contributors

• @​dolmen made their first contribution in #​9065
• @​MatthiasGrandl made their first contribution in #​9062

Full Changelog: jdx/mise@v2026.4.10...v2026.4.11

v2026.4.10: : Fix spurious warnings from postinstall hooks running tasks

Compare Source

A small patch release that fixes a single bug affecting tool postinstall hooks.

Fixed

• Spurious warnings from postinstall hooks running tasks -- When a tool-level postinstall hook ran a nested mise run, the child process inherited the MISE_TOOL_VERSION environment variable set during hooks. ToolsetBuilder was incorrectly parsing this as a request to install a tool named tool at the given version via the MISE_<TOOL>_VERSION convention, producing spurious registry warnings before the task executed. mise now ignores MISE_TOOL_VERSION in the same way it already ignored MISE_INSTALL_VERSION. #​9050 by @​risu729

Full Changelog: jdx/mise@v2026.4.9...v2026.4.10

v2026.4.9: : Cross-device installs, deterministic lockfiles, and sandbox template support

Compare Source

This release fixes cross-device tool installation failures, makes lockfile provenance resolution deterministic across platforms, and adds sandbox field support to task templates. Several smaller fixes address env precedence in multi-environment setups and spurious warnings from tools=true module hooks.

Highlights

• Cross-device tool installation -- Installing bun, deno, erlang, java, or ruby no longer fails when the downloads directory and installs directory are on different filesystems (e.g., Docker cache mounts). mise now falls back to copy+remove when rename() returns a cross-device error.
• Deterministic lockfile provenance -- mise lock now resolves SLSA provenance URLs for all target platforms, not just the current host. This eliminates non-deterministic lockfile diffs when running mise lock on different machines.
• Sandbox fields in task templates -- Task templates now support all sandbox fields (deny_all, deny_read, deny_write, deny_net, deny_env, allow_read, allow_write, allow_net, allow_env), with deny fields composing restrictively and allow lists combining template and task-local values.

Fixed

• Cross-device tool installation -- When the downloads folder is on a different mount than the installs folder (common with Docker cache mounts or devcontainers), rename() fails with EXDEV. mise now uses a move_file helper that falls back to copy+remove, fixing installation of bun, deno, erlang, java, and ruby in these setups. #​9032 by @​bgeron

• Deterministic SLSA provenance in lockfiles -- mise lock previously only resolved full SLSA provenance URLs for the current host platform, writing provenance = "slsa" (short form) for cross-platform entries. Now both the GitHub and Aqua backends resolve provenance URLs for all target platforms, producing byte-for-byte identical lockfiles regardless of which machine generates them. #​8982 by @​cameronbrill

• Sandbox fields in task templates -- Task templates now accept sandbox configuration fields. Deny fields compose restrictively (OR with task-local settings), and allow lists combine template values with task-local values. #​9046 by @​risu729

  [task_templates.restricted]
  deny_net = true
  allow_env = ["CI"]
  
  [tasks.build]
  extends = "restricted"
  allow_env = ["NODE_ENV"]  # combined: ["CI", "NODE_ENV"]

• Env precedence for task config -- With multiple MISE_ENV values (e.g., MISE_ENV=prod,ci), task_config.includes and task_config.dir now correctly respect the documented last-env-wins precedence. Previously the order was reversed, causing the wrong profile's task config to take effect. #​9039 by @​risu729

• Spurious warnings from tools=true module hooks -- When a vfox backend tool triggered dependency_env(), it previously resolved all tools=true env modules with an incomplete PATH, causing "command not found" warnings. The dependency env now skips tools=true module resolution entirely. #​9011 by @​jdx

• Implicit self_update with rustls features -- Building mise with --features rustls or --features rustls-native-roots no longer implicitly enables the self_update feature. The self_update/rustls entries in these feature lists were redundant and caused the optional self_update dependency to be silently pulled in. #​9040 by @​salim-b

• JSON schema completeness -- Added missing fields to the mise JSON schema: sandbox fields on tasks, legacy top-level env_file/dotenv/env_path shortcuts (marked deprecated), and age encryption directive options with proper nesting. #​9044 by @​risu729

• Windows .exe in release checksums -- Release builds now publish the extracted mise.exe alongside the Windows .zip archives and include it in SHASUMS256.txt, enabling SHA256 verification of the standalone binary (e.g., by mise-action). #​8997 by @​zeitlinger

• granted registry entry -- Updated the granted tool to point to the new fwdcloudsec/granted repository after the project moved from common-fate/granted. #​9033 by @​risu729

New Contributors

• @​bgeron made their first contribution in #​9032
• @​salim-b made their first contribution in #​9040

Full Changelog: jdx/mise@v2026.4.8...v2026.4.9

v2026.4.8: : Task engine stability and Go subpath version resolution

Compare Source

This release brings significant stability improvements to the task runner -- fixing hangs, deadlocks, and panics across several edge cases in task dependency graphs and parallel execution. It also overhauls Go version resolution for subpath packages by querying the module proxy directly, and adds new configuration options for sandbox environment filtering and lockfile platform targeting.

Highlights

• Go subpath version resolution fixed -- Tools like go:github.com/foo/bar/cmd/baz that live under a subpath of their Go module now resolve versions correctly, eliminating persistent "no latest version found" warnings.
• Five task runner stability fixes -- Resolved hangs with skipped dependencies, deadlocks with MISE_JOBS=1, panics in replacing output mode, stale source caching in dependency chains, and warnings with remote tasks.
• Wildcard allow_env patterns -- Sandbox env filtering now supports globs like MYAPP_* to allow entire namespaces of environment variables.
• lockfile_platforms setting -- Restrict lockfile operations to only the platforms you care about, avoiding unnecessary checksum resolution.

Added

• Wildcard patterns in sandbox allow_env -- allow_env now supports glob wildcards (e.g., MYAPP_*) to pass through namespaces of environment variables in sandboxed tasks and exec. Works in both CLI flags and task config. #​8974 by @​jdx

  [task.build]
  allow_env = ["NODE_*", "npm_*", "MYAPP_*"]

• lockfile_platforms setting -- New setting to restrict which platforms are targeted during lockfile operations. When set, mise install, mise use, and mise lock only resolve checksums/URLs for the configured platforms instead of all common platforms. Explicit mise lock --platform flags still override this setting. #​8966 by @​cameronbrill

  [settings]
  lockfile_platforms = ["macos-arm64", "linux-x64"]

• Examples rendered in task --help -- #USAGE example directives in task scripts now appear in --help output, thanks to an upgrade to usage-lib v3. #​8890 by @​baby-joel

Fixed

• Go subpath package version resolution -- The Go backend previously used go list -m -versions to resolve versions, which returns an empty version list for subpath packages (e.g., github.com/ankitpokhrel/jira-cli/cmd/jira), making it impossible to resolve "latest". mise now queries the Go module proxy ($GOPROXY) directly, generating path prefix candidates and using HTTP responses to distinguish real modules from non-module subpaths. This respects the GOPROXY environment variable and falls back to go list for GOPROXY=direct. #​8968 by @​c22

• Task hang when skipped task has dependents -- When a task with sources/outputs was skipped (up-to-date), a race condition in the dependency graph could leave downstream dependents hanging indefinitely. The failed channel send now properly resets the task's "sent" state so it can be re-emitted on a new channel. #​8937 by @​jdx

• Dependent task source invalidation -- When a dependency task runs because its own sources changed, downstream tasks that depend on it now also re-run, even if their own sources haven't changed. Sourceless dependencies (which always run) do not trigger this invalidation, preserving the usefulness of sources on dependents. #​8975 by @​jdx

• Deadlock with MISE_JOBS=1 and sub-task references -- When MISE_JOBS=1 and a task's run array contains both sub-task references ({ task = "foo" }) and scripts, the parent task now temporarily releases its semaphore permit before waiting on the sub-task, preventing a classic deadlock. #​8976 by @​jdx

• Panic with parallel sub-tasks in replacing output mode -- Running parallel sub-tasks (via tasks = [...] in run steps) with output = "replacing" no longer panics. Dynamically injected sub-tasks are now lazily initialized in the progress reporter map. #​8986 by @​jdx

• Remote task warning with arguments -- Remote git task files are now fetched before parsing usage specs, fixing spurious "failed to parse task file" warnings when running remote tasks with arguments. #​8979 by @​jdx

• Tera templates in tool postinstall hooks -- Tool-level postinstall scripts (e.g., [tools.ripgrep] postinstall) now render Tera templates before execution, so variables like {{tools.ripgrep.path}} work correctly. #​8978 by @​jdx

• Missing env vars in tool postinstall hooks -- MISE_CONFIG_ROOT and MISE_PROJECT_ROOT are now set in tool-level postinstall hooks, matching the behavior of project-level hooks. #​8977 by @​jdx

• mise upgrade tool@version not updating lockfile -- mise upgrade tool@version and mise lock tool@version now properly update the lockfile with the specified version. When the version doesn't match the current config prefix (e.g., upgrading from "2" to 3.0.1), the config is auto-bumped to match while preserving the original version precision. #​8983 by @​jdx

• Bash 3.2 activation with set -u -- The bash activation script no longer fails with __MISE_FLAGS[@​]: unbound variable on macOS's default bash 3.2 when set -u (nounset) is enabled and no flags are set. #​8988 by @​jdx

New Contributors

• @​baby-joel made their first contribution in #​8890
• @​cameronbrill made their first contribution in #​8966
• @​c22 made their first contribution in #​8968

Full Changelog: jdx/mise@v2026.4.7...v2026.4.8

v2026.4.7: : Native ARM64 Python on Windows

Compare Source

This patch release fixes precompiled Python installation on Windows ARM64 machines. Previously, mise always downloaded the x86_64 Python build on Windows regardless of architecture, which caused failures when loading native ARM64 libraries. mise now correctly downloads the aarch64 build on Windows ARM64 systems.

Fixed

• Precompiled Python on Windows ARM64 -- On Windows ARM64, mise unconditionally selected the x86_64 precompiled Python build, ignoring the host architecture. This caused runtime errors such as [WinError 193] %1 is not a valid Win32 application when loading native ARM64 DLLs. mise now downloads the native aarch64-pc-windows-msvc build on ARM64 Windows while continuing to use x86_64 on x64 Windows. #​8961 by @​JohanLorenzo

New Contributors

• @​JohanLorenzo made their first contribution in #​8961

Full Changelog: jdx/mise@v2026.4.6...v2026.4.7

v2026.4.6: : Tera templates in miserc.toml, shim race condition fix, and SPM self-hosted support

Compare Source

This release adds Tera template support to .miserc.toml files for dynamic early-stage configuration, fixes a race condition during shim creation that affected multi-backend setups, and improves SPM backend compatibility with self-hosted GitHub Enterprise and GitLab instances. Several other bug fixes improve environment variable handling across tasks, redaction, and the vfox backend.

Highlights

• Tera templates in .miserc.toml -- Use environment variables, XDG directories, and OS-level functions like arch() and os() directly in your .miserc.toml configuration, enabling dynamic early-stage settings such as platform-specific ceiling paths.
• Shim race condition fixed -- Multi-backend setups where different plugins provide overlapping shims no longer intermittently fail during mise reshim or mise install.
• SPM self-hosted instance support -- The SPM backend now automatically derives the correct API URL for self-hosted GitHub Enterprise and GitLab instances from the tool URL.

Added

• Tera template support in .miserc.toml -- .miserc.toml files now support Tera templates with a limited context available during early initialization: OS environment variables, config_root, cwd, XDG directories, and built-in functions/filters. Templates that fail to render gracefully fall back to raw content. #​8867 by @​richardthe3rd

  # .miserc.toml
  ceiling_paths = ["{{ env.HOME }}"]
  ignored_config_paths = ["{{ xdg_config_home }}/mise/shared.toml"]

• sing-box added to the built-in registry -- Install the sing-box universal proxy platform via mise use sing-box. #​8944 by @​tony-sol

Fixed

• Shim race condition with overlapping backends -- When multiple plugins provide the same shim (e.g., nodejs via the default registry and asdf:nodejs), concurrent make_shim calls could race on file removal, producing intermittent "No such file or directory" errors. The file removal now tolerates already-deleted files. #​8947 by @​brander-john

• mise env --redacted missing tools-only redactions -- Env vars declared with both tools = true and redact = true were not included in the redaction filter for mise env --redacted. Both the standard and tools-only redaction sets are now checked. #​8956 by @​jakedgy

• SPM backend API URL for self-hosted instances -- When using the SPM backend with a full URL pointing to a self-hosted GitHub Enterprise or GitLab instance, mise now derives the correct API URL from the host instead of always falling back to api.github.com. Explicit api_url options still take precedence. #​8955 by @​ThomasDutartre

• vfox backend missing dependency env -- When a vfox backend plugin declared depends on another tool, the dependency's binaries were not available on PATH during plugin Lua hooks (BackendListVersions, BackendInstall, BackendExecEnv). Dependency environment is now properly propagated, matching the behavior of other backends. #​8952 by @​cprecioso

• Task usage Tera templates failing with flags -- Task usage field defaults using {{ env.VAR }} Tera templates would fail with "Variable not found in context" whenever any flags were passed. The task argument parser now uses the full computed environment instead of an empty map. #​8957 by @​jdx

• Clarified attestation settings placement -- The help messages for Python and Ruby attestation settings now specify that they must be placed under [settings] in mise.toml, not under [python] or [ruby] where they are silently ignored. #​8939 by @​fru1tworld

New Contributors

• @​ThomasDutartre made their first contribution in #​8955
• @​jakedgy made their first contribution in #​8956
• @​brander-john made their first contribution in #​8947
• @​fru1tworld made their first contribution in #​8939

Full Changelog: jdx/mise@v2026.4.5...v2026.4.6

v2026.4.5: : GitLab and Forgejo token support, env file diagnostics, and shell fixes

Compare Source

This release extends mise's authentication support to GitLab and Forgejo backends, surfaces env files in diagnostic commands, and fixes several bugs in bash shell hooks, Windows tool installation, and PATH handling.

Highlights

• GitLab and Forgejo token support -- mise now resolves authentication tokens for GitLab and Forgejo backends using the same rich priority chain already available for GitHub: env vars, token files, CLI tool configs (glab/fj), credential commands, and git credential helpers.
• Env files in diagnostics -- mise config ls and mise doctor now show env files loaded via MISE_ENV_FILE or _.file directives, making it easier to trace where environment variables come from.
• Bash duplicate trust warning fixed -- Entering an untrusted project directory in bash no longer prints the trust warning twice per cd.

Added

• GitLab and Forgejo token resolution -- The GitLab and Forgejo backends now support the same multi-source token resolution as GitHub: environment variables (MISE_GITLAB_TOKEN, MISE_FORGEJO_TOKEN, etc.), per-host token files (gitlab_tokens.toml, forgejo_tokens.toml), CLI tool integration (glab, fj), credential_command, and git credential fill. A new mise token command replaces the old mise github token and adds mise token gitlab and mise token forgejo subcommands for debugging token resolution. #​8868 by @​roele

  mise token github
  mise token gitlab --unmask
  mise token forgejo forgejo.mycompany.com

• Env files in config ls and doctor -- Env files loaded via the MISE_ENV_FILE setting or _.file config directives now appear in mise config ls output (with env var keys shown in verbose mode) and in mise doctor output (both text and JSON). #​8853 by @​SamSoldatenko

Fixed

• Double .exe extension on Windows (aqua backend) -- When a package's Windows override URL already includes .exe, mise no longer appends a second .exe suffix. This affected 37 aqua registry packages including cli/cli, kubernetes/kubectl, gruntwork-io/terragrunt, and rust-lang/rustup. #​8863 by @​yusei-wy

• Duplicate trust warning in bash -- Entering an untrusted project directory in bash triggered the trust warning from both the chpwd hook and PROMPT_COMMAND, producing a duplicate message. The bash activation script now coordinates between the two hooks so the warning appears exactly once. #​8920 by @​timothysparg

• Config root injected into PATH via _.source -- When a sourced script prepended to PATH (e.g., export PATH="/custom:$PATH"), an empty path component could resolve to the config root directory and get injected into PATH. Empty path segments are now filtered out. #​8936 by @​jdx

• Spurious dependency warnings during install -- When mise.toml configured both a language runtime and a package from that ecosystem (e.g., node + npm:prettier), mise would warn that npm was missing during version resolution even though node was configured and would be installed first. The warning is now suppressed when the providing tool is present in the toolset. #​8923 by @​jdx

Changed

• mise github token renamed to mise token github -- The old mise github token command still works but is hidden from help output. The new mise token command group adds github, gitlab, and forgejo subcommands. #​8868 by @​roele

New Contributors

• @​SamSoldatenko made their first contribution in #​8853
• @​yusei-wy made their first contribution in #​8863
• @​timothysparg made their first contribution in #​8920

Full Changelog: jdx/mise@v2026.4.4...v2026.4.5

v2026.4.4: : Tool Dependencies, .NET Runtimes, and Task Argument Forwarding

Compare Source

A feature-packed release that adds user-defined tool dependencies, .NET runtime-only installs, argument forwarding to task dependencies, and stronger supply-chain security for lockfiles -- along with a large batch of bug fixes across multiple backends and shells.

Highlights

• Declare tool dependencies in mise.toml -- A new depends field lets you ensure one tool is fully installed before another starts, useful for tools with runtime dependencies on each other.
• Pass arguments through task dependency chains -- Task dependencies can now reference the parent task's arguments using {{usage.*}} templates, enabling parameterized build/deploy pipelines.
• .NET runtime-only installs -- Install just the .NET runtime (or ASP.NET Core runtime) without the full SDK using the new runtime tool option.
• Stronger lockfile provenance verification -- mise lock now cryptographically verifies provenance for the current platform at lock time, and a new locked_verify_provenance setting enables re-verification at install time.

Added

• User-specified tool dependencies -- Declare explicit installation dependencies between tools in mise.toml with a new depends field, ensuring one tool is fully installed before another starts. #​8776 by @​cprecioso

  [tools]
  erlang = "27"
  elixir = { version = "1.18", depends = ["erlang"] }

• .NET runtime-only installs -- Install .NET runtimes alongside or instead of SDKs using the runtime tool option. Valid values: dotnet, aspnetcore, windowsdesktop. #​8524 by @​fragon10

  [tools]
  dotnet = ["9", { version = "8.0.14", runtime = "dotnet" }]

• Task dependency argument forwarding -- Task dependencies can reference parent task arguments using {{usage.*}} templates in depends, depends_post, and wait_for. Arguments flow through entire dependency chains. #​8893 by @​jdx

  [tasks.build]
  usage = 'arg "<app>"'
  run = 'echo "building {{usage.app}}"'
  
  [tasks.deploy]
  usage = 'arg "<app>"'
  depends = [{ task = "build", args = ["{{usage.app}}"] }]
  run = 'echo "deploying {{usage.app}}"'

• install_before enforced on transitive npm dependencies -- The install_before supply-chain cutoff is now forwarded to transitive dependency resolution using each package manager's native mechanism (npm --before, bun --minimum-release-age, pnpm --config.minimumReleaseAge). #​8851 by @​risu729

• locked_verify_provenance setting -- New setting (also auto-enabled by MISE_PARANOID) that forces cryptographic provenance re-verification at install time even when the lockfile already has checksum and provenance data. mise lock now also performs full verification for the current platform at lock time. #​8901 by @​jdx

• turso added to the built-in registry -- Install the Turso CLI via mise use turso. #​8884 by @​kenn

Fixed

• --env=VALUE and -E=VALUE flag parsing -- The equals-sign form of the environment flag (e.g., mise --env=production) was silently ignored, causing fallback to the default environment. Both --env=VALUE and --env VALUE forms now work correctly. #​8889 by @​jdx
• PEP 440 .dev versions filtered in fuzzy matching -- Versions like 2026.3.3.162408.dev0 no longer incorrectly satisfy stable version requests. The version regex now matches .dev in addition to -dev. #​8849 by @​richardthe3rd
• Stale lockfile entries pruned during mise lock <tool> -- Running mise lock node after a version change no longer leaves duplicate entries for the old and new versions. #​8599 by @​altendky
• Spurious direnv warning suppressed -- The failed to update DIRENV_DIFF warning no longer appears when the direnv diff environment variable is empty. #​8857 by @​yaleman
• Duplicate trust warning in zsh -- Entering an untrusted project directory in zsh no longer shows the mise trust warning twice. #​8898 by @​timothysparg
• Plain .tool-versions no longer requires trust for task listing -- Files without Tera template syntax ({{, {%, {#) are skipped during the trust check in mise task ls. #​8876 by @​dportalesr
• Tool options preserved with CLI version overrides -- filter_bins and other tool options are no longer lost when specifying a version via CLI (e.g., mise bin-paths tool@version). #​8888 by @​jdx
• Alias-specific options respected -- Tools configured with tool_alias now correctly use the alias-specific asset_pattern and other options instead of inheriting from the original tool. #​8892 by @​jdx
• Precompiled Python uses lockfile URL -- Precompiled Python installs now honor the download URL recorded in mise.lock instead of always recomputing it, fixing reproducibility for locked installs. #​8750 by @​hehaoqian
• Ruby build revisions in lockfiles -- Precompiled Ruby binaries from jdx/ruby now support build revision tags (e.g., 3.3.11-1), preventing lockfile breakage when binaries are rebuilt with different checksums. #​8900 by @​jdx
• Swift installs on unsupported Ubuntu versions -- Swift installs on Ubuntu versions newer than 24.04 now fall back to the 24.04 binary instead of 404ing. #​8916 by @​jdx

Changed

• Go settings renamed to go.* namespace -- All go_* settings (e.g., go_set_goroot) have been renamed to the nested go.* format (e.g., go.set_goroot) for consistency with other language settings. The old names are preserved as deprecated aliases. #​8598 by @​jdbruijn

Breaking Changes

• Deprecated settings removed -- The following settings, deprecated for 18+ months, have been removed. If you are still using them, switch to their replacements: #​8904 by @​jdx
  • asdf -- use disable_backends instead
  • vfox -- use disable_backends instead
  • cargo_binstall -- use cargo.binstall instead
  • disable_default_shorthands -- use disable_default_registry instead
  • pipx_uvx -- use pipx.uvx instead
  • python_compile -- use python.compile instead
  • python_default_packages_file -- use python.default_packages_file instead
  • python_patch_url -- use python.patch_url instead
  • python_patches_directory -- use python.patches_directory instead
  • python_precompiled_arch -- use python.precompiled_arch instead
  • python_precompiled_os -- use python.precompiled_os instead
  • python_pyenv_repo -- use python.pyenv_repo instead
  • python_venv_stdlib -- use python.venv_stdlib instead

New Contributors

• @​cprecioso made their first contribution in #​8776
• @​fragon10 made their first contribution in #​8524
• @​dportalesr made their first contribution in #​8876
• @​timothysparg made their first contribution in #​8898
• @​hehaoqian made their first contribution in #​8750
• @​jdbruijn made their first contribution in #​8598
• @​yaleman made their first contribution in #​8857
• @​kenn made their first contribution in #​8884

Full Changelog: jdx/mise@v2026.4.3...v2026.4.4

v2026.4.3: : Fix seccomp build on armv7

Compare Source

A small patch release that fixes a compile error preventing mise from building on 32-bit ARM (armv7) targets.

Fixed

• seccomp network filter build on armv7 -- The seccomp sandbox code that restricts network access during mise exec failed to compile on armv7 targets. The libc::SYS_socket and libc::SYS_socketpair constants are i32 on 32-bit platforms but the rule map expects i64 keys, causing a type mismatch. An explicit as i64 cast fixes the build while remaining a no-op on 64-bit platforms. #​8869 by @​jdx

Full Changelog: jdx/mise@v2026.4.2...v2026.4.3

v2026.4.2: : Process sandboxing for exec and run

Compare Source

Note: This release's build failed so no binary assets were published. Use v2026.4.3 instead, which includes all changes from this release plus a build fix.

This release introduces experimental process sandboxing for mise exec and mise run, allowing you to restrict filesystem access, network access, and environment variables for executed processes.

Added

• Process sandboxing for mise x and mise run (experimental) -- A new lightweight sandboxing layer lets you lock down what processes spawned by mise can access. On Linux it uses Landlock for filesystem restrictions and seccomp-bpf for network filtering; on macOS it uses sandbox-exec (Seatbelt) with generated profiles. Requires experimental = true in settings. #​8845 by @​jdx

  # Block all filesystem and network access
  mise x --deny-all -- node script.js
  
  # Block network only
  mise x --deny-net -- npm run build
  
  # Block writes except to ./dist
  mise x --allow-write=./dist -- npm run build

  Task-level configuration is also supported:

  [tasks.build]
  run = "npm run build"
  deny_net = true
  allow_write = ["./dist"]

Fixed

• Docs: correct RUNTIME.osType and RUNTIME.archType values -- Fixed inconsistent documentation for runtime template variables and simplified examples. #​8785 by @​esteve

Full Changelog: jdx/mise@v2026.4.1...v2026.4.2