Nomad 2.0.x release notes

Nomad version support

Beginning in April 2026, HashiCorp's self-managed products adopt new version, release, and support models. Nomad continues to target Spring and Fall feature releases, with monthly updates as needed. These changes align with IBM's enterprise software lifecycle to ensure consistent support across IBM's software portfolio.

Note that Extended Support and Ongoing Extended Support are optional, paid support packages available to Enterprise customers.

Beginning with the 2.0.0 release, HashiCorp Nomad's existing semantic versioning format (X.Y.Z) moves to IBM's Version-Modification-Fix (V.M.F) model. This mapping helps make lifecycle timing clear and consistent across products.

• April ("V" milestone): Starts a new support lifecycle for the version.
• October ("M" milestone): Adds new features but does not start a new support lifecycle.
• Monthly ("F" fixes): Patch release.

Refer to the following for additional details:

• IBM HashiCorp Self-Managed Product Support Lifecycle Addendum
• Changes to HashiCorp Self-Managed Enterprise Product Release Cadence and Support
• HashiCorp Long-Term Support (LTS) releases for products released prior to March 2025. Nomad v1.10.x is the last LTS release.
• IBM Software Support Lifecycle Policies

2.0.3 release highlights

Release Date: 9 June 2026

New max_run_duration field added to job specification group

For batch and system batch jobs, max_run_duration defines the maximum run time for allocations in the group. Refer to the max_run_duration parameter documentation for details.

Additionally, we added the nomad.client.allocs.max_run_duration.configured_seconds and nomad.client.allocs.max_run_duration.remaining_seconds metrics. Refer to the allocation metrics reference documentation for more information.

Add custom tokens with nomad acl token create command

The nomad acl token create command now supports a -token flag to specify a custom token value when creating an ACL token. Refer to the nomad acl token create command reference for more details.

Mark nodes as ineligible at client initialization

Use the default_ineligible client configuration parameter to mark nodes as ineligible at client initialization. Refer to the default_ineligible parameter documentation for more information.

Trigger a reload of the agent's configuration with the API

The PUT /v1/agent/reload API endpoint triggers a reload of the agent's configuration. Refer to the Agent reload API endpoint reference documentation for more details.

Workload identity extra claims

You may add extra claims to workload identities based on the namespace configuration. Refer to the following for details:

• Workload identity extra claims documentation
• Namespace required_extra_claims parameter documentation
• Namespace optional_extra_claims parameter documentation

Changelog

Review improvements, security fixes, and breaking changes in the changelog.

• v2.0.3

2.0.2 release highlights

Release Date: 22 May 2026

Changelog

Review improvements, security fixes, and breaking changes in the changelog.

• v2.0.2

2.0.1 release highlights

Release Date: 12 May 2026

Critical security updates

This release includes two critical security updates:

• Logmon setup now prevents a task from swapping out the logmon FIFOs for symlinks to read arbitrary files on the host. This vulnerability is CVE-2026-6959.
• Dynamic Host Volume creation now validates that the plugin ID is a valid plugin in all code paths, preventing an authorized user from running arbitrary executables on the host as though they were plugins. This vulnerability is CVE-2026-7474.

Breaking changes

Task drivers that support filesystem isolation such as docker now have their allocation log directories bind mounted read-only.

Outbound RPC connection timeout parameter

The dial_timeout agent configuration parameter controls the maximum amount of time allowed to establish new outbound RPC connections to peer agents.

Node limit scheduler parameter

To increase placement randomization and reduce scheduler contention, set the NodeLimitForFeasibilityChecks scheduler configuration option. Refer to the following documentation for more details:

• Job scheduling performance
• Job specification affinity and spread configuration parameters
  • affinity block
  • spread block
• Scheduler Operator HTTP API NodeLimitForFeasibilityChecks parameter
• The nomad operator scheduler get-config command reference
• The nomad operator scheduler set-config command reference

Warning on job service without shutdown delay configured

Nomad emits a warning when a job is submitted with services defined but no service at the task level has shutdown_delay set.

Changelog

Review improvements, security fixes, and breaking changes in the changelog.

• v2.0.1

2.0.0 release highlights

Release Date: 21 April 2026

Command to migrate Raft log store to Write-Ahead Log (WAL) backend

The nomad operator raft migrate-backend command migrates the Raft log store from the BoltDB backend to the Write-Ahead Log (WAL) backend. Compared to BoltDB, the WAL backend provides better performance characteristics for write-heavy workloads. However, once migrated to WAL, reverting back to BoltDB requires restoring from a snapshot taken before the migration.

We added the following:

• nomad operator raft migrate-backend command reference
• Raft log store details to the /v1/agent/self API endpoint response
• raft_logstore parameter to server configuration
• WAL backend metrics to the Raft log store metrics

We deprecated the server configuration's raft_boltdb parameter.

License and configuration changes to enable use of IBM Passport Advantage Online (PAO)

Enterprise

We extended Nomad's existing licensing and reporting functionality to support parsing and reporting with the IBM PAO license.

In Nomad 2.0, we changed the licensing log and error output. This may impact scripted upgrades if your script relies on error output text.

Changelog

Review improvements, security fixes, and breaking changes in the changelog.

• v2.0.0