github jdx/mise v2026.3.10
v2026.3.10: Security fix for .tool-versions templates, Python checksum verification, and 15+ bug fixes
on GitHub

13 hours ago

This release closes a security gap where .tool-versions files with Tera templates could execute arbitrary commands without a trust check, adds checksum verification for precompiled Python downloads, and ships over 15 bug fixes across tasks, lockfiles, the Rust plugin, bootstrap scripts, and more.

Highlights

  • Security: trust check for .tool-versions Tera templates -- .tool-versions files were processed through Tera's render_str() with the exec() function available, allowing arbitrary command execution without any trust verification. A malicious .tool-versions in a cloned repo could silently execute code when a user with mise shell activation cd'd into the directory. Template syntax in .tool-versions now requires mise trust first; plain files continue to work without trust.
  • Python checksum verification for precompiled binaries -- Precompiled Python downloads from astral-sh/python-build-standalone are now verified against lockfile checksums at install time, matching the behavior of other core plugins.
  • Python freethreaded build exclusion -- Freethreaded Python builds (e.g. Python 3.14+) are now excluded from precompiled selection by default, fixing "missing lib directory" errors. Set python.precompiled_flavor explicitly if you want freethreaded builds.
  • mise doctor PATH ordering check -- mise doctor now warns when non-mise directories appear before mise-managed tool paths in PATH, helping diagnose tool shadowing issues.

Security

  • Require trust check for .tool-versions Tera templates -- When template syntax ({{, {%, {#) is detected in a .tool-versions file, mise now requires mise trust before processing it. Plain .tool-versions files without templates are unaffected. #8675 by @jdx

Added

Fixed

  • Python: verify checksums for precompiled binary downloads -- Precompiled Python downloads are now checked against lockfile checksums between HTTP download and tarball extraction, preventing corrupted or tampered downloads from being silently accepted. #8593 by @malept
  • Python: exclude freethreaded builds from precompiled selection -- Freethreaded Python builds (e.g. cpython-3.14.3-freethreaded) use lib/python3.14t/ instead of lib/python3.14/, causing installation failures. These are now filtered out by default unless python.precompiled_flavor is explicitly set to a freethreaded variant. #8672 by @jdx
  • Config: resolve trust hash collision for same-name directories -- In paranoid mode, configs sharing the same parent directory leaf name (e.g. /projectA/infra/mise.toml and /projectB/infra/mise.toml) would map to a single hash file, silently breaking trust verification. The filename extension is now appended instead of replaced. Previously trusted configs may need a one-time mise trust after upgrading. #8628 by @tdragon
  • Lockfile: resolve symlinks when updating -- If a lockfile is a symlink, mise now updates the target file instead of replacing the symlink with a regular file. #8589 by @chancez
  • Rust: resolve relative CARGO_HOME/RUSTUP_HOME to absolute paths -- When CARGO_HOME or RUSTUP_HOME is set to a relative path (e.g. .cargo via [env]), the paths are now resolved to absolute before use, preventing broken PATH entries like undefined/bin after changing directories. #8604 by @simonepri
  • Bootstrap: preserve argv[0] for shim dispatch -- mise generate bootstrap now emits exec -a "$0" instead of plain exec, preserving the original invocation name so that shim symlinks (e.g. claude -> mise) dispatch correctly. #8521 by @tak848
  • Installer: normalize current version before comparison -- The standalone installer now strips the v prefix from MISE_CURRENT_VERSION before comparisons, so embedded checksums and the current-release CDN path are used correctly. #8649 by @tak848
  • Tasks: global file tasks not properly marked as such -- #8618 by @roele
  • Tasks: handle broken pipe in mise tasks ls -- Piping task output (e.g. mise tasks ls | head) no longer panics with EPIPE. #8608 by @vmaleze
  • Tasks: correctly resolve _default files with extensions -- test/_default.sh is now correctly loaded as the test task instead of test:_default. #8646 by @youta1119
  • Tasks: fix argument completion with flags in zsh -- Completing task arguments after flags (e.g. mise run build -- -c <TAB>) no longer produces errors. #8601 by @KevSlashNull
  • Git: use "origin" as remote name -- Cloned registries now consistently use "origin" as the remote name, fixing fetch failures in some configurations. #8626 by @bentinata
  • Shared tools: fix failing rebuild of runtime symlinks -- Installing tools with --system no longer fails when rebuilding runtime symlinks due to incorrect install path resolution. #8647 by @roele
  • Flutter: fix version_expr Tera parser collision -- Added spaces around the current element operator in Flutter's version_expr to prevent Tera parser errors. #8616 by @roele

Changed

  • Removed hidden --prefix and --interleave flags from mise run -- These flags were hidden in December 2024 when --output was introduced as their replacement. Their short forms (-p, -i) could silently consume flags intended for tasks. Use --output prefix or --output interleave instead. #8669 by @nkakouros

Breaking Changes

  • .tool-versions with Tera templates now require trust -- If you have .tool-versions files using template syntax ({{, {%, {#), you will need to run mise trust in those directories. Plain .tool-versions files are unaffected. #8675
  • Trust hash files regenerated -- Due to the hash collision fix, previously trusted configs in paranoid mode may need a one-time mise trust after upgrading. #8628
  • --prefix/-p and --interleave/-i removed from mise run -- Use --output prefix or --output interleave instead (available since December 2024). #8669

New Contributors

Full Changelog: v2026.3.9...v2026.3.10

Check out latest releases or
releases around jdx/mise v2026.3.10

Don't miss a new mise release

NewReleases is sending notifications on new releases.

Get notifications