This release extends mise's authentication support to GitLab and Forgejo backends, surfaces env files in diagnostic commands, and fixes several bugs in bash shell hooks, Windows tool installation, and PATH handling.
Highlights
- GitLab and Forgejo token support -- mise now resolves authentication tokens for GitLab and Forgejo backends using the same rich priority chain already available for GitHub: env vars, token files, CLI tool configs (glab/fj), credential commands, and git credential helpers.
- Env files in diagnostics --
mise config lsandmise doctornow show env files loaded viaMISE_ENV_FILEor_.filedirectives, making it easier to trace where environment variables come from. - Bash duplicate trust warning fixed -- Entering an untrusted project directory in bash no longer prints the trust warning twice per
cd.
Added
-
GitLab and Forgejo token resolution -- The GitLab and Forgejo backends now support the same multi-source token resolution as GitHub: environment variables (
MISE_GITLAB_TOKEN,MISE_FORGEJO_TOKEN, etc.), per-host token files (gitlab_tokens.toml,forgejo_tokens.toml), CLI tool integration (glab, fj),credential_command, andgit credential fill. A newmise tokencommand replaces the oldmise github tokenand addsmise token gitlabandmise token forgejosubcommands for debugging token resolution. #8868 by @roelemise token github mise token gitlab --unmask mise token forgejo forgejo.mycompany.com
-
Env files in
config lsanddoctor-- Env files loaded via theMISE_ENV_FILEsetting or_.fileconfig directives now appear inmise config lsoutput (with env var keys shown in verbose mode) and inmise doctoroutput (both text and JSON). #8853 by @SamSoldatenko
Fixed
-
Double
.exeextension on Windows (aqua backend) -- When a package's Windows override URL already includes.exe, mise no longer appends a second.exesuffix. This affected 37 aqua registry packages includingcli/cli,kubernetes/kubectl,gruntwork-io/terragrunt, andrust-lang/rustup. #8863 by @yusei-wy -
Duplicate trust warning in bash -- Entering an untrusted project directory in bash triggered the trust warning from both the
chpwdhook andPROMPT_COMMAND, producing a duplicate message. The bash activation script now coordinates between the two hooks so the warning appears exactly once. #8920 by @timothysparg -
Config root injected into PATH via
_.source-- When a sourced script prepended toPATH(e.g.,export PATH="/custom:$PATH"), an empty path component could resolve to the config root directory and get injected intoPATH. Empty path segments are now filtered out. #8936 by @jdx -
Spurious dependency warnings during install -- When
mise.tomlconfigured both a language runtime and a package from that ecosystem (e.g.,node+npm:prettier), mise would warn that npm was missing during version resolution even though node was configured and would be installed first. The warning is now suppressed when the providing tool is present in the toolset. #8923 by @jdx
Changed
mise github tokenrenamed tomise token github-- The oldmise github tokencommand still works but is hidden from help output. The newmise tokencommand group addsgithub,gitlab, andforgejosubcommands. #8868 by @roele
New Contributors
- @SamSoldatenko made their first contribution in #8853
- @yusei-wy made their first contribution in #8863
- @timothysparg made their first contribution in #8920
Full Changelog: v2026.4.4...v2026.4.5