This release fixes cross-device tool installation failures, makes lockfile provenance resolution deterministic across platforms, and adds sandbox field support to task templates. Several smaller fixes address env precedence in multi-environment setups and spurious warnings from tools=true module hooks.
Highlights
- Cross-device tool installation -- Installing bun, deno, erlang, java, or ruby no longer fails when the downloads directory and installs directory are on different filesystems (e.g., Docker cache mounts). mise now falls back to copy+remove when
rename()returns a cross-device error. - Deterministic lockfile provenance --
mise locknow resolves SLSA provenance URLs for all target platforms, not just the current host. This eliminates non-deterministic lockfile diffs when runningmise lockon different machines. - Sandbox fields in task templates -- Task templates now support all sandbox fields (
deny_all,deny_read,deny_write,deny_net,deny_env,allow_read,allow_write,allow_net,allow_env), with deny fields composing restrictively and allow lists combining template and task-local values.
Fixed
-
Cross-device tool installation -- When the downloads folder is on a different mount than the installs folder (common with Docker cache mounts or devcontainers),
rename()fails withEXDEV. mise now uses amove_filehelper that falls back to copy+remove, fixing installation of bun, deno, erlang, java, and ruby in these setups. #9032 by @bgeron -
Deterministic SLSA provenance in lockfiles --
mise lockpreviously only resolved full SLSA provenance URLs for the current host platform, writingprovenance = "slsa"(short form) for cross-platform entries. Now both the GitHub and Aqua backends resolve provenance URLs for all target platforms, producing byte-for-byte identical lockfiles regardless of which machine generates them. #8982 by @cameronbrill -
Sandbox fields in task templates -- Task templates now accept sandbox configuration fields. Deny fields compose restrictively (OR with task-local settings), and allow lists combine template values with task-local values. #9046 by @risu729
[task_templates.restricted] deny_net = true allow_env = ["CI"] [tasks.build] extends = "restricted" allow_env = ["NODE_ENV"] # combined: ["CI", "NODE_ENV"]
-
Env precedence for task config -- With multiple
MISE_ENVvalues (e.g.,MISE_ENV=prod,ci),task_config.includesandtask_config.dirnow correctly respect the documented last-env-wins precedence. Previously the order was reversed, causing the wrong profile's task config to take effect. #9039 by @risu729 -
Spurious warnings from
tools=truemodule hooks -- When a vfox backend tool triggereddependency_env(), it previously resolved alltools=trueenv modules with an incomplete PATH, causing "command not found" warnings. The dependency env now skipstools=truemodule resolution entirely. #9011 by @jdx -
Implicit
self_updatewith rustls features -- Building mise with--features rustlsor--features rustls-native-rootsno longer implicitly enables theself_updatefeature. Theself_update/rustlsentries in these feature lists were redundant and caused the optionalself_updatedependency to be silently pulled in. #9040 by @salim-b -
JSON schema completeness -- Added missing fields to the mise JSON schema: sandbox fields on tasks, legacy top-level
env_file/dotenv/env_pathshortcuts (marked deprecated), and age encryption directive options with proper nesting. #9044 by @risu729 -
Windows
.exein release checksums -- Release builds now publish the extractedmise.exealongside the Windows.ziparchives and include it inSHASUMS256.txt, enabling SHA256 verification of the standalone binary (e.g., bymise-action). #8997 by @zeitlinger -
grantedregistry entry -- Updated thegrantedtool to point to the newfwdcloudsec/grantedrepository after the project moved fromcommon-fate/granted. #9033 by @risu729
New Contributors
Full Changelog: v2026.4.8...v2026.4.9