Nomad 1.0.10 and 1.1.4 Released

Nomad 1.0.10 and 1.1.4 were released with an important security fix:

CVE-2021-37218 - Nomad Raft RPC Privilege Escalation

Restricted access to the Raft RPC layer, so only servers within the region can issue Raft RPC requests when mTLS is enabled. Previously, local clients and federated servers could issue Raft RPC requests directly.

See CVE-2021-37218 Nomad Raft RPC Privilege Escalation · Issue #11084 · hashicorp/nomad · GitHub for details.

Remediation:

Users should upgrade servers to Nomad or Nomad Enterprise 1.0.10, 1.1.4, or newer.

Links:

Nomad 1.0.10 and 1.1.4 continue other small improvements and bug fixes. Please see the changelogs for details.

1.0.10 Changelog - nomad/CHANGELOG.md at v1.0.10 · hashicorp/nomad · GitHub
1.0.10 Binaries - Nomad v1.0.10 Binaries | HashiCorp Releases
1.1.4 Changelog - nomad/CHANGELOG.md at v1.1.4 · hashicorp/nomad · GitHub
1.1.4 Binaries - Nomad v1.1.4 Binaries | HashiCorp Releases