Nomad 0.10.3 was released with important security fixes:
CVE-2020-7218 - HTTP/RPC Unbounded Resource Usage
Prior to Nomad 0.10.3 there were no limits or timeouts placed on TCP connections which could allow for denial of service via unbounded resource consumption by a remote TCP client.
CVE-2020-7956 - Insufficient mTLS Certificate Validation
Prior to Nomad 0.10.3 mTLS client certificate validation was not as strict as intended. Before upgrading to Nomad 0.10.3, operators using mTLS with verify_server_hostname = true should confirm that the common name or SAN of all Nomad client node certs is client..nomad, and that the common name or SAN of all Nomad server node certs is server..nomad. Please see issue #7003 and the Upgrade Guide for details.
Go 1.12.16 Security Fixes
Nomad 0.10.3 is built with Go 1.12.16 to address security issues that affect Windows and 32-bit Nomad binaries. See Go’s announcement for details.
Nomad 0.10.4 and 0.11.0
All features and bug fixes targeting Nomad 0.10.3 will now be released in Nomad 0.10.4 in February 2020. Nomad 0.11.0 will be the next feature release of Nomad after that. Thanks for your patience.
Binaries - https://releases.hashicorp.com/nomad/0.10.3/