mise Release Notes

A moderate release with a handful of bug fixes and a new feature for the prepare system.

Highlights

• Prepare: auto-touch stale outputs — When tools like uv sync skip work because dependencies are already satisfied, output files don't get updated, causing mise to consider them stale on the next run. Prepare providers now automatically touch output files after a successful command, keeping staleness checks accurate. This is controlled by a new touch_outputs config option (defaults to true). #8243 by @halms
• Settings reorganization: task_* → task.* — Nine flat task_* settings have been consolidated into a nested task.* namespace (e.g., task_output → task.output). The old names still work with no breaking changes — deprecation warnings won't appear until 2026.8.0. #8239

Bug Fixes

• Postinstall hooks now use correct bin paths — Per-tool postinstall hooks were hardcoding $install_path/bin on PATH, which broke backends like aqua where binaries live in non-standard subdirectories. Hooks now use each backend's actual binary paths. #8234
• mise use writes to the correct config file — When both config.toml and config.local.toml exist, mise use was incorrectly writing to config.local.toml. It now properly targets config.toml. #8240
• Legacy .mise.backend installs no longer block auto-migration — Legacy backend files were defaulting to explicit_backend = true, which prevented auto-migration to updated registry backends. They now default to non-explicit, allowing tools like glab to resolve correctly through the current registry. #8245 by @jean-humann

📦 Aqua Registry Updates

Updated Packages (1)

• namespacelabs/foundation/nsc

Original source Report a problem

This release brings MCP task execution support, better Node.js flavor guidance, and a solid round of bug fixes across several backends.

Highlights

• MCP run_task tool — You can now execute mise tasks directly through the MCP interface. The new run_task tool runs tasks via subprocess with full stdout/stderr capture, timeout support, and hardened execution. An install_tool stub is also included for future expansion. #8179 by @joaommartins
• Node flavor suggestions — When a Node.js version isn't found in the configured mirror, mise now suggests setting node.flavor to help you get to the right download faster. #8206 by @risu729
• Registry stack overflow fix — The registry BTreeMap is now built directly on the heap, eliminating a stack overflow that could occur with large registries. #8214 by @risu729

Bug Fixes

• Java version sorting — Shorthand Java versions (e.g., 21, 17) now sort correctly. #8197 by @roele
• Node env var migration — Node-related environment variables have been properly migrated to the settings system. #8200 by @risu729
• Registry overrides in shims — Registry overrides are now correctly applied when running tools through shims. #8199 by @risu729
• Rust outdated duplication — Fixed mise outdated showing Rust versions twice. #8209 by @roele
• GitHub aliased backend resolution — Version lookups no longer break for tools aliased to a different backend than the registry default. #8221
• GitHub attestation output — Attestation verification success is now shown in progress output. #8230
• Cargo binstall setting migration — MISE_CARGO_BINSTALL_ONLY has been migrated to the settings system. #8202 by @risu729

New Tools

• typst — GitHub backend added. #8210 by @3w36zj6
• cargo-dist — Now available via aqua registry. #8153 by @risu729
• release-plz — Now available via aqua registry. #8150 by @risu729

Original source Report a problem

This release brings a nice quality-of-life improvement to task execution along with a solid batch of bug fixes across several subsystems.

Highlights

• Real-time streaming for keep-order tasks — The keep_order task output mode now streams the active task's output in real-time instead of buffering everything until completion. Other parallel tasks buffer quietly and flush in definition order as they finish, so you get live feedback without sacrificing deterministic output ordering. #8164
• npm backend performance — npm view is now called only once per package lookup instead of multiple times, speeding up npm-based tool resolution. Thanks @risu729! #8181

Bug Fixes

• Recursive shim execution on Windows — mise exec now strips the shims directory from PATH during executable lookup, preventing infinite recursion when shims call back into mise x. #8189
• PATH reordering after activation — hook-env now preserves any PATH reordering done after mise activate (e.g., by ~/.zlogin), instead of silently reverting to the original order. #8190
• Cross-platform lockfile resolution — The aqua backend now correctly resolves lockfile artifacts for the target platform instead of leaking host-specific overrides into mise lock --platform. Thanks @mackwic! #8183
• Version alias lockfile lookup — Version aliases (like lts) are now resolved before lockfile lookup, so locked versions are matched correctly. #8194
• Task source freshness checks — Freshness checks now work correctly with dynamic task directories. Thanks @rooperuu! #8169
• Global tasks in monorepos — Global tasks are now properly resolved when running from a monorepo root. #8192
• Wildcard glob matching — test:* no longer incorrectly matches the parent test task. #8165
• task_config.includes paths — Include paths in task config are now resolved relative to the config root, not the working directory. #8193
• Upgrade safety — mise upgrade now skips untrusted tracked configs instead of failing. #8195
• helm-diff registry entry — Fixed the archive binary name for helm-diff. Thanks @jean-humann! #8173

New Contributors

Welcome @jean-humann, @mackwic, and @rooperuu!

📦 Aqua Registry Updates

New Packages (2)

• BetterDiscord/cli
• glossia.ai/cli

Original source Report a problem

This release partially mitigates GitHub attestation verification failures that were causing tool installations to fail (e.g., gh, and other aqua-backed tools with attestations enabled). See #8142 for details.

What happened

GitHub silently changed their attestations API to externalize bundle storage to Azure Blob Storage (tmaproduction.blob.core.windows.net) using Snappy compression, rather than returning bundles inline as JSON. The gh CLI had already been updated to handle this (cli/cli#10185), but third-party tools like mise were not yet aware of the new format, causing "error decoding response body" failures.

What this release does

Bumps sigstore-verification to 0.2, which splits the reqwest dependency version from mise's (0.13 vs 0.12). This avoids Cargo feature unification that was causing mise's gzip feature to be applied to attestation requests, interfering with the Snappy-compressed responses.
Note: A full fix with proper Snappy decompression support and auth token scoping landed in sigstore-verification v0.2.1 (#22, #23) — expect a follow-up mise release with that bump.
If you are still hitting issues, set settings.aqua.github_attestations = false as a workaround.

Dependency Updates

• Bumped sigstore-verification to 0.2 (e8897c9)

📦 Aqua Registry Updates

New Packages (1)

• k1LoW/tcmux

Updated Packages (1)

• jdx/usage

Original source Report a problem