Last Month in Nautobot – May 2026

Gary Snider

June 24, 2026

HomeArrow BlogArrow Last Month in Nautobot – May 2026

Welcome to our monthly Nautobot community update! We’ll dive into the latest updates across the Nautobot community, highlighting the key milestones, releases, and noteworthy contributions. From new features and enhancements to bug fixes and events, there’s always something happening in our dynamic ecosystem. Open source is at the core of our values, empowering individuals and organizations to collaborate, innovate, and make a positive impact together. This monthly blog post is our way of celebrating the accomplishments and contributions of our Nautobot community members.

Nautobot Core

Releases – Stable

  • v3.1.3 – 2026-05-26
    • #8990 – Updated the idna dependency to mitigate a security vulnerability (CVE-2026-45409); because it is not a direct dependency, be sure to update your local environment manually.
    • #8969 – Added a “View change log” option to the actions menu on device component tables such as interfaces.
    • #8954 – Changed Job Result Summary timestamps to display in your local timezone instead of UTC.
    • #8965 – Fixed slow page loads on detail views at large scale.
    • #8962 – Fixed the Run/Re-Run button on the Job Result page not refreshing once task details became available.
    • #8969 – Fixed the “Mark planned” and “Mark installed” actions not working in device component tables.
    • #8999 – Fixed the job queue selection in the Re-Run form when using a Kubernetes queue.
  • v3.1.2 – 2026-05-08
    • GHSA-c35q-vxrp-ph26 – Hardened Webhook definitions against server-side request forgery (SSRF), adding new WEBHOOK_ALLOWED_SCHEMES, WEBHOOK_ADDITIONAL_BLOCKED_NETWORKS, and WEBHOOK_ALLOWED_HOSTS settings; administrators should review existing Webhook records (CVE-2026-44797).
    • GHSA-qrpw-gjvh-x5gm – Added a timeout to regular-expression-based bulk renames to protect against denial-of-service attacks (CVE-2026-44796).
    • GHSA-p3hx-pwf3-j8wr – Fixed the REST API incorrectly allowing GitRepository.current_head to be edited by users (CVE-2026-44798).
    • GHSA-wpxj-44w3-2j6x – Added REST API permission checks when assigning related objects, and tightened related validation (CVE-2026-44794).
    • GHSA-c35q-vxrp-ph26 – Removed support for the nautobot-server webhook_receiver command.
    • #8931 – Updated the Django and GitPython dependencies to address several security vulnerabilities.
    • #8413 – Added an “Assume Ownership” button on the Scheduled Job page so authorized users can take over a scheduled job.
    • #8413 – Fixed scheduled jobs failing silently when the owner’s account was removed.
    • #8890 – Fixed slow loading of the VRF detail view caused by inefficient database queries.
    • #8937 – Fixed sorting on the Job History home page panel.

Releases – LTM 2.4

  • v2.4.34 – 2026-05-26
    • #8990 – Updated the idna dependency to mitigate a security vulnerability (CVE-2026-45409); because it is not a direct dependency, be sure to update your local environment manually.
    • #9000 – Fixed the job queue selection in the Re-Run form when using a Kubernetes queue.
  • v2.4.33 – 2026-05-08
    • GHSA-c35q-vxrp-ph26 – Hardened Webhook definitions against server-side request forgery (SSRF), adding new WEBHOOK_ALLOWED_SCHEMES, WEBHOOK_ADDITIONAL_BLOCKED_NETWORKS, and WEBHOOK_ALLOWED_HOSTS settings; administrators should review existing webhook records (CVE-2026-44797).
    • GHSA-qrpw-gjvh-x5gm – Added a timeout to regular-expression-based bulk renames to protect against denial-of-service attacks (CVE-2026-44796).
    • GHSA-p3hx-pwf3-j8wr – Fixed the REST API incorrectly allowing GitRepository.current_head to be edited by users (CVE-2026-44798).
    • GHSA-wpxj-44w3-2j6x – Added REST API permission checks when assigning related objects, and tightened related validation (CVE-2026-44794).
    • GHSA-c35q-vxrp-ph26 – Removed support for the nautobot-server webhook_receiver command.
    • #8944 – Updated the GitPython dependency to address several security vulnerabilities.
    • #8413 – Added an “Assume Ownership” button on the Scheduled Job page so authorized users can take over a scheduled job.
    • #8894 – Improved the speed of CSV exports for large numbers of objects.
    • #8413 – Fixed scheduled jobs failing silently when the owner’s account was removed.
    • #8560 – Fixed the job result status not being set to “started” when a job was run synchronously.

Apps Ecosystem

  • Nautobot App Golden Config: v2.6.4 – 2026-05-01
    • #968 – Added a rebase and retry step to the Golden Config git push to fix failures when running concurrent Golden Config jobs.
  • Nautobot App Golden Config: v3.0.6 – 2026-05-01
    • #968 – Added a rebase and retry step to the Golden Config git push to fix failures when running concurrent Golden Config jobs.
  • Nautobot App SSoT: v4.3.0 – 2026-05-18
    • #1192 – Added support for syncing Arista Port-Channel interfaces and their member assignments from CloudVision.
    • #1206 – Improved AristaCV (CloudVision) device loading performance by fetching interface details once per device.
    • This release fixes 16 bugs. See the full release notes for all of the details.
  • Nautobot App Device Onboarding: v4.4.5 – 2026-05-11
    • #425 – Fixed the connectivity check failing on the Sync Network Data job.
    • #557 – Fixed an error during sync when a device reported no tagged VLANs on a trunk interface.
  • Nautobot App Device Lifecycle Mgmt: v4.2.0 – 2026-05-15
    • #573 – Added an opt-in multi-tenant mode that scopes Validated Software matching to specific tenants; behavior is unchanged when it is left disabled.
    • #573 – Added Tenant filtering to the Hardware Notice and Validated Software reports.
  • Nautobot App Device Lifecycle Mgmt: v4.1.2 – 2026-05-05
    • #566 – Added a migration to standardize all existing CVE severity values.
    • #566 – Fixed the NIST CVE Job to use standardized severity values.
  • Nautobot App Device Lifecycle Mgmt: v3.2.4 – 2026-05-05
    • #566 – Added a fix_cve_severities management command to standardize existing CVE severity values.
    • #566 – Fixed the NIST CVE Job to use standardized severity values.
  • Nautobot App ChatOps: v4.0.1 – 2026-05-26
  • Nautobot Ansible: v6.2.0 – 2026-05-04
    • Added an Ansible Builder execution environment definition.
    • Added a provider_network module.
    • Added new graphql_info and graphql_facts modules and deprecated the older query_graphql module.
    • Added support for inline many-to-many (M2M) fields.
  • Helm Charts: v3.1.2 – 2026-05-29
    • #748 Added startup probes for Celery workers.
    • #745 Fixed statement evaluating always true for startup probes in Nautobot deployment.
    • #742 Fixed missing namespace for Horizontal Pod Autoscaling resource.
    • #747 Fixed uwsgi-exporter sidecar using 127.0.0.1 instead of localhost to avoid IPv6 resolution failures.
Conclusion
Get in Touch!

Do you have a cool Nautobot-related project we should write about? Swing by the Network to Code Slack -> channel #nautobot and write us a quick line! Sign up here if you don’t have an account.

-Gary

Tags :
nautobot nautobot-app nautobot-monthly open-source
Contents
    Recent Posts
    June 24, 2026
    Last Month in Nautobot – May 2026
    May 25, 2026
    Last Month in Nautobot – April 2026
    May 20, 2026
    Nautobot 3.1 – Your Path to Streamlined Network Automation
    March 12, 2026
    Last Month in Nautobot – February 2026
    February 19, 2026
    Last Month in Nautobot – January 2026

    Author