- Nov 19, 2025
- Parsed from source:Nov 19, 2025
- Detected by Releasebot:Nov 20, 2025
Nov 19, 2025
Tailscale 1.90.8 fixes critical Peer Relays issues, resolves a memory leak, and patches a security signing vulnerability across platforms. It also ships updated container, Kubernetes operator, and tsrecorder releases with library updates.
Tailscale v1.90.8
Note: v1.90.7 was an internal-only release.
All platforms
- Panic issue related to Peer Relays is resolved.
- Deadlock issue no longer occurs when handling Peer Relays endpoint allocation requests.
- Memory leak in Peer Relays is resolved.
Linux
- Nodes without the tailscaled --statedir flag or the TS_STATE_DIR environment variable no longer fail to enforce signing checks in tailnets with Tailnet Lock enabled. This fix addresses a security vulnerability described in TS-2025-008.
macOS
- Connectivity issue related to sleep and wake is resolved.
Tailscale container image v1.90.8
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
- Nodes without the tailscaled --statedir flag or the TS_STATE_DIR environment variable no longer fail to enforce signing checks in tailnets with Tailnet Lock enabled. This fix addresses a security vulnerability described in TS-2025-008.
Tailscale Kubernetes operator v1.90.8
A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.
Note: This version contains no changes except for library updates.Tailscale tsrecorder v1.90.8
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
Original source Report a problem
Note: This version contains no changes except for library updates. - Nov 13, 2025
- Parsed from source:Nov 13, 2025
- Detected by Releasebot:Nov 14, 2025
Nov 13, 2025
IP changes to Tailscale's logging infrastructure
The domain log.tailscale.com resolves to static IP address ranges registered and managed by Tailscale. If IP-based rules are required for your firewall, use the IPv4 range 199.165.136.0/24 and the IPv6 range 2606:B740:1::/48.
Note: In most cases, you do not need to configure firewall rules to use Tailscale. For more information, refer to What firewall ports should I open to use Tailscale?
Original source Report a problem - Oct 31, 2025
- Parsed from source:Oct 31, 2025
- Detected by Releasebot:Nov 1, 2025
Oct 31, 2025
App connectors no longer stall when updated repeatedly. Tailscale releases include v1.90.6 for container image, Kubernetes operator, and tsrecorder with library updates.
App connectors
Routes no longer stall and fail to apply when updated repeatedly in a short period of time.
Tailscale container image v1.90.6
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
Note: This version contains no changes except for library updates.
Tailscale Kubernetes operator v1.90.6
A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.
Note: This version contains no changes except for library updates.
Tailscale tsrecorder v1.90.6
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
Note: This version contains no changes except for library updates.
Original source Report a problem - Oct 30, 2025
- Parsed from source:Oct 30, 2025
- Detected by Releasebot:Oct 30, 2025
- Modified by Releasebot:Nov 14, 2025
Oct 30, 2025
Tailsale v1.90.5 fixes a 10s SSH hang when connecting to tsrecorder and updates multiple components. The Kubernetes operator adds DNSConfig enhancements and richer logging, while the tsrecorder adds a web UI search, improved recordings, and reliability tweaks.
Tailscale v1.90.5
Linux
Tailscale SSH no longer hangs for 10s when connecting to tsrecorder. This affected tailnets that use Tailscale SSH recording.
Tailscale container image v1.90.5
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
Note: This version contains no changes except for library updates.
Tailscale Kubernetes operator v1.90.5
A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.
- DNSConfig nameserver supports Pods with IPv6 addresses and will serve AAAA records.
- DNSConfig nameserver supports specifying a replica count for high-availability deployment.
- DNSConfig nameserver supports specifying pod tolerations.
- ProxyClass now supports the dnsConfig and dnsPolicy fields for refined DNS specifications.
- Reconciler logs are now sent to the Tailscale control plane in addition to the core client logs that are already sent. As before, this can be disabled by setting the TS_NO_LOGS_NO_SUPPORT environment variable to true within the operator deployment.
Tailscale tsrecorder v1.90.5
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
- tsrecorder is updated with web interface search, filtering, and enhanced design.
- kubectl exec sessions record as expected.
- Cached recordings on large datasets no longer fail if the caching process exceeds one minute.
- Recordings are no longer stopped when a session exceeds one minute.
- Oct 29, 2025
- Parsed from source:Oct 29, 2025
- Detected by Releasebot:Oct 29, 2025
Oct 29, 2025
Multiple tailnets for a single organization
Administer multiple tailnets (alpha) under a single organization, using a common identity provider and domain.
Tailscale Peer Relays
Use Tailscale Peer Relays for client-to-client connections when direct connections aren't possible (beta).
Visual policy editor (GA)
Use the visual policy editor to create and manage your tailnet policy file (generally available).
Original source Report a problem - Oct 28, 2025
- Parsed from source:Oct 28, 2025
- Detected by Releasebot:Oct 29, 2025
- Modified by Releasebot:Nov 14, 2025
Oct 28, 2025
Tailscale v1.90.4
All platforms
A deadlock issue no longer occurs in the client when checking for the network to be available.
Linux
tailscaled no longer sporadically panics when a Trusted Platform Module (TPM) device is present.
Windows
tailscaled no longer sporadically panics when a Trusted Platform Module (TPM) device is present.
WASM
The JS/WASM client used by tsconnect no longer crashes unexpectedly.
Tailscale Services
Use Tailscale Services to decouple applications and services from the devices that host them (beta).
Original source Report a problem - Oct 27, 2025
- Parsed from source:Oct 27, 2025
- Detected by Releasebot:Nov 6, 2025
- Modified by Releasebot:Nov 14, 2025
Oct 27, 2025
Tailscale v1.90.3
All platforms
tailscaled shuts down as expected and without panic.
Linux
tailscaled starts up as expected in a no router configuration environment.
macOS
The Tailscale dock icon closes as expected when the client is not using the windowed UI (beta).
FreeBSD
tailscaled starts up as expected in a no router configuration environment.
OpenBSD
tailscaled starts up as expected in a no router configuration environment.
Original source Report a problem - Oct 24, 2025
- Parsed from source:Oct 24, 2025
- Detected by Releasebot:Oct 29, 2025
- Modified by Releasebot:Nov 6, 2025
Oct 24, 2025
Tailscale v1.90.2
- An iptables regression on non-amd64/arm64 platforms is resolved, and the client starts as expected.
- Running Tailscale on devices equipped with Trusted Platform Module (TPM) 1.x no longer causes the tailscaled daemon to fail.
Tailscale GitHub Action v4.0.3
- The Tailscale GitHub Action stops the background Tailscale processes when a CI job finishes.
- The Tailscale GitHub Action validates that tags are specified when using an OAuth client.
- Oct 23, 2025
- Parsed from source:Oct 23, 2025
- Detected by Releasebot:Oct 29, 2025
- Modified by Releasebot:Nov 6, 2025
Oct 23, 2025
Tailscale 1.90.0 RC adds seamless node key renewal, DNS resolver options for all domains with an exit node, and reduced DERP traffic. It also marks node key sealing as GA on Linux and macOS, updates Go to 1.25.3, plus platform tweaks for macOS, iOS, Android, and Windows.
Note: 1.90.0 was a release candidate intended for testing only.
All platforms
- Clients can use configured DNS resolvers for all domains even when the client also uses an exit node using the nameserver settings in the DNS page of the admin console.
- Node keys will be renewed seamlessly, so clients will maintain existing connections while re-authenticating.
- Go is updated to version 1.25.3.
- Unnecessary path discovery packets over DERP servers are suppressed.
Linux
- Node key sealing is GA (generally available) and enabled by default. Existing nodes will migrate to node key sealing automatically on upgrade. For more information, including how to opt out, refer to Secure node state storage.
Windows
- Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.
macOS
- The Hide Dock Icon checkbox located in Settings lets you remove the Tailscale icon from the macOS dock when the client window is closed.
- The tailscale drive CLI command for sharing Taildrive directories is no longer available. Use the client GUI for sharing directories instead.
- Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.
- Exit node selection using the macOS Shortcuts app work as expected.
- Accounts displayed using the macOS menu bar Tailscale icon load as expected.
- Client users preference for automatic/recommended exit node selection is remembered as expected.
iOS
- Exit node selection using the iOS Shortcuts app work as expected.
- Client users preference for automatic/recommended exit node selection is remembered as expected.
Android
- Client is able to establish direct connections as expected.
This is the end. You've seen all the release notes in this feed!