Tailscale Release Notes

App connectors

Routes no longer stall and fail to apply when updated repeatedly in a short period of time.

Tailscale container image v1.90.6

A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.

Note: This version contains no changes except for library updates.

Tailscale Kubernetes operator v1.90.6

A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.

Note: This version contains no changes except for library updates.

Tailscale tsrecorder v1.90.6

A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.

Note: This version contains no changes except for library updates.

Linux

Tailscale SSH no longer hangs for 10s when connecting to tsrecorder. This affected tailnets that use Tailscale SSH recording.

Tailscale container image v1.90.5

A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
Note: This version contains no changes except for library updates.

Tailscale Kubernetes operator v1.90.5

A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.

• DNSConfig nameserver supports Pods with IPv6 addresses and will serve AAAA records.
• DNSConfig nameserver supports specifying a replica count for high-availability deployment.
• DNSConfig nameserver supports specifying pod tolerations.
• ProxyClass now supports the dnsConfig and dnsPolicy fields for refined DNS specifications.
• Reconciler logs are now sent to the Tailscale control plane in addition to the core client logs that are already sent. As before, this can be disabled by setting the TS_NO_LOGS_NO_SUPPORT environment variable to true within the operator deployment.

Tailscale tsrecorder v1.90.5

A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.

• tsrecorder is updated with web interface search, filtering and, enhanced design.
• kubectl exec sessions record as expected.
• Cached recordings on large datasets no longer fail if the caching process exceeds one minute.
• Recordings are no longer stopped when a session exceeds one minute.

Workload identity federation

Read more

• Use workload identity federation (beta) for creation of federated OIDC workload identities from third-party providers to authenticate requests to the Tailscale API.
• tailscale-client-go-v2 can use workload identity federation for authentication.
• The Tailscale Terraform provider can use workload identity federation for authentication.
• The Tailscale GitHub Action can use workload identity federation for auth key generation.
• The tailscale up command can use workload identity federation for auth key generation.
• OAuth client scopes and descriptions are editable in the Trust credentials page of the admin console.
• The Trust credentials page of the admin console replaces the OAuth clients page.

Tailscale v1.90.4

• A deadlock issue no longer occurs in the client when checking for the network to be available.

Linux

• tailscaled no longer sporadically panics when a Trusted Platform Module (TPM) device is present.

Windows

• tailscaled no longer sporadically panics when a Trusted Platform Module (TPM) device is present.

WASM

• The JS/WASM client used by tsconnect no longer crashes unexpectedly.

Tailscale Services

Read more

• Use Tailscale Services to decouple applications and services from the devices that host them (beta).

Note: 1.90.0 was a release candidate intended for testing only.

All platforms

• Clients can use configured DNS resolvers for all domains even when the client also uses an exit node using the nameserver settings in the DNS page of the admin console.
• Node keys will be renewed seamlessly, so clients will maintain existing connections while re-authenticating.
• Go is updated to version 1.25.3.
• Unnecessary path discovery packets over DERP servers are suppressed.

Linux

• Node key sealing is GA (generally available) and enabled by default. Existing nodes will migrate to node key sealing automatically on upgrade. For more information, including how to opt out, refer to Secure node state storage.

Windows

• Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.

macOS

• The Hide Dock Icon checkbox located in Settings lets you remove the Tailscale icon from the macOS dock when the client window is closed.
• The tailscale drive CLI command for sharing Taildrive directories is no longer available. Use the client GUI for sharing directories instead.
• Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.
• Exit node selection using the macOS Shortcuts app work as expected.
• Accounts displayed using the macOS menu bar Tailscale icon load as expected.
• Client users preference for automatic/recommended exit node selection is remembered as expected.

iOS

• Exit node selection using the iOS Shortcuts app work as expected.
• Client users preference for automatic/recommended exit node selection is remembered as expected.

Android

• Client is able to establish direct connections as expected.