Tailscale Release Notes

Tailscale v1.96.2

Note: 1.96.0 and 1.96.1 were release candidates intended for testing only.

All Platforms

• tailscale dns query|status command supports --json flag to return JSON output.
• tailscale wait [flags] command waits for Tailscale resources to become available for binding.
• tailscale ip command supports --assert= flag to assert that one or more of the node's IP addresses matches the specified IP address.
• tailscale version --track and tailscale update --track support release-candidate flag to check for and update to release candidate builds.
• Tailscale Peer Relays advertise addresses discovered via Amazon EC2 Instance Metadata Service.
• tailscaled_peer_relay_endpoints gauge user metrics are available for Tailscale Peer Relays.
• The AuthKey system policy applies only when a user is not in a logged in state.
• UPnP routes as expected during long lived port mapping sessions scenarios, including hard NAT.

Linux

• Launch the systray application on startup using autostart file with the tailscale configure systray --enable-startup=freedesktop command.
• Scaling of Tailscale Peer Relays UDP sockets is gated by container-aware GOMAXPROCS defaults.
• Firewall rules created on Linux platforms correctly mark their traffic, avoiding reverse path filtering dropping connections and producing health warnings and risk prompts.
• OpenWrt versions 25.12.0 or later using apk as a package manager supports Tailscale updates.

macOS

• Windowed UI mode for macOS is generally available.
• Double click an account in the Accounts section to switch to that account.
• A progress dialog indicates Tailscale is waiting on the browser to complete reauthentication.
• The open source variant of Tailscale on macOS sets the node:osVersion attribute.
• The Taildrop Send File action and shortcut do not transmit empty files on macOS Tahoe (version 26) or later.
• Tailscale data directories for the macOS standalone version are excluded from Time Machine backups.
• An issue that required a machine reboot after installing a Tailscale update is resolved.

iOS

• iOS bug report ID displays in its entirety instead of being truncated.
• The Taildrop Send File action and shortcut do not transmit empty files on iOS version 26 or later.

Tailscale container image v1.94.1

A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.

• OAuth and workload identity federation support has been added for containers.

Tailscale Kubernetes Operator v1.94.1

A new release of the Tailscale Kubernetes Operator is available. For guidance on installing and updating, refer to our installation instructions.

• The Egress proxy can now send traffic to Tailscale service VIPs.
• Use Kubenetes API server proxy audit logging (beta) to record Kubernetes API events on your cluster, in addition to or instead of entire recordings, that pass through your Kubernetes Operator API server proxy.
• Setting container resources for the Tailscale container will no longer result in an invalid value error for “1Mi.”

Tailscale tsrecorder v1.94.1

A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.

• Note: This version contains no changes except for library updates.