- Jan 6, 2026
- Parsed from source:Jan 6, 2026
- Detected by Releasebot:Jan 6, 2026
Jan 6, 2026
Tailscale 1.92.5 updates disable default state file encryption and hardware attestation keys to prevent startup failures after TPM resets on Linux and Windows. The container image, Kubernetes Operator, and tsrecorder releases add library updates and security tweaks, including not placing attestation keys in Kubernetes Secrets.
Tailscale v1.92.5
Linux
State file encryption and hardware attestation keys are no longer enabled by default.
Failure to load hardware attestation keys no longer prevents the client from starting. This could happen when the TPM device is reset or replaced.Windows
State file encryption and hardware attestation keys are no longer enabled by default.
Failure to load hardware attestation keys no longer prevents the client from starting. This could happen when the TPM device is reset or replaced.Tailscale container image v1.92.5
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
- Hardware attestation keys are no longer added to Kubernetes state Secrets, making it possible to change the Kubernetes node the Tailscale containers are deployed on.
Tailscale Kubernetes Operator v1.92.5
A new release of the Tailscale Kubernetes Operator is available. For guidance on installing and updating, refer to our installation instructions.
- Certificate renewal is no longer done as an ARI order by default to avoid renewal failure if ACME account keys are recreated.
- Hardware attestation keys are no longer added to Kubernetes state Secrets, making it possible to change the Kubernetes node the Tailscale Kubernetes Operator is deployed on.
Tailscale tsrecorder v1.92.5
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
- Note: This version contains no changes except for library updates.
- Jan 5, 2026
- Parsed from source:Jan 5, 2026
- Detected by Releasebot:Jan 6, 2026
Jan 5, 2026
Workload identity federation API
The Tailscale API supports creating, reading, updating, and deleting federated identities.
tailscale-client-go-v2 can configure federated identities.
The Tailscale Terraform provider can configure federated identities.
Original source Report a problem - Dec 23, 2025
- Parsed from source:Dec 23, 2025
- Detected by Releasebot:Dec 23, 2025
Dec 23, 2025
Tailscale GitHub Action v4.1.1
The Tailscale GitHub Action uses the correct architecture for storing and retrieving caches on macOS-based GitHub runners.
Original source Report a problem - Dec 18, 2025
- Parsed from source:Dec 18, 2025
- Detected by Releasebot:Dec 18, 2025
Dec 18, 2025
Tailscale releases v1.92.4 across container image, Kubernetes Operator, and tsrecorder. Highlights include logging for background certificate renewal failures and a fixed Helm templating issue when OAuth secrets are missing; tsrecorder updates are library-only.
Tailscale container image v1.92.4
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
- Ensure errors for background certificate renewal failures are logged.
Tailscale Kubernetes Operator v1.92.4
A new release of the Tailscale Kubernetes Operator is available. For guidance on installing and updating, refer to our installation instructions.
- A Helm templating issue that occurred when an OAuth client secret was not set, is resolved.
Tailscale tsrecorder v1.92.4
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
Note: This version contains no changes except for library updates.
Original source Report a problem - Dec 17, 2025
- Parsed from source:Dec 17, 2025
- Detected by Releasebot:Dec 17, 2025
Dec 17, 2025
Tailscale rolls out new container image, Kubernetes Operator, and tsrecorder releases with notable boosts: workload identity federation, HTTP to HTTPS redirects, DNSConfig defaults, HA with S3, ArgoCD tweaks, Ingress reconciliation improvements, and TS_AUTHKEY_FILE support.
Tailscale container image v1.92.3
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
- iptables can be used on hosts that don't support nftables, as expected.
Tailscale Kubernetes Operator v1.92.3
A new release of the Tailscale Kubernetes Operator is available. For guidance on installing and updating, refer to our installation instructions.
- The operator supports workload identity federation for authenticating to a tailnet using provider-native identity tokens.
- tailscale.com/http-redirect annotation can be applied to Ingress resources for enabling HTTP to HTTPS redirects.
- The operator defaults to using the stable image for nameservers deployed using the DNSConfig resource.
- Recorder resources can specify a replica count for highly available deployments. Using multiple replicas requires using an S3 storage backend.
- ArgoCD compatibility is improved. You can use both boolean and string values when setting the apiServerProxyConfig.mode and apiServerProxyConfig.allowImpersonation values.
- The operator correctly reconciles managed Ingresses sharing the same namespace as other unmanaged Ingresses.
- ProxyGroup backed ingresses no longer get stuck during deletion if they use a Tailscale Service that had been deleted.
Tailscale tsrecorder v1.92.3
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
- tsrecorder can use a file containing an auth key for authentication using the TS_AUTHKEY_FILE environment variable.
- Dec 16, 2025
- Parsed from source:Dec 16, 2025
- Detected by Releasebot:Dec 17, 2025
- Modified by Releasebot:Jan 6, 2026
Dec 16, 2025
Tailscale v1.92.3
All platforms
- WireGuard configuration that occurs automatically in the client, no longer results in a panic.
macOS
- Tailscale system extension no longer fails to install during an upgrade.
- Dec 10, 2025
- Parsed from source:Dec 10, 2025
- Detected by Releasebot:Dec 11, 2025
Dec 10, 2025
macOS
- Taildrop works as expected using the macOS Share option.
Android
- An issue in custom control servers (Headscale) that could result in connectivity problems is resolved.
- Dec 10, 2025
- Parsed from source:Dec 10, 2025
- Detected by Releasebot:Dec 11, 2025
Dec 10, 2025
1.92.0 RC previews PROXY protocol across platforms, smarter peer relays, remote service destinations, and workload identity federation for node auth. It adds richer AUM formatting and broader relay endpoint candidates with handshake optimizations. Mac and iOS UI tweaks boost accessibility and taildrop clarity.
Note: 1.92.0 was a release candidate intended for testing only.
All platforms
- Tailscale Funnel and Tailscale Serve support the PROXY protocol, a header format that forwards information about the original client connection, such as the source IP and port, to the server before the actual traffic begins.
- Tailscale Peer Relays can use static endpoints using the tailscale set command with the --relay-server-static-endpoints flag.
- Tailscale Services can be configured to use a remote target as a service destination.
- Nodes can authenticate using workload identity federation with the tailscale up command flags --client-id and --id-token.
- Network flow logs automatically record node information about itself and peers it communicates with.
- Tailnet Lock command tailscale lock log --json response returns Authority Update Messages (AUMs) in a more stable format.
- Tailscale Peer Relay endpoint advertisements include more candidate IP:port pairs.
- Tailscale Peer Relays support multiple, forward bind packets per handshake generation, which improves path selection and chances of completing a handshake.
macOS
- Redundant label text for VoiceOver is removed from the exit node picker.
iOS
- Taildrop supported nodes are shown in Device Details.
- Redundant label text for VoiceOver is removed from the exit node picker.
- Dec 9, 2025
- Parsed from source:Dec 9, 2025
- Detected by Releasebot:Jan 6, 2026
Dec 9, 2025
DERP server IP address changes for Sydney
- The IPv4 and IPv6 addresses for the Sydney DERP servers have changed. If you use custom firewall settings that rely on these addresses specifically, refer to the information in our DERP map and make the necessary updates. Otherwise, no action is required.
- Nov 25, 2025
- Parsed from source:Nov 25, 2025
- Detected by Releasebot:Nov 26, 2025
- Modified by Releasebot:Dec 11, 2025
Nov 25, 2025
Tailscale ships stability fixes across platforms with no deadlocks during bursts and wake up hangs during port mapping. Android DNS stays connected when switching networks. New builds released: container image v1.90.9, Kubernetes operator v1.90.9, tsrecorder v1.90.9.
All platforms
Android
- DNS continues working when switching from cellular to Wi-Fi connections.
tailscaled
- tailscaled no longer deadlocks during event bursts.
- The client no longer hangs after wake up when port mapping is in use and interfaces are slow to become available.
Tailscale container image v1.90.9
A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository.
- tailscaled no longer deadlocks during event bursts.
- The client no longer hangs after wake up when port mapping is in use and interfaces are slow to become available.
Tailscale Kubernetes operator v1.90.9
A new release of the Tailscale Kubernetes operator is available. For guidance on installing and updating, refer to our installation instructions.
Note: This version contains no changes except for library updates.
Tailscale tsrecorder v1.90.9
A new release of the Tailscale tsrecorder is available. You can download it from Docker Hub.
Note: This version contains no changes except for library updates.
Original source Report a problem