renovate[bot]
commented
3 weeks ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: go.sum
Command failed: go get -d -t ./...
go: module tailscale.com@v1.66.0 requires go >= 1.22.0; switching to go1.22.3
go: downloading go1.22.3 (linux/amd64)
go: download go1.22.3: golang.org/toolchain@v0.0.1-go1.22.3.linux-amd64: verifying module: checksum database disabled by GOSUMDB=off
This PR contains the following updates:
v1.38.4->v1.66.0Release Notes
tailscale/tailscale (tailscale.com)
### [`v1.66.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.66.0) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.64.2...v1.66.0) Changelog will be available shortly at https://tailscale.com/changelog ### [`v1.64.2`](https://togithub.com/tailscale/tailscale/releases/tag/v1.64.2) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.64.1...v1.64.2) #### Windows - Changed: Installers are now built using WiX toolchain [version 3.14.1][wix-security-release]. #### Synology - Fixed: DiskStation Manager UI no longer freezes for a few minutes at startup when attempting to clean unused routes. This update is applicable to the version provided on [pkgs.tailscale.com](synology-pkg)\[^1]. \[^1]: We initially noted this as being released in 1.64.1, but that package was not uploaded incorrectly, so 1.64.2 has the actual fix. [synology-pkg]: https://pkgs.tailscale.com/stable/#spks [wix-security-release]: https://www.firegiant.com/blog/2024/2/6/wix-security-releases-available/ ### [`v1.64.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.64.1) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.64.0...v1.64.1) #### Synology - Fixed: No longer freezes for a few minutes at startup when attempting to clean unused routes ### [`v1.64.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.64.0) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.62.1...v1.64.0) #### All platforms - Changed: [`tailscale serve`][serve-command] headers are now [RFC 2047][ref2047] Q-encoded #### macOS - New: Access a new [Internet Access Policy][internet-access-policy] for [Little Snitch][little-snitch] users - New: Receive alerts when an error occurs while changing client preferences - New: Use Tailscale for macOS as a Tailscale SSH client (Standalone variant only) - New: `tailscale ssh` and `tailscale nc` are now supported in the Standalone variant of the client. - Changed: The `.pkg` installer no longer requires a system restart after installing the client (Standalone variant only) - Fixed: Reduced number of alerts if the network extension terminates unexpectedly - Fixed: Unexpected terminations for some macOS 10.15 Catalina users #### iOS - Fixed: Improved reliability of the ping chart presentation #### Synology - New: Update certificates using the `configure synology-cert` CLI command - Fixed: [IPv6][ipv6] addresses are available again #### Kubernetes operator - New: [`tailscale configure kubeconfig`][configure-command] now respects `KUBECONFIG` environment variable. - Fixed: [`tailscale configure kubeconfig`][configure-command] now works with partially empty `kubeconfig`. - Fixed: [MSS][mss] clamping for Kubernetes operator proxies using [nftables][nftables]. #### Containers - Fixed: Containers on hosts with partial support for ip6tables no longer crash. [configure-command]: https://tailscale.com/kb/1080/cli#configure-alpha [exit-node-command]: https://tailscale.com/kb/1080/cli/#exit-node [internet-access-policy]: https://www.obdev.at/iap/index.html [ipv6]: https://tailscale.com/kb/1121/ipv6/ [little-snitch]: https://www.obdev.at/products/littlesnitch/index.html [mss]: https://en.wikipedia.org/wiki/ [nftables]: https://wiki.nftables.org/wiki-nftables/index.php/What_is_nftables%3F [ref2047]: https://datatracker.ietf.org/doc/html/rfc2047 [rfc5389]: https://datatracker.ietf.org/doc/html/rfc5389 [serve-command]: https://tailscale.com/kb/1080/cli/#serve ### [`v1.62.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.62.1) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.62.0...v1.62.1) ##### Linux New: Send load balancing hint HTTP request header ##### Windows Fixed: Do not allow msiexec to reboot the operating system ##### macOS Issue that could cause the Tailscale system extension to not be installed upon app launch, when deploying Tailscale using MDM and using a configuration profile to pre-approve the VPN tunnel (applies to [standalone](https://tailscale.com/kb/1065/macos-variants) variant only) ##### Synology Fixed: IPv6 routing ##### Kubernetes operator Fixed: [Kubernetes operator](https://tailscale.com/kb/1236/kubernetes-operator/) proxies should not accept subnet routes ### [`v1.62.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.62.0): 1.62.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.60.1...v1.62.0) #### All platforms - New: [Web interface][web-interface] now uses ACL grants to manage access on tagged devices - Changed: [Tailscale SSH][tailscale-ssh] connections now disable unnecessary hostname [canonicalization][canonicalization] - Changed: [`tailscale bugreport`][tailscale-bugreport] command for generating diagnostic logs now contain ethtool information - Changed: Mullvad's [family-friendly server][mullvad-family-friendly] is added to the list of well known DNS over HTTPS (DoH) servers - Changed: DNS over HTTP requests now contain a timeout - Changed: TCP forwarding attempts in [userspace mode][userspace-mode] now have a per-client limit - Changed: Endpoints with link-local IPv6 addresses is preferred over private addresses - Changed: WireGuard logs are less verbose - Changed: Go is updated to version 1.22.1 - Fixed: [DERP server][derp-servers] region no longer changes if connectivity to the new DERP region is degraded #### Linux - Changed: [Auto-update][auto-updates] version detection on Alpine Linux is improved - Changed: IPv6 support detection in a container environment is improved - Fixed: DNS configuration on Amazon Linux 2023 no longer causes an infinite loop #### Windows - Changed: [`ManagedByOrganizationName`][mdm-keys-org], [`ManagedByCaption`][mdm-keys-caption], and [`ManagedByURL`][mdm-keys-URL] system policy keys are now supported - Fixed: Tailscale Tunnel WinTun adapter handling is improved - Fixed: [MSI][windows-msi] upgrades no longer ignore policy properties set during initial install #### macOS - New: A `.pkg` installer package is now available for the [standalone][macos-variants] release of the Tailscale client - Changed: [Taildrop][taildrop] notifications now include actions to reveal the received file in the Finder, or delete it - Changed: [Tailnet lock][tailnet-lock] settings UI displays more information about the status, including key and public key trust status - Changed: The onboarding flow now guides the user in enabling the Tailscale system extension - Changed: **Launch Tailscale at login** settings item can now be toggled when the Tailscale client is disconnected - Changed: DNS behavior is improved when handling transitions between network interfaces #### iOS - Changed: Battery usage is improved - Changed: [Taildrop][taildrop] notifications now include actions to reveal the received file in the Files app, or delete it - Changed: [Tailnet lock][tailnet-lock] settings UI displays more information about the status, including key and public key trust status - Changed: Unnecessary log messages are removed when triggered by changes to device power state and routing - Changed: DNS behavior is improved when handling interface transitions between Wi-Fi and Cellular #### Android - Changed: Settings persist from previous sign-ins - Changed: Always-on VPN handling is improved - Changed: Custom control server is applied on first start #### Kubernetes operator - Changed: [Ingress][kubernetes-ingress] resource handling is improved when deployed before its backing `Service` resource - Fixed: Destination NAT (DNAT) rule management by egress proxies in [`nftables`][firewall-mode] mode when IP address of `tailscale.com/tailnet-fqdn` changes [auto-updates]: https://tailscale.com/kb/1067/update#auto-updates [canonicalization]: https://en.wikipedia.org/wiki/Canonicalization [derp-servers]: https://tailscale.com/kb/1232/derp-servers [firewall-mode]: https://tailscale.com/kb/1294/firewall-mode [kubernetes-ingress]: https://tailscale.com/kb/1236/kubernetes-operator#cluster-ingress [macos-variants]: https://tailscale.com/kb/1065/macos-variants [mdm-keys-caption]: https://tailscale.com/kb/1315/mdm-keys#set-an-info-message [mdm-keys-org]: https://tailscale.com/kb/1315/mdm-keys#set-your-organization-name [mdm-keys-url]: https://tailscale.com/kb/1315/mdm-keys#set-a-support-url [mullvad-family-friendly]: https://mullvad.net/en/blog/family-friendly-dns-content-blocking-now-added-to-our-encrypted-dns-service [taildrop]: https://tailscale.com/kb/1106/taildrop [tailnet-lock]: https://tailscale.com/kb/1226/tailnet-lock [tailscale-bugreport]: https://tailscale.com/kb/1227/bug-report [tailscale-ssh]: https://tailscale.com/kb/1193/tailscale-ssh [userspace-mode]: https://tailscale.com/kb/1177/kernel-vs-userspace-routers#userspace-netstack-mode [web-interface]: https://tailscale.com/kb/1325/device-web-interface [windows-msi]: https://tailscale.com/kb/1189/install-windows-msi ### [`v1.60.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.60.1): 1.60.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.60.0...v1.60.1) #### All Platforms Fixed: Exposing port `8080` to other devices on your tailnet works as expected ### [`v1.60.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.60.0): 1.60.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.58.2...v1.60.0) #### All Platforms - build Tailscale with Go 1.22 - authentication: present users with a valid login page when attempting to login even after leaving device unattended for several days - networking: mute noisy peer mtu discovery errors - networking: expose gVisor metrics in debug mode - port mapper: support legacy "urn:dslforum-org" port mapping services - port mapper: fix crash when no support mapping services found - ssh: log warning when unable to find SSH host keys - serve: improve error message when running as non-root - cloud servers: Detect when Tailscale is running on Digital Ocean and automatically use Digital Ocean's DNS resolvers (ask Andrew) - app connectors: enable app connectors to install routes for domains that resolve to CNAME records - app connectors: support pre-configured routes from control server - web client: add new read-only mode - tailscale status command: fix output formatting Tailnet includes location-based exit nodes #### Windows - Fixed: tailscaled could be slow or cause increased CPU usage with large routing tables #### Synology - fix stalling SMB transfers of large files #### macOS - Added: New UI to add/remove/switch between user accounts, including using custom control servers - Added: New UI to change client preferences - Added: New UI to manage updates for the Standalone variant of the client, including switching in-app between stable and unstable builds. - Added: VPN On-Demand is now supported on macOS, to automatically connect/disconnect Tailscale when specific conditions are triggered - Added: ‘Reset VPN Configuration’ menu item in the Debug Menu is now available to reset the system VPN configuration if needed - Improved: An alert window is presented when the Tailscale network extension fails to start, providing suggested troubleshooting steps - Improved: Tailscale appears in the macOS Dock when an app window is presented - Improved: The devices list now shows all devices known to the control server, not only the ones seen in the last 4 days. - Improved: The onboarding flow automatically advances once the user is connected - Fixed: The authentication flow is now more reliable when Tailscale has been running for an extended period of time, and the session has expired server-side - Fixed: Resolved a potential crash and excessive logging upon client launch - Fixed: “Start on Login” is set correctly on macOS Ventura and earlier versions #### iOS / tvOS - Fixed: The authentication flow is now more reliable when Tailscale has been running for an extended period of time, and the session has expired server-side - Fixed: Resolved a potential crash and excessive logging upon client launch - Fixed: Stale devices are no longer presented in the devices list #### Android - Improved: Sort Mullvad exit nodes to make it easier to find best node for each location - Fixed: Quick settings tile now works - Fixed: Mullvad tunnels are no longer shown as regular nodes in UI #### Kubernetes operator - New: a new ProxyClass custom resource that allows to provide custom configuration for cluster resources that the operator creates - New: ACL tags for the operator can now be configured via Helm chart values - Fixed: routing to Ingress backends that require an exact path without a slash (/) suffix ### [`v1.58.2`](https://togithub.com/tailscale/tailscale/releases/tag/v1.58.2): 1.58.2 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.58.1...v1.58.2) ###### All platforms - Fixed: \[App connectors]\[app-connectors] have improved scheduling and merging of route changes under some conditions - Fixed: Crash when performing UPnP portmapping on older routers with no supported portmapping services ###### macOS - Fixed: Opening the **About** window no longer displays a user interface when there is no newer version ### [`v1.58.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.58.1): 1.58.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.58.0...v1.58.1) NOTE 23-Jan-2024: 1.58.1 release had to be re-done. Please use 1.58.2 ###### All platforms - Fixed: \[App connectors]\[app-connectors] have improved scheduling and merging of route changes under some conditions - Fixed: Crash when performing UPnP portmapping on older routers with no supported portmapping services ###### macOS - Fixed: Opening the **About** window no longer displays a user interface when there is no newer version ### [`v1.58.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.58.0): 1.58.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.56.1...v1.58.0) NOTE 21-Jan-2024: rollout of 1.58.0 has been paused while we investigate reports of a problem in handling portmap responses. #### All Platforms - portmap: check the epoch from NAT-PMP & PCP, establish new portmapping if it changes - portmap: better handle multiple interfaces - portmap: handle multiple UPnP discovery responses - increase the number of 4via6 site IDs from 256 to 65,536 - taildrop: allow category Z unicode characters - increased binary size with 1.56 is resolved in 1.58 - Reduce home DERP flapping when there's still an active connection - device web ui: fixed issue when accessing shared devices - device web ui: fixed login issue when accessed over https ##### Windows - find the full path to `netsh.exe` - add ADMX policy descriptions - remove vestigial wintun support which broke Chocolatey install at some sites - fix goroutine leak in winMon if the monitor is never started - fix "This package requires Windows 10 or newer" with Uninstall or Repair from the .msi file - support for `tailscale set --webclient` ##### Linux - add shell shebang in postinstall script, fixes some Debian installs ##### macOS - a new DNS Settings view shows the DNS configuration used when Tailscale is running - onboarding flow now includes a step to ask the user to approve notifications (for key expiry notifications) - better onboarding flow for the Standalone variant of the client, asking the user to approve the system extension if necessary - Tailscale app can now quit without terminating the VPN tunnel by holding down the Option button and selecting “Quit (Leave VPN Active)” - Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel depending on its current state - Better compatibility with versions of macOS prior to Sonoma - VPN tunnel now terminates upon closing the app - Opening the About window now triggers a check for app updates - downloadable variant of the client now checks for app updates every 72 hours - support for `tailscale set --webclient` from macsys build - `KeyExpirationNotice` system policy now supported on macOS, to customize the time interval before a key expiration notice is displayed ##### iOS - Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel depending on its current state - Connectivity is no longer lost when transitioning from Wi-Fi to Cellular while an exit node is in use - The "Sign" button in the Tailnet lock device sign view is now rendered correctly - `KeyExpirationNotice` system policy now supported on iOS, to customize the time interval before a key expiration notice is displayed ##### tvOS - Improvements to persistence of the client when running in the background ##### Android - better detect when active network changes ##### Kubernetes Operator - introduce a new Connector Custom Resource that can be used to deploy subnet routers and exit nodes on Kubernetes - sync operator managed labels to StatefulSet Pods - add a Tailscale IngressClass resource - fix extra long Service name truncation - warn if the unsupported Ingress Exact path type is used ##### Containers - add experimental support for configuring tailscale daemon using a mounted config file - fix a bug where tailscale images contained different layer types and could not be parsed by podman/buildah ### [`v1.56.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.56.1): 1.56.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.56.0...v1.56.1) ##### Linux - Fixed: Web interface redirects to the correct self IP known by source peer - Fixed: Usage of slices.Compact from app connector domains list ##### macOS - Fixed: Using a custom login server ##### iOS - Fixed: Using a custom login server ##### tvOS - Fixed: Using a custom login server ### [`v1.56.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.56.0): 1.56.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.54.1...v1.56.0) ##### All Platforms - improve responsiveness under load, especially with bidirectional traffic - improve UPnP portmapping - add `tailscale whois` subcommand to observe metadata associated with a Tailscale IP - include tailnet name and profile ID in `tailscale switch --list` to disambiguate profiles with common login names - make System policies beta ##### Linux - improve `tailscale web` interface for configuring some device settings such as exit nodes, subnet routers, and Tailscale SSH - improve `containerboot` to symlink its socket file if possible, making the `tailscale` CLI work without `--socket=/tmp/tailscale.sock` - support `tailscale update` for Unraid ##### Windows - improve throughput for userspace ("netstack") mode in the presence of packet loss - disable dynamic DNS updates for the tailscale interface via registry setting - begin displaying tailnet name in profile switcher - improve robustness when restarting GUI processes during Windows client upgrades ##### macOS - deliver notification when a file is received using Taildrop (Mac App Store variant only) - add shortcut action to send files using Taildrop - add in-app warnings and push notifications when internet connectivity is blocked due to the current exit node being offline or having an expired key - improve experience stopping Tailscale from the toggle in the menubar; now terminates the VPN tunnel entirely - inform user when running a TestFlight build from 'About Tailscale' window - fix /etc/resolv file formatting with Tailscaled-on-macOS - begin displaying tailnet name in profile switcher ##### iOS - add view to show DNS configuration - add "Allow Local Network Access" to exit node picker UI - add shortcut action to send files using Taildrop - include received file names in Taildrop notifications - add in-app warnings and push notifications when internet connectivity is blocked due to the current exit node being offline or having an expired key - inform user when running a TestFlight build from 'About Tailscale' window - reduce app size by about 2 MB with better assets compression - begin displaying tailnet name in profile switcher ##### tvOS - add tvOS UI to be a subnet router and configure routes - inform user when running a TestFlight build from 'About Tailscale' window ##### GoKrazy - use TUN mode by default ##### Kubernetes - add support in Kubernetes operator cluster egress for referring to a tailnet service by its MagicDNS name ### [`v1.54.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.54.1): 1.54.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.54.0...v1.54.1) #### macOS - Fixed: Changing a pre-existing system policy value to nil no longer causes stability issues #### iOS - Fixed: Widget tracks the connection state more closely ### [`v1.54.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.54.0): 1.54.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.52.1...v1.54.0) #### All Platforms - update to Go 1.21.4 ##### Linux - improve throughput substantially for UDP packets over TUN device with recent Linux kernels ##### Windows - open menu with a regular click in addition to a right-click ##### macOS - don't run taildrop cleanup loop until the first file transfer, avoid spurious security dialog - implement MDM settings for the macSys app downloadable from pkgs.tailscale.com - support `tailscale update --yes` for macSys app ##### iOS - show a helpful banner if there are no other devices on the tailnet - add "Allow Local Network Access" setting when using an exit node - show info bubble when key expires in < 8 hrs or has expired - widgets reflect the state of the VPN tunnel more accurately ##### QNAP - add `tailscale update` support ### [`v1.52.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.52.1): 1.52.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.52.0...v1.52.1) #### Windows - Fixed: Resolve an incompatibility with other software that uses wintun #### NAS platforms - Changed: Clean up downloaded upgrades after applying them ### [`v1.52.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.52.0): 1.52.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.50.1...v1.52.0) #### All platforms - [tailscale cert](https://tailscale.com/kb/1080/cli/#cert) command renews in the background. The current certificate only displays if it has expired. - [tailscale status](https://tailscale.com/kb/1080/cli/#status) command displays a message about client updates when newer versions are available - [tailscale up](https://tailscale.com/kb/1080/cli/#up) command displays a message about client updates when newer versions are available - [Taildrop](https://tailscale.com/kb/1106/taildrop) now resumes file transfers after partial transfers are interrupted - Taildrop prevents file duplication - Taildrop detects conflicting file transfers and only proceeds with one transfer - Wake on LAN (WoL) is now supported for peer node wake-ups - TCP DNS queries are speculatively started if UDP hasn’t responded quickly enough - Truncated UDP DNS results are properly retried using TCP - Go is updated to version 1.21.3 #### Linux - [tailscale set](https://tailscale.com/kb/1080/cli/#set) command flag --auto-update is added to opt in to automatic client updates ([beta](https://tailscale.com/kb/1167/release-stages/#beta)) - [tailscale serve](https://tailscale.com/kb/1242/tailscale-serve) and [tailscale funnel](https://tailscale.com/kb/1311/tailscale-funnel) commands are updated for improved usability - [tailscale update](https://tailscale.com/kb/1080/cli/#update-beta) command for manual updates is now in [beta](https://tailscale.com/kb/1167/release-stages/#beta) - [Taildrop](https://tailscale.com/kb/1106/taildrop) file transfer displays a progress meter - [nftables](https://tailscale.com/kb/1294/firewall-mode/) auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto is used - DNS detection of NetworkManager with configured but absent systemd-resolved, such as EndeavourOS - DNS detection for Debian resolvconf version 1.90 or later #### Windows - [tailscale set](https://tailscale.com/kb/1080/cli/#set) command flag --auto-update is added to opt in to automatic client updates ([beta](https://tailscale.com/kb/1167/release-stages/#beta)) - Preferences section contains auto-update setting - Update notice displays, when a new version is available - [System policies](https://tailscale.com/kb/1315/mdm-keys/) allow system administrators to set a forced/suggested tailnet name, hide settings menu items, and more - [tailscale serve](https://tailscale.com/kb/1242/tailscale-serve) and [tailscale funnel](https://tailscale.com/kb/1311/tailscale-funnel) commands are updated for improved usability - [tailscale update](https://tailscale.com/kb/1080/cli/#update-beta) command for manual updates is now in [beta](https://tailscale.com/kb/1167/release-stages/#beta) - iphlpsvc, netprofm, and WinHttpAutoProxySvc service dependencies are checked during installation #### macOS - [tailscale set](https://tailscale.com/kb/1080/cli/#set) command flag --auto-update is added to opt in to automatic client updates ([beta](https://tailscale.com/kb/1167/release-stages/#beta)) - App menu displays a notification item when a newer version is available - [System policies](https://tailscale.com/kb/1315/mdm-keys/) allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide categories of network devices and setting menu items, and more - Settings section has an option added for turning on auto-updates - Reauthenticate menu item shows time until expiry more prominently, presenting alerts when necessary - [tailscale serve](https://tailscale.com/kb/1242/tailscale-serve) and [tailscale funnel](https://tailscale.com/kb/1311/tailscale-funnel) commands are updated for improved usability - [tailscale update](https://tailscale.com/kb/1080/cli/#update-beta) command for manual updates is now in [beta](https://tailscale.com/kb/1167/release-stages/#beta) - About window more clearly distinguishes between the Standalone and App Store [variants](https://tailscale.com/kb/1065/macos-variants/) of the client - Sparkle is updated to version 2.5.1 #### iOS - Settings page displays a notification banner when a newer version is available on the App Store - Home and lock screen widgets are supported - [System policies](https://tailscale.com/kb/1315/mdm-keys/) allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide the VPN On-Demand settings, categories of network devices and settings menu items, and more #### tvOS - DNS support when operating as an [exit node](https://tailscale.com/kb/1280/appletv/#use-a-device-exit-node) ### [`v1.50.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.50.1) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.50.0...v1.50.1) #### All Platforms - Fix [Issue 9558](https://togithub.com/tailscale/tailscale/issues/9558): tailscale serve config lost in container - Fix [Issue 9539](https://togithub.com/tailscale/tailscale/issues/9539): `tailnet lock` failed to sign node in container - Fix [Issue 9566](https://togithub.com/tailscale/tailscale/issues/9566): Funnel support for tsnet apps - Fix potential crash with UPnP ### [`v1.50.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.50.0): 1.50.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.48.2...v1.50.0) #### All platforms - update to Go 1.21.1. - `tailscale ping` now sends an ICMP Ping code of 0. - UPnP falls back to a permanent lease if a limited lease fails, some servers only support permanent. - Adds support for Wikimedia DNS using DNS-over-HTTPS. - Unhide `tailscale update` CLI command on most platforms. - `tailscale web` updated to use React and be more awesome. - Add `--log-http` option to `tailscale debug portmap`. - `tailscale netcheck` now works even if the OS platform lacks CA certificates. ##### Linux - debian package lists iptables+iproute2 packages as recommended, not required. - `nftables` support now interoperates with `ufw` ##### Windows - The Windows executable installer now detects when it is running on Windows 7 or Windows 8.x and will automatically download the appropriate v1.44.2 MSI package, which is the final Tailscale release supporting those operating systems. - The Windows executable installer no longer embeds MSI packages in its binary. Instead, it automatically downloads the correct package. Users desiring the previous behavior may download the "full" executable installer at `pkgs.tailscale.com`. - Added additional diagnostics to logs generated via `tailscale bugreport` ##### iOS/tvOS - First official release with support for tvOS. - Improved Tailnet Lock support. - Add Fast User Switching support. - Improved UI to pick Mullvad VPN exit nodes, including an option to automatically pick the 'best available' node. - Added the ability to log in to multiple user accounts with Fast User Switching. - Users using iOS 17 can now customize their device name from the app settings. - App Shortcuts in Spotlight and Siri are now supported. Try saying: "Hey Siri, connect to Tailscale", or "Hey Siri, is Tailscale connected?". - Find more in the Shortcuts app. - Added new shortcuts to find and ping devices. - VPN On-Demand rules are no longer reset when disabling the feature. - Improved the accessibility of UI items when using VoiceOver. - Taildrop no longer replaces spaces with "%20" in file names when sending files to Windows devices. ##### macOS - Improved Tailnet Lock support. - Improved UI to pick Mullvad VPN exit nodes, including an option to automatically pick the 'best available' node. - Added new shortcuts to find and ping devices. - Reliability improvements when signing devices with Tailnet lock - Taildrop no longer replaces spaces with "%20" in file names when sending files to Windows devices. ### [`v1.48.2`](https://togithub.com/tailscale/tailscale/releases/tag/v1.48.2): 1.48.2 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.48.1...v1.48.2) ### All Platforms - Fixed: Stability improvements for [Mullvad Exit Nodes](https://tailscale.com/kb/1258/mullvad-exit-nodes), particularly for users on IPv4-only networks ### [`v1.48.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.48.1): 1.48.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.48.0...v1.48.1) #### Linux - Fix: resolve nftables interaction between tailscale and ufw which resulted in blocking subnet routed traffic #### Synology - Fix: determine correct CPU architecture on Synology platforms during `tailscale update` ### [`v1.48.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.48.0): 1.48.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.46.1...v1.48.0) 1.48.0 introduced a regression in the interaction between Tailscale and Linux `ufw`. The Linux release has been withdrawn pending a fix. #### All Platforms: - Tailscale Lock Beta - Add `--upstream` flag to `tailscale version` - Add `tailscale exit-node` subcommand - The `tailscale funnel` command provides an interactive web UI that prompts you to allow Tailscale to enable Tailscale Funnel on your behalf - The `tailscale serve` command provides an interactive web UI that prompts you to allow Tailscale to enable HTTPS and Tailscale Funnel on your behalf #### Linux: - Support for nftables - RPM packages are now fully signed - Support for `tailscale update` on Alpine, Arch and Fedora distro families #### Synology: - Support for `tailscale update` #### macOS: - Support for `tailscale update` #### iOS: - Support for VPN On Demand - VPN tunnel lifecycle improvements - Improved exit node selection - Minor UI tweaks ### [`v1.46.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.46.1): 1.46.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.46.0...v1.46.1) ### All platforms - Fixed an issue with Tailnet lock signature verification ### Linux - Fixed a crash on arm64 ### Android - Fixed an issue involving DNS and subnet routes ### [`v1.46.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.46.0): 1.46.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.44.3...v1.46.0) ##### Android - Fixed an issue that could cause the device name to always be 'localhost' ##### iOS - UI redesign (new onboarding flow, exit node picker, devices list, device details, settings page) - Added ability to ping devices - Added support for Tailnet lock ##### macOS - Added support for Tailnet lock ##### Windows - Added support for Tailnet lock ### [`v1.44.3`](https://togithub.com/tailscale/tailscale/releases/tag/v1.44.3): 1.44.3 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.44.2...v1.44.3) ##### Windows - Fixed: Added a security fix to address privilege escalation with [`tailscale serve`][serve] and [`tailscale funnel`][funnel] that allowed low-privilege users to serve files they did not have access to ([TS-2024-001][ts-2024-001]). This release is intended for Windows 7 and 8 users. Those with later versions of Windows should run the latest stable version of Tailscale, which is 1.56.1. This issue was resolved in Tailscale 1.52.push [funnel]: /kb/1311/tailscale-funnel [serve]: /kb/1242/tailscale-serve [ts-2024-001]: /security-bulletins/#ts-2024-001 ### [`v1.44.2`](https://togithub.com/tailscale/tailscale/releases/tag/v1.44.2): 1.44.2 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.44.0...v1.44.2) #### All platforms - fix handling of custom HTTP ports in `tailscale serve`. #### Windows - restore support for Windows 7 and 8.x. 1.44.2 will be the last release to support Windows 7, Windows 8, Windows Server 2008 and Windows Server 2012. ### [`v1.44.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.44.0): 1.44.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.42.1...v1.44.0) #### All Platforms - Tailscale SSH supports remote port forwarding - Tailscale Serve now supports HTTP - improve stability of userspace subnet routers, including macOS, Windows, FreeBSD, and Linux when `--tun-userspace-networking` is used - initial support for recursive DNS resolution to replace bootstrapDNS, currently operating in a parallel mode - MagicSock will prefer private addresses when both private and public are available, to keep traffic in private VPCs where possible - update to Go 1.20.5 - remove async support from `portlist` package, please update to use synchronous `Poll()` if this breaks your package - `WatchIPNBus` requires only read-only permissions to read - base the decision of whether to renew in `tailscale cert` on the lifetime of the certificate, not hard-coded. Better supports 14 day certificate lifetimes. ##### Linux - better support SELinux systems using Tailscale SSH - install iputils in Alpine-based Docker containers - support usernames of up to 256 characters for Tailscale SSH - `build_dist.sh` better supports operating systems and CPU architectures which Tailscale release builds do not include ##### macOS - fix ICMP6 forwarding when running as a subnet router ##### FreeBSD / OpenBSD - fix ICMP6 forwarding when running as a subnet router ##### Windows - better support for DNS caching using `PreferGo` ##### WASI - better support tsnet applications compiled to WebAssembly ### [`v1.42.1`](https://togithub.com/tailscale/tailscale/compare/v1.42.0...v1.42.1) [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.42.0...v1.42.1) ### [`v1.42.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.42.0): 1.42.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.40.1...v1.42.0) #### News - This is the last release to support the following operating systems. Tailscale releases after 1.42 will no longer install on these operating systems. - Windows 7, Windows 8, Windows Server 2008 and Windows Server 2012 - macOS 10.13 High Sierra, macOS 10.14 Mojave. #### All platforms - update internal DNS handling to better support mixtures of global and private DNS servers - add a `tailscale serve reset` to clear current serve config ##### Linux - fix SSH login on platforms which lack `getent` ##### Windows - Note: this release switches to a new application signing cert, good through 2025. - update notification icons ##### macOS - update Sparkle to check more regularly - fix Taildrop delivery of incomplete files ##### iOS - better handle memory management to avoid hitting 50 MByte memory limit - add Delete Account button to redirect to the admin panel ##### Unraid - support Unraid as a NAS platform similar to how Synology and QNAP are handled ##### Kubernetes - add support for priorityClassName ### [`v1.40.1`](https://togithub.com/tailscale/tailscale/releases/tag/v1.40.1): 1.40.1 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.40.0...v1.40.1) ##### Linux - support LDAP and other users with Tailscale SSH - restore support for SSH recording to a local file - start generating Debian & RPM packages for MIPS again ##### macOS - fix a timeout failure in `tailscale cert` fetch ##### Windows - Notification icons have been changed - Fixes 32-bit Windows installer ##### Kubernetes - print Tailscale version in the startup logs ### [`v1.40.0`](https://togithub.com/tailscale/tailscale/releases/tag/v1.40.0): 1.40.0 [Compare Source](https://togithub.com/tailscale/tailscale/compare/v1.38.4...v1.40.0) #### News - Early warning: as early as August 2023, Windows 7, 8, Server 2008 and Server 2012 will no longer be supported. Similarly, for macOS, macOS 10.13 High Sierra or 10.14 Mojave will no longer be supported and macOS 10.15 Catalina or later will be required. #### All platforms - `tailscale up --force-reauth` will now display a warning and 5 second countdown if you are connected over SSH over Tailscale, unless `--accept-risk=lose-ssh` is also given. - Tailscale now dynamically increases the buffer size for DERP relay messages based on the amount of available RAM ([#7776](https://togithub.com/tailscale/tailscale/pull/7776)). - Improvements were made to how Tailscale advertises available endpoints to reduce the likelihood of a spurious loss of direct connections ([#7877](https://togithub.com/tailscale/tailscale/pull/7877)). #### Linux - Substantially higher throughput: [Surpassing 10Gb/s over Tailscale](https://tailscale.com/blog/more-throughput/) - Improved CPU consumption on systems with a very large (1M+) routing table #### Windows - redo migration of pre-[Fast-User-Switching](https://tailscale.com/blog/fast-user-switching/) state for better robustness #### macOS - change menu item to "Settings" instead of "Preferences" on macOS Ventura #### Android - Added intents `com.tailscale.ipn.CONNECT_VPN` and `com.tailscale.ipn.DISCONNECT_VPN` #### gokrazy - Tailscale SSH now works on gokrazy #### QNAP - fix UI failure after rebootConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.