* fix LocalBackend deadlock when packet arrives during profile switch
* wgengine: fix TSMP/ICMP callback leak
- Update to version 1.92.0:
* no changelog provided
- Update to version 1.90.9:
* tailscaled no longer deadlocks during event bursts
* The client no longer hangs after wake up
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=108
- Update to version 1.90.8:
* tka: move RemoveAll() to CompactableChonk
- Update to version 1.90.7:
* wgengine/magicsock: validate endpoint.derpAddr
* wgengine/magicsock: fix UDPRelayAllocReq/Resp deadlock
* net/udprelay: replace VNI pool with selection algorithm
* feature/relayserver,ipn/ipnlocal,net/udprelay: plumb DERPMap
* feature/relayserver: fix Shutdown() deadlock
* net/netmon: do not abandon a subscriber when exiting early
* tka: don't try to read AUMs which are partway through being written
* tka: rename a mutex to mu instead of single-letter l
* ipn/ipnlocal: use an in-memory TKA store if FS is unavailable (forwarded request 1318741 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1318742
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=42
* tka: move RemoveAll() to CompactableChonk
- Update to version 1.90.7:
* wgengine/magicsock: validate endpoint.derpAddr
* wgengine/magicsock: fix UDPRelayAllocReq/Resp deadlock
* net/udprelay: replace VNI pool with selection algorithm
* feature/relayserver,ipn/ipnlocal,net/udprelay: plumb DERPMap
* feature/relayserver: fix Shutdown() deadlock
* net/netmon: do not abandon a subscriber when exiting early
* tka: don't try to read AUMs which are partway through being written
* tka: rename a mutex to mu instead of single-letter l
* ipn/ipnlocal: use an in-memory TKA store if FS is unavailable
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=106
* Clients can use configured DNS resolvers for all domains
* Node keys will be renewed seamlessly
* Unnecessary path discovery packets over DERP servers are suppressed
* Node key sealing is GA (generally available) and enabled by default
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=97
- update to version 1.88.3:
* cmd/tailscale/cli: add ts2021 debug flag to set a dial plan
* control/controlhttp: simplify, fix race dialing, remove priority concept
- update to version 1.88.2:
* k8s-operator: reset service status before append
- require the minimum go version directly, in comparison to using the golang(API)
symbol (forwarded request 1308396 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1308397
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=37
* cmd/tailscale/cli: add ts2021 debug flag to set a dial plan
* control/controlhttp: simplify, fix race dialing, remove priority concept
- update to version 1.88.2:
* k8s-operator: reset service status before append
- require the minimum go version directly, in comparison to using the golang(API)
symbol
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=95
* Tailscale CLI prompts users to confirm impactful actions
* Tailscale SSH works as expected when using an IP address instead of a
hostname and MagicDNS is disabled
* fixed: Taildrive sharing when su not present
* Taildrive files remain consistently accessible
* new: Tailscale tray GUI
* DERP IPs changed for Singapore and Tokyo
- remove patch fix-CVE-2025-58058, fixed upstream
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=92
- update to version 1.86.0:
* tsStateEncrypted device posture attribute for checking whether the
Tailscale client state is encrypted at rest
* Cross-site request forgery (CSRF) issue that may have resulted in a log in
error when accessing the web interface
* Recommended exit node when the previously recommended exit node is offline
* tailscale up --exit-node=auto:any and tailscale set --exit-node=auto:any
CLI commands track the recommended exit node and automatically switches to
it when available exit nodes or network conditions change
* tailscaled CLI command flag --encrypt-state encrypts the node state file on
the disk using trusted platform module (TPM) (forwarded request 1295906 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1295907
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=33
* tsStateEncrypted device posture attribute for checking whether the
Tailscale client state is encrypted at rest
* Cross-site request forgery (CSRF) issue that may have resulted in a log in
error when accessing the web interface
* Recommended exit node when the previously recommended exit node is offline
* tailscale up --exit-node=auto:any and tailscale set --exit-node=auto:any
CLI commands track the recommended exit node and automatically switches to
it when available exit nodes or network conditions change
* tailscaled CLI command flag --encrypt-state encrypts the node state file on
the disk using trusted platform module (TPM)
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=85
- update to 1.84.0:
* The --reason flag is added to the tailscale down command
* ReconnectAfter policy setting, which configures the maximum period of time
between a user disconnecting Tailscale and the client automatically
reconnecting
* Tailscale CLI commands throw an error if multiple of the same flag are detected
* Network connectivity issues when creating a new profile or switching
profiles while using an exit node
* DNS-over-TCP fallback works correctly with upstream servers reachable only
via the tailnet
- remove fix-CVE-2025-22869.patch, as upstream updated their dependencies (forwarded request 1279265 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1279266
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=29
* The --reason flag is added to the tailscale down command
* ReconnectAfter policy setting, which configures the maximum period of time
between a user disconnecting Tailscale and the client automatically
reconnecting
* Tailscale CLI commands throw an error if multiple of the same flag are detected
* Network connectivity issues when creating a new profile or switching
profiles while using an exit node
* DNS-over-TCP fallback works correctly with upstream servers reachable only
via the tailnet
- remove fix-CVE-2025-22869.patch, as upstream updated their dependencies
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=77
- update to 1.82.0:
* DERP functionality within the client supports certificate pinning for
self-signed IP address certificates for those unable to use Let's Encrypt
or WebPKI certificates.
* Go is updated to version 1.24.1
* NAT traversal code uses the DERP connection that a packet arrived on as an
ultimate fallback route if no other information is available
* Captive portal detection reliability is improved on some in-flight Wi-Fi networks
* Port mapping success rate is improved
* Helsinki is added as a DERP region. (forwarded request 1264693 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1264694
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=27
* DERP functionality within the client supports certificate pinning for
self-signed IP address certificates for those unable to use Let's Encrypt
or WebPKI certificates.
* Go is updated to version 1.24.1
* NAT traversal code uses the DERP connection that a packet arrived on as an
ultimate fallback route if no other information is available
* Captive portal detection reliability is improved on some in-flight Wi-Fi networks
* Port mapping success rate is improved
* Helsinki is added as a DERP region.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=73
* Hostname system policy is added for overriding the device hostname
configured by the operating system, using an MDM solution.
* Web interface displays a Login button instead of the Reauthenticate button
when adding a new device to your tailnet.
* Tailscale Funnel configuration on devices displays errors when incoming
connections are not permitted and connections are disallowed.
* Connections to a custom coordination server that does not support HTTPS
will no longer fail when a custom port number is specified.
* TLS certificate requests from Let’s Encrypt include the device's DNS name
in the CSR’s SAN extension and set the Common Name field.
* Tailscale Funnel disabled on a device no longer displays enabled in the
admin console.
* GitHub username change automatically updates tailnet name
* 4via6 subnet routers GA
* Auto approvers GA
* Node attributes GA
* Download invoices GA
* Fast user switching GA
* Configuration log streaming integration with S3 buckets GA
* Network flow log streaming integration with S3 buckets GA
* NextDNS profiles per device GA
* GitHub secret scanning
- remove fix-CVE-2024-45337.patch, as it's now included
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=63
* Client metrics have been added, to provide insights into Tailscale client
behavior, health, and performance.
* tailscale metrics command has been added, to expose and collect client
metrics for use with third-party monitoring systems.
* tailscale syspolicy command has been added, to list system policies, reload
system policies, or view errors related to the system policies configured
on the device.
* Tailscale system policies are applied immediately when pushed via mobile
device management (MDM) or Group Policy, without requiring a client restart.
* Tailscale SSH session recording detects the disappearance of the recorder
node sooner. This fix addresses a security vulnerability described
in TS-2024-013.
* New scopes for OAuth clients have been added with more granular permissions.
Existing OAuth clients using the previous set of scopes, and keys generated
using these clients, are still valid.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=55
* tailscale netcheck CLI command no longer crashes when performing diagnostics
on networks lacking UDP connectivity.
* Improperly formatted SERVFAIL responses no longer cause DNS timeouts when using an exit node.
* dbus login sessions no longer fail on systems where /bin/login is missing.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=49
* Clients lacking UDP connectivity no longer skip performing fallback latency
measurements with DERP servers.
* Warnings no longer display unnecessarily.
* Tailscale connectivity on in-flight internet on airplanes (such as Alaska Airlines) no longer fails.
* Service-related processes no longer run unnecessarily when services are disabled on the tailnet.
* Error messages include explanations in addition to the HTTP status code.
* Tailscale SSH supports sending environment variables to hosts. It's also possible to specify
permitted environment variables using the acceptEnv field.
* Tailscale SSH no longer breaks some terminal applications by omitting pixel width and height when
resizing the application window.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=45
* AuthKey system policy can be used to authenticate a device with Tailscale using an MDM solution.
* tailscale dns CLI command is added for accessing Tailscale DNS settings and status.
* Tailnet Lock long rotation signatures are truncated automatically to avoid excessive growth.
* Log In option in the client works as expected.
* TCP generic receive offload (GRO) support is added for improved userspace mode throughput.
* TCP generic segmentation offload (GSO) is re-introduced for supporting improved userspace mode throughput.
This was initially introduced in Tailscale v1.72.0 and then rolled back in v1.72.1.
* Device posture integration with CrowdStrike Falcon can now use MAC addresses to match devices that lack serial numbers.
When Falcon integration is configured, Device Identity Collection will automatically collect MAC addresses.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=38
- Update to version 1.72.0:
* posture: deduplicate MAC addresses before returning them
* health/dns: reduce severity of DNS unavailable warning
* safeweb: add Server.Close method
* go.mod.sri: update SRI hash for go.mod changes
* go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket
* cmd/viewer: add support for map-like container types
- update golang(API) to 1.23
- export version variables, to circumvent a bug (forwarded request 1195168 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1195170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=9
- update to 1.70.0:
* New: Restrict recommended and automatically selected exit nodes using the
new AllowedSuggestedExitNodes system policy. Applies only to platforms that
support system policies.
* Changed: Improved NAT traversal for some uncommon scenarios.
* Changed: Optimized sending firewall rules to clients more efficiently.
* Fixed: Exit node suggestion CLI command now prints the hostname.
* Fixed: Taildrive share paths configured through the CLI resolve relative
to where you run the tailscale command. (forwarded request 1188314 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1188315
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tailscale?expand=0&rev=8
* New: Restrict recommended and automatically selected exit nodes using the
new AllowedSuggestedExitNodes system policy. Applies only to platforms that
support system policies.
* Changed: Improved NAT traversal for some uncommon scenarios.
* Changed: Optimized sending firewall rules to clients more efficiently.
* Fixed: Exit node suggestion CLI command now prints the hostname.
* Fixed: Taildrive share paths configured through the CLI resolve relative
to where you run the tailscale command.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=32
- update to 1.68.1:
* Fixed: 4via6 subnet router advertisement works as expected.
* Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected.
- update to 1.68.0:
* New: Auto-updates are allowed in containers, but ignore the tailnet-wide default
* New: Apply auto-updates even if the node is down or disconnected from the coordination server.
* New: tailscale lock status now prints the node's signature.
OBS-URL: https://build.opensuse.org/request/show/1181176
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=28
- update to 1.66.4:
* Fixed: Restored UDP connectivity through Mullvad exit nodes
* Stateful filtering is now off by default
- update to 1.66.3:
* Login URLs did not always appear in the console when running tailscale up
* Starting with v1.66, the Kubernetes operator must always run the same or later version
as the proxies it manages.
* Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services
* Expose tailnet services that use Tailscale HTTPS to cluster workloads
* Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names
* Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD
* Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD
* Configure labels for the Kubernetes operator Pods with Helm chart values
* Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass
* Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems
that don't have IPv6 module loaded
* Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is
pre-created for the tailscaled state
* Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right
permissions to perform actions against the tailscaled state Secret
OBS-URL: https://build.opensuse.org/request/show/1175718
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=26
- update to 1.66.1:
* Resolved issues with nftables rules for stateful filtering,
introduced in v1.66.0.
* tailscale set command flags --netfilter-mode, --snat-subnet-routes,
and --stateful-filtering are added.
- update to 1.66.0:
* Implemented client-side quarantining for shared-in exit nodes,
as a mitigation for a security vulnerability described in TS-2024-005.
* Use the --stateful-filtering flag for the tailscale up to enable stateful filtering for
subnet routers and exit nodes, as a mitigation for a security vulnerability described
in TS-2024-005.
* Added tab completions
* Use the tailscale exit-node suggest command to automatically pick an available exit node
that is likely to perform best.
* Site-to-site networking now also requires --stateful-filtering=false in addition to
--snat-subnet-routes=false on new subnet routers. Existing subnet routers with --snat-subnet-routes=false
will default to --stateful-filtering=false.
- update to 1.64.2:
* nothing relevant for linux
- update to 1.64.1:
* nothing relevant for linux
- update to 1.64.0:
* New: tailscale configure kubeconfig now respects KUBECONFIG environment variable.
* Fixed: tailscale configure kubeconfig now works with partially empty kubeconfig.
* Fixed: MSS clamping for Kubernetes operator proxies using nftables.
* Fixed: Containers on hosts with partial support for ip6tables no longer crash.
- turn of changelog generation
- add completions for bash
OBS-URL: https://build.opensuse.org/request/show/1173203
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=24
- update to 1.60.0:
* minimum go version 1.22
* authentication: present users with a valid login page when
attempting to login even after leaving device unattended for several days
* networking: mute noisy peer mtu discovery errors
* networking: expose gVisor metrics in debug mode
* port mapper: support legacy "urn:dslforum-org" port mapping services
* port mapper: fix crash when no support mapping services found
* ssh: log warning when unable to find SSH host keys
* serve: improve error message when running as non-root
* Detect when Tailscale is running on Digital Ocean and automatically
use Digital Ocean's DNS resolvers
* enable app connectors to install routes for domains that resolve to CNAME
records
* support pre-configured routes from control server
* add new read-only mode
* tailscale status command: fix output formatting Tailnet
includes location-based exit nodes
* a new ProxyClass custom resource that allows to provide custom
configuration for cluster resources that the operator creates
* ACL tags for the operator can now be configured via Helm chart values
* routing to Ingress backends that require an exact path without a slash
OBS-URL: https://build.opensuse.org/request/show/1146985
OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=15
oid sha256:2233214ad5bc4185d8b35517d4a0042b9cc86a65db35637009e9588edb3db7ae
size 18607906
oid sha256:deb7d6bbaa80fd49ecf76c207c81c8dad40db792c7340333007b0ac0e499cf01
size 20891884
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
