v1.82.5-sunos

Commits

• bd2db83: go.toolchain.rev: bump go 1.24 for Android pidfd changes (tailscale#15613) (tailscale#15632) (kari-ts) #15632
• e302763: VERSION.txt: this is v1.82.2 (tailscale#15633) (kari-ts) #15633
• f80322b: VERSION.TXT: this is v1.82.3 (tailscale#15646) (kari-ts) #15646
• 97f368a: VERSION.txt: this is v1.82.4 (tailscale#15648) (kari-ts) #15648
• return explicit lo0 for loopback addrs on sandboxed macOS (tailscale#15493) (Jonathan Nobels)
• 25df2e8: ipn/desktop: fix panics on Windows 10, x86 (Nick Khyl) #15694
• ffc830a: wgengine/netstack: revert cubic cc to reno cc (tailscale#15677) (tailscale#15709) (Jordan Whited) #15709
• e4d64c6: VERSION.txt: this is v1.82.5 (tailscale#15723) (kari-ts) #15723
• 95a5d94: Merge tag 'v1.82.5' into sunos-1.82 (Nahum Shalman)

v1.82.0-sunos

Commits

• 08dd499: VERSION.txt: this is v1.81.0 (tailscale#14838) (Andrea Gottardo) #14838
• 8ee72cd: cli/funnel: fix comment typo (tailscale#14840) (Andrea Gottardo) #14840
• 7d5fe13: types/views: make SliceEqualAnyOrder also do short slice optimization (Brad Fitzpatrick) #14832
• generate LoginProfileView and use it instead of *LoginProfile where appropriate #14842 (Nick Khyl)
• 081595d: ipn/{ipnauth, ipnserver}: extend the ipnauth.Actor interface with a CheckProfileAccess method (Nick Khyl) #14843
• 535a3db: ipn/ipnauth: implement an Actor representing tailscaled itself (Nick Khyl) #14843
• 02ad217: ipn/ipn{auth,server,local}: initial support for the always-on mode (Nick Khyl) #14843
• 0a51bbc: ipn/ipnauth,util/syspolicy: improve comments (Nick Khyl) #14851
• 2e95313: ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh (Percy Wegmann) #14853
• a0537dc: ipn/ipnlocal: fix a panic in setPrefsLockedOnEntry when cc is nil (Nick Khyl) #14860
• 2c02f71: util/syspolicy/internal/metrics: replace dots with underscores for metric names (Nick Khyl) #14859
• d832467: client/tailscale,ipn/ipn{local,server},util/syspolicy: implement the AlwaysOn.OverrideWithReason policy setting (Nick Khyl) #14852
• 496347c: go.mod: bump inetaf/tcpproxy (Brad Fitzpatrick) #14880
• 17ca2b7: cmd/tailscale/cli: update tailscale down to accept an optional --reason (Nick Khyl) #14879
• 10fe10e: derp/derphttp,ipn/localapi,net/captivedetection: add cache resistance to captive portal detection (James Tucker) #14858
• 95e2353: wgengine/wgcfg/nmcfg: coalesce, limit some debug logs (Brad Fitzpatrick) #14882
• add JSON unmarshal helper for view of node/peer capabilities #14886 (Adrian Dewhurst)
• 97c4c0e: ipn/ipnlocal: add VIP service IPs to localnets (Adrian Dewhurst) #14889
• 80a100b: net/netmon: add extra panic guard around ParseRIB (James Tucker) #14885
• tcp-write-timeout=0 should disable write deadline (tailscale#14895) #14895 (Jordan Whited)
• 5ef934b: cmd/k8s-operator: reinstate HA Ingress reconciler (tailscale#14887) (Irbe Krumina) #14887
• 00fe884: ipn/{ipnauth,ipnlocal,ipnserver}: move the AlwaysOn policy check from ipnserver to ipnauth (Nick Khyl) #14905
• expose MaxBufferSize and MaxUploadSize options (tailscale#14903) #14903 (Joe Tsai)
• 9726e1f: ipn/{ipnserver,localapi},tsnet: use ipnauth.Self as the actor in tsnet localapi handlers (Nick Khyl) #14910
• refuse to update in tsnet binaries (tailscale#14911) #14911 (Andrew Lytvynov)
• d5316a4: cmd/derper: add setec secret support (tailscale#14890) (Mike O'Driscoll) #14890
• e6e0001: cmd/derper: remove logging of mesh key (tailscale#14915) (Mike O'Driscoll) #14915
• don't use -l option for shells on FreeBSD #14894 (Percy Wegmann)
• refactor OS names into constants #14894 (Percy Wegmann)
• 0e6d99c: docs/windows/policy: remove an extra closing > (Nick Khyl) #14919
• don't use -l option for shells on OpenBSD #14918 (Percy Wegmann)
• f57fa3c: client,localclient: move localclient.go to client/local package (Percy Wegmann) #14909
• add missing localclient aliases (tailscale#14921) #14921 (Percy Wegmann)
• use new LocalAPI client package location #14920 (Brad Fitzpatrick)
• add ability for Darwin clients to set explicit credentials (tailscale#14702) #14702 (Jonathan Nobels)
• 9a9ce12: cmd/derper: close setec after use (tailscale#14929) (Mike O'Driscoll) #14929
• d08f830: cmd/derper: support no mesh key (tailscale#14931) (Mike O'Driscoll) #14931
• 4312160: scripts/installer.sh: add FreeBSD 14 (tailscale#14925) (Erisa A) #14925
• 8380802: wgengine/netstack: disable RACK on all platforms (James Tucker) #14896
• 08a96a8: cmd/tailscale: make ssh command work when tailscaled is built with the ts_include_cli tag (Sandro Jäckel) #12109
• caafe68: scripts/installer.sh: add BigLinux as a Manjaro derivative (tailscale#14936) (Erisa A) #14936
• 4903d6c: wgengine/netstack: block link writes when full rather than drop (James Tucker) #14933
• e113b10: go.mod,wgengine/netstack: use cubic congestion control, bump gvisor (James Tucker) #14934
• e1523fe: cmd/natc: remove speculative tuning from natc (James Tucker) #14935
• 7b3e5b5: wgengine/netstack: respond to service IPs in Linux tun mode (Adrian Dewhurst) #14937
• 532e38b: scripts/installer.sh: fix --yes argument for freebsd (tailscale#14958) (Erisa A) #14958
• 1222557: ipn/ipnlocal: fix (*profileManager).DefaultUserProfileID for users other than current (Nick Khyl) #14951
• 76fe556: .github: Bump github/codeql-action from 3.28.5 to 3.28.9 (tailscale#14962) (dependabot[bot]) #14962
• 11cd98f: .github: Bump golangci/golangci-lint-action from 6.2.0 to 6.3.1 (tailscale#14963) (dependabot[bot]) #14963
• 48dd4bb: ipn/ipn{local,server}: remove ResetForClientDisconnect in favor of SetCurrentUser(nil) (Nick Khyl) #14948
• 1047d11: go.toolchain.rev: bump to Go 1.23.6 (tailscale#14976) (Andrew Lytvynov) #14976
• 9706c9f: types/netmap,*: pass around UserProfiles as views (pointers) instead (Brad Fitzpatrick) #14776
• 2f98197: tempfork/sshtest/ssh: add fork of golang.org/x/crypto/ssh for testing only (Brad Fitzpatrick) #14979
• 27f8e2e: go.mod: bump x/* deps (Brad Fitzpatrick) #14981
• 8b34706: types/bool: add Int (tailscale#14984) (Joe Tsai) #14984
• update + clean up machine API docs, remove some dead code #14985 (Brad Fitzpatrick)
• c498463: net/dns: add a simple test for resolv.conf inotify watcher (Anton) #14983
• f35c49d: net/dns: update to illarion/gonotify/v3 to fix a panic (Anton) #14983
• make NetPortRange.Bits omitempty #14987 (Andrew Dunham)
• remove ancient UserProfiles.Roles field #14989 (Brad Fitzpatrick)
• e9e2bc5: ipn/ipn{auth,server}: update ipnauth.Actor to carry a context (Nick Khyl) [tailscale#14945](https://github.com/tailscale/...

v1.80.3-sunos

Commits

• fix a deadlock in route advertisements (tailscale#15031) (tailscale#15088) #15088 (Andrew Lytvynov)
• ac4b096: client/web: fix CSRF handler order in web UI (tailscale#15143) (tailscale#15156) (Patrick O'Doherty) #15156
• bd762b8: VERSION.txt: this is v1.80.3 (tailscale#15185) (Nick O'Neill) #15185
• d6923bb: Merge tag 'v1.80.3' into sunos-1.80 (Nahum Shalman)

v1.80.2-sunos

Commits

• dad4c87: net/netmon: add extra panic guard around ParseRIB (James Tucker)
• b9dc617: VERSION.txt: this is v1.80.1 (tailscale#14932) (Andrea Gottardo) #14932
• aff2745: ssh/tailssh: add back a fake public key handler to support buggy clients (Percy Wegmann) #14967
• ce31002: go.mod: update x/net for macOS/iOS ParseRIB fix (Brad Fitzpatrick) #14982
• fefb04b: Revert "control/controlclient: delete unreferenced mapSession UserProfiles" (Brad Fitzpatrick) #14994
• c7a79d7: VERSION.txt: this is v1.80.2 (tailscale#15003) (Andrea Gottardo) #15003
• 10ccacf: Merge tag 'v1.80.2' into sunos-1.80 (Nahum Shalman)

v1.80.0-sunos

Builds

• deps: bump nanoid from 3.3.4 to 3.3.8 in /cmd/tsconnect (tailscale#14352) #14352 (dependabot[bot])
• deps: bump braces from 3.0.2 to 3.0.3 in /cmd/tsconnect (tailscale#12468) #12468 (dependabot[bot])

Commits

• b37a478: go.mod: bump x/net and dependencies (James Tucker) #66,#14297
• 66aa774: cmd/gitops-pusher: default previousEtag to controlEtag (tailscale#14296) (Andrew Lytvynov) #66,#14296
• cleanup options API and allow setting http.Client (tailscale#11503) #66,#11503 (Joe Tsai)
• fix TestHealthMetric to pass on release branch #66,#14303 (Brad Fitzpatrick)
• 06a82f4: cmd,{get-authkey,tailscale}: remove unnecessary scope qualifier from OAuth clients (Percy Wegmann) #66,#14286
• f817860: VERSION.txt: this is v1.79.0 (Nick Khyl) #66,#14310
• c276116: cmd/stunc: enforce read timeout deadline (tailscale#14309) (Mike O'Driscoll) #66,#14309
• fix testing in container (tailscale#14330) #66,#14330 (Tom Proctor)
• add env var setting server send queue depth (tailscale#14334) #66,#14334 (Mike O'Driscoll)
• ea3d0bc: prober,derp/derphttp: make dev-mode DERP probes work without TLS (tailscale#14347) (Mario Minardi) #66,#14347
• fa28b02: .github: Bump actions/cache from 4.1.2 to 4.2.0 (tailscale#14331) (dependabot[bot]) #66,#14331
• d54cd59: .github: Bump github/codeql-action from 3.27.1 to 3.27.6 (tailscale#14332) (dependabot[bot]) #66,#14332
• 8b1d011: cmd/containerboot: guard kubeClient against nil dereference (tailscale#14357) (Bjorn Neergaard) #66,#14357
• 0cc071f: cmd/containerboot: don't attempt to write kube Secret in non-kube environments (tailscale#14358) (Irbe Krumina) #66,#14358
• fa655e6: cmd/containerboot: add more tests, check that egress service config only set on kube (tailscale#14360) (Irbe Krumina) #66,#14360
• f1ccdcc: cmd/k8s-operator,k8s-operator: operator integration tests (tailscale#12792) (Tom Proctor) #66,#12792
• 6e552f6: cmd/containerboot: don't attempt to patch a Secret field without permissions (tailscale#14365) (Irbe Krumina) #66,#14365
• 0045860: types/iox: add function types for Reader and Writer (tailscale#14366) (Joe Tsai) #66,#14366
• c9188d7: types/bools: add IfElse (tailscale#14272) (Joe Tsai) #66,#14272
• 716cb37: util/dnsname: use vizerror for all errors (Adrian Dewhurst) #66,#14368
• 73128e2: ssh/tailssh: remove unused public key support (Brad Fitzpatrick) #66,#14373
• aa04f61: net/netcheck: adjust HTTPS latency check to connection time and avoid data race (James Tucker) #66,#14294
• perform DERP bandwidth probes over TUN device to mimic real client #66,#14338 (Percy Wegmann)
• cc168d9: cmd/k8s-operator: fix ProxyGroup hostname (tailscale#14336) (Irbe Krumina) #66,#14336
• 5883ca7: types/opt: fix test to be agnostic to omitzero support (tailscale#14401) (Joe Tsai) #66,#14401
• 0cc2a8d: go.toolchain.rev: bump Go toolchain (Brad Fitzpatrick) #66,#14399
• fix WithBandwidthProbing behavior with optional tunAddress #66,#14403 (Brad Fitzpatrick)
• b62a013: Switch logging service from log.tailscale.io to log.tailscale.com (tailscale#14398) (Joe Tsai) #66,#14398
• b3d4ffe: docs/k8s: add some high-level operator architecture diagrams (tailscale#13915) (Tom Proctor) #66,#13915
• add MutexValue (tailscale#14422) #66,#14422 (Joe Tsai)
• 6ae0287: cmd/systray: add account switcher (Andrew Lytvynov) #66,#14353
• 00a4504: cmd/derpprobe,prober: add ability to perform continuous queuing delay measurements against DERP servers (Percy Wegmann) #66,#14405
• 2d4edd8: cmd/systray: add extra padding around notification icon (Will Norris) #66,#14429
• add ShardedInt expvar.Var type #66,#14412 (James Tucker)
• 89adcd8: cmd/systray: improve profile menu (Will Norris) #66,#14427
• 3adad36: cmd/k8s-operator,k8s-operator: include top-level CRD descriptions (tailscale#14435) (Tom Proctor) #66,#14435
• make histogram buckets cumulative #66,#14437 (Percy Wegmann)
• 256da8d: cmd/systray: remove new menu delay on KDE (Will Norris) #66,#14439
• rename and retype ServiceHost capability (tailscale#14380) #66,#14380 (Naman Sood)
• cb59943: cmd/systray: add exit nodes menu (Will Norris) #66,#14444
• 10d4057: cmd/systray: add visual workarounds for gnome, mac, and windows (Will Norris) #66,#14446
• 8d4ea4d: wgengine/router: add ip rules for unifi udm-pro (Jason Barnett) #66,#10828
• c4f9f95: scripts/installer.sh: add support for PikaOS (tailscale#14461) (Erisa A) #66,#14461
• 4267d0f: .github: update matrix of installer.sh tests (tailscale#14462) (Erisa A) #66,#14462
• 9e2819b: util/stringsx: add package for extra string functions, like CompareFold (Brad Fitzpatrick) [#66](...

v1.78.1-taildrive-sunos

Commits

• be11bf4: XXX sunos: enable taildrive (Nahum Shalman)
• 9576600: XXX library overrides for peercred (Nahum Shalman)
• 1854c95: XXX go mod tidy (Nahum Shalman)

v1.78.1-sunos

Commits

• acb4a22: VERSION.txt: this is v1.77.0 (tailscale#13779) (Jonathan Nobels) #13779
• 33029d4: net/netcheck: fix netcheck cli-triggered nil pointer deref (tailscale#13782) (Jordan Whited) #13782
• f9949cd: client/tailscale,cmd/{cli,get-authkey,k8s-operator}: set distinct User-Agents (Percy Wegmann) #13786
• 17335d2: net/dns/resolver: forward SERVFAIL responses over PeerDNS (Nick Hill) #13691
• e7545f2: net/dns/resolver: translate 5xx DoH server errors into SERVFAIL DNS responses (Nick Hill) #13691
• c2144c4: net/dns/resolver: update (*forwarder).forwardWithDestChan to always return an error unless it sends a response to responseChan (Nick Hill) #13691
• f07ff47: net/dns/resolver: add tests for using a forwarder with multiple upstream resolvers (Nick Khyl) #13691
• ecc8035: types/bools: add Compare to compare boolean values (tailscale#13792) (Joe Tsai) #13792
• 12e6094: ssh/tailssh: calculate passthrough environment at latest possible stage (Percy Wegmann) #13793
• avoid Fatal in ResourceCheck to show panic (tailscale#13790) #13790 (Paul Scott)
• instrument with usermetrics #13576 (Kristoffer Dalby)
• e0d711c: {net/connstats,wgengine/magicsock}: fix packet counting in connstats (Kristoffer Dalby) #13549
• update license notices #13815 (License Updater)
• 5f22f72: hostinfo,build_docker.sh,tailcfg: more reliably detect being in a container (tailscale#13826) (Tom Proctor) #13826
• 2aa9125: cmd/derpprobe: add /healthz endpoint (Andrew Dunham) #13830
• ff5f233: util/syspolicy: add rsop package that provides access to the resultant policy (Nick Khyl) #13718
• 74dd24c: cmd/tsconnect, logpolicy: fixes for wasm_js.go (Christian) #13819
• 6a885db: wgengine/magicsock: fix CI-only test warning of missing health tracker (Brad Fitzpatrick) #13835
• d32d742: ipn/ipnlocal: error when trying to use exit node on unsupported platform (tailscale#13726) (Mario Minardi) #13726
• 22c89fc: cmd/tailscale,ipn,tailcfg: add tailscale advertise subcommand behind envknob (tailscale#13734) (Naman Sood) #13734
• fa95318: tool/gocross: add support for tvOS Simulator (tailscale#13847) (Andrea Gottardo) #13847
• c0a9895: scripts/installer.sh: support DNF5 (Andrew Dunham) #13844
• give trusted mesh peers longer write timeouts #13853 (Brad Fitzpatrick)
• add sclient write deadline timeout metric (tailscale#13831) #13831 (Jordan Whited)
• 874db21: ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login (Nick Khyl) #13297
• 877fa50: net/netcheck: remove arbitrary deadlines from GetReport() tests (tailscale#13832) (Jordan Whited) #13832
• e711ee5: release/dist: clamp min / max version for synology package centre (tailscale#13857) (Mario Minardi) #13857
• fd77965: net/tlsdial: call out firewalls blocking Tailscale in health warnings (tailscale#13840) (Andrea Gottardo) #13840
• track client-advertised non-ideal DERP connections in more places #13866 (Brad Fitzpatrick)
• 72587ab: scripts/installer.sh: allow Archcraft for Arch packages (tailscale#13870) (Erisa A) #13870
• remove SysDNSOS, add two Warnables for read+set system DNS config (tailscale#13874) #13874 (Andrea Gottardo)
• 0f4c9c0: cmd/viewer: import types/views when generating a getter for a map field (Nick Khyl) #13872
• d4d21a0: net/tstun: restore tap mode functionality (Maisem Ali) #13875
• 85241f8: net/tstun: use /10 as subnet for TAP mode; read IP from netmap (Maisem Ali) #13876
• fix spurious warning about DERP home region '0' #13882 (Brad Fitzpatrick)
• b2665d9: net/netcheck: add a Now field to the netcheck Report (Andrew Dunham) #13885
• 2122704: cmd/testwrapper: add pkg runtime to output (tailscale#13894) (Paul Scott) #13894
• 7fe6e50: net/dns/resolver: fix test flake (Andrew Dunham) #13903
• e815ae0: util/syspolicy, ipn/ipnlocal: update syspolicy package to utilize syspolicy/rsop (Nick Khyl) #13727
• 6ab39b7: cmd/k8s-operator: validate that tailscale.com/tailnet-ip annotation value is a valid IP (Nick Kirby) #13836
• 853fe3b: ipn/store/kubestore: cache state in memory (tailscale#13918) (Irbe Krumina) #13918
• 9d1348f: ipn/store/kubestore: don't error if state cannot be preloaded (tailscale#13926) (Irbe Krumina) #13926
• 5d07c17: net/dns: fix blank lines being added to resolv.conf on OpenBSD (tailscale#13928) (Renato Aguiar) #13928
• update license notices #13936 (License Updater)
• c0a1ed8: tstest/natlab: add latency & loss simulation (James Tucker) #13467
• 0d76d7d: tool/gocross: remove trimpath from test builds (James Tucker) #13439
• 94fa6d9: ipn/ipnlocal: log errors while fetching serial numbers (Anton Tolchanov) #13938
• 11e9676: wgengine/magicsock: fix stats packet counter on derp egress (Anton Tolchanov) #13948
• 38af62c: ipn/ipnlocal: remove the primary routes gauge for now (Anton Tolchanov) #13947
• 9545e36: cmd/tailscale/cli: add 'tailscale metrics' command (Anton Tolchanov) #13922
• 0f9a054: tstest/tailmac: fix Host.app path generation (tailscale#13953) (Jonathan Nobels) #13953
• aecb0ab: tstest/tailmac: add support for mounting host directories in the guest (tailscale#13957) (Jonathan Nobels) #13957
• 856ea23: wgengine/magicsock: log home DERP changes with latency (Tim Walters) #13895
• 1103044: cmd/k8s-operator,k8s-operator: add topology spread constraints to ProxyClass (tailscale#13959) (Irbe Krumina) #13959
• 2336c34: util/syspolicy: implement a syspolicy store that reads settings from environment variables (Nick Khyl) #13855
• 2cc1100: util/syspolicy/source: use errors instead of github.com/pkg/errors (Nick Khyl) #13968
• 2a2228f: util/syspolicy/setting: make setting.RawItem JSON-marshallable (Nick Khyl) #13956
• 540e4c8: util/syspolicy/setting: make setting.Snapshot JSON-marshallable (Nick Khyl) #13956
• f81348a: util/syspolicy/source: put EnvPolicyStore env keys in their own namespace (Brad Fitzpatrick) #13967
• e1e2278: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13970
• 532b261: wgengine/magicsock: exclude disco from throughput metrics (Anton Tolchanov) #13949
• b4f46c3: wgengine/magicsock: export packet drop metric for outbound errors (Anton Tolchanov) [tailscale#13946](tailscale#1...

v1.76.6-sunos

Commits

• fix spurious warning about DERP home region '0' (Brad Fitzpatrick)
• b73831b: net/sockstats: prevent crash in setNetMon (tailscale#13985) (Andrea Gottardo)
• 5280738: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13996
• 0472936: wgengine/magicsock: log home DERP changes with latency (Tim Walters)
• 666c961: VERSION.txt: this is v1.76.4 (Andrea Gottardo)
• dda4603: VERSION.txt: this is v1.76.5 (Andrea Gottardo)
• 1edcf9d: VERSION.txt: this is v1.76.6 (Jonathan Nobels)
• 0047fcf: Merge tag 'v1.76.6' into sunos-1.76 (Nahum Shalman)

v1.76.3-sunos

Commits

• 3bee38d: VERSION.txt: this is v1.75.0 (tailscale#13454) (kari-ts) #13454
• add new concurrent server benchmark #13449 (Brad Fitzpatrick)
• add node attr for SSH environment variables (tailscale#13450) #13450 (Mario Minardi)
• afec2d4: wgengine/magicsock: remove redundant deadline from netcheck report call (tailscale#13395) (Jordan Whited) #13395
• 124ff3b: {api.md,publicapi}: remove old API docs (tailscale#13468) (Mario Minardi) #13468
• 40833a7: wgengine/magicsock: disable raw disco by default; add envknob to enable (Andrew Dunham) #13483
• f572286: gokrazy, various: use point versions of Go and update Nix deps (Andrew Dunham) #13485
• update license notices #13180 (License Updater)
• refactor DERP server's peer-gone watch mechanism #13477 (Brad Fitzpatrick)
• 4084c61: wgengine/magicsock: add side-effect-free function for netcheck UDP sends (tailscale#13487) (Jordan Whited) #13487
• 5f4a4c6: wgengine/magicsock: fix sendUDPStd docs (tailscale#13490) (Jordan Whited) #13490
• 8b962f2: cmd/natc: fix nil pointer (Fran Bull) #13496
• 951884b: net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (tailscale#13491) (Jordan Whited) #13491
• add a ListenAndServe method to the Server type (tailscale#13498) #13498 (M. J. Fromberger)
• 3a467b6: go/toolchain: use ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 (tailscale#13507) (Andrea Gottardo) #13507
• af5a845: net/dns/resolver: fix dns-sd NXDOMAIN responses from quad-100 (James Tucker) #13512
• d0a56a8: cmd/containerboot: split main.go (tailscale#13517) (Tom Proctor) #13517
• 3e9ca6c: go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev (Brad Fitzpatrick) #13528
• dc86d35: types/views: add SliceView.All iterator (tailscale#13536) (Joe Tsai) #13536
• add AcceptEnv field to SSHRule (tailscale#13523) #13523 (Mario Minardi)
• 07991de: .github: pin actions/checkout to latest v3 or v4 as appropriate (tailscale#13551) (Mario Minardi) #13551
• 2c1bbfb: .github: pin actions/setup-go usage to latest 5.x (tailscale#13553) (Mario Minardi) #13553
• 22e98cf: .github: pin codeql actions to latest 3.x (tailscale#13552) (Mario Minardi) #13552
• a3f7e72: .github: use and pin slackapi/slack-github-action to latest 1.x (tailscale#13554) (Mario Minardi) #13554
• a8bd0cb: .github: update and pin actions/cache to latest 4.x (tailscale#13555) (Mario Minardi) #13555
• 04bbef0: .github: update and pin actions/upload-artifact to latest 4.x (tailscale#13556) (Mario Minardi) #13556
• 05d82fb: .github: pin re-actors/alls-green to latest 1.x (tailscale#13558) (Mario Minardi) #13558
• a98f75b: .github: Bump tibdex/github-app-token from 1.8.0 to 2.1.0 (tailscale#9529) (dependabot[bot]) #9529
• add tailscale dns query (tailscale#13368) #13368 (Andrea Gottardo)
• 43f4131: {release,version}: add DSM7.2 specific synology builds (tailscale#13405) (Mario Minardi) #13405
• 6f7e7a3: tool/gocross: make gocross-wrapper.sh keep multiple Go toolchains around (Brad Fitzpatrick) #13500
• document the RunWatchConnectionLoop callback gotchas #13567 (Brad Fitzpatrick)
• 0e0e53d: util/usermetrics: make usermetrics non-global (Kristoffer Dalby) #13550
• clean up updateBuiltinWarnablesLocked a bit, fix DERP warnings #13577 (Brad Fitzpatrick)
• 2fdbcbd: wgengine/magicsock: only used cached results for GetLastNetcheckReport (Adrian Dewhurst) #13584
• 65c2635: cmd/k8s-operator, k8s-operator: fix outdated kb links (tailscale#13585) (Cameron Stokes) #13585
• revert changes to MultiLabelMap's String method #13588 (Andrew Dunham)
• 9eb59c7: wgengine/magicsock: fix check for EPERM on macOS (James Tucker) #13587
• c90c993: ssh/tailssh: add logic for matching against AcceptEnv patterns (tailscale#13466) (Mario Minardi) #13466
• 3dc33a0: net/tsaddr: add WithoutExitRoutes and IsExitRoute (Kristoffer Dalby) #13569
• 0909431: cmd/tailscale: use tsaddr helpers (Kristoffer Dalby) #13569
• f03e82a: client/web: use tsaddr helpers (Kristoffer Dalby) #13569
• 7d1160d: {ipn,net,tsnet}: use tsaddr helpers (Kristoffer Dalby) #13569
• make opts.Metrics mandatory #13590 (Kristoffer Dalby)
• 69be54c: net/captivedetection: exclude ipsec interfaces from captive portal detection (tailscale#13598) (Andrea Gottardo) #13598
• 7ec8bdf: go.mod: upgrade golangci-lint (Andrew Dunham) #13603
• cab2e6e: cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (tailscale#13591) (Tom Proctor) #13591
• 7783255: ipn/ipnlocal: add advertised and primary route metrics (Kristoffer Dalby) #13574
• c62b073: cmd/k8s-operator: remove auth key once proxy has logged in (tailscale#13612) (Irbe Krumina) #13612
• 096b090: cmd/containerboot,kube,util/linuxfw: configure kube egress proxies to route to 1+ tailnet targets (tailscale#13531) (Irbe Krumina) #13531
• fb0f8fc: cmd/tsidp: add --dir flag (Maisem Ali) #13592
• don't create a filch buffer if logging is disabled #13617 (Anton Tolchanov)
• dd6b808: .github: Bump peter-evans/create-pull-request from 7.0.1 to 7.0.5 (tailscale#13626) (dependabot[bot]) #13626
• Add logic to set accepted environment variables in SSH session (tailscale#13559) #13559 (Mario Minardi)
• d3f302d: cmd/tailscale/cli: make 'tailscale debug ts2021' try twice (Brad Fitzpatrick) #13638
• fd32f0d: control/controlhttp: factor out some code in prep for future change (Brad Fitzpatrick) #13638
• 1eaad7d: control/controlhttp: fix connectivity on Alaska Air wifi (Brad Fitzpatrick) #13599
• 16ef887: net/portmapper: don't return unspecified/local external IPs (Andrew Dunham) #13639
• 262c526: net/portmapper: don't treat 0.0.0.0 as a valid IP (Brad Fitzpatrick) #13641
• 992ee6d: .github: Bump github/codeql-action from 3.26.8 to 3.26.9 (tailscale#13625) (dependabot[bot]) #13625
• e66fe1f: docs/windows/policy: add ADMX policy setting to configure the AuthKey (Nick Khyl) #13642
• ed1ac79: net/captivedetection: set Timeout on net.Dialer (tailscale#13613) (Andrea Gottardo) [tailscale#13613](https://github.com/tail...

v1.74.0-sunos

Builds

• deps: bump ws from 8.14.2 to 8.17.1 in /client/web (tailscale#12524) #12524 (dependabot[bot])

Commits

• 1e8f8ee: VERSION.txt: this is v1.73.0 (tailscale#13181) (Andrea Gottardo) #13181
• 8fad8c4: tstest/tailmac: add customized macOS virtualization tooling (tailscale#13146) (Jonathan Nobels) #13146
• f95785f: util/winutil: add constants from Win32 SDK for dll blocking mitigation policies (Aaron Klotz) #13183
• 16bb541: wgengine/magicsock: replace deprecated poly1305 (tailscale#13184) (tomholford) #13175
• support setting authkey at login using syspolicy (tailscale#13061) #13061 (Andrea Gottardo)
• 01aa01f: ipn/ipnlocal: network-lock, error if no pubkey instead of panic (Kristoffer Dalby) #12505
• 2105773: cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs (pierig-n3xtio) #13169
• 8f6a235: util/winutil: add GetRegUserString/SetRegUserString accessors for storage and retrieval of string values in HKEY_CURRENT_USER (Aaron Klotz) #13188
• 93dc2de: cmd/k8s-operator: support default proxy class in k8s-operator (tailscale#12711) (ChandonPierre) #12711
• df6014f: net/tstun,wgengine{/netstack/gro}: refactor and re-enable gVisor GRO for Linux (tailscale#13172) (Jordan Whited) #13172
• 7675c3e: wgengine/netstack/gro: exclude importation of gVisor GRO pkg on iOS (tailscale#13202) (Jordan Whited) #13202
• 7d83056: ssh/tailssh: fix SSH on busybox systems (Percy Wegmann) #13040
• 151b77f: cmd/tl-longchain: tool to re-sign nodes with long rotation signatures (Anton Tolchanov) #13201
• af3d3c4: types/prefs: add a package containing generic preference types (Nick Khyl) #12830
• 4b525fd: ssh/tailssh: only chdir incubator process to user's homedir when necessary and possible (Percy Wegmann) #13171
• 8e42510: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13215) (Jordan Whited) #13215
• 690d3bf: cmd/tailscale/cli: add debug command to do DNS lookups portably (Brad Fitzpatrick) #13219
• 4637ac7: ipn/ipnlocal: remember last notified taildrive shares and only notify if they've changed (Percy Wegmann) #13210
• fix new lint warnings from bumping staticcheck #13220 (Brad Fitzpatrick)
• switch to and require Go 1.23 #13220 (Brad Fitzpatrick)
• 0cb7eb9: net/dns: updated gonotify dependency to v2 that supports closable context (Ilarion Kovalchuk) #13221
• aedfb82: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13227
• e54c81d: types/views: add Slice.All iterator (Brad Fitzpatrick) #12913
• d00d6d6: go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
• 743d296: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
• 1191eb0: tstest/natlab: add unix address to writer for dgram mode (Jonathan Nobels) #13229
• 6280c44: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13234
• 3c66ee3: cmd/systray: add a basic linux systray app (Will Norris) #13237
• b091264: cmd/systray: set ipn.NotifyNoPrivateKeys, permit non-operator use (Brad Fitzpatrick) #13244
• d862898: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13238
• 3904e4d: cmd/tta, tstest/natlab/vnet: remove unneeded port 124 log hack, add log buffer (Brad Fitzpatrick) #13247
• 3b70968: cmd/vnet: add --blend and --pcap flags (Brad Fitzpatrick) #13247
• 5a99940: tstest/natlab/vnet: explicitly ignore PCP and SSDP UDP queries (Brad Fitzpatrick) #13247
• aa42ae9: tstest/natlab: make a new virtualIP type in prep for IPv6 support (Brad Fitzpatrick) #13248
• a9dc6e0: util/codegen, cmd/cloner, cmd/viewer: update codegen.LookupMethod to support alias type nodes (Nick Khyl) #13232
• 03acab2: cmd/cloner, cmd/viewer, util/codegen: add support for aliases of cloneable types (Nick Khyl) #13236
• e5fd36a: tstest/natlab: respect NATTable interface's invalid-means-drop everywhere (Brad Fitzpatrick) #13250
• 475ab1f: cmd/vnet: omit log spam when backend status hasn't changed (Brad Fitzpatrick) #13251
• 641693d: ipn/ipnlocal: install IPv6 service addr route (tailscale#13252) (Jordan Whited) #13252
• 367bfa6: tstest/integration: exercise TCP DNS queries against quad-100 (tailscale#13231) (Jordan Whited) #13231
• 9783065: tstest/integration: change log.Fatal() to t.Fatal() (tailscale#13253) (Jordan Whited) #13253
• 31b5239: tstest/natlab/vnet: flush and sync pcap file after every packet (Maisem Ali) #13255
• b78df4d: tstest/natlab/vnet: add start of IPv6 support (Brad Fitzpatrick) #13167
• 8af50fa: ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess (James Tucker) #13246
• cccacff: types/opt: add BoolFlag for setting Bool value as a flag (Will Norris) #13264
• e0bdd5d: tstest/natlab: simplify a defer (Brad Fitzpatrick) #13259
• 3a8cfbc: tstest/natlab: be more paranoid about IP versions from gvisor (Brad Fitzpatrick) #13259
• 6dd1af0: tstest/natlab: refactor HandleEthernetPacketForRouter a bit (Brad Fitzpatrick) #13259
• 2636a83: cmd/tta: pull out test driver dialing into a type, fix bugs (Brad Fitzpatrick) #13259
• extend the gokrazy/natlab wait-for-network delay for IPv6 #13259 (Brad Fitzpatrick)
• 0157000: tstest/natlab: fix IPv6 tests, remove TODOs (Brad Fitzpatrick) #13259
• f99f970: tstest/natlab/vnet: rename some things for clarity (Brad Fitzpatrick) #13259
• 6d4973e: wgengine/netstack: use types/logger.Logf instead of stdlib log.Printf (tailscale#13267) (Jordan Whited) #13267
• d097096: net/tstun,wgengine/netstack: make inbound synthetic packet injection GSO-aware (tailscale#13266) (Jordan Whited) #13266
• bfcb356: wgengine/netstack: re-enable gVisor GSO on Linux (tailscale#13269) (Jordan Whited) #13269
• 06c31f4: tsweb/varz: remove pprof (Kristoffer Dalby) #12990
• add initial user-facing metrics #12990 (Kristoffer Dalby)
• 31cdbd6: net/tstun: fix gvisor inbound GSO packet injection (tailscale#13283) (Jordan Whited) #13283
• ff1d0aa: tstest/natlab/vnet: start adding tests (Brad Fitzpatrick) #13282
• 8b23ba7: tstest/natlab/vnet: add qemu + Virtualization.framework protocol tests (Brad Fitzpatrick) #13290
• 961ee32: ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend (Nick Khyl) #13281
• 73b3c8f: tstest/natlab/vnet: add IPv6 all-nodes support (Brad Fitzpa...