Here's a rundown of what's changed in Tailscale's software lately. There are changes to clients, API improvements, and other updates. For instructions on how to update to the latest version, visit our update guide.
Changes
Workload identity federation API
Federated identities are now integrated into more parts of Tailscale:
- The Tailscale API (create, read, update, delete)
tailscale-client-go-v2(configure)- Tailscale Terraform provider (configure)
India DERP region city name updated
The city name for the DERP server hosted in India has been updated to reflect the official name of Bengaluru. The hosting provider and IP addresses remain unchanged.
Client updates
v1.92.5
As of Tailscale 1.92.5, Windows and Linux clients no longer enable state file encryption and hardware attestation keys by default. A Tailscale engineer wrote about this change in a Hacker News thread. Clients on Apple devices and Android continue to have secure node state storage encryption by default.
GitHub Action
v4.1.1
The Tailscale GitHub Action now uses the correct architecture for storing and retrieving caches on macOS-based GitHub runners.
Container, Kubernetes, and tsrecorder updates
Container image v1.92.5
- Hardware attestation keys are no longer added to Kubernetes state
Secrets, making it possible to change the Kubernetes node the Tailscale containers are deployed on.
Kubernetes operator v1.92.5
- Certificate renewal is no longer done as an ARI order by default to avoid renewal failure if ACME account keys are recreated.
- Hardware attestation keys are no longer added to Kubernetes state
Secrets, making it possible to change the Kubernetes node the Tailscale Kubernetes Operator is deployed on.
tsrecorder v1.92.5
This version contains no changes except for library updates.
Those are the highlights for recent weeks. If you have questions or feedback, we're here to help. Thank you for using Tailscale.
Kevin Purdy
