v1.84.2-sunos

Commits

• f1b8c4a: cmd/containerboot: allow setting --accept-dns via TS_EXTRA_ARGS again (tailscale#16129) (tailscale#16140) (Irbe Krumina) #16140
• 2e915f4: cmd/k8s-operator: explicitly set tcp on VIPService port configuration for Ingress with ProxyGroup (tailscale#16199) (tailscale#16226) (Tom Meadows) #16226
• 5f702f4: VERSION.txt: this is v1.84.2 (tailscale#16232) (Nick O'Neill) #16232
• f97aa98: Merge tag 'v1.84.2' into sunos-1.84 (Nahum Shalman)

v1.84.1-sunos

Commits

• set RouteAll=true by default for new accounts on iOS and Android (tailscale#16110) (Jonathan Nobels)
• c417248: net/dns: cache dns.Config for reuse when compileConfig fails (tailscale#16059) (Jonathan Nobels)
• 72ec281: VERSION.txt: this is v1.84.1 (Jonathan Nobels)
• e2bc1b0: Merge tag 'v1.84.1' into sunos-1.84 (Nahum Shalman)

v1.84.0-sunos

Commits

• 1ec1a60: VERSION.txt: this is v1.83.0 (tailscale#15443) (kari-ts) #15443
• a3bc0bc: net/dns: add debug envknob to enable dual stack MagicDNS (Brad Fitzpatrick) #15405
• 7fc9099: cmd/tailscale: fix default for tailscale set --accept-dns (Simon Law) #15320
• e932423: cmd/tailscale: fix default for tailscale set --accept-routes (Simon Law) #15320
• a8c3490: install.sh - fix DNF 5 detection on all locales (tailscale#15325) (Raúl Blanco) #15325
• 272854d: ipn/ipnlocal: unconfigure wgengine when switching profiles (Nick Khyl) #15317
• 6a9a7f3: cmd/tailscaled,ipn/{auditlog,ipnlocal},tsd: omit auditlog unless explicitly imported (Nick Khyl) #15415
• 4c5112e: cmd/tailscaled: make embedded CLI run earlier, support triggering via env (Brad Fitzpatrick) #15457
• bf8c8e9: cmd/k8s-operator,k8s-operator: enable HA Ingress again. (tailscale#15453) (Irbe Krumina) #15453
• 2a12e63: cmd/vnet: add wsproxy mode (Brad Fitzpatrick) #15464
• cdde301: ipn/ipnlocal: return old hwaddrs if missing (Kristoffer Dalby) #15273
• a7be3a3: ipn/ipnlocal: add debug logging to initPeerAPIListener (Percy Wegmann) #15436
• e720b98: net/netcheck: use NoMeasureNoHome in another spot (Brad Fitzpatrick) #15483
• 96fe8a6: net/netmon: always remember ifState as old state, even on minor changes (Brad Fitzpatrick) #15485
• e8b5f0b: client/systray: use ico image format for windows (Will Norris) #15487
• 886ab4f: net/udprelay: start of UDP relay server implementation (tailscale#15480) (Jordan Whited) #15480
• return explicit lo0 for loopback addrs on sandboxed macOS (tailscale#15493) #15493 (Jonathan Nobels)
• 95034e1: cmd/natc: fix ip allocation runtime (James Tucker) #15424
• faaa364: .github: Bump github/codeql-action from 3.28.11 to 3.28.13 (tailscale#15477) (dependabot[bot]) #15477
• 13f6981: go.toolchain.rev: bump for Go 1.24.2 + plan9 fixes (Brad Fitzpatrick) #15498
• add VIPServiceView #15501 (Adrian Dewhurst)
• 6084712: net/tstun: add Plan 9 'tun' support (Brad Fitzpatrick) #15491
• e3282c1: wgengine/magicsock: avoid some log spam on Plan 9 (Brad Fitzpatrick) #15491
• bbdd3c3: wgengine/router: add Plan 9 implementation (Brad Fitzpatrick) #15491
• fix Plan 9 implementation #15491 (Brad Fitzpatrick)
• 7426a36: net/netmon: disable time jump monitoring on Plan 9 (Brad Fitzpatrick) #15491
• 5df0661: net/tsdial: tolerate empty default route on Plan 9 (Brad Fitzpatrick) #15491
• 21d12ec: cmd/tailscaled: let net/netmon know what our TUN interface is (Brad Fitzpatrick) #15491
• 3da1728: cmd/tailscaled: make state dir on Plan 9 (Brad Fitzpatrick) #15491
• da8e8eb: types/logger, logpolicy: disable rate limiting, don't upload on Plan 9 (Brad Fitzpatrick) #15491
• 03b9b87: ipn/ipnserver: treat all plan9 safesocket connections as permitted (Brad Fitzpatrick) #15491
• 6f75647: net/netcheck: avoid ICMP unimplemented log spam on Plan 9 (Brad Fitzpatrick) #15491
• b3953ce: ssh/tailssh: add Plan 9 support for Tailscale SSH (Brad Fitzpatrick) #15491
• add Plan 9 support #15491 (Brad Fitzpatrick)
• 84c82ac: net/dns: add Plan 9 support (Brad Fitzpatrick) #15491
• 7dbb21c: cmd/tailscale: add tailscale.rc Plan 9 wrapper (Brad Fitzpatrick) #15491
• 4c9b37f: control/controlhttp: set forceNoise443 on Plan 9 (Brad Fitzpatrick) #15491
• 29c2bb1: control/controlhttp: reduce some log spam on context cancel (Brad Fitzpatrick) #15491
• use network less when running in v86 emulator #15491 (Brad Fitzpatrick)
• 85bcc2e: cmd/tsidp: use advertised env vars for config (Kot) #15465
• c86afac: Move env var flag passing to Dockerfile (Kot) #15465
• 1284482: Change README to reflect configuration (Kot) #15465
• d18b994: .github: Bump actions/upload-artifact from 4.6.1 to 4.6.2 (tailscale#15400) (dependabot[bot]) #15400
• 8c062c0: ipn/ipnlocal: fix taildrive logf formatting verb (tailscale#15514) (Jordan Whited) #15514
• add relay client and server NodeAttr's (tailscale#15513) #15513 (Jordan Whited)
• 8811694: .github: Bump actions/setup-go from 5.3.0 to 5.4.0 (tailscale#15397) (dependabot[bot]) #15397
• add UDP relay PeerCapability's (tailscale#15516) #15516 (Jordan Whited)
• 66664b3: wgengine/router: default to a fake router on android (David Anderson) #15518
• 7a922c3: net/routetable: don't try to fetch the route table on android (David Anderson) #15518
• 5e4fae0: net/tstun: don't try to set link attributes on android (David Anderson) #15518
• 7b29d39: client/systray: add menu item to rebuild the menu (Will Norris) #15529
• e2eb6eb: cmd/natc: separate perPeerState from connector (Fran Bull) #15510
• 46505ca: tempfork/acme: update to latest version (tailscale#15543) (Andrew Lytvynov) #15543
• 603a1d3: cmd/natc: move address storage behind an interface (Fran Bull) #15538
• 6d117d6: util/testenv: add func to report whether a testing.TB is in parallel mode (Brad Fitzpatrick) #15561
• c76d075: nettest, *: add option to run HTTP tests with in-memory network (Brad Fitzpatrick) #15558
• fix minor typos in comments #15519 (Craig Hesling)
• update license notices #15569 (License Updater)
• 161a8ea: .github: Bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #15567
• dd07cb9: .github: Bump github/codeql-action from 3.28.13 to 3.28.14 (dependabot[bot]) #15566
• 0655dd7: client/local: fix path with delete profile request (Esteban-Bermudez) #15482
• ad2b075: cmd/nardump: support symlinks, add basic test (phanirithvij) #15447
• 03b47a5: tstest/nettest: pull the non-test Network abstraction out to netx package (Brad Fitzpatrick) #15584
• unify some redundant testing.TB interface copies #15585 (Brad Fitzpatrick)
• C what I did there? #15588 (Brad Fitzpatrick)
• update nix and use go 1.24 (tailscale#15578) [tailscale#15578](https://github.com/tailscale/tailscale/pull...

v1.82.5-sunos

Commits

• bd2db83: go.toolchain.rev: bump go 1.24 for Android pidfd changes (tailscale#15613) (tailscale#15632) (kari-ts) #15632
• e302763: VERSION.txt: this is v1.82.2 (tailscale#15633) (kari-ts) #15633
• f80322b: VERSION.TXT: this is v1.82.3 (tailscale#15646) (kari-ts) #15646
• 97f368a: VERSION.txt: this is v1.82.4 (tailscale#15648) (kari-ts) #15648
• return explicit lo0 for loopback addrs on sandboxed macOS (tailscale#15493) (Jonathan Nobels)
• 25df2e8: ipn/desktop: fix panics on Windows 10, x86 (Nick Khyl) #15694
• ffc830a: wgengine/netstack: revert cubic cc to reno cc (tailscale#15677) (tailscale#15709) (Jordan Whited) #15709
• e4d64c6: VERSION.txt: this is v1.82.5 (tailscale#15723) (kari-ts) #15723
• 95a5d94: Merge tag 'v1.82.5' into sunos-1.82 (Nahum Shalman)

v1.82.0-sunos

Commits

• 08dd499: VERSION.txt: this is v1.81.0 (tailscale#14838) (Andrea Gottardo) #14838
• 8ee72cd: cli/funnel: fix comment typo (tailscale#14840) (Andrea Gottardo) #14840
• 7d5fe13: types/views: make SliceEqualAnyOrder also do short slice optimization (Brad Fitzpatrick) #14832
• generate LoginProfileView and use it instead of *LoginProfile where appropriate #14842 (Nick Khyl)
• 081595d: ipn/{ipnauth, ipnserver}: extend the ipnauth.Actor interface with a CheckProfileAccess method (Nick Khyl) #14843
• 535a3db: ipn/ipnauth: implement an Actor representing tailscaled itself (Nick Khyl) #14843
• 02ad217: ipn/ipn{auth,server,local}: initial support for the always-on mode (Nick Khyl) #14843
• 0a51bbc: ipn/ipnauth,util/syspolicy: improve comments (Nick Khyl) #14851
• 2e95313: ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh (Percy Wegmann) #14853
• a0537dc: ipn/ipnlocal: fix a panic in setPrefsLockedOnEntry when cc is nil (Nick Khyl) #14860
• 2c02f71: util/syspolicy/internal/metrics: replace dots with underscores for metric names (Nick Khyl) #14859
• d832467: client/tailscale,ipn/ipn{local,server},util/syspolicy: implement the AlwaysOn.OverrideWithReason policy setting (Nick Khyl) #14852
• 496347c: go.mod: bump inetaf/tcpproxy (Brad Fitzpatrick) #14880
• 17ca2b7: cmd/tailscale/cli: update tailscale down to accept an optional --reason (Nick Khyl) #14879
• 10fe10e: derp/derphttp,ipn/localapi,net/captivedetection: add cache resistance to captive portal detection (James Tucker) #14858
• 95e2353: wgengine/wgcfg/nmcfg: coalesce, limit some debug logs (Brad Fitzpatrick) #14882
• add JSON unmarshal helper for view of node/peer capabilities #14886 (Adrian Dewhurst)
• 97c4c0e: ipn/ipnlocal: add VIP service IPs to localnets (Adrian Dewhurst) #14889
• 80a100b: net/netmon: add extra panic guard around ParseRIB (James Tucker) #14885
• tcp-write-timeout=0 should disable write deadline (tailscale#14895) #14895 (Jordan Whited)
• 5ef934b: cmd/k8s-operator: reinstate HA Ingress reconciler (tailscale#14887) (Irbe Krumina) #14887
• 00fe884: ipn/{ipnauth,ipnlocal,ipnserver}: move the AlwaysOn policy check from ipnserver to ipnauth (Nick Khyl) #14905
• expose MaxBufferSize and MaxUploadSize options (tailscale#14903) #14903 (Joe Tsai)
• 9726e1f: ipn/{ipnserver,localapi},tsnet: use ipnauth.Self as the actor in tsnet localapi handlers (Nick Khyl) #14910
• refuse to update in tsnet binaries (tailscale#14911) #14911 (Andrew Lytvynov)
• d5316a4: cmd/derper: add setec secret support (tailscale#14890) (Mike O'Driscoll) #14890
• e6e0001: cmd/derper: remove logging of mesh key (tailscale#14915) (Mike O'Driscoll) #14915
• don't use -l option for shells on FreeBSD #14894 (Percy Wegmann)
• refactor OS names into constants #14894 (Percy Wegmann)
• 0e6d99c: docs/windows/policy: remove an extra closing > (Nick Khyl) #14919
• don't use -l option for shells on OpenBSD #14918 (Percy Wegmann)
• f57fa3c: client,localclient: move localclient.go to client/local package (Percy Wegmann) #14909
• add missing localclient aliases (tailscale#14921) #14921 (Percy Wegmann)
• use new LocalAPI client package location #14920 (Brad Fitzpatrick)
• add ability for Darwin clients to set explicit credentials (tailscale#14702) #14702 (Jonathan Nobels)
• 9a9ce12: cmd/derper: close setec after use (tailscale#14929) (Mike O'Driscoll) #14929
• d08f830: cmd/derper: support no mesh key (tailscale#14931) (Mike O'Driscoll) #14931
• 4312160: scripts/installer.sh: add FreeBSD 14 (tailscale#14925) (Erisa A) #14925
• 8380802: wgengine/netstack: disable RACK on all platforms (James Tucker) #14896
• 08a96a8: cmd/tailscale: make ssh command work when tailscaled is built with the ts_include_cli tag (Sandro Jäckel) #12109
• caafe68: scripts/installer.sh: add BigLinux as a Manjaro derivative (tailscale#14936) (Erisa A) #14936
• 4903d6c: wgengine/netstack: block link writes when full rather than drop (James Tucker) #14933
• e113b10: go.mod,wgengine/netstack: use cubic congestion control, bump gvisor (James Tucker) #14934
• e1523fe: cmd/natc: remove speculative tuning from natc (James Tucker) #14935
• 7b3e5b5: wgengine/netstack: respond to service IPs in Linux tun mode (Adrian Dewhurst) #14937
• 532e38b: scripts/installer.sh: fix --yes argument for freebsd (tailscale#14958) (Erisa A) #14958
• 1222557: ipn/ipnlocal: fix (*profileManager).DefaultUserProfileID for users other than current (Nick Khyl) #14951
• 76fe556: .github: Bump github/codeql-action from 3.28.5 to 3.28.9 (tailscale#14962) (dependabot[bot]) #14962
• 11cd98f: .github: Bump golangci/golangci-lint-action from 6.2.0 to 6.3.1 (tailscale#14963) (dependabot[bot]) #14963
• 48dd4bb: ipn/ipn{local,server}: remove ResetForClientDisconnect in favor of SetCurrentUser(nil) (Nick Khyl) #14948
• 1047d11: go.toolchain.rev: bump to Go 1.23.6 (tailscale#14976) (Andrew Lytvynov) #14976
• 9706c9f: types/netmap,*: pass around UserProfiles as views (pointers) instead (Brad Fitzpatrick) #14776
• 2f98197: tempfork/sshtest/ssh: add fork of golang.org/x/crypto/ssh for testing only (Brad Fitzpatrick) #14979
• 27f8e2e: go.mod: bump x/* deps (Brad Fitzpatrick) #14981
• 8b34706: types/bool: add Int (tailscale#14984) (Joe Tsai) #14984
• update + clean up machine API docs, remove some dead code #14985 (Brad Fitzpatrick)
• c498463: net/dns: add a simple test for resolv.conf inotify watcher (Anton) #14983
• f35c49d: net/dns: update to illarion/gonotify/v3 to fix a panic (Anton) #14983
• make NetPortRange.Bits omitempty #14987 (Andrew Dunham)
• remove ancient UserProfiles.Roles field #14989 (Brad Fitzpatrick)
• e9e2bc5: ipn/ipn{auth,server}: update ipnauth.Actor to carry a context (Nick Khyl) [tailscale#14945](https://github.com/tailscale/...

v1.80.3-sunos

Commits

• fix a deadlock in route advertisements (tailscale#15031) (tailscale#15088) #15088 (Andrew Lytvynov)
• ac4b096: client/web: fix CSRF handler order in web UI (tailscale#15143) (tailscale#15156) (Patrick O'Doherty) #15156
• bd762b8: VERSION.txt: this is v1.80.3 (tailscale#15185) (Nick O'Neill) #15185
• d6923bb: Merge tag 'v1.80.3' into sunos-1.80 (Nahum Shalman)

v1.80.2-sunos

Commits

• dad4c87: net/netmon: add extra panic guard around ParseRIB (James Tucker)
• b9dc617: VERSION.txt: this is v1.80.1 (tailscale#14932) (Andrea Gottardo) #14932
• aff2745: ssh/tailssh: add back a fake public key handler to support buggy clients (Percy Wegmann) #14967
• ce31002: go.mod: update x/net for macOS/iOS ParseRIB fix (Brad Fitzpatrick) #14982
• fefb04b: Revert "control/controlclient: delete unreferenced mapSession UserProfiles" (Brad Fitzpatrick) #14994
• c7a79d7: VERSION.txt: this is v1.80.2 (tailscale#15003) (Andrea Gottardo) #15003
• 10ccacf: Merge tag 'v1.80.2' into sunos-1.80 (Nahum Shalman)

v1.80.0-sunos

Builds

• deps: bump nanoid from 3.3.4 to 3.3.8 in /cmd/tsconnect (tailscale#14352) #14352 (dependabot[bot])
• deps: bump braces from 3.0.2 to 3.0.3 in /cmd/tsconnect (tailscale#12468) #12468 (dependabot[bot])

Commits

• b37a478: go.mod: bump x/net and dependencies (James Tucker) #66,#14297
• 66aa774: cmd/gitops-pusher: default previousEtag to controlEtag (tailscale#14296) (Andrew Lytvynov) #66,#14296
• cleanup options API and allow setting http.Client (tailscale#11503) #66,#11503 (Joe Tsai)
• fix TestHealthMetric to pass on release branch #66,#14303 (Brad Fitzpatrick)
• 06a82f4: cmd,{get-authkey,tailscale}: remove unnecessary scope qualifier from OAuth clients (Percy Wegmann) #66,#14286
• f817860: VERSION.txt: this is v1.79.0 (Nick Khyl) #66,#14310
• c276116: cmd/stunc: enforce read timeout deadline (tailscale#14309) (Mike O'Driscoll) #66,#14309
• fix testing in container (tailscale#14330) #66,#14330 (Tom Proctor)
• add env var setting server send queue depth (tailscale#14334) #66,#14334 (Mike O'Driscoll)
• ea3d0bc: prober,derp/derphttp: make dev-mode DERP probes work without TLS (tailscale#14347) (Mario Minardi) #66,#14347
• fa28b02: .github: Bump actions/cache from 4.1.2 to 4.2.0 (tailscale#14331) (dependabot[bot]) #66,#14331
• d54cd59: .github: Bump github/codeql-action from 3.27.1 to 3.27.6 (tailscale#14332) (dependabot[bot]) #66,#14332
• 8b1d011: cmd/containerboot: guard kubeClient against nil dereference (tailscale#14357) (Bjorn Neergaard) #66,#14357
• 0cc071f: cmd/containerboot: don't attempt to write kube Secret in non-kube environments (tailscale#14358) (Irbe Krumina) #66,#14358
• fa655e6: cmd/containerboot: add more tests, check that egress service config only set on kube (tailscale#14360) (Irbe Krumina) #66,#14360
• f1ccdcc: cmd/k8s-operator,k8s-operator: operator integration tests (tailscale#12792) (Tom Proctor) #66,#12792
• 6e552f6: cmd/containerboot: don't attempt to patch a Secret field without permissions (tailscale#14365) (Irbe Krumina) #66,#14365
• 0045860: types/iox: add function types for Reader and Writer (tailscale#14366) (Joe Tsai) #66,#14366
• c9188d7: types/bools: add IfElse (tailscale#14272) (Joe Tsai) #66,#14272
• 716cb37: util/dnsname: use vizerror for all errors (Adrian Dewhurst) #66,#14368
• 73128e2: ssh/tailssh: remove unused public key support (Brad Fitzpatrick) #66,#14373
• aa04f61: net/netcheck: adjust HTTPS latency check to connection time and avoid data race (James Tucker) #66,#14294
• perform DERP bandwidth probes over TUN device to mimic real client #66,#14338 (Percy Wegmann)
• cc168d9: cmd/k8s-operator: fix ProxyGroup hostname (tailscale#14336) (Irbe Krumina) #66,#14336
• 5883ca7: types/opt: fix test to be agnostic to omitzero support (tailscale#14401) (Joe Tsai) #66,#14401
• 0cc2a8d: go.toolchain.rev: bump Go toolchain (Brad Fitzpatrick) #66,#14399
• fix WithBandwidthProbing behavior with optional tunAddress #66,#14403 (Brad Fitzpatrick)
• b62a013: Switch logging service from log.tailscale.io to log.tailscale.com (tailscale#14398) (Joe Tsai) #66,#14398
• b3d4ffe: docs/k8s: add some high-level operator architecture diagrams (tailscale#13915) (Tom Proctor) #66,#13915
• add MutexValue (tailscale#14422) #66,#14422 (Joe Tsai)
• 6ae0287: cmd/systray: add account switcher (Andrew Lytvynov) #66,#14353
• 00a4504: cmd/derpprobe,prober: add ability to perform continuous queuing delay measurements against DERP servers (Percy Wegmann) #66,#14405
• 2d4edd8: cmd/systray: add extra padding around notification icon (Will Norris) #66,#14429
• add ShardedInt expvar.Var type #66,#14412 (James Tucker)
• 89adcd8: cmd/systray: improve profile menu (Will Norris) #66,#14427
• 3adad36: cmd/k8s-operator,k8s-operator: include top-level CRD descriptions (tailscale#14435) (Tom Proctor) #66,#14435
• make histogram buckets cumulative #66,#14437 (Percy Wegmann)
• 256da8d: cmd/systray: remove new menu delay on KDE (Will Norris) #66,#14439
• rename and retype ServiceHost capability (tailscale#14380) #66,#14380 (Naman Sood)
• cb59943: cmd/systray: add exit nodes menu (Will Norris) #66,#14444
• 10d4057: cmd/systray: add visual workarounds for gnome, mac, and windows (Will Norris) #66,#14446
• 8d4ea4d: wgengine/router: add ip rules for unifi udm-pro (Jason Barnett) #66,#10828
• c4f9f95: scripts/installer.sh: add support for PikaOS (tailscale#14461) (Erisa A) #66,#14461
• 4267d0f: .github: update matrix of installer.sh tests (tailscale#14462) (Erisa A) #66,#14462
• 9e2819b: util/stringsx: add package for extra string functions, like CompareFold (Brad Fitzpatrick) [#66](...

v1.78.1-taildrive-sunos

Commits

• be11bf4: XXX sunos: enable taildrive (Nahum Shalman)
• 9576600: XXX library overrides for peercred (Nahum Shalman)
• 1854c95: XXX go mod tidy (Nahum Shalman)

v1.78.1-sunos

Commits

• acb4a22: VERSION.txt: this is v1.77.0 (tailscale#13779) (Jonathan Nobels) #13779
• 33029d4: net/netcheck: fix netcheck cli-triggered nil pointer deref (tailscale#13782) (Jordan Whited) #13782
• f9949cd: client/tailscale,cmd/{cli,get-authkey,k8s-operator}: set distinct User-Agents (Percy Wegmann) #13786
• 17335d2: net/dns/resolver: forward SERVFAIL responses over PeerDNS (Nick Hill) #13691
• e7545f2: net/dns/resolver: translate 5xx DoH server errors into SERVFAIL DNS responses (Nick Hill) #13691
• c2144c4: net/dns/resolver: update (*forwarder).forwardWithDestChan to always return an error unless it sends a response to responseChan (Nick Hill) #13691
• f07ff47: net/dns/resolver: add tests for using a forwarder with multiple upstream resolvers (Nick Khyl) #13691
• ecc8035: types/bools: add Compare to compare boolean values (tailscale#13792) (Joe Tsai) #13792
• 12e6094: ssh/tailssh: calculate passthrough environment at latest possible stage (Percy Wegmann) #13793
• avoid Fatal in ResourceCheck to show panic (tailscale#13790) #13790 (Paul Scott)
• instrument with usermetrics #13576 (Kristoffer Dalby)
• e0d711c: {net/connstats,wgengine/magicsock}: fix packet counting in connstats (Kristoffer Dalby) #13549
• update license notices #13815 (License Updater)
• 5f22f72: hostinfo,build_docker.sh,tailcfg: more reliably detect being in a container (tailscale#13826) (Tom Proctor) #13826
• 2aa9125: cmd/derpprobe: add /healthz endpoint (Andrew Dunham) #13830
• ff5f233: util/syspolicy: add rsop package that provides access to the resultant policy (Nick Khyl) #13718
• 74dd24c: cmd/tsconnect, logpolicy: fixes for wasm_js.go (Christian) #13819
• 6a885db: wgengine/magicsock: fix CI-only test warning of missing health tracker (Brad Fitzpatrick) #13835
• d32d742: ipn/ipnlocal: error when trying to use exit node on unsupported platform (tailscale#13726) (Mario Minardi) #13726
• 22c89fc: cmd/tailscale,ipn,tailcfg: add tailscale advertise subcommand behind envknob (tailscale#13734) (Naman Sood) #13734
• fa95318: tool/gocross: add support for tvOS Simulator (tailscale#13847) (Andrea Gottardo) #13847
• c0a9895: scripts/installer.sh: support DNF5 (Andrew Dunham) #13844
• give trusted mesh peers longer write timeouts #13853 (Brad Fitzpatrick)
• add sclient write deadline timeout metric (tailscale#13831) #13831 (Jordan Whited)
• 874db21: ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login (Nick Khyl) #13297
• 877fa50: net/netcheck: remove arbitrary deadlines from GetReport() tests (tailscale#13832) (Jordan Whited) #13832
• e711ee5: release/dist: clamp min / max version for synology package centre (tailscale#13857) (Mario Minardi) #13857
• fd77965: net/tlsdial: call out firewalls blocking Tailscale in health warnings (tailscale#13840) (Andrea Gottardo) #13840
• track client-advertised non-ideal DERP connections in more places #13866 (Brad Fitzpatrick)
• 72587ab: scripts/installer.sh: allow Archcraft for Arch packages (tailscale#13870) (Erisa A) #13870
• remove SysDNSOS, add two Warnables for read+set system DNS config (tailscale#13874) #13874 (Andrea Gottardo)
• 0f4c9c0: cmd/viewer: import types/views when generating a getter for a map field (Nick Khyl) #13872
• d4d21a0: net/tstun: restore tap mode functionality (Maisem Ali) #13875
• 85241f8: net/tstun: use /10 as subnet for TAP mode; read IP from netmap (Maisem Ali) #13876
• fix spurious warning about DERP home region '0' #13882 (Brad Fitzpatrick)
• b2665d9: net/netcheck: add a Now field to the netcheck Report (Andrew Dunham) #13885
• 2122704: cmd/testwrapper: add pkg runtime to output (tailscale#13894) (Paul Scott) #13894
• 7fe6e50: net/dns/resolver: fix test flake (Andrew Dunham) #13903
• e815ae0: util/syspolicy, ipn/ipnlocal: update syspolicy package to utilize syspolicy/rsop (Nick Khyl) #13727
• 6ab39b7: cmd/k8s-operator: validate that tailscale.com/tailnet-ip annotation value is a valid IP (Nick Kirby) #13836
• 853fe3b: ipn/store/kubestore: cache state in memory (tailscale#13918) (Irbe Krumina) #13918
• 9d1348f: ipn/store/kubestore: don't error if state cannot be preloaded (tailscale#13926) (Irbe Krumina) #13926
• 5d07c17: net/dns: fix blank lines being added to resolv.conf on OpenBSD (tailscale#13928) (Renato Aguiar) #13928
• update license notices #13936 (License Updater)
• c0a1ed8: tstest/natlab: add latency & loss simulation (James Tucker) #13467
• 0d76d7d: tool/gocross: remove trimpath from test builds (James Tucker) #13439
• 94fa6d9: ipn/ipnlocal: log errors while fetching serial numbers (Anton Tolchanov) #13938
• 11e9676: wgengine/magicsock: fix stats packet counter on derp egress (Anton Tolchanov) #13948
• 38af62c: ipn/ipnlocal: remove the primary routes gauge for now (Anton Tolchanov) #13947
• 9545e36: cmd/tailscale/cli: add 'tailscale metrics' command (Anton Tolchanov) #13922
• 0f9a054: tstest/tailmac: fix Host.app path generation (tailscale#13953) (Jonathan Nobels) #13953
• aecb0ab: tstest/tailmac: add support for mounting host directories in the guest (tailscale#13957) (Jonathan Nobels) #13957
• 856ea23: wgengine/magicsock: log home DERP changes with latency (Tim Walters) #13895
• 1103044: cmd/k8s-operator,k8s-operator: add topology spread constraints to ProxyClass (tailscale#13959) (Irbe Krumina) #13959
• 2336c34: util/syspolicy: implement a syspolicy store that reads settings from environment variables (Nick Khyl) #13855
• 2cc1100: util/syspolicy/source: use errors instead of github.com/pkg/errors (Nick Khyl) #13968
• 2a2228f: util/syspolicy/setting: make setting.RawItem JSON-marshallable (Nick Khyl) #13956
• 540e4c8: util/syspolicy/setting: make setting.Snapshot JSON-marshallable (Nick Khyl) #13956
• f81348a: util/syspolicy/source: put EnvPolicyStore env keys in their own namespace (Brad Fitzpatrick) #13967
• e1e2278: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13970
• 532b261: wgengine/magicsock: exclude disco from throughput metrics (Anton Tolchanov) #13949
• b4f46c3: wgengine/magicsock: export packet drop metric for outbound errors (Anton Tolchanov) [tailscale#13946](tailscale#1...