Releases: nshalman/tailscale
Releases · nshalman/tailscale
v1.74.0-sunos
Builds
- deps: bump ws from 8.14.2 to 8.17.1 in /client/web (tailscale#12524) #12524 (dependabot[bot])
Commits
- 1e8f8ee: VERSION.txt: this is v1.73.0 (tailscale#13181) (Andrea Gottardo) #13181
- 8fad8c4: tstest/tailmac: add customized macOS virtualization tooling (tailscale#13146) (Jonathan Nobels) #13146
- f95785f: util/winutil: add constants from Win32 SDK for dll blocking mitigation policies (Aaron Klotz) #13183
- 16bb541: wgengine/magicsock: replace deprecated poly1305 (tailscale#13184) (tomholford) #13175
- support setting authkey at login using syspolicy (tailscale#13061) #13061 (Andrea Gottardo)
- 01aa01f: ipn/ipnlocal: network-lock, error if no pubkey instead of panic (Kristoffer Dalby) #12505
- 2105773: cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs (pierig-n3xtio) #13169
- 8f6a235: util/winutil: add GetRegUserString/SetRegUserString accessors for storage and retrieval of string values in HKEY_CURRENT_USER (Aaron Klotz) #13188
- 93dc2de: cmd/k8s-operator: support default proxy class in k8s-operator (tailscale#12711) (ChandonPierre) #12711
- df6014f: net/tstun,wgengine{/netstack/gro}: refactor and re-enable gVisor GRO for Linux (tailscale#13172) (Jordan Whited) #13172
- 7675c3e: wgengine/netstack/gro: exclude importation of gVisor GRO pkg on iOS (tailscale#13202) (Jordan Whited) #13202
- 7d83056: ssh/tailssh: fix SSH on busybox systems (Percy Wegmann) #13040
- 151b77f: cmd/tl-longchain: tool to re-sign nodes with long rotation signatures (Anton Tolchanov) #13201
- af3d3c4: types/prefs: add a package containing generic preference types (Nick Khyl) #12830
- 4b525fd: ssh/tailssh: only chdir incubator process to user's homedir when necessary and possible (Percy Wegmann) #13171
- 8e42510: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13215) (Jordan Whited) #13215
- 690d3bf: cmd/tailscale/cli: add debug command to do DNS lookups portably (Brad Fitzpatrick) #13219
- 4637ac7: ipn/ipnlocal: remember last notified taildrive shares and only notify if they've changed (Percy Wegmann) #13210
- fix new lint warnings from bumping staticcheck #13220 (Brad Fitzpatrick)
- switch to and require Go 1.23 #13220 (Brad Fitzpatrick)
- 0cb7eb9: net/dns: updated gonotify dependency to v2 that supports closable context (Ilarion Kovalchuk) #13221
- aedfb82: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13227
- e54c81d: types/views: add Slice.All iterator (Brad Fitzpatrick) #12913
- d00d6d6: go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
- 743d296: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
- 1191eb0: tstest/natlab: add unix address to writer for dgram mode (Jonathan Nobels) #13229
- 6280c44: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13234
- 3c66ee3: cmd/systray: add a basic linux systray app (Will Norris) #13237
- b091264: cmd/systray: set ipn.NotifyNoPrivateKeys, permit non-operator use (Brad Fitzpatrick) #13244
- d862898: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13238
- 3904e4d: cmd/tta, tstest/natlab/vnet: remove unneeded port 124 log hack, add log buffer (Brad Fitzpatrick) #13247
- 3b70968: cmd/vnet: add --blend and --pcap flags (Brad Fitzpatrick) #13247
- 5a99940: tstest/natlab/vnet: explicitly ignore PCP and SSDP UDP queries (Brad Fitzpatrick) #13247
- aa42ae9: tstest/natlab: make a new virtualIP type in prep for IPv6 support (Brad Fitzpatrick) #13248
- a9dc6e0: util/codegen, cmd/cloner, cmd/viewer: update codegen.LookupMethod to support alias type nodes (Nick Khyl) #13232
- 03acab2: cmd/cloner, cmd/viewer, util/codegen: add support for aliases of cloneable types (Nick Khyl) #13236
- e5fd36a: tstest/natlab: respect NATTable interface's invalid-means-drop everywhere (Brad Fitzpatrick) #13250
- 475ab1f: cmd/vnet: omit log spam when backend status hasn't changed (Brad Fitzpatrick) #13251
- 641693d: ipn/ipnlocal: install IPv6 service addr route (tailscale#13252) (Jordan Whited) #13252
- 367bfa6: tstest/integration: exercise TCP DNS queries against quad-100 (tailscale#13231) (Jordan Whited) #13231
- 9783065: tstest/integration: change log.Fatal() to t.Fatal() (tailscale#13253) (Jordan Whited) #13253
- 31b5239: tstest/natlab/vnet: flush and sync pcap file after every packet (Maisem Ali) #13255
- b78df4d: tstest/natlab/vnet: add start of IPv6 support (Brad Fitzpatrick) #13167
- 8af50fa: ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess (James Tucker) #13246
- cccacff: types/opt: add BoolFlag for setting Bool value as a flag (Will Norris) #13264
- e0bdd5d: tstest/natlab: simplify a defer (Brad Fitzpatrick) #13259
- 3a8cfbc: tstest/natlab: be more paranoid about IP versions from gvisor (Brad Fitzpatrick) #13259
- 6dd1af0: tstest/natlab: refactor HandleEthernetPacketForRouter a bit (Brad Fitzpatrick) #13259
- 2636a83: cmd/tta: pull out test driver dialing into a type, fix bugs (Brad Fitzpatrick) #13259
- extend the gokrazy/natlab wait-for-network delay for IPv6 #13259 (Brad Fitzpatrick)
- 0157000: tstest/natlab: fix IPv6 tests, remove TODOs (Brad Fitzpatrick) #13259
- f99f970: tstest/natlab/vnet: rename some things for clarity (Brad Fitzpatrick) #13259
- 6d4973e: wgengine/netstack: use types/logger.Logf instead of stdlib log.Printf (tailscale#13267) (Jordan Whited) #13267
- d097096: net/tstun,wgengine/netstack: make inbound synthetic packet injection GSO-aware (tailscale#13266) (Jordan Whited) #13266
- bfcb356: wgengine/netstack: re-enable gVisor GSO on Linux (tailscale#13269) (Jordan Whited) #13269
- 06c31f4: tsweb/varz: remove pprof (Kristoffer Dalby) #12990
- add initial user-facing metrics #12990 (Kristoffer Dalby)
- 31cdbd6: net/tstun: fix gvisor inbound GSO packet injection (tailscale#13283) (Jordan Whited) #13283
- ff1d0aa: tstest/natlab/vnet: start adding tests (Brad Fitzpatrick) #13282
- 8b23ba7: tstest/natlab/vnet: add qemu + Virtualization.framework protocol tests (Brad Fitzpatrick) #13290
- 961ee32: ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend (Nick Khyl) #13281
- 73b3c8f: tstest/natlab/vnet: add IPv6 all-nodes support (Brad Fitzpa...
v1.72.1-sunos
Commits
- eb07c60: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13213) (Jordan Whited) #13213
- f4a9566: VERSION.txt: this is v1.72.1 (Andrea Gottardo)
- 9a90bca: Merge tag 'v1.72.1' into sunos-1.72 (Nahum Shalman)
v1.72.0-sunos
Builds
- deps: bump github.com/docker/docker (tailscale#12966) #12966 (dependabot[bot])
Commits
- 4ff276c: VERSION.txt: this is v1.71.0 (Aaron Klotz) #12844
- remove warning (tailscale#12841) #12841 (Cameron Stokes)
- set Hostinfo.PackageType for mkctr container builds #12843 (Brad Fitzpatrick)
- f77821f: derp/derphttp: determine whether a region connect was to non-ideal node (Brad Fitzpatrick) #12725
- swallow panics #12836 (Paul Scott)
- d3af544: client/tailscale: document ACLTestFailureSummary.User field (Brad Fitzpatrick) #12852
- 1608831: wgengine/router: use quad-100 as the nexthop on Windows (Nick Khyl) #12847
- 4850186: {tool,client}: bump node version (tailscale#12840) (Mario Minardi) #12840
- 54f58d1: ipn/ipnlocal: add comment explaining auto exit node migration (Adrian Dewhurst) #12821
- log cancelled requests as 499 #12861 (Paul Scott)
- 0f57b93: cmd/k8s-operator,tstest,go.{mod,sum}: remove fybrik.io/crdoc dependency (tailscale#12862) (Irbe Krumina) #12862
- 32ce187: Add extra environment variables in deployment template (tailscale#12858) (Lee Briggs) #12858
- e7bf6e7: cmd/tailscale: add --min-validity flag to the cert command (tailscale#12822) (Andrew Lytvynov) #12822
- 20562a4: cmd/viewer, types/views, util/codegen: add viewer support for custom container types (Nick Khyl) #12809
- bd54b61: types/opt: add (Value[T]).GetOr(def T) T method (Nick Khyl) #12865
- 1f94047: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12880
- d500a92: util/slicesx: add HasPrefix, HasSuffix, CutPrefix, and CutSuffix functions (Nick Khyl) #12887
- 5d09649: types/lazy: add (*SyncValue[T]).SetForTest method (Nick Khyl) #12866
- update license notices #12886 (License Updater)
- 57856fc: ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (tailscale#12882) (Irbe Krumina) #12882
- log all cancellations as 499s (tailscale#12894) #12894 (Paul Scott)
- 43375c6: types/lazy: re-init SyncValue during test cleanup if it wasn't set before SetForTest (Nick Khyl) #12905
- Add MiddlewareStack func to apply lists of Middleware (tailscale#12907) #12907 (Paul Scott)
- cf97cff: wgengine/netstack: simplify netaddrIPFromNetstackIP (Brad Fitzpatrick) #12922
- introduce captive-portal-detected Warnable (tailscale#12707) #12707 (Andrea Gottardo)
- 6840f47: net/dnsfallback: set CanPort80 in static DERPMap (tailscale#12929) (Andrea Gottardo) #12929
- 1bf82dd: util/osuser: run getent on non-Linux Unixes (Ross Williams) #12732
- c5623e0: go.{mod,sum},tstest/tools,k8s-operator,cmd/k8s-operator: autogenerate CRD API docs (tailscale#12884) (Irbe Krumina) #12884
- add QuietLogging option (tailscale#12838) #12838 (Paul Scott)
- a21bf10: cmd/k8s-operator,k8s-operator/sessionrecording,sessionrecording,ssh/tailssh: refactor session recording functionality (tailscale#12945) (Irbe Krumina) #12945
- 3088c61: go.mod: pull in latest github.com/tailscale/xnet (Percy Wegmann) #12951
- 19b0c8a: net/dns, health: raise health warning for failing forwarded DNS queries (tailscale#12888) (Jonathan Nobels) #12888
- 35a8fca: cmd/tailscale/cli: release portmap after netcheck (Andrew Dunham) #12956
- add some associated with scales #12953 (Brad Fitzpatrick)
- 2ab1d53: gokrazy/tsapp: add go.mod replacing two tailscale.com binaries with parent module (Brad Fitzpatrick) #12962
- 575feb4: util/osuser: turn wasm check into a const expression (Brad Fitzpatrick) #12930
- 34de96d: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12949
- add a warning that this is not used to build our published images (tailscale#12955) #12955 (Irbe Krumina)
- eead255: build_docker.sh: update script comment (tailscale#12970) (Irbe Krumina) #12970
- 8a8ecac: net/dns, cmd/tailscaled: plumb system health tracker into dns cleanup (tailscale#12969) (Jonathan Nobels) #12969
- 949b15d: net/captivedetection: call SetHealthy once connectivity restored (tailscale#12974) (Andrea Gottardo) #12974
- 7bc2dda: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GSO for Linux (tailscale#12869) (Jordan Whited) #12869
- 0def4f8: net/netns: on Windows, fall back to default interface index when unspecified address is passed to ControlC and bindToInterfaceByRoute is enabled (Aaron Klotz) #12981
- 004dded: net/tlsdial: relax self-signed cert health warning (Brad Fitzpatrick) #12980
- 655b4f8: net/netns: remove some logspam by avoiding logging parse errors due to unspecified addresses (Aaron Klotz) #12983
- don't show login error details with context cancelations #12992 (Brad Fitzpatrick)
- f0230ce: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (tailscale#12921) (Jordan Whited) #12921
- 4055b63: net/captivedetection: exclude cellular data interfaces (tailscale#13002) (Andrea Gottardo) #13002
- 9939374: wgengine/magicsock: use cloud metadata to get public IPs (Andrew Dunham) #12997
- d9d9d52: wgengine/netstack: increase gVisor's TCP send and receive buffer sizes (tailscale#12994) (Jordan Whited) #12994
- 4099a36: util/winutil/gp: fix a busy loop bug (Nick Khyl) #13006
- a917718: util/linuxfw: return nil interface not concrete type (Maisem Ali) #13013
- f205efc: net/packet/checksum: fix v6 NAT (Maisem Ali) #13014
- 0a6eb12: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12967
- mark TestStdHandler_ConnectionClosedDuringBody flaky #13018 (Maisem Ali)
- 07e2487: wgengine/capture: fix v6 field typo in wireshark dissector (Maisem Ali) #13016
- a7a394e: tstest/integration: mark TestNATPing flaky (Maisem Ali) #13020
- 25f0a3f: wgengine/netstack: use build tags to exclude gVisor GRO importation on iOS (tailscale#13015) (Jordan Whited) #13015
- 17c88a1: net/captivedetection: mark TestAllEndpointsAreUpAndReturnExpectedResponse flaky (tailscale#13021) (Jordan Whited) #13021
- 0fd7374: ...
v1.70.0-sunos
sunos: update go modules
v1.70.0-beta-sunos
Bug Fixes
- broken tests for localhost #12200 (Josh McKinney)
Builds
- deps: bump golang.org/x/image from 0.15.0 to 0.18.0 #12629 (dependabot[bot])
Continuous Integration
- enable checklocks workflow for specific packages #12626 (Andrew Dunham)
Commits
- 5f12139: VERSION.txt: this is v1.69.0 (tailscale#12441) (Mario Minardi) #12441
- d0f1a83: net/dnscache: use parent context to perform lookup (Andrew Dunham) #12418
- 02e3c04: net/dns: re-query system resolvers on no-upstream resolver failure on apple platforms (tailscale#12398) (Jonathan Nobels) #12398
- d7fdc01: ssh/tailssh: check IsSELinuxEnforcing in tailscaled process (Percy Wegmann) #12445
- ccdd2e6: cmd/derper: add a README (Brad Fitzpatrick) #12446
- 88f2d23: wgengine/netstack: fix 4via6 subnet routes (tailscale#12454) (Irbe Krumina) #12454
- 72c8f77: wgengine/netstack: add test for tailscale#12448 (Andrew Dunham) #12458
- 6908fb0: ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper (Brad Fitzpatrick) #12466
- 65888d9: derp/xdp,cmd/xdpderper: initial skeleton (tailscale#12390) (Jordan Whited) #12390
- update PeerAPIDNS Port value documentation #12271 (James Tucker)
- 9189fe0: cmd/stunc: support user-specified port (tailscale#12469) (Jordan Whited) #12469
- bd2a6d5: util/winutil: add UserProfile type for (un)loading user profiles (Aaron Klotz) #12428
- e8ca30a: xcode/iOS: support serial number collection via MDM on iOS (tailscale#11429) (Andrea Gottardo) #11429
- begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (tailscale#12406) #12406 (Andrea Gottardo)
- 7354547: util/winutil: update UserProfile to ensure any environment variables in the roaming profile path are expanded (Aaron Klotz) #12471
- create a catch-all NRPT rule when "Override local DNS" is enabled on Windows #12426 (Nick Khyl)
- fix data race in new warnable code #12481 (Brad Fitzpatrick)
- e2c0d69: wgengine/filter: add filter benchmark (Brad Fitzpatrick) #12490
- 21ed31e: wgengine/filter: use NewContainsIPFunc for Srcs matches (Brad Fitzpatrick) #12488
- 7574f58: wgengine/filter: add more benchmarks, make names more explicit (Brad Fitzpatrick) #12493
- 491483d: cmd/viewer,type/views: add MapSlice for maps of slices (Maisem Ali) #12492
- 64ac64f: net/tsaddr: use bart in NewContainsIPFunc, add tests, benchmarks (Brad Fitzpatrick) #12487
- 10e8a2a: wgengine/filter: fix copy/pasteo in new benchmark's v6 CIDR (Brad Fitzpatrick) #12496
- d4220a7: wgengine/filter: add TCP non-SYN benchmarks (Brad Fitzpatrick) #12497
- 36b1b4a: wgengine/filter: split local+logging lookups by IPv4-vs-IPv6 (Brad Fitzpatrick) #12491
- 86e0f9b: net/ipset, wgengine/filter/filtertype: add split-out packages (Brad Fitzpatrick) #12499
- bf2d13c: net/ipset: return all closures from named wrappers (Brad Fitzpatrick) #12500
- 20a5f93: wgengine/filter: add UDP flow benchmark (Brad Fitzpatrick) #12502
- 1f6645b: net/ipset: skip the loop over Prefixes when there's only one (Brad Fitzpatrick) #12503
- a1ab7f7: client/tailscale: add NodeID to device (Kristoffer Dalby) #12506
- allow switching from unstable to stable tracks (tailscale#12477) #12477 (Andrew Lytvynov)
- 674c998: cmd/tailscale/cli: do not allow update --version on macOS (tailscale#12508) (Andrew Lytvynov) #12508
- 8cc2738: cmd/{containerboot,k8s-operator}: store proxy device ID early to help with cleanup for broken proxies (tailscale#12425) (Irbe Krumina) #12425
- 315f3d5: derp/xdp: fix handling of zero value UDP checksums (tailscale#12510) (Jordan Whited) #12510
- 2db2d04: types/logid: add Add method (tailscale#12478) (Joe Tsai) #12478
- add a verifyClients check to the consistency check #12515 (James Tucker)
- update Windows hostinfo to include MSIDist registry value #12523 (Aaron Klotz)
- 45d2f43: proxymap, various: distinguish between different protocols (Andrew Dunham) #12385
- 3099323: cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (tailscale#12463) (Tom Proctor) #12463
- bfb775c: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11777
- bd93c30: wgengine/filter/filtertype: make Match.IPProto a view (Brad Fitzpatrick) #12526
- expose DependsOn to local API via UnhealthyState (tailscale#12513) #12513 (Andrea Gottardo)
- a93173b: cmd/xdpderper,derp/xdp: implement mode that drops STUN packets (tailscale#12527) (Jordan Whited) #12527
- 8eb15d3: cli/netcheck: fail with output if we time out fetching a derpmap (tailscale#12528) (Andrea Gottardo) #12528
- include DERP region name in bad derp notifications (tailscale#12530) #12530 (Andrea Gottardo)
- 9e0a5cc: net/flowtrack: optimize Tuple type for use as map key (Brad Fitzpatrick) #12507
- 162d593: net/flowtrack: fix, test String method (Brad Fitzpatrick) #12533
- 21460a5: tailcfg, wgengine/filter: remove most FilterRule.SrcBits code (Brad Fitzpatrick) #12529
- fix fmt verb for nodekeys #12539 (Brad Fitzpatrick)
- don't verify mesh peers when --verify-clients is set #12540 (Brad Fitzpatrick)
- fix nil DERPMap dereference panic #12535 (Andrea Gottardo)
- 1023b2a: util/deephash: fix test regression on 32-bit (Brad Fitzpatrick) #12544
- 0004827: control/controlhttp: add health warning for macOS filtering blocking Tailscale (tailscale#12546) (Brad Fitzpatrick) #12546
- 732605f: control/controlclient: move noiseConn to internal package (Andrew Dunham) #12550
- 24976b5: cmd/tailscale/cli: actually perform Noise request in 'debug ts2021' (Andrew Dunham) #12550
- 730f036: ssh/tailssh: replace incubator process with su instead of running su as child (Percy Wegmann) #12470
- bd50a34: wgengine/filter: add "Accept" TCP log lines to verbose logging (tailscale#12525) (Keli...
v1.68.2-sunos
Commits
- test SigCredential signatures and netmap filtering #12684 (Anton Tolchanov)
- 1b92ce1: ipn/ipnlocal: allow multiple signature chains from the same SigCredential (Anton Tolchanov) #12684
- 0629929: net/dns: recheck DNS config on SERVFAIL errors (tailscale#12547) (Jonathan Nobels) #12685
- c79c500: VERSION.txt: this is v1.68.2 (Anton Tolchanov)
- c061a7c: Merge tag 'v1.68.2' into sunos-1.68 (Nahum Shalman)
v1.68.1-sunos
Commits
- 7901925: VERSION.txt: this is v1.67.0 (tailscale#12063) (Nick O'Neill) #12063
- 8f7f9ac: wgengine/netstack: handle 4via6 routes that are advertised by the same node (Andrew Dunham) #12016
- b5dbf15: cmd/k8s-operator: default nameserver image to tailscale/k8s-nameserver:unstable (tailscale#11991) (Irbe Krumina) #11991
- ac638f3: util/linuxfw: fix stateful packet filtering in nftables mode (Anton Tolchanov) #12068
- 21abb7f: cmd/tailscale: add missing set flags for linux (Maisem Ali) #12072
- 25e32cc: util/linuxfw: fix table name in DelStatefulRule (Andrew Dunham) #12077
- 5708fc0: wgengine/router: print Docker warning when stateful filtering is enabled (Andrew Dunham) #12076
- e070af7: ipnlocal, magicsock: add more description to storing last suggested exit (tailscale#11998) (Claire Wang) #11998
- d86d1e7: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12075) (Irbe Krumina) #12075
- parse depth 1 PROPFIND results to include children in cache #12000 (Percy Wegmann)
- split user facing and backend logging #12095 (Maisem Ali)
- I had a feline we were missing some words (tailscale#12098) #12098 (Charlotte Brandhorst-Satzkorn)
- 79b2d42: types/views: move AsMap to Map from *Map (Maisem Ali) #12103
- add some fruit with scales (tailscale#8460) #8460 (Parker Higgins)
- 8aa5c35: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick) #12096
- 7ef2f72: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (Irbe Krumina) #12009
- remove stats goroutine, use a timer #12130 (Andrew Dunham)
- fix macOS uploads by increasing build number prefix (tailscale#12134) #12134 (Andrea Gottardo)
- 1f51bb6: net/tstun: do SNAT after filterPacketOutboundToWireGuard (Maisem Ali) #12133
- plumb a now-required netmon to derphttp #12142 (Brad Fitzpatrick)
- 7f83f9f: Net/DNS/Publicdns: update the IPv6 range that we use to recreate route endpoint for control D (Kevin Liang) #12145
- add Info func to expose EmbeddedInfo #12147 (Maisem Ali)
- b094e8c: api.md: document user invite apis (Sonia Appasamy) #12074
- 8994760: api.md: document device invite apis (Sonia Appasamy) #12064
- 359ef61: Revert "version: add Info func to expose EmbeddedInfo" (Maisem Ali) #12155
- add GitCommitTime to Meta #12155 (Maisem Ali)
- 76c30e0: cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (tailscale#12159) (Irbe Krumina) #12159
- 87f00d7: tool/gocross: treat empty GOOS/GOARCH as native GOOS/GOARCH (James Tucker) #12160
- rewrite LOCK paths #12137 (Percy Wegmann)
- allow ICMP ping relay on macOS + iOS platforms (tailscale#12048) #12048 (Andrea Gottardo)
- create new home for API docs and split into catagory files (tailscale#12116) #12116 (Charlotte Brandhorst-Satzkorn)
- 8d12495: net/netcheck,wgengine/magicsock: add potential workaround for Palo Alto DIPP misbehavior (James Tucker) #12161
- adb7a86: cmd/stunc: support ipv6 address targets (tailscale#12166) (Jordan Whited) #12166
- include device and user invites API documentation (tailscale#12168) #12168 (Charlotte Brandhorst-Satzkorn)
- 47b3476: util/lru: add Clear method (Andrew Dunham) #12176
- 1384c24: control/controlclient: delete unused Client.Login Oauth2Token field (Brad Fitzpatrick) #12173
- 964282d: ipn,wgengine: remove vestigial Prefs.AllowSingleHosts (Brad Fitzpatrick) #12171
- 4f4f317: api.md: direct TOC links to new publicapi docs location (Charlotte Brandhorst-Satzkorn) #12175
- update license notices #12196 (License Updater)
- disable stateful filtering by default (tailscale#12197) #12197 (Andrew Lytvynov)
- 9351eec: net/netcheck: remove hairpin probes (James Tucker) #12205
- 72f0f53: cmd/k8s-operator: fix typo (tailscale#12217) (Irbe Krumina) #12217
- 3c9be07: cmd/derper: support TXT-mediated unpublished bootstrap DNS rollouts (Brad Fitzpatrick) #12219
- 538c2e8: tool/gocross: add debug data to CGO builds (James Tucker) #12223
- 4214e5f: logtail/backoff: update Backoff.BackOff docs (tailscale#12229) (Jordan Whited) #12229
- do not depend on the testing package #12233 (Maisem Ali)
- 87ee559: net/netcheck: apply some polish suggested from tailscale#12161 (James Tucker) #12164
- 8e4a294: util/pool: add package for storing and using a pool of items (Andrew Dunham) #12091
- d0d33f2: cmd/k8s-operator: add a note pointing at ProxyClass (tailscale#12246) (Irbe Krumina) #12246
- 5ad0dad: go generate directives reorder for 'make kube-generate-all' (tailscale#12210) (signed-long) #12210
- f1d10c1: ipn/ipnlocal: allowed suggested exit nodes policy (tailscale#12240) (Claire Wang) #12240
- 08a9551: ssh/tailssh: fall back to using su when no TTY available on Linux (Percy Wegmann) #11910
- dd77111: xcode/iOS: set MatchDomains when no route requires a custom DNS resolver (tailscale#10576) (Andrea Gottardo) #10576
- 0acb61f: serve.go, tsnet.go: Fix "in in" typo (tailscale#12279) (Walter Poupore) #12279
- 909a292: util/linuxfw: don't try cleaning iptables on gokrazy (Brad Fitzpatrick) #12284
- 2d2b62c: wgengine/router: probe generally-unused "ip" command style lazily (Brad Fitzpatrick) #12284
- 1ea100e: cmd/tailscaled, ipn/conffile: support ec2 user-data config file (Brad Fitzpatrick) #12287
- 776a052: ipn/ipnlocal: support c2n updates with old systemd versions (tailscale#12296) (Andrew Lytvynov) #12296
- 3212093: cmd/tailscale/cli: print node signature in
tailscale lock status
(Anton Tolchanov) #12275 - fix dropReason metrics labels (tailscale#12288) #12288 ([Spike Curtis](0...
v1.66.4-sunos
Commits
- c7a51ae: net/tstun: do SNAT after filterPacketOutboundToWireGuard (tailscale#12140) (Andrew Lytvynov) #12140
- disable stateful filtering by default (tailscale#12197) (Andrew Lytvynov)
- e64efe4: VERSION.txt: this is v1.66.4 (Andrew Lytvynov)
- be2fad1: Merge tag 'v1.66.4' into sunos-1.66 (Nahum Shalman)
v1.66.3-sunos
Commits
- c88abff: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12088) (Irbe Krumina) #12088
- 32cb8a3: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick)
- 9d2768a: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (tailscale#12123) (Irbe Krumina) #12123
- 78566fd: VERSION.txt: this is v1.66.2 (Nick O'Neill)
- fix macOS uploads by increasing build number prefix (tailscale#12134) (Andrea Gottardo)
- eae73f8: VERSION.txt: this is v1.66.3 (Nick O'Neill)
- 5a2a40e: Merge tag 'v1.66.3' into sunos-1.66 (Nahum Shalman)
v1.66.1-sunos
Builds
- deps: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (tailscale#11410) #11410 (dependabot[bot])
- deps-dev: bump vite from 5.1.4 to 5.1.7 in /client/web #11609 (dependabot[bot])
Commits
- 09524b5: VERSION.txt: this is v1.64.0 (Jenny Zhang) #11690
- 2207643: VERSION.txt: this is v1.65.0 (Jenny Zhang) #11691
- add gliderlabs/ssh license #11694 (Will Norris)
- update license notices #11666 (License Updater)
- 4d5d669: net/dns: unconditionally write NRPT rules to local settings (Aaron Klotz) #11684
- optimize JSON processing (tailscale#11671) #11671 (Joe Tsai)
- add exit destination for network flow logs node attribute (tailscale#11698) #11698 (Claire Wang)
- enable allow LAN for android (tailscale#11709) #11709 (kari-ts)
- a1abd12: cmd/tailscaled, net/tstun: build for aix/ppc64 (Brad Fitzpatrick) #11721
- 65f2151: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11722
- 170c618: ipn/ipnlocal: remove dead code now that Android uses LocalAPI instead (Brad Fitzpatrick) #11724
- 970b1e2: ipn/ipnlocal: inline assertClientLocked into its now sole caller (Brad Fitzpatrick) #11725
- 68043a1: ipn/ipnlocal: centralize assignments to cc + ccAuto in new method (Brad Fitzpatrick) #11725
- 8186cd0: ipn/ipnlocal: delete redundant TestStatusWithoutPeers (Brad Fitzpatrick) #11725
- bad3159: ipn/ipnlocal: delete useless SetControlClientGetterForTesting use (Brad Fitzpatrick) #11726
- 271cfdb: util/syspolicy: clean up doc grammar and consistency (Brad Fitzpatrick) #11728
- set default state path on AIX #11730 (Brad Fitzpatrick)
- b9aa742: ipn/ipnlocal: remove some dead code (legacyBackend methods) from LocalBackend (Brad Fitzpatrick) #11739
- fix default SYNO_ARCH in Makefile #11747 (Brad Fitzpatrick)
- 38fb23f: cmd/k8s-operator,k8s-operator: allow users to configure proxy env vars via ProxyClass (tailscale#11743) (Irbe Krumina) #11743
- 952e06a: wgengine/router: don't attempt route cleanup on Synology (Brad Fitzpatrick) #11746
- 14c8b67: Revert "licenses: add gliderlabs/ssh license" (Will Norris) #11748
- 449f46c: wgengine/magicsock: rebind/restun if a syscall.EPERM error is returned (tailscale#11711) (Charlotte Brandhorst-Satzkorn) #11711
- 9171b21: cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (tailscale#11407) (Claire Wang) #11407
- 7ec0dc3: ipn/ipnlocal: make StartLoginInteractive take (yet unused) context (Brad Fitzpatrick) #11751
- remove unused Options.LegacyMigrationPrefs #11752 (Brad Fitzpatrick)
- 3c1e2bb: ipn/ipnlocal: remove outdated iOS hacky workaround in Start (Brad Fitzpatrick) #11754
- document use of CapMap for peers #11759 (Adrian Dewhurst)
- 26f9bbc: cmd/k8s-operator,k8s-operator: document tailscale.com Custom Resource Definitions better. (tailscale#11665) (Irbe Krumina) #11665
- 0fba9e7: cmd/tailscale/cli: prevent concurrent Start calls in 'up' (Brad Fitzpatrick) #11761
- 7e2b426: ipn/{localapi, ipnlocal}: forget the prior exit node when localAPI is used to zero the ExitNodeID (tailscale#11681) (Jonathan Nobels) #11681
- 068db1f: net/interfaces: delete unused unexported function (Brad Fitzpatrick) #11765
- use Go 1.22 range-over-int #11764 (Brad Fitzpatrick)
- 62d4be8: cmd/tailscale/cli: fix drive --help usage identation (Paul Scott) #11757
- a50e4e6: cmd/tailscale/cli: remove duplicate "tailscale " in drive subcmd usage (Paul Scott) #11757
- eb34b8a: cmd/tailscale/cli: remove explicit usageFunc - its default (Paul Scott) #11757
- 3ff3445: cmd/tailscale/cli: improve ShortHelp/ShortUsage unit test, fix new errors (Paul Scott) #11757
- d07ede4: cmd/tailscale/cli: fix "subcommand required" errors when typod (Paul Scott) #11757
- 454a03a: cmd/tailscale/cli: prepend "tailscale" to usage errors (Paul Scott) #11757
- 226486e: net/interfaces: handle removed interfaces in State.Equal (Andrew Dunham) #11763
- 3ef7f89: go.{mod,sum}: bump nftables to the latest commit (tailscale#11772) (Irbe Krumina) #11772
- 21a0fe1: ipn/store: omit AWS & Kubernetes support on 'small' Linux GOARCHes (Brad Fitzpatrick) #11778
- 82394de: cmd/tailscale: add shell tab-completion (Paul Scott) #11336
- b85c2b2: net/dns/resolver: use SystemDial in DoH forwarder (Andrew Dunham) #11692
- set SameSite=Strict, with an option for Lax (tailscale#11781) #11781 (Chris Palmer)
- 22bd506: ipn/ipnlocal: hold the mutex when in onTailnetDefaultAutoUpdate (tailscale#11786) (Andrew Lytvynov) #11786
- 03d5d1f: wgengine/magicsock: disable portmapper in tunchan-faked tests (Brad Fitzpatrick) #11787
- c8b0adb: docs/windows/policy: add missing key expiration warning interval (Adrian Dewhurst) #11774
- e775de3: go.mod: bump golang.org/x/net (tailscale#11775) (Andrew Lytvynov) #11775
- allow object-src: self in CSP (tailscale#11782) #11782 (Chris Palmer)
- 02c6af2: cmd/tailscale: clarify Taildrive grants in help text (Percy Wegmann) #11783
- use Distro field for distinguishing Windows Server builds #11796 (Aaron Klotz)
- create android impl (tailscale#11784) #11784 (kari-ts)
- rename exit node destination network flow log node attribute (tailscale#11779) #11779 (Claire Wang)
- rewrite Location headers #11798 (Percy Wegmann)
- 94c0403: ipn/ipnlocal: strip origin and referer headers from Taildrive requests (Percy Wegmann) #11756
- d16c129: ipn/ipnlocal: remove origin and referer headers from Taildrive requests (Percy Wegmann) #11756
- bbe194c: cmd/k8s-operator: correctly determine cluster domain (tailscale#11512) (I...