v1.68.1-sunos

Commits

• 7901925: VERSION.txt: this is v1.67.0 (tailscale#12063) (Nick O'Neill) #12063
• 8f7f9ac: wgengine/netstack: handle 4via6 routes that are advertised by the same node (Andrew Dunham) #12016
• b5dbf15: cmd/k8s-operator: default nameserver image to tailscale/k8s-nameserver:unstable (tailscale#11991) (Irbe Krumina) #11991
• ac638f3: util/linuxfw: fix stateful packet filtering in nftables mode (Anton Tolchanov) #12068
• 21abb7f: cmd/tailscale: add missing set flags for linux (Maisem Ali) #12072
• 25e32cc: util/linuxfw: fix table name in DelStatefulRule (Andrew Dunham) #12077
• 5708fc0: wgengine/router: print Docker warning when stateful filtering is enabled (Andrew Dunham) #12076
• e070af7: ipnlocal, magicsock: add more description to storing last suggested exit (tailscale#11998) (Claire Wang) #11998
• d86d1e7: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12075) (Irbe Krumina) #12075
• parse depth 1 PROPFIND results to include children in cache #12000 (Percy Wegmann)
• split user facing and backend logging #12095 (Maisem Ali)
• I had a feline we were missing some words (tailscale#12098) #12098 (Charlotte Brandhorst-Satzkorn)
• 79b2d42: types/views: move AsMap to Map from *Map (Maisem Ali) #12103
• add some fruit with scales (tailscale#8460) #8460 (Parker Higgins)
• 8aa5c35: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick) #12096
• 7ef2f72: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (Irbe Krumina) #12009
• remove stats goroutine, use a timer #12130 (Andrew Dunham)
• fix macOS uploads by increasing build number prefix (tailscale#12134) #12134 (Andrea Gottardo)
• 1f51bb6: net/tstun: do SNAT after filterPacketOutboundToWireGuard (Maisem Ali) #12133
• plumb a now-required netmon to derphttp #12142 (Brad Fitzpatrick)
• 7f83f9f: Net/DNS/Publicdns: update the IPv6 range that we use to recreate route endpoint for control D (Kevin Liang) #12145
• add Info func to expose EmbeddedInfo #12147 (Maisem Ali)
• b094e8c: api.md: document user invite apis (Sonia Appasamy) #12074
• 8994760: api.md: document device invite apis (Sonia Appasamy) #12064
• 359ef61: Revert "version: add Info func to expose EmbeddedInfo" (Maisem Ali) #12155
• add GitCommitTime to Meta #12155 (Maisem Ali)
• 76c30e0: cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (tailscale#12159) (Irbe Krumina) #12159
• 87f00d7: tool/gocross: treat empty GOOS/GOARCH as native GOOS/GOARCH (James Tucker) #12160
• rewrite LOCK paths #12137 (Percy Wegmann)
• allow ICMP ping relay on macOS + iOS platforms (tailscale#12048) #12048 (Andrea Gottardo)
• create new home for API docs and split into catagory files (tailscale#12116) #12116 (Charlotte Brandhorst-Satzkorn)
• 8d12495: net/netcheck,wgengine/magicsock: add potential workaround for Palo Alto DIPP misbehavior (James Tucker) #12161
• adb7a86: cmd/stunc: support ipv6 address targets (tailscale#12166) (Jordan Whited) #12166
• include device and user invites API documentation (tailscale#12168) #12168 (Charlotte Brandhorst-Satzkorn)
• 47b3476: util/lru: add Clear method (Andrew Dunham) #12176
• 1384c24: control/controlclient: delete unused Client.Login Oauth2Token field (Brad Fitzpatrick) #12173
• 964282d: ipn,wgengine: remove vestigial Prefs.AllowSingleHosts (Brad Fitzpatrick) #12171
• 4f4f317: api.md: direct TOC links to new publicapi docs location (Charlotte Brandhorst-Satzkorn) #12175
• update license notices #12196 (License Updater)
• disable stateful filtering by default (tailscale#12197) #12197 (Andrew Lytvynov)
• 9351eec: net/netcheck: remove hairpin probes (James Tucker) #12205
• 72f0f53: cmd/k8s-operator: fix typo (tailscale#12217) (Irbe Krumina) #12217
• 3c9be07: cmd/derper: support TXT-mediated unpublished bootstrap DNS rollouts (Brad Fitzpatrick) #12219
• 538c2e8: tool/gocross: add debug data to CGO builds (James Tucker) #12223
• 4214e5f: logtail/backoff: update Backoff.BackOff docs (tailscale#12229) (Jordan Whited) #12229
• do not depend on the testing package #12233 (Maisem Ali)
• 87ee559: net/netcheck: apply some polish suggested from tailscale#12161 (James Tucker) #12164
• 8e4a294: util/pool: add package for storing and using a pool of items (Andrew Dunham) #12091
• d0d33f2: cmd/k8s-operator: add a note pointing at ProxyClass (tailscale#12246) (Irbe Krumina) #12246
• 5ad0dad: go generate directives reorder for 'make kube-generate-all' (tailscale#12210) (signed-long) #12210
• f1d10c1: ipn/ipnlocal: allowed suggested exit nodes policy (tailscale#12240) (Claire Wang) #12240
• 08a9551: ssh/tailssh: fall back to using su when no TTY available on Linux (Percy Wegmann) #11910
• dd77111: xcode/iOS: set MatchDomains when no route requires a custom DNS resolver (tailscale#10576) (Andrea Gottardo) #10576
• 0acb61f: serve.go, tsnet.go: Fix "in in" typo (tailscale#12279) (Walter Poupore) #12279
• 909a292: util/linuxfw: don't try cleaning iptables on gokrazy (Brad Fitzpatrick) #12284
• 2d2b62c: wgengine/router: probe generally-unused "ip" command style lazily (Brad Fitzpatrick) #12284
• 1ea100e: cmd/tailscaled, ipn/conffile: support ec2 user-data config file (Brad Fitzpatrick) #12287
• 776a052: ipn/ipnlocal: support c2n updates with old systemd versions (tailscale#12296) (Andrew Lytvynov) #12296
• 3212093: cmd/tailscale/cli: print node signature in tailscale lock status (Anton Tolchanov) #12275
• fix dropReason metrics labels (tailscale#12288) #12288 ([Spike Curtis](0...

v1.66.4-sunos

Commits

• c7a51ae: net/tstun: do SNAT after filterPacketOutboundToWireGuard (tailscale#12140) (Andrew Lytvynov) #12140
• disable stateful filtering by default (tailscale#12197) (Andrew Lytvynov)
• e64efe4: VERSION.txt: this is v1.66.4 (Andrew Lytvynov)
• be2fad1: Merge tag 'v1.66.4' into sunos-1.66 (Nahum Shalman)

v1.66.3-sunos

Commits

• c88abff: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12088) (Irbe Krumina) #12088
• 32cb8a3: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick)
• 9d2768a: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (tailscale#12123) (Irbe Krumina) #12123
• 78566fd: VERSION.txt: this is v1.66.2 (Nick O'Neill)
• fix macOS uploads by increasing build number prefix (tailscale#12134) (Andrea Gottardo)
• eae73f8: VERSION.txt: this is v1.66.3 (Nick O'Neill)
• 5a2a40e: Merge tag 'v1.66.3' into sunos-1.66 (Nahum Shalman)

v1.66.1-sunos

Builds

• deps: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (tailscale#11410) #11410 (dependabot[bot])
• deps-dev: bump vite from 5.1.4 to 5.1.7 in /client/web #11609 (dependabot[bot])

Commits

• 09524b5: VERSION.txt: this is v1.64.0 (Jenny Zhang) #11690
• 2207643: VERSION.txt: this is v1.65.0 (Jenny Zhang) #11691
• add gliderlabs/ssh license #11694 (Will Norris)
• update license notices #11666 (License Updater)
• 4d5d669: net/dns: unconditionally write NRPT rules to local settings (Aaron Klotz) #11684
• optimize JSON processing (tailscale#11671) #11671 (Joe Tsai)
• add exit destination for network flow logs node attribute (tailscale#11698) #11698 (Claire Wang)
• enable allow LAN for android (tailscale#11709) #11709 (kari-ts)
• a1abd12: cmd/tailscaled, net/tstun: build for aix/ppc64 (Brad Fitzpatrick) #11721
• 65f2151: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11722
• 170c618: ipn/ipnlocal: remove dead code now that Android uses LocalAPI instead (Brad Fitzpatrick) #11724
• 970b1e2: ipn/ipnlocal: inline assertClientLocked into its now sole caller (Brad Fitzpatrick) #11725
• 68043a1: ipn/ipnlocal: centralize assignments to cc + ccAuto in new method (Brad Fitzpatrick) #11725
• 8186cd0: ipn/ipnlocal: delete redundant TestStatusWithoutPeers (Brad Fitzpatrick) #11725
• bad3159: ipn/ipnlocal: delete useless SetControlClientGetterForTesting use (Brad Fitzpatrick) #11726
• 271cfdb: util/syspolicy: clean up doc grammar and consistency (Brad Fitzpatrick) #11728
• set default state path on AIX #11730 (Brad Fitzpatrick)
• b9aa742: ipn/ipnlocal: remove some dead code (legacyBackend methods) from LocalBackend (Brad Fitzpatrick) #11739
• fix default SYNO_ARCH in Makefile #11747 (Brad Fitzpatrick)
• 38fb23f: cmd/k8s-operator,k8s-operator: allow users to configure proxy env vars via ProxyClass (tailscale#11743) (Irbe Krumina) #11743
• 952e06a: wgengine/router: don't attempt route cleanup on Synology (Brad Fitzpatrick) #11746
• 14c8b67: Revert "licenses: add gliderlabs/ssh license" (Will Norris) #11748
• 449f46c: wgengine/magicsock: rebind/restun if a syscall.EPERM error is returned (tailscale#11711) (Charlotte Brandhorst-Satzkorn) #11711
• 9171b21: cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (tailscale#11407) (Claire Wang) #11407
• 7ec0dc3: ipn/ipnlocal: make StartLoginInteractive take (yet unused) context (Brad Fitzpatrick) #11751
• remove unused Options.LegacyMigrationPrefs #11752 (Brad Fitzpatrick)
• 3c1e2bb: ipn/ipnlocal: remove outdated iOS hacky workaround in Start (Brad Fitzpatrick) #11754
• document use of CapMap for peers #11759 (Adrian Dewhurst)
• 26f9bbc: cmd/k8s-operator,k8s-operator: document tailscale.com Custom Resource Definitions better. (tailscale#11665) (Irbe Krumina) #11665
• 0fba9e7: cmd/tailscale/cli: prevent concurrent Start calls in 'up' (Brad Fitzpatrick) #11761
• 7e2b426: ipn/{localapi, ipnlocal}: forget the prior exit node when localAPI is used to zero the ExitNodeID (tailscale#11681) (Jonathan Nobels) #11681
• 068db1f: net/interfaces: delete unused unexported function (Brad Fitzpatrick) #11765
• use Go 1.22 range-over-int #11764 (Brad Fitzpatrick)
• 62d4be8: cmd/tailscale/cli: fix drive --help usage identation (Paul Scott) #11757
• a50e4e6: cmd/tailscale/cli: remove duplicate "tailscale " in drive subcmd usage (Paul Scott) #11757
• eb34b8a: cmd/tailscale/cli: remove explicit usageFunc - its default (Paul Scott) #11757
• 3ff3445: cmd/tailscale/cli: improve ShortHelp/ShortUsage unit test, fix new errors (Paul Scott) #11757
• d07ede4: cmd/tailscale/cli: fix "subcommand required" errors when typod (Paul Scott) #11757
• 454a03a: cmd/tailscale/cli: prepend "tailscale" to usage errors (Paul Scott) #11757
• 226486e: net/interfaces: handle removed interfaces in State.Equal (Andrew Dunham) #11763
• 3ef7f89: go.{mod,sum}: bump nftables to the latest commit (tailscale#11772) (Irbe Krumina) #11772
• 21a0fe1: ipn/store: omit AWS & Kubernetes support on 'small' Linux GOARCHes (Brad Fitzpatrick) #11778
• 82394de: cmd/tailscale: add shell tab-completion (Paul Scott) #11336
• b85c2b2: net/dns/resolver: use SystemDial in DoH forwarder (Andrew Dunham) #11692
• set SameSite=Strict, with an option for Lax (tailscale#11781) #11781 (Chris Palmer)
• 22bd506: ipn/ipnlocal: hold the mutex when in onTailnetDefaultAutoUpdate (tailscale#11786) (Andrew Lytvynov) #11786
• 03d5d1f: wgengine/magicsock: disable portmapper in tunchan-faked tests (Brad Fitzpatrick) #11787
• c8b0adb: docs/windows/policy: add missing key expiration warning interval (Adrian Dewhurst) #11774
• e775de3: go.mod: bump golang.org/x/net (tailscale#11775) (Andrew Lytvynov) #11775
• allow object-src: self in CSP (tailscale#11782) #11782 (Chris Palmer)
• 02c6af2: cmd/tailscale: clarify Taildrive grants in help text (Percy Wegmann) #11783
• use Distro field for distinguishing Windows Server builds #11796 (Aaron Klotz)
• create android impl (tailscale#11784) #11784 (kari-ts)
• rename exit node destination network flow log node attribute (tailscale#11779) #11779 (Claire Wang)
• rewrite Location headers #11798 (Percy Wegmann)
• 94c0403: ipn/ipnlocal: strip origin and referer headers from Taildrive requests (Percy Wegmann) #11756
• d16c129: ipn/ipnlocal: remove origin and referer headers from Taildrive requests (Percy Wegmann) #11756
• bbe194c: cmd/k8s-operator: correctly determine cluster domain (tailscale#11512) (I...

v1.64.2-sunos

Commits

• ab4f9d2: wgengine/router: don't attempt route cleanup on Synology (Brad Fitzpatrick)
• 02a96c8: VERSION.txt: this is v1.64.1 (Jenny Zhang)
• ede81e2: VERSION.txt: this is v1.64.2 (Jenny Zhang)
• 74ac451: Merge tag 'v1.64.2' into sunos-1.64 (Nahum Shalman)

v1.64.0-sunos

Commits

• da3cf12: VERSION.txt: this is v1.63.0 (Anton Tolchanov) #11404
• do not allow msiexec to reboot the OS (tailscale#11409) #11409 (Andrew Lytvynov)
• decd989: ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (tailscale#11394) (Andrew Lytvynov) #11394
• cf8948d: net/routetable: increase route limit used by the test (Anton Tolchanov) #11415
• ea55f96: cmd/tailscale/cli: fix configuring partially empty kubeconfig (tailscale#11417) (Irbe Krumina) #11417
• 08ebac9: version,cli,safesocket: detect non-sandboxed macOS GUI (tailscale#11369) (Andrea Gottardo) #11369
• ensure f is not nil before using it #11426 (Marwan Sulaiman)
• e0886ad: ipn/ipnlocal, tailcfg: add disable-web-client node attribute (tailscale#11418) (Mario Minardi) #11418
• 4d747c1: api.md: document device expiration endpoint (Will Norris) #11448
• d2ccfa4: cmd/tailscale,ipn/ipnlocal: enable web client over quad 100 by default (tailscale#11419) (Mario Minardi) #11419
• 7fe4cbb: types/views: optimize slices contains under some conditions (tailscale#11449) (James Tucker) #11449
• b0c3e6f: cmd/k8s-operator,ipn/conf.go: fix --accept-routes for proxies (tailscale#11453) (Irbe Krumina) #11453
• 349799a: api.md: format API docs with prettier (Will Norris) #11455
• 68d9e49: api.md: add missing backtick to GET searchpaths doc (tailscale#11459) (Mario Minardi) #11459
• 6288c9b: version/prop: remove IsMacAppSandboxEnabled (tailscale#11461) (Andrea Gottardo) #11461
• add Swap method #11463 (Andrew Dunham)
• fix logger data race in tests #11464 (Andrew Dunham)
• 221de01: control/controlclient: fix sending peer capmap changes (tailscale#11457) (Claire Wang) #11457
• e37eded: tool/gocross: add android autoflags (tailscale#11465) (James Tucker) #11465
• include whitespace in test share and filenames #11390 (Percy Wegmann)
• 20e9f33: control/controlclient: send load balancing hint HTTP request header (Brad Fitzpatrick) #11470
• ensure TailFS share notifications are non-nil #11471 (Percy Wegmann)
• 2f7e7be: control/controlclient: do not alias peer CapMap (Adrian Dewhurst) #11472
• 512fc0b: util/reload: add new package to handle periodic value loading (Andrew Dunham) #11476
• 5d1c72f: wgengine/magicsock: don't use endpoint debug ringbuffer on mobile. (Brad Fitzpatrick) #11480
• 6a860cf: ipn/ipnlocal: add c2n pprof option to force a GC (Brad Fitzpatrick) #11479
• d4bfe34: util/zstdframe: add package for stateless zstd compression (tailscale#11481) (Joe Tsai) #11481
• use zstdframe where sensible (tailscale#11491) #11491 (Joe Tsai)
• 8444937: control/controlclient: fix panic regression from earlier load balancer hint header (Brad Fitzpatrick) #11492
• 3f7313d: util/linuxfw,wgengine/router: enable IPv6 configuration when netfilter is disabled (James Tucker) #11494
• reduce garbage production in bus watcher #11477 (James Tucker)
• f45594d: control/controlclient: free memory on iOS before full netmap work (Brad Fitzpatrick) #11489
• 8c88853: ipn/ipnlocal: add c2n /debug/pprof/allocs endpoint (Percy Wegmann) #11484
• b104688: ipn/ipnlocal, types/netmap: replace hasCapability with set lookup on NetworkMap (Brad Fitzpatrick) #11501
• 4992aca: tsweb/varz: flesh out munging of expvar keys into valid Prometheus metrics (Brad Fitzpatrick) #11505
• deprecate Node.Capabilities (more), remove PeerChange.Capabilities [capver 89] #11509 (Brad Fitzpatrick)
• a36cfb4: tailcfg, ipn/ipnlocal, wgengine/magicsock: add only-tcp-443 node attr (Brad Fitzpatrick) #11511
• 1e7050e: go.mod: bump github.com/docker/docker (tailscale#11515) (Andrew Lytvynov) #11515
• 8b8b315: net/tstun: use gaissmai/bart instead of tempfork/device (Percy Wegmann) #11488
• b6dfd74: Change type of installCRDs (tailscale#11478) (Chris Milson-Tokunaga) #11478
• 06e22a9: .github/workflows: fix path filter for 'Kubernetes manifests' test job (tailscale#11520) (Irbe Krumina) #11520
• move a scratch buffer to Logger #11486 (Brad Fitzpatrick)
• 90a4d6c: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11516
• 55baf94: metrics, tsweb/varz: add multi-label map metrics (Brad Fitzpatrick) #11521
• 4cbef20: cmd/k8s-operator: redact auth key from debug logs (tailscale#11523) (Irbe Krumina) #11523
• acb611f: ipn/localipn: introduce logs for tailfs (tailscale#11496) (Charlotte Brandhorst-Satzkorn) #11496
• 5d41259: cmd/tailscale/cli: remove Beta tag from tailscale update (tailscale#11529) (Andrew Lytvynov) #11529
• eb42a16: ipn/ipnlocal: report Taildrive access message on failed responses (Percy Wegmann) #11528
• 0d8cd16: go.mod: bump github.com/gaissmai/bart (Maisem Ali) #11531
• bed818a: ipn/localapi: add support for multipart POST to file-put (Percy Wegmann) #11468
• 66e4d84: ipn/localapi: add support for multipart POST to file-put (Percy Wegmann) #11468
• 008676f: cmd/serve: update warning for sandboxed macOS builds (tailscale#11530) (Andrea Gottardo) #11530
• init (tailscale#11467) #11467 (Patrick O'Doherty)
• 3e6306a: derp/derphttp: make CONNECT Host match request-target's authority-form (Brad Fitzpatrick) #11539
• return http.Handler from safeweb.RedirectHTTP (tailscale#11538) #11538 (Patrick O'Doherty)
• 9e2f58f: cmd/{k8s-nameserver,k8s-operator},k8s-operator: add a kube nameserver, make operator deploy it (tailscale#11017) (Irbe Krumina) #11017
• 9b5176c: cmd/k8s-operator: fix failing tests (tailscale#11541) (Irbe Krumina) #11541
• 9401b09: control/controlclient: move client watchdog to cover initial request (James Tucker) #11543
• 354cac7: tsweb/varz: add charset=utf-8 to varz handler (Brad Fitzpatrick) #11533
• make BucketedStats not track 400s, 404s, etc #11548 (Brad Fitzpatrick)
• add opt-in inline style CSP toggle (tailscale#11551) #11551 (Patrick O'Doherty)
• 5fb721d: util/linuxfw,wgengine/router: skip IPv6 f...

v1.62.1-repackage-sunos

Commits

• do not allow msiexec to reboot the OS (tailscale#11409) (tailscale#11416) #11416 (Andrew Lytvynov)
• 6953dbc: cmd/k8s-operator,ipn/conf.go: fix --accept-routes for proxies (tailscale#11454) (Irbe Krumina) #11454
• f9cdd9d: control/controlclient: send load balancing hint HTTP request header (Brad Fitzpatrick)
• 7074c49: control/controlclient: fix panic regression from earlier load balancer hint header (Brad Fitzpatrick)
• 0ad803a: util/linuxfw,wgengine/router: enable IPv6 configuration when netfilter is disabled (tailscale#11517) (Irbe Krumina) #11517
• 2827330: VERSION.txt: this is v1.62.1 (Irbe Krumina)
• 6beed4b: Merge tag 'v1.62.1' into sunos-1.62 (Nahum Shalman)
• 431f313: build tailscale client (Kevin Meziere)
• 9fd10b5: add tailscale client to release (Kevin Meziere)
• 8bbbe97: Ship all three variations (Nahum Shalman)

v1.62.1-sunos

Commits

• do not allow msiexec to reboot the OS (tailscale#11409) (tailscale#11416) #11416 (Andrew Lytvynov)
• 6953dbc: cmd/k8s-operator,ipn/conf.go: fix --accept-routes for proxies (tailscale#11454) (Irbe Krumina) #11454
• f9cdd9d: control/controlclient: send load balancing hint HTTP request header (Brad Fitzpatrick)
• 7074c49: control/controlclient: fix panic regression from earlier load balancer hint header (Brad Fitzpatrick)
• 0ad803a: util/linuxfw,wgengine/router: enable IPv6 configuration when netfilter is disabled (tailscale#11517) (Irbe Krumina) #11517
• 2827330: VERSION.txt: this is v1.62.1 (Irbe Krumina)
• 6beed4b: Merge tag 'v1.62.1' into sunos-1.62 (Nahum Shalman)

v1.62.0-sunos

Commits

• 7c0651a: scripts/installer.sh: add tuxedoOS to the Ubuntu copies (Nathan Woodburn) #11050
• b0e96a6: net/dns: log more info when openresolv commands fail (Andrew Dunham) #11130
• 61a1644: go.mod, all: move away from inet.af domain seized by Taliban (Brad Fitzpatrick) #11132
• 7ad2bb8: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11133
• b7104cd: util/topk: add package containing a probabilistic top-K tracker (Andrew Dunham) #11029
• disable auto update on NixOS (tailscale#11136) #11136 (Patrick O'Doherty)
• 52f16b5: doctor/ethtool, ipn/ipnlocal: add ethtool bugreport check (Andrew Dunham) #11138
• 4d66841: wgengine/router: fix ip rule restoration (Jason Barnett) #10858
• 3aca29e: VERSION.txt: this is v1.61.0 (Percy Wegmann) #11148
• 69f5664: ipn/ipnlocal: fix doctor API endpoint (tailscale#11155) (San) #11155
• 2448781: cmd/tailscale: make web client URL clickable (Will Norris) #11164
• 6b582cb: cmd/tailscale: support clickable IPv6 web client addresses (Will Norris) #11165
• 44e337c: tool/gocross: pass flags for visionOS and visionOS Simulator (tailscale#11127) (Andrea Gottardo) #11127
• 70b7201: net/dns: fix infinite loop when run on Amazon Linux 2023 (Andrew Dunham) #11163
• allow longer idle log upload connections #11167 (James Tucker)
• 794af40: ipn/ipnlocal: remove ancient transition mechanism for https certs (Brad Fitzpatrick) #11168
• add TLS probe constructor to split dial addr from cert name #11177 (Brad Fitzpatrick)
• 8fe5042: net/ktimeout: add a package to set TCP user timeout (James Tucker) #11181
• d756622: util/syspolicy: add ManagedBy keys for Windows (tailscale#11183) (Andrea Gottardo) #11183
• 91a1019: cmd/testwrapper: apply results of all unit tests to coverage for all packages (Percy Wegmann) #11188
• 7708ab6: cmd/tailscale/cli: pass "-o 'CanonicalizeHostname no'" to ssh (Paul Scott) #10368
• plumb context to Server.verifyClient #11192 (Brad Fitzpatrick)
• 10d130b: cmd/derper, derp, tailcfg: add admission controller URL option (Brad Fitzpatrick) #11193
• 0359c2f: util/syspolicy: add 'ResetToDefaults' (tailscale#11194) (Andrea Gottardo) #11194
• edbad6d: cmd/derper: add user timeout and reduce TCP keepalive (James Tucker) #11182
• 72140da: client/web: update vite-plugin-svgr to latest version (tailscale#11197) (Mario Minardi) #11197
• 713d292: client/web: update plugin-react-swc to latest version (tailscale#11199) (Mario Minardi) #11199
• e8d2fc7: net/tshttpproxy: log when we're using a proxy (Andrew Dunham) #11203
• 131f909: wgengine/wglog: quieten WireGuard logs for allowedips (James Tucker) #11213
• 15b2c67: cmd/tailscale: add node attribute instructions to share command help (Percy Wegmann) #11212
• ac281dd: client/web: update vite and vitest to latest versions (tailscale#11200) (Mario Minardi) #11200
• c8c999d: cli/debug: rename DERP debug mode (tailscale#11220) (Andrea Gottardo) #11220
• 651c489: net/interfaces: reduce & cleanup logs on iOS (James Tucker) #11221
• c9b6d19: .github/workflows: fix typo in XDG_CACHE_HOME (James Tucker) #11223
• 0c5e65e: cmd/derper: apply TCP keepalive and timeout to TLS as well (James Tucker) #11225
• 8d0d464: net/dns: timeout DOH requests after 10s without response headers (James Tucker) #11227
• 8b9474b: wgengine/wgcfg: don't send UAPI to disable keep-alives on new peers (Brad Fitzpatrick) #11231
• 6ad6d6b: wgengine/wglog: add TS_DEBUG_RAW_WGLOG envknob for raw wg logs (Brad Fitzpatrick) #11232
• ff1391a: net/dns/publicdns: add Mullvad family DNS to the list of known DoH servers (mrrfv) #11215
• remove LenIter, use Go 1.22 range-over-int instead #11241 (Brad Fitzpatrick)
• replace webdavfs with reverse proxies #11187 (Percy Wegmann)
• cd9cf93: wgengine/netstack: expose TCP forwarder drops via clientmetrics (Anton Tolchanov) #11245
• 9aa704a: client/web: restrict serveAPI endpoints to peer capabilities (Sonia Appasamy) #11217
• 95f2656: client/web: use grants on web UI frontend (Sonia Appasamy) #11217
• 82c569a: go.mod: update web-client-prebuilt module (OSS Updater) #11254
• b42b981: net/dns: do not wait for the interface registry key to appear if the windowsManager is being closed (Nick Khyl) #11224
• 7ef1fb1: cmd/tailscaled, ipn/ipnlocal, wgengine: shutdown tailscaled if wgdevice is closed (Nick Khyl) #11224
• warn about reverse path filtering and exit nodes #11191 (Anton Tolchanov)
• 9a8c2f4: types/key: remove copy returning array by value (Brad Fitzpatrick) #11239
• reduce critical section #11239 (Brad Fitzpatrick)
• make pendOpen time later, after dup check #11239 (Brad Fitzpatrick)
• 1cf8582: ipn/ipnstate, wgengine/wgint: add handshake attempts accessors (Brad Fitzpatrick) #11239
• 086ef19: scripts/installer.sh: auto-start tailscale on Alpine (tailscale#11214) (Keli) #11214
• fix race condition in tailfs_test #11262 (Percy Wegmann)
• 45d27fa: cmd/k8s-operator,k8s-operator,go.{mod,sum},tstest/tools: add Tailscale Kubernetes operator API docs (tailscale#11246) (Irbe Krumina) #11246
• 303125d: cmd/k8s-operator: configure all proxies with declarative config (tailscale#11238) (Irbe Krumina) #11238
• 95dcc17: cmd/k8s-operator: reconcile tailscale Ingresses when their backend Services change. (tailscale#11255) (Irbe Krumina) #11255
• add latitude, longitude for node location (tailscale#11162) #11162 (Claire Wang)
• c5abbcd: wgengine/netstack: add a per-client limit for in-flight TCP forwards (Andrew Dunham) #11258
• 7912d76: client/web: update to typescript 5.3.3 (tailscale#11267) (Mario Minardi) #11267
• expose function to generate request IDs #11273 (Andrew Dunham)
• a20e46a: util/cache: fix missing interface methods (tailscale#11275) (Andrew Dunham) #11275
• 3dd8ae2: net/tstun: fix spelling of "WireGuard" (Andrew Dunham) #11278
• 74b89...

v1.60.1-sunos

Commits

• 17cd062: ipn,wgengine: only intercept TailFS traffic on quad 100 (Percy Wegmann) #11286
• 2caffee: VERSION.txt: this is v1.60.1 (Percy Wegmann)
• 7574f6d: Merge tag 'v1.60.1' into sunos-1.60 (Nahum Shalman)