v1.86.2-sunos

github-actions released this 31 Jul 00:33

· 464 commits to sunos-1.90 since this release

1229f6e

Documentation

fix typo in commit-messages.md #16302 (okunamayanad)

Commits

4980869: cmd/tsidp: Fix sending string for refresh_token (Tim Klocke) #16074
09582bd: cmd/tsidp: add web UI for managing OIDC clients (tailscale#16068) (Raj Singh) #16068
cd49faa: feature/capture: fix wireshark decoding and add new disco frame types (tailscale#16089) (Mike O'Driscoll) #16089
4b59f1d: .github/workflows: use Ubuntu 24.04 images (tailscale#16097) (Irbe Krumina) #16097
set RouteAll=true by default for new accounts on iOS and Android (tailscale#16110) #16110 (Jonathan Nobels)
ffc8ec2: wgengine/magicsock: implement relayManager endpoint probing (tailscale#16029) (Jordan Whited) #16029
5e54819: net/dns: cache dns.Config for reuse when compileConfig fails (tailscale#16059) (Jonathan Nobels) #16059
remove an expired configuration-path migration step (tailscale#16120) #16120 (M. J. Fromberger)
b0d3597: go.toolchain.rev: bump to 1.24.3 (tailscale#16060) (Andrew Lytvynov) #16060
dca4036: util/set: add SmallSet (Brad Fitzpatrick) #16109
4cccd15: ipn/ipnlocal: fix data race when accessing b.appConnector (Nick Khyl) #16131
191afd3: net/tshttpproxy: fix WDAP/PAC proxy detection on Win10 1607 and earlier (Nick Khyl) #16130
401d6c0: go.mod: bump golang.org/x deps (Brad Fitzpatrick) #16132
ef49e75: util/set: add SmallSet.SoleElement, fix bug, add more tests (Brad Fitzpatrick) #16133
5b670eb: cmd/containerboot: allow setting --accept-dns via TS_EXTRA_ARGS again (tailscale#16129) (Irbe Krumina) #16129
11e83f9: controlclient,health,ipnlocal,tailcfg: add DisplayMessage support (James Sanderson) #15851
fix AtomicValue.CompareAndSwap (tailscale#16137) #16137 (Joe Tsai)
enable writing state to disk #16105 (Fran Bull)
5f35143: go.mod,wgengine/magicsock: update wireguard-go (tailscale#16148) (Jordan Whited) #16148
8a3afa5: ipn/ipnlocal: fix deadlock when filtering DisplayMessage URLs (James Sanderson) #16163
propagate serial number from MDM on Android #16152 (Anton Tolchanov)
5f0e139: cmd/tsidp: add Docker image building support (tailscale#16078) (Raj Singh) #16078
1635ccc: ssh/tailssh: display more useful error messages when authentication fails (Percy Wegmann) #16127
add watch opt to include actions in health messages #16177 (James Sanderson)
show DisplayMessage actions in 'tailscale status' #16188 (James Sanderson)
486a55f: cmd/natc: add optional consensus backend (Fran Bull) #15712
75a7d28: net/packet: fix Parsed docs (tailscale#16200) (Jordan Whited) #16200
3e08eab: cmd/natc: use new on disk state store for consensus (Fran Bull) #16190
3f7a9f8: wgengine/magicsock: fix bpf fragmentation jump offsets (tailscale#16204) (Claus Lensbøl) #16204
66ae873: wgengine/magicsock: make endpoint.bestAddr Geneve-aware (tailscale#16195) (Jordan Whited) #16195
7b06532: ipn/ipnlocal: Update hostinfo to control on service config change (tailscale#16146) (KevinLiang10) #16146
prefix Warnables received from the control plane #16208 (James Sanderson)
4456f77: cmd/k8s-operator: explicitly set tcp on VIPService port configuration for Ingress with ProxyGroup (tailscale#16199) (Tom Meadows) #16199
67b1693: wgengine/magicsock: enable setting relay epAddr's as bestAddr (tailscale#16229) (Jordan Whited) #16229
c343bff: wgengine/relaymanager: don't start runLoop() on init() (tailscale#16231) (Jordan Whited) #16231
9501f66: wgengine/magicsock: don't cancel in-progress relayManager work (tailscale#16233) (Jordan Whited) #16233
cc8dc9e: types/netmap: fix NodeMutationEndpoints docs typo (tailscale#16234) (Jordan Whited) #16234
db34cdc: cmd/tailscale/cli: add a risk message about rp_filter (Anton Tolchanov) #16062
e72c528: cmd/{derp,derpprobe},prober,derp: add mesh support to derpprobe (tailscale#15414) (Mike O'Driscoll) #15414
8114260: go.toolchain.rev: bump to go 1.24.4 (tailscale#16230) (Patrick O'Doherty) #16230
6a93b17: types/netmap,wgengine/magicsock: propagate CapVer to magicsock.endpoint (tailscale#16244) (Jordan Whited) #16244
3b25e94: cmd/natc: allow specifying the tsnet state dir (Fran Bull) #16249
6010812: ipn/localapi,client/local: add debug watcher for bus events (tailscale#16239) (Claus Lensbøl) #16239
8baa016: .github: Bump github/codeql-action from 3.28.15 to 3.28.19 (tailscale#16227) (dependabot[bot]) #16227
75a4297: .github: Bump slackapi/slack-github-action from 2.0.0 to 2.1.0 (tailscale#15948) (dependabot[bot]) #15948
7c05811: .github: Bump actions/setup-go from 5.4.0 to 5.5.0 (tailscale#15947) (dependabot[bot]) #15947
3219de4: cmd/k8s-operator: ensure status update errors are displayed to users (tailscale#16251) (Irbe Krumina) #16251
3b5ce9d: tsweb/varz: add binary name to version metric (Brad Fitzpatrick) #16256
3ed76ce: feature/relayserver,net/{netcheck,udprelay}: implement addr discovery (tailscale#16253) (Jordan Whited) #16253
b0f7b23: net/netcheck: preserve live home DERP through packet loss (James Tucker) #16254
9206e76: net/packet: cleanup IPv4 fragment guards (James Tucker) #16185
record DERP dropped packets as they occur #16252 (James Tucker)
dac00e9: go.mod: bump github.com/cloudflare/circl (tailscale#16264) (Andrew Lytvynov) #16264
6a4d92e: ipn/ipnlocal: replace nodeContext with nodeBackend in comments (Nick Khyl) #16275
fe391d5: client/local: use an iterator to stream bus events (tailscale#16269) (M. J. Fromberger) #16269
733bfae: ipn/ipnlocal: signal nodeBackend readiness and shutdown (Nick Khyl) #16274
e29e3c1: cmd/k8s-operator: ensure that TLS resources are updated for HA Ingress (tailscale#16262) (Irbe Krumina) #16262
59fab8b: .github: Bump github/codeql-action from 3.28.19 to 3.29.0 (tailscale#16287) (dependabot[bot]) #16287
reject removal of the last signing key #16268 (Anton Tolchanov)
8e6f63c: ipn/ipnlocal,wgengine/magicsock: use eventbus for node & filter updates (tailscale#16271) (Jordan Whited) #16271
5b7cf7f: .github/workflows: do a go mod download & cache it before all jobs (Brad Fitzpatrick) #16281
8666142: util/eventbus: remove redundant code from eventbus.Publish (Nick Khyl) #16276
protect from data race #16288 (Fran Bull)
735f15c: util/must: add Get2 for functions that return two values (James Sanderson) #16289
8698522: cmd/natc: add a flag to use specific DNS servers (James Tucker) #16292
259bab9: scripts/check_license_headers.sh: delete, rewrite as a Go test (Brad Fitzpatrick) #16295
5b086cd: tool/gocross: make gocross opt-in instead of opt-out (Brad Fitzpatrick) #16280
077d52b: .github/workflows: removes extra '$' (Irbe Krumina) #16285
d7770d2: .github/workflows: test that ./go/tool version matches go mod version (Irbe Krumina) #16285
speed up TestCRL ~450x by baking in some test keys #16301 (Brad Fitzpatrick)
d37e8d0: .github/workflows: remove redundant work between staticcheck jobs (Brad Fitzpatrick) #16304
e7f5c9a: derp/derphttp: add error notify for RunWatchConnectionLoop (tailscale#16261) (Mike O'Driscoll) #16261
939355f: tool/gocross: put the synthetic GOROOTs outside of the tsgo directory (Brad Fitzpatrick) #16305
4431fb8: ipn/ipnlocal: add some verbose logging to taildrive peerapi handler (Percy Wegmann) #16307
add missing entries for OpenBSD #16243 (Juan Francisco Cantero Hurtado)
49ae66c: cmd/tailscale: clean up dns --help messages (tailscale#16306) (Simon Law) #16306
a91fcc8: ipn/ipnlocal: make pricing restriction message for Tailnet Lock clearer (Anton Tolchanov) #16311
45a4b69: cmd/tsidp: fix OIDC client persistence across restarts (Raj Singh) #16112
fcab50b: ipn/ipnlocal,wgengine{/magicsock}: replace SetNetworkMap with eventbus (tailscale#16299) (Jordan Whited) #16299
ad0dfcb: net/*: remove Windows exceptions for when Resolver.PreferGo didn't work (Brad Fitzpatrick) #16310
4979ce7: feature/tpm: implement ipn.StateStore using TPM sealing (tailscale#16030) (Andrew Lytvynov) #16030
e92eb6b: net/tlsdial: fix TLS cert validation of HTTPS proxies (Brad Fitzpatrick) #16223
583f740: Revert "types/netmap,wgengine/magicsock: propagate CapVer to magicsock.endpoint (tailscale#16244)" (tailscale#16322) (Jordan Whited) #16322
a64ca7a: tstest/tlstest: simplify, don't even bake in any keys (Brad Fitzpatrick) #16321
253d0b0: cmd/k8s-operator: remove conffile hashing mechanism (tailscale#16335) (Irbe Krumina) #16335
9af42f4: .github/workflows: shard the Windows builder (Brad Fitzpatrick) #16324
ca06d94: .github/workflows: try running Windows jobs on bigger VMs (Brad Fitzpatrick) #16333
add go toolchain wrapper for Windows #16334 (Brad Fitzpatrick)
skipping slow non-applicable tests on Windows for now #16341 (Brad Fitzpatrick)
d3bb34c: wgengine/magicsock: generate relay server set from tailnet policy (tailscale#16331) (Jordan Whited) #16331
cd9b9a8: wgengine/magicsock: fix relay endpoint allocation URL (tailscale#16344) (Jordan Whited) #16344
e935a28: wgengine/magicsock: set rxDiscoMsgCh field in relayHandshakeWork (tailscale#16349) (Jordan Whited) #16349
61958f5: wgengine/magicsock: set conn field in relayHandshakeDiscoMsgEvent (tailscale#16348) (Jordan Whited) #16348
0905936: wgengine/magicsock: set Geneve header protocol for WireGuard (tailscale#16350) (Jordan Whited) #16350
rename go.ps1 to go-win.ps1 for cmd.exe+Powershell compat #16353 (Brad Fitzpatrick)
9309760: util/prompt: make yes/no prompt reusable (Kristoffer Dalby) #16320
0198255: cmd/tailscale: warn user about nllock key removal without resigning (Kristoffer Dalby) #16320
9288efe: wgengine/magicsock: remove premature return in handshakeServerEndpoint (tailscale#16351) (Jordan Whited) #16351
a589863: feature/relayserver,net/udprelay,wgengine/magicsock: implement retry (tailscale#16347) (Jordan Whited) #16347
31eebdb: wgengine/magicsock: send CallMeMaybeVia for relay endpoints (tailscale#16360) (Jordan Whited) #16360
4a1fc37: release/dist: switch back to Ubuntu 20.04 for building QNAP packages (Percy Wegmann) #16361
9e28bfc: ipn/ipnlocal,wgengine/magicsock: wait for magicsock to process pending events on authReconfig (Nick Khyl) #16371
83cd446: release/dist/qnap: upgrade to Ubuntu 24.04 Docker image (Percy Wegmann) #16373
f2f1236: util/eventbus: add test helpers to simplify testing events (tailscale#16294) (Claus Lensbøl) #16294
b75fe9e: cmd/k8s-operator: Add NOTES.txt to Helm chart (tailscale#16364) (David Bond) #16364
35b11e7: envknob/featureknob: restore SSH and exit-node capability for Home Assistant (tailscale#16263) (Laszlo Magyar) #16263
37eca17: net/netmon: add tests for the events over the eventbus (tailscale#16382) (Claus Lensbøl) #16382
51d00e1: wgengine/magicsock: fix relayManager alloc work cleanup (tailscale#16387) (Jordan Whited) #16387
aa106c9: .github/workflows: request @tailscale/dataplane review DERP changes (tailscale#16372) (Simon Law) #16372
47dff33: tool/gocross: remove GOROOT to ensure correct toolchain use (James Tucker) #16390
99aaa6e: ipn/ipnlocal: update PeerByID to return SelfNode and rename it to NodeByID (tailscale#16096) (JerryYan) #16096
d2c1ed2: .github/workflows: replace tibdex with official GitHub Action (tailscale#16385) (Simon Law) #16385
6feb3c3: ipn/store: automatically migrate between plaintext and encrypted state (tailscale#16318) (Andrew Lytvynov) #16318
b2bf7e9: wgengine/magicsock: add envknob to toggle UDP relay feature (tailscale#16396) (Jordan Whited) #16396
b32a01b: disco,net/udprelay,wgengine/magicsock: support relay re-binding (tailscale#16388) (Jordan Whited) #16388
4a7b8af: cmd/tailscale: add tlpub: prefix to lock log output (Kristoffer Dalby) #16399
df786be: cmd/tailscale: use text format for TKA head (Kristoffer Dalby) #16399
53f67c4: util/eventbus: fix docstrings (tailscale#16401) (Claus Lensbøl) #16401
f81baa2: cmd/k8s-operator, k8s-operator: support Static Endpoints on ProxyGroups (tailscale#16115) (Tom Meadows) #16115
711698f: cmd/{containerboot,k8s-operator}: use state Secret for checking device auth (tailscale#16328) (Tom Proctor) #16328
0a64e86: wgengine/magicsock: move UDP relay path discovery to heartbeat() (tailscale#16407) (Jordan Whited) #16407
76b9afb: ipn/store: make StateStore.All optional (tailscale#16409) (Andrew Lytvynov) #16409
update README to refer to community projects (tailscale#16411) #16411 (Simon Law)
3dc694b: wgengine/magicsock: clear UDP relay bestAddr's on disco ping timeout (tailscale#16410) (Jordan Whited) #16410
format integer IDs as decimal consistently #16356 (Brad Fitzpatrick)
f85e4bc: client/systray: replace counter metric with gauge (Will Norris) #16405
2fc2475: cmd/k8s-operator: ProxyClass annotation for Services and Ingresses (tailscale#16363) (Tom Meadows) #16363
47e7756: wgengine/magicsock: avoid handshaking relay endpoints that are trusted (tailscale#16412) (Jordan Whited) #16412
6a9bf91: ipn/ipnlocal: add verbose Taildrive logging on client side (Percy Wegmann) #16425
454d856: drive,ipn/ipnlocal: calculate peer taildrive URLs on-demand (Percy Wegmann) #16431
add CapabilityOwner (tailscale#16426) #16426 (kari-ts)
d2edf71: wgengine/magicsock: remove references to rucPtr (tailscale#16441) (Jordan Whited) #16441
report StateEncrypted in Hostinfo (tailscale#16434) #16434 (Andrew Lytvynov)
f9e7131: wgengine/magicsock: make lazyEndpoint load bearing for UDP relay (tailscale#16435) (Jordan Whited) #16435
eb03d42: cmd/k8s-operator: Allow configuration of login server (tailscale#16432) (David Bond) #16432
77d1960: derp/derphttp: fix DERP TLS client server name inclusion in URL form (James Tucker) #16445
3a4b439: feature/relayserver,net/udprelay: add IPv6 support (tailscale#16442) (Jordan Whited) #16442
5dc11d5: cmd/k8s-operator: Set login server on tsrecorder nodes (tailscale#16443) (David Bond) #16443
1a2185b: ipn/ipnlocal: rename setAutoExitNodeIDLockedOnEntry to pickNewAutoExitNode; drop old function (Nick Khyl) #16457
56d772b: ipn/ipnlocal: simplify pickNewAutoExitNode (Nick Khyl) #16457
6ecc25b: ipn/ipnlocal: skip TestUpdateNetmapDeltaAutoExitNode (Nick Khyl) #16457
0098822: ipn/ipnlocal: update suggestExitNode to skip offline candidates and fix TestSetControlClientStatusAutoExitNode (Nick Khyl) #16457
a8055b5: cmd/tailscale/cli,ipn,ipn/ipnlocal: add AutoExitNode preference for automatic exit node selection (Nick Khyl) #16458
c46145b: cmd/k8s-operator: Move login server value to top-level (tailscale#16470) (David Bond) #16470
639fed6: Dockerfile,build_docker.sh: add a note on how to build local images (tailscale#16471) (Irbe Krumina) #16471
92a114c: tailcfg, feature/relayserver, wgengine/magicsock: invert UDP relay server nodeAttrs (tailscale#16444) (Dylan Bargatze) #16444
079134d: cmd/k8s-operator: always set ProxyGroup status conditions (tailscale#16429) (Tom Proctor) #16429
4f3355e: .github: Bump github/codeql-action from 3.29.0 to 3.29.1 (tailscale#16423) (dependabot[bot]) #16423
84eac7b: cmd/k8s-operator: Allow custom ingress class names (tailscale#16472) (David Bond) #16472
540eb05: wgengine/magicsock: make Conn.Send() lazyEndpoint aware (tailscale#16465) (Jordan Whited) #16465
3b32cc7: wgengine/magicsock: simplify Geneve-encapsulated disco.Ping handling (tailscale#16448) (Jordan Whited) #16448
a84d580: wgengine/magicsock: fix lazyEndpoint DstIP() vs SrcIP() (tailscale#16453) (Jordan Whited) #16453
04d24cd: wgengine/netstack: correctly proxy half-closed TCP connections (Naman Sood) #16462
3e01652: ipn/ipnlocal: add (*LocalBackend).RefreshExitNode (Nick Khyl) #16460
4c1c0ba: ipn/ipnlocal: plumb nodeBackend into suggestExitNode to support delta updates, such as online status changes (Nick Khyl) #16461
381fdcc: ipn/ipnlocal,util/syspolicy/source: retain existing exit node when using auto exit node, if it's allowed by policy (Nick Khyl) #16464
cb7b499: ipn/ipnlocal: add (*LocalBackend).reconcilePrefsLocked (Nick Khyl) #16463
a6f6478: util/syspolicy: add HasAnyOf to check if any specified policy settings are configured (Nick Khyl) #16481
f1c7b46: ipn/{ipnauth,ipnlocal,localapi}: make EditPrefs return an error if changing exit node is restricted by policy (Nick Khyl) #16481
ea4018b: ipn/ipnlocal: fix missing defer in testExtension.Shutdown (Nick Khyl) #16482
47f431b: net/udprelay: fix relaying between mixed address family sockets (tailscale#16485) (Jordan Whited) #16485
5b00747: go.mod,wgengine/magicsock: implement conn.InitiationAwareEndpoint (tailscale#16486) (Jordan Whited) #16486
1fe82d6: cmd/tailscale/cli,ipn/ipnlocal: restrict logout when AlwaysOn mode is enabled (Nick Khyl) #16493
9bf9974: ipn/ipnlocal: refactor resolveExitNodeInPrefsLocked, setExitNodeID and resolveExitNodeIP (Nick Khyl) #16483
2c630e1: ipn/ipnlocal: make applySysPolicy a method on LocalBackend (Nick Khyl) #16484
740b77d: ipn/ipnlocal,util/syspolicy: add support for ExitNode.AllowOverride policy setting (Nick Khyl) #16494
a60e0ca: wgengine/magicsock: remove conn.InitiationAwareEndpoint TODO (tailscale#16498) (Jordan Whited) #16498
bad17a1: cmd/tailscale: format empty cities and countries as hyphens (tailscale#16495) (Simon Law) #16495
90bf0a9: cmd/k8s-operator/deploy: clarify helm install notes (tailscale#16449) (Tom Proctor) #16449
4dfed6b: cmd/{k8s-operator,k8s-proxy}: add kube-apiserver ProxyGroup type (tailscale#16266) (Tom Proctor) #16266
27fa2ad: cmd/k8s-operator: don't require generation for Available condition (tailscale#16497) (Tom Proctor) #16497
008a238: wgengine/magicsock: support self as candidate peer relay (tailscale#16499) (Jordan Whited) #16499
move ParseAutoExitNodeID from ipn/ipnlocal to ipn #16496 (Nick Khyl)
c5fdf9e: cmd/tailscale/cli: add support for tailscale {up,set} --exit-node=auto:any (Nick Khyl) #16496
21a4058: ipn/ipnlocal: add test to verify handling of unknown auto exit node expressions (Nick Khyl) #16496
ff18031: ipn/ipnlocal: change order of exit node refresh and netmap update so that clients receive the new netmap first (Nick Khyl) #16507
d40b253: tailcfg, wgengine/magicsock: disable all UDP relay usage if disable-relay-client is set (tailscale#16492) (Dylan Bargatze) #16492
ae86417: cmd/tailscale/cli,ipn/ipnstate,wgengine/magicsock: label peer-relay (tailscale#16510) (Jordan Whited) #16510
6a0fad1: wgengine/magicsock: don't peer relay if NodeAttrOnlyTCP443 is set (tailscale#16517) (Jordan Whited) #16517
fbc4c34: ipn/localapi: do not break client on event marshalling errors (tailscale#16503) (Claus Lensbøl) #16503
cf0460b: cmd/k8s-operator: allow letsencrypt staging on k8s proxies (tailscale#16521) (David Bond) #16521
2b665c3: cmd/{k8s-operator,k8s-proxy}: allow setting login server url (tailscale#16504) (David Bond) #16504
d0cafc0: cmd/{k8s-operator,k8s-proxy}: apply accept-routes configuration to k8s-proxy (tailscale#16522) (David Bond) #16522
f9bfd81: wgengine/magicsock: resolve epAddr collisions across peer relay conns (tailscale#16526) (Jordan Whited) #16526
bebc796: ipn/ipnlocal: add traffic-steering nodecap (tailscale#16529) (Simon Law) #16529
detect JetKVM and specialize a handful of things for it #16525 (Brad Fitzpatrick)
fed72e2: cmd/tailscale, ipn/ipnstate, wgengine/magicsock: update ping output for peer relay (tailscale#16515) (Dylan Bargatze) #16515
5f678b9: docs/windows/policy: add ExitNode.AllowOverride as an option to ExitNodeID policy (Nick Khyl) #16514
bd29a1c: feature/relayserver,wgengine/magicsock: remove WIP gating of peer relay (tailscale#16533) (Jordan Whited) #16533
c18ba44: ipn/ipnlocal: add traffic steering support to exit-node suggestions (tailscale#16527) (Simon Law) #16527
04e8d21: go.mod: bump wg-go to fix keepalive detection (tailscale#16535) (Jordan Whited) #16535
30da2e1: cmd/tailscale/cli: add "configure jetkvm" subcommand (Brad Fitzpatrick) #16539
39bf84d: cmd/tsidp: set hostinfo.App in tsnet mode (tailscale#16544) (Andrew Lytvynov) #16544
24062e3: net/udprelay: fix peer relay server deadlock (tailscale#16542) (Jordan Whited) #16542
f23e427: types/lazy: add lazy.GMap: a map of lazily computed GValues (tailscale#16532) (Simon Law) #16532
bcaea4f: k8s-operator,sessionrecording: fixing race condition between resize (tailscale#16454) (Tom Meadows) #16454
fe46f33: cmd/{k8s-operator,k8s-proxy},kube/k8s-proxy: add static endpoints for kube-apiserver type ProxyGroups (tailscale#16523) (Tom Meadows) #16523
fc50500: wgengine/magicsock: don't acquire Conn.mu in udpRelayEndpointReady (tailscale#16557) (Jordan Whited) #16557
f338c40: util/jsonutil: remove unused package (tailscale#16563) (Joe Tsai) #16563
b63f8a4: wgengine/magicsock: prioritize trusted peer relay paths over untrusted (tailscale#16559) (Jordan Whited) #16559
bfb3449: ipn/ipnlocal: modernize nm.Peers with AppendMatchingPeers (Simon Law) #16565
205f822: ipn/ipnlocal: check if suggested exit node is online (Simon Law) #16565
7a32211: .github: Bump slackapi/slack-github-action from 2.1.0 to 2.1.1 (tailscale#16553) (dependabot[bot]) #16553
send health update if DisplayMessage URL changes #16555 (James Sanderson)
ffe8cc9: .github: Bump github/codeql-action from 3.29.1 to 3.29.2 (tailscale#16480) (dependabot[bot]) #16480
d65c0fd: tailcfg,wgengine/magicsock: set peer relay CapVer (tailscale#16531) (Jordan Whited) #16531
cb7a0b1: net/udprelay: log socket read errors (tailscale#16573) (Jordan Whited) #16573
67514f5: ssh/tailssh: fix path of "true" on Darwin (tailscale#16569) (M. J. Fromberger) #16569
3c6d17e: cmd/tailscale/cli,ipn/ipnlocal,wgengine/magicsock: implement tailscale debug peer-relay-servers (tailscale#16577) (Jordan Whited) #16577
097c2bc: go.mod: bump wireguard-go (tailscale#16578) (Jordan Whited) #16578
17c5116: ipn/ipnlocal: sort tailscale debug peer-relay-servers slice (tailscale#16579) (Jordan Whited) #16579
e84e58c: ipn/ipnlocal: use rendezvous hashing to traffic-steer exit nodes (Simon Law) #16580
36aeacb: wgengine/magicsock: add peer relay metrics (tailscale#16582) (Jordan Whited) #16582
e7238ef: cmd/tailscale/cli: Add service flag to serve command (tailscale#16191) (KevinLiang10) #16191
93511be: types/geo: add geo.Point and its associated units (tailscale#16583) (Simon Law) #16583
d334d9b: client/local,cmd/tailscale/cli,ipn/localapi: expose eventbus graph (tailscale#16597) (Claus Lensbøl) #16597
871f73d: Kevin/add drain sub command for serve services (tailscale#16502) (KevinLiang10) #16502
d1ceb62: client/systray: look for ubuntu gnome (Claus Lensbøl) #16590
6c206fa: feature/tpm: try opening /dev/tpmrm0 before /tmp/tpm0 on Linux (tailscale#16600) (Andrew Lytvynov) #16600
e01618a: cmd/tailscale/cli: Add clear subcommand for serve services (tailscale#16509) (KevinLiang10) #16509
5adde9e: cmd/tailscale/cli: remove advertise command (tailscale#16592) (KevinLiang10) #16592
f421907: all-kube: create Tailscale Service for HA kube-apiserver ProxyGroup (tailscale#16572) (Tom Proctor) #16572
d6d29ab: tstest/integration/testcontrol: include peer CapMaps in MapResponses (Raj Singh) #16561
5d4e67f: net/dns/recursive: set EDNS on queries (Brad Fitzpatrick) #16616
1677fb1: wgengine/magicsock,all: allocate peer relay over disco instead of PeerAPI (tailscale#16603) (Jordan Whited) #16603
0d03a37: feature/tpm: log errors on the initial info fetch (tailscale#16574) (Andrew Lytvynov) #16574
c989824: cmd/k8s-operator: Allow specifying cluster ips for nameservers (tailscale#16477) (David Bond) #16477
8453170: feature/relayserver: fix consumeEventbusTopics deadlock (tailscale#16618) (Jordan Whited) #16618
6f7e78b: cmd/tailscale/cli: make configure kubeconfig accept Tailscale Services (tailscale#16601) (Tom Proctor) #16601
22a8e0a: cmd/{k8s-operator,k8s-proxy},kube: use consistent type for auth mode config (tailscale#16626) (Tom Proctor) #16626
4494705: cmd/{k8s-proxy,containerboot,k8s-operator},kube: add health check and metrics endpoints for k8s-proxy (tailscale#16540) (David Bond) #16540
0de5e7b: util/set: add IntSet (tailscale#16602) (Joe Tsai) #16602
19faaff: cmd/tailscale/cli: revert key for web config for services to FQDN (tailscale#16627) (KevinLiang10) #16627
add Hostinfo.ExitNodeID to report the selected exit node (tailscale#16625) #16625 (Simon Law)
1ae6a97: cmd/tailscale/cli: add advertise command to advertise a node as service proxy to tailnet (tailscale#16620) (KevinLiang10) #16620
f1f334b: flake.lock/go.mod.sri: update flake version info (tailscale#16631) (Mike O'Driscoll) #16631
1ef8fbf: ipn/ipnlocal: send Hostinfo after resolveExitNode for "auto:any" (tailscale#16632) (Simon Law) #16632
179745b: wgengine/magicsock: update discoInfo docs (tailscale#16638) (Jordan Whited) #16638
c87f44b: cmd/tailscale/cli: use DNS name instead of Location to hide Mullvad exit nodes from status output (Nick Khyl) #16629
758dfe7: VERSION.txt: this is v1.86.0 (Aaron Klotz) #16647
fdcff40: VERSION.txt: this is v1.86.1 (Aaron Klotz)
91d65e0: k8s-operator: handle multiple WebSocket frames per read (tailscale#16678) (tailscale#16679) (Tom Proctor) #16679
4123469: util/syspolicy/setting: use a custom marshaler for time.Duration (Nick Khyl) #16692
9c73050: net/portmapper: avert a panic when a mapping is not available (tailscale#16686) (M. J. Fromberger) #16695
50a476f: wgengine/magicsock: fix magicsock deadlock around Conn.NoteRecvActivity (tailscale#16687) (tailscale#16696) (Jordan Whited) #16696
a277abc: k8s-operator: adding session type to cast header (tailscale#16660) (tailscale#16689) (Tom Meadows) #16689
d72494b: VERSION.txt: this is v1.86.2 (Aaron Klotz)
b156250: illumos/solaris support rebased onto v1.86.2 (Nahum Shalman)
1229f6e: Build tailscale client (Kevin Meziere)

Assets 10