Tailscale Changelog

Tailscale — Security, Developer Tools product updates and releases, tracked on megachangelog.

Developer Tools Security Official changelog ↗RSS

FeatureJun 10, 2026

Group visibility on Tailscale clients

Devices on your tailnet can now receive group membership information from the Tailscale control plane, enabling better access control and visibility across your network.

groupsaccess-controlclientsalpha

Improvement1.98.5Jun 1, 2026

Apple platforms now built with Xcode 26.5

macOS and iOS clients are now built using the Xcode 26.5 toolchain, ensuring compatibility with the latest Apple development tools.

applexcodemacosiosbuild

Fix1.98.4May 29, 2026

Tailscale Kubernetes Operator v1.98.4

This release fixes token exchange failures when using workload identity and corrects MTU value clamping in Ingress and Egress ProxyGroup pods.

kubernetesoperatorworkload-identitynetworking

FeatureMay 29, 2026

Preset app support for Oracle Cloud Infrastructure

Preset apps are now available for Oracle Cloud Infrastructure, providing pre-configured integrations for compute, networking, Object Storage, and Oracle Services Network across regions.

ocicloudpreset-appsinfrastructure

Fix1.98.4May 28, 2026

Fixed deadlock when processing peer changes

Resolved a deadlock that occurred when processing peer changes while disconnecting from the Tailscale control server.

stabilitynetworkingbugfix

Fix0.29.2May 26, 2026

Tailscale Terraform Provider v0.29.2

Fixed a regression in tailscale_tailnet_key resource where the recreate_if_invalid parameter was not being checked before recreating the resource when a key is not found.

terraformproviderregressiontailnet-key

Improvement1.98.3May 22, 2026

Tailscale Kubernetes Operator v1.98.3

The Tailscale Kubernetes Operator v1.98.3 adds support for node affinity rules in DNSConfig, priority class names in the Helm chart, and fixes issues with long resource names, dual-stack IPv4/IPv6 addressing, and API server proxy auth key renewal.

kubernetesoperatordnsnetworkinghelm

Fix1.98.3May 22, 2026

Tailscale tsrecorder v1.98.3

Fixed an issue where recorder pods can now request a new auth key when required, improving reliability of the tsrecorder service.

tsrecorderdockerauthfix

Fix1.98.3May 21, 2026

Fixed netfilter rules inconsistency on Linux

Resolved an issue where netfilter rules could be applied inconsistently after a netfilter mode change failed. Connmark and CGNAT rules are now applied only after the active netfilter mode is successfully updated, matching the behavior of other netfilter paths.

linuxnetfilterbugstability

Improvement1.98.3May 21, 2026

Tailscale container image v1.98.3

A new release of the Tailscale container image is available with library updates only.

containerdockerreleasedependencies

FeatureMay 20, 2026

Aperture CLI for managing coding agents

Aperture CLI (alpha) lets you launch and manage coding agents with built-in guardrails, policy enforcement, and observability. It supports Claude Code, Gemini CLI, OpenCode, OpenAI Codex, Copilot CLI, and Claude Cowork on devices inside and outside your tailnet.

aperturecliagentsaisecurity

FeatureMay 19, 2026

Manage domain names in admin console

Added new Domains page in the admin console to manage domain verification and domain aliases for your tailnet in one place.

domainsadminconsoledns

Fix0.29.1May 19, 2026

Tailscale Terraform Provider v0.29.1

Fixed an issue where the tailscale_tailnet_key resource was incorrectly clearing the key attribute during state refresh, and fixed a panic that occurred when keys were removed outside of Terraform.

terraformprovidertailnet-keystability

Fix1.98.2May 15, 2026

Tailscale v1.98.2

This release updates Go to 1.26.3 and fixes a regression from v1.98.0 where MagicDNS failed to resolve tailnet hostnames after network changes on non-Windows platforms.

dnsmagicdnsnetworkingbugfixstability

Feature0.29.0May 15, 2026

Tailscale Terraform Provider v0.29.0

This release adds support for managing Tailscale Services via the tailscale_service resource and data source. It introduces new authentication features including OIDC identity token support from runtime environments and the ability to read credentials from disk. The provider has migrated to the Terraform plugin framework and tightened validation for the audience argument in federated identity configuration.

terraformprovideroidcauthenticationinfrastructure

FeatureMay 14, 2026

Purchase additional tagged resources

All plans can now purchase additional tagged resources beyond the included 50-device limit and view their current tagged resource usage against the limit.

billingresourcesdevicespricing

Improvement1.98.1May 13, 2026

Tailscale v1.98.1

This release fixes expired preferred peer address clearing to speed up alternative peer election, improves health checks for IP forwarding on Linux, adds device/exit node search on macOS, enables iOS devices as exit nodes, and resolves device list responsiveness issues across platforms.

stabilityperformancenetworkingexit-nodesmacos

FeatureApr 29, 2026

View device posture status

Users can now view the device posture status of machines in their tailnet directly from the Machines page in the admin console, providing better visibility into device security and compliance.

admin-consoledevice-posturesecuritytailnetvisibility

Fix1.5.2Apr 27, 2026

GitOps for Tailscale with GitHub Actions

Updated dependencies to remove Node 20 deprecation warning and ensure compatibility with current tooling.

github-actionsdependenciestoolinggitops

FeatureApr 23, 2026

Aperture: LLM Agent Security and Management Control Plane

Aperture (beta) is a new control plane for securing and managing LLM agents across providers and models. It enables custom guardrails with pre-call hooks to strip PII and restrict agent tools, configurable log retention with S3 export, audit logging for configuration changes, and customizable quotas across providers, models, users, and agents.

llmsecurityagentsmanagementaudit

FeatureApr 23, 2026

API-only tailnets accessible via OAuth clients

API-only tailnets can now be accessed by any OAuth client with the all scope in the creating tailnet, expanding programmatic access capabilities.

apioauthtailnetsaccess

FeatureApr 22, 2026

Seat calculator

A new seat calculator tool is available to help users understand how many seats their account consumes before upgrading to a new plan.

billingseatsplanningaccount

AnnouncementApr 8, 2026

New pricing and packaging

Tailscale introduced new pricing that bills based on occupied user seats instead of monthly active users for new tailnets, increased free users on the Personal plan from three to six, made ephemeral node usage free within plan limits, and replaced the Starter plan with a new Standard plan. Existing legacy plans retain their previous billing model.

pricingbillingplanspolicy

Improvement1.96.5Apr 7, 2026

Tailscale container image v1.96.5

Services are now automatically advertised on startup with a new TS_EXPERIMENTAL_SERVICE_AUTO_ADVERTISEMENT environment variable to control this behavior. Fixed an issue where the container would attempt to create a secret even when TS_KUBE_SECRET was empty.

containerdockerkubernetesservices

Improvement1.96.5Apr 7, 2026

Tailscale Kubernetes Operator v1.96.5

New features include authkey refresh for Ingress/Egress ProxyGroup pods, multiple tailnet access via new Tailnet custom resource, and namespace-level ProxyGroup creation controls via ProxyGroupPolicy. Removed TS_EXPERIMENTAL_KUBE_API_EVENTS variable and fixed TS_LOCAL_ADDR_PORT handling for IPv6 addresses.

kubernetesoperatornetworkingproxy