jaskaran/homelab
1
0
Fork 0
Code Issues 1 Pull requests 12 Projects Releases Packages Wiki Activity Actions

chore(deps): update dependency siderolabs/talos to v1.13.2 #24

Open
jaskaran wants to merge 1 commit from renovate/siderolabs-talos-1.x into main
pull from: renovate/siderolabs-talos-1.x
merge into: jaskaran:main
Conversation 0 Commits 1 Files changed 1 +1 -1
jaskaran commented 2026-03-09 21:57:07 +00:00
Owner
Copy link

This PR contains the following updates:

Package Update Change
siderolabs/talos minor v1.12.4v1.13.2

Release Notes

siderolabs/talos (siderolabs/talos)

v1.13.2

Compare Source

Talos 1.13.2 (2026-05-12)

Welcome to the v1.13.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Etcd: 3.6.11
Linux: 6.18.29

Talos is built with Go 1.26.3.

Contributors
  • Noel Georgi
Changes
1 commit

Dependency Changes
  • github.com/siderolabs/talos/pkg/machinery v1.13.1 -> v1.13.2

Previous release can be found at v1.13.1

Images

ghcr.io/siderolabs/flannel:v0.28.4
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.11
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.0
registry.k8s.io/kube-controller-manager:v1.36.0
registry.k8s.io/kube-scheduler:v1.36.0
registry.k8s.io/kube-proxy:v1.36.0
ghcr.io/siderolabs/kubelet:v1.36.0
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.2
ghcr.io/siderolabs/installer-base:v1.13.2
ghcr.io/siderolabs/imager:v1.13.2
ghcr.io/siderolabs/talos:v1.13.2
ghcr.io/siderolabs/talosctl-all:v1.13.2
ghcr.io/siderolabs/overlays:v1.13.2
ghcr.io/siderolabs/extensions:v1.13.2

v1.13.0

Compare Source

Welcome to the v1.14.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Default Installer Image

The default installer image has been updated to use the Image Factory.

Host DNS Configuration

HostDNS configuration was moved from the v1alpha1 config .machine.features.hostDNS field to the new hostDNS in the ResolverConfig document.

NTS for Time Synchronization

Talos now supports Network Time Security (NTS) for secure time synchronization.
This feature enhances the security of NTP by providing cryptographic authentication of time sources.

NTS is enabled by default (without any configuration sources) for the default time.cloudflare.com time server
NTS can be enabled for custom time servers via the new useNTS field in the TimeServerConfig document.

TLS 1.3 Minimum Version

Talos now runs etcd and kube-apiserver with a minimum TLS version of 1.3, improving security by leveraging the latest TLS features and cipher suites.
Custom settings for cipher suites have been removed, as they are ignored when TLS 1.3 is used, which simplifies configuration and ensures the use of modern, secure defaults.

Component Updates

Linux: 6.18.25
Kubernetes: 1.36.0

Talos is built with Go 1.26.2.

Contributors
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Utku Ozdemir
  • Orzelius
  • Oguz Kilcan
  • buckaroo
  • Ansgar Dahlen
  • Benoît Knecht
  • David Orman
  • Dharsan Baskar
  • Dmitrii Sharshakov
  • Dmitriy Matrenichev
  • Edward Sammut Alessi
  • Erwan Leboucher
  • Kevin Tijssen
  • Nico Berlee
  • Zadkiel AHARONIAN
Changes
103 commits

  • 8a037a56e test: fix flaky tests
  • 08c81d838 feat: bump kernel to 6.18.25
  • fe40b6e58 fix(ci): fetch empty pr labels
  • 837a9ed07 feat: move host DNS config into ResolverConfig
  • 96a8ecd1e feat: default to factory installer image
  • f19eef78b fix: revert add extraArgs from service-account-issuer
  • 6821225b6 fix: revert use append instead of prepend in service-account-issuer
  • b43c3a124 feat: add quirk for talosctl factory downloads
  • df0b9a8da refactor: make all controller unit-test follow modern patterns
  • c2948cef2 feat: support auth for Image Factory in cluster create
  • 560bcf0ca feat: enforce TLS 1.3 minmum version for Kubernetes components
  • 3db14309e fix(talosctl): ensure uncordon runs after reboot/upgrade errors
  • ecf2fa855 feat: update Kubernetes to v1.36.0
  • 71557eadd fix(ci): skip misc jobs not on pull request
  • 026313b7c docs: rename security-insights.yml to lowercase for LFX detection
  • dc4ffd490 fix(ci): fix jobs not interpolating matrix due to condition
  • 25e2f37e2 chore: generate comments for fields in resource proto
  • 149592fa5 fix: watch kubelet's kubeconfig and time out for cache sync
  • 1f315e6e9 feat: update Linux to 6.18.23
  • 0198eedc2 feat: add NTS (Network Time Security) support for NTP time sync
  • 6830a8b97 fix(ci): matrix jobs cleanups
  • 71aeb347f test: fix OOM test flake
  • 9b9542cc5 test: fix a flake in the manifest sync test
  • 863d882b6 test: add image verification for factory.talos.dev
  • bba0b4aee chore(ci): nvidia update helm values
  • 3399ff4de fix: propagate route table down to the resource
  • c684ec60e chore: prepare for Talos 1.14 release
  • ed9545d0d chore(ci): bump gpu operator version
  • 4de3e4393 fix(ci): cron triggered workflows
  • 212182e6f chore: bump container registry library
  • c028db0b8 fix: do not flip machine stage to rebooting during shutdown
  • 6ce62d9e8 fix(ci): workflow runs with workflow_run
  • 509cd9733 fix: boot entry detection
  • 5e3f30188 feat(ci): rework to schedule daily runs after a cron
  • 7fa4d3919 fix: zfs extensions test
  • 1ef8e630a test: allow more tests to run in FIPS strict mode
  • bdcc9321b fix: reduce memory dashboard usage
  • 2d177af82 chore: update Syft to v1.42.4+patches
  • 0d8362119 fix: return failed precondition on upgrade when not installed
  • be58eafab fix: wrong slot of encryption key was logged
  • 015081c76 feat: update dependencies
  • 9fbb7c95d fix: audit trustd code for security
  • 986e97fc7 feat: update Flannel to 0.28.4
  • f3817d1d1 chore: update sign images to support image name suffix
  • e776721f3 feat: update Kubernetes 1.36.0-rc.1
  • f6e7346fa fix: encode extra args fields in resources with new id
  • 3c7bb80ba chore: bump tools
  • 3ba35c9b9 chore(ci): nvidia try UKI boot
  • e3e8f01ca chore: bump tools
  • 181584a5f fix: handle boot failure
  • c464c7e88 fix: upgrade API in maintenance mode (legacy)
  • b7512d912 feat: update Kubernetes to 1.36.0-rc.0
  • 4ba11156f refactor: allow overriding out image name suffix
  • c81aa125c fix: panic in reading PCR values
  • 6a3ab87c5 feat(ci): add nvidia arm64 matrix
  • 21f459aab fix(talosctl): always use default GRPC dial options
  • ca208e514 fix: validate hostDNS forwarding requires hostDNS to be enabled
  • 9fcb9e05b feat: bump go to 1.26.2
  • 0bfdf7f70 fix: create correct blackhole routes for IPv4
  • 52b920032 feat: add client-side Kubernetes node drain to reboot and upgrade commands
  • 968ec1e0c refactor: propagate NAME properly, allow to set on build
  • acc69c346 fix: set the minimum TLS version to 1.3
  • 0cfa6e302 chore: bump some tool dependencies
  • 4229bb9d2 feat: add dis-vulncheck tool
  • d697f5538 fix: don't set xattrs while decompressing extensions
  • 34fb2cbe5 refactor: remove manual shell completion and replace with cobra completion
  • 79fa2e300 feat: allow more nvidia and nvme files from extensions
  • 414f78a29 feat: allow glibc ld files in etc
  • 1bbba4301 feat: update Flannel to v0.28.2
  • 55815e0fa fix: handle ISOs with zeroes in volume labels
  • 7b6ab0c1c feat: add flag to force fallback to legacy upgrade
  • 5e24d5265 feat: add resource view to talosctl dashboard
  • 649ab7fe4 fix: add os:meta:writer role to the dashboard
  • 10cdfa909 fix: drop talosctl install
  • 087ced85f fix: unseal with "slow" TPM
  • 11ab0a8c5 fix: drop unused type from ExternalVolume schema
  • e2df0f6ce fix: always grow disks
  • 919d8c365 chore: drop debug shell
  • 783a35851 fix: add metal-agent mode to runtime capabilities
  • 37b2221cc docs: add SECURITY-INSIGHTS.yml for OSPS Baseline QA-04.01
  • bed2bd414 feat: add graceful power off support to QEMU VM launcher
  • 3400059cc fix: incorrect route source for on-link routes
  • b3dfbf743 feat: bump musl to 1.2.6
  • 4227921b3 test: fix the PKI mismatch test flake
  • f2bc2dcc6 feat: update NVIDIA production drivers to 595.58.03
  • aa5946dd3 test: fix cron failures for provision-1 & provision-2
  • 1dd701efa fix: allow blockdevice wipe in maintenance mode
  • 786bf00ab feat: add --platform=all support to image cache-create
  • e1f645e3c feat: validate luks headers for tampering
  • ad72c7300 test: improve maintenance API provision tests
  • 70cefab6a test: fix the flakes in tests with trusted roots
  • aacff17f4 test: bump memory for Flannel netpolicy tests
  • 9c3459114 feat: update Linux to 6.18.19, CNI to 1.9.1
  • 038cb8735 feat: enforce PID check on connections to services over file sockets
  • e2b2dd3ea chore: update go-kubernetes library
  • 9597714f6 fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin
  • 8ac47d677 fix: unset rlimits for extension services
  • b1a02f368 feat: update Kubernetes to 1.36.0-beta.0
  • 362fdc9ec feat: update etcd to 3.6.9
  • 0a47f40b3 fix(machined): clear stale bond ARP/NS targets on decode
  • 86344639f fix: update diff library to v1.0.1
  • eff89d1ed fix: panics in diff algorithms
  • 8e1c8a7a9 test: fix the apid test against AWS/GCP

Changes from siderolabs/go-kubeconfig
2 commits

  • d0b8f82 chore: rekres and bump deps
  • c356eeb fix: fix context conflict detection add New() constructor

Changes from siderolabs/grpc-proxy
3 commits

  • d670c42 chore: bump dependencies
  • 8614c71 chore: bump deps
  • 80677e0 fix: propagate the headers before the message

Changes from siderolabs/pkgs
22 commits

  • 6a53a93 feat: bump kernel to 6.18.25
  • f567bce feat: disable more stuff in Kconfig
  • ffd9790 feat: bump kernel to 6.18.24
  • b7c709a feat: bump deps
  • e5e5b3c feat: update Linux to 6.18.23
  • 1a4cd20 fix: renovate config
  • d0ed6ed feat: update dependencies
  • 6ea49c7 fix: support disabling module signature verification
  • 6520ec4 feat: update containerd to 2.2.3
  • 37ce992 feat: enable CONFIG_UHID and CONFIG_INPUT_JOYDEV as modules
  • cddd934 feat: update backportable dependencies
  • 32e4077 feat: update OpenSSL
  • 2d241e7 feat: update Go to 1.26.2 and small deps updates
  • 7f540ce feat: disable dynamic SCS
  • 3bef043 feat: update runc to 1.4.2
  • c6e6f10 feat: update Linux to 6.18.21
  • a9e8afa fix: libarchive install prefix
  • e4d0113 feat: update for musl 1.2.6
  • 9142603 feat: update NVIDIA production to 595.58.03
  • 22fa669 feat: update Linux to 6.18.19
  • 03680ae feat: update containerd patch verifier role
  • bdc239e feat: enable CHECKPOINT_RESTORE option

Changes from siderolabs/proto-codec
1 commit

Changes from siderolabs/siderolink
1 commit

Changes from siderolabs/tools
7 commits

Dependency Changes
  • github.com/aws/aws-sdk-go-v2/config v1.32.12 -> v1.32.14
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 -> v1.18.21
  • github.com/aws/aws-sdk-go-v2/service/acm v1.37.22 -> v1.38.1
  • github.com/aws/aws-sdk-go-v2/service/kms v1.50.3 -> v1.50.4
  • github.com/aws/smithy-go v1.24.2 -> v1.25.0
  • github.com/beevik/nts v0.3.0 new
  • github.com/containerd/containerd/v2 v2.2.2 -> v2.2.3
  • github.com/fatih/color v1.18.0 -> v1.19.0
  • github.com/florianl/go-tc v0.4.7 -> v0.4.8
  • github.com/hetznercloud/hcloud-go/v2 v2.36.0 -> v2.37.0
  • github.com/insomniacslk/dhcp 5adc3eb -> 11b94ed
  • github.com/mdlayher/genetlink v1.3.2 -> v1.4.0
  • github.com/mdlayher/netlink v1.9.0 -> v1.11.0
  • github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.0
  • github.com/siderolabs/go-kubeconfig v0.1.1 -> v0.1.2
  • github.com/siderolabs/grpc-proxy v0.5.1 -> v0.5.2
  • github.com/siderolabs/pkgs v1.13.0 -> v1.14.0-alpha.0-20-g6a53a93
  • github.com/siderolabs/proto-codec v0.1.3 -> v0.1.4
  • github.com/siderolabs/siderolink v0.3.15 -> v0.3.16
  • github.com/siderolabs/talos/pkg/machinery v1.13.0 -> v1.13.0-beta.0
  • github.com/siderolabs/tools v1.13.0 -> v1.14.0-alpha.0-6-g44ad18c
  • github.com/sigstore/cosign/v3 v3.0.5 -> v3.0.6
  • go.etcd.io/etcd/api/v3 v3.6.9 -> v3.6.10
  • go.etcd.io/etcd/client/pkg/v3 v3.6.9 -> v3.6.10
  • go.etcd.io/etcd/client/v3 v3.6.9 -> v3.6.10
  • go.etcd.io/etcd/etcdutl/v3 v3.6.9 -> v3.6.10
  • google.golang.org/grpc v1.79.3 -> v1.80.0
  • k8s.io/api v0.35.3 -> v0.35.4
  • k8s.io/apiextensions-apiserver v0.35.3 -> v0.35.4
  • k8s.io/apimachinery v0.35.3 -> v0.35.4
  • k8s.io/apiserver v0.35.3 -> v0.35.4
  • k8s.io/client-go v0.35.3 -> v0.35.4
  • k8s.io/component-base v0.35.3 -> v0.35.4
  • k8s.io/cri-api v0.35.3 -> v0.35.4
  • k8s.io/kube-scheduler v0.35.3 -> v0.35.4
  • k8s.io/kubectl v0.35.3 -> v0.35.4
  • k8s.io/kubelet v0.35.3 -> v0.35.4
  • k8s.io/pod-security-admission v0.35.3 -> v0.35.4
  • kernel.org/pub/linux/libs/security/libcap/cap v1.2.77 -> v1.2.78

Previous release can be found at v1.13.0

v1.12.7

Compare Source

Talos 1.12.7 (2026-04-24)

Welcome to the v1.12.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.24
containerd: 2.1.7
etcd: 3.6.9
Kubernetes: v1.35.4

Talos is built with Go 1.25.9.

Contributors
  • Noel Georgi
  • Andrey Smirnov
  • Mateusz Urbanek
  • Orzelius
  • Utku Ozdemir
Changes
19 commits

Changes from siderolabs/pkgs
8 commits

Changes from siderolabs/tools
3 commits

Dependency Changes
  • github.com/siderolabs/go-blockdevice/v2 v2.0.26 -> v2.0.28
  • github.com/siderolabs/pkgs v1.12.0-50-ga92bed5 -> v1.12.0-58-g86d6af1
  • github.com/siderolabs/talos/pkg/machinery v1.12.6 -> v1.12.7
  • github.com/siderolabs/tools v1.12.0-7-g57916cb -> v1.12.0-10-gbbd753d
  • go.etcd.io/etcd/api/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/client/pkg/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/client/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/etcdutl/v3 v3.6.6 -> v3.6.9
  • k8s.io/api v0.35.2 -> v0.35.4
  • k8s.io/apiextensions-apiserver v0.35.2 -> v0.35.4
  • k8s.io/apimachinery v0.35.2 -> v0.35.4
  • k8s.io/apiserver v0.35.2 -> v0.35.4
  • k8s.io/client-go v0.35.2 -> v0.35.4
  • k8s.io/component-base v0.35.2 -> v0.35.4
  • k8s.io/cri-api v0.35.2 -> v0.35.4
  • k8s.io/kube-scheduler v0.35.2 -> v0.35.4
  • k8s.io/kubectl v0.35.2 -> v0.35.4
  • k8s.io/kubelet v0.35.2 -> v0.35.4
  • k8s.io/pod-security-admission v0.35.2 -> v0.35.4

Previous release can be found at v1.12.6

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.9
registry.k8s.io/kube-apiserver:v1.35.4
registry.k8s.io/kube-controller-manager:v1.35.4
registry.k8s.io/kube-scheduler:v1.35.4
registry.k8s.io/kube-proxy:v1.35.4
ghcr.io/siderolabs/kubelet:v1.35.4
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.7
ghcr.io/siderolabs/installer-base:v1.12.7
ghcr.io/siderolabs/imager:v1.12.7
ghcr.io/siderolabs/talos:v1.12.7
ghcr.io/siderolabs/talosctl-all:v1.12.7
ghcr.io/siderolabs/overlays:v1.12.7
ghcr.io/siderolabs/extensions:v1.12.7

v1.12.6

Compare Source

Talos 1.12.6 (2026-03-19)

Welcome to the v1.12.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.18
runc: 1.3.5

Talos is built with Go 1.25.8.

Contributors
  • Mickaël Canévet
  • Andrey Smirnov
  • Dominik Pitz
  • Kai Zhang
  • Noel Georgi
  • Stanley Chan
  • Zadkiel AHARONIAN
Changes
21 commits

  • @​a1b8bd6 release(v1.12.6): prepare release
  • @​72bd570 feat: update Linux to 6.18.18
  • @​9d5638f fix: accept image cache volume encryption config
  • @​0f018bf fix: panic in hardware.SystemInfoController
  • @​c46b898 fix: validate missing apiVersion in config document decoder
  • @​c47cad9 fix: pull in a fix for dmesg timestamps
  • @​190336a fix: prevent stale discovered volumes reads
  • @​217e9bb fix: bring in new version of go-cmd and go-blockdevice
  • @​d7779a5 fix: stop pulling wrong platform for images
  • @​eb6eb66 fix(machined): support USERDATA legacy fallback in OpenNebula driver
  • @​ba20c7c feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula
  • @​739f664 feat(machined): inherit IP6_METHOD from METHOD in OpenNebula driver
  • @​93878c0 fix(machined): align OpenNebula hostname precedence with reference
  • @​9718d73 feat(machined): add IPv6 alias address support for OpenNebula (ETH_ALIAS_IP6)
  • @​b649fb4 feat(machined): support ETH*_IP6_METHOD (static/dhcp/auto/disable) for OpenNebula
  • @​c81df6f refactor(machined): extract per-interface IPv4 helper in OpenNebula driver
  • @​501924e fix(machined): use ParseFQDN for hostname parsing in OpenNebula
  • @​e9331b2 feat(machined): support per-interface route metric for OpenNebula (ETH*_METRIC)
  • @​6e78afb feat(machined): add network alias support for OpenNebula (ETH_ALIAS)
  • @​9f648b4 feat(machined): merge global and per-interface DNS for OpenNebula
  • @​04fba03 feat(machined): add static routes support via ETH*_ROUTES for OpenNebula

Changes from siderolabs/go-cmd
2 commits

Changes from siderolabs/go-kmsg
3 commits

Changes from siderolabs/pkgs
4 commits

Dependency Changes
  • github.com/google/go-containerregistry v0.20.6 -> v0.20.7
  • github.com/siderolabs/go-blockdevice/v2 v2.0.24 -> v2.0.26
  • github.com/siderolabs/go-cmd v0.1.3 -> v0.2.0
  • github.com/siderolabs/go-kmsg v0.1.4 -> v0.1.5
  • github.com/siderolabs/pkgs v1.12.0-46-ge695c74 -> v1.12.0-50-ga92bed5
  • github.com/siderolabs/talos/pkg/machinery v1.12.5 -> v1.12.6
  • github.com/spf13/cobra v1.10.1 -> v1.10.2
  • golang.org/x/sys v0.41.0 -> v0.42.0
  • google.golang.org/grpc v1.78.0 -> v1.79.3

Previous release can be found at v1.12.5

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.8
registry.k8s.io/kube-apiserver:v1.35.2
registry.k8s.io/kube-controller-manager:v1.35.2
registry.k8s.io/kube-scheduler:v1.35.2
registry.k8s.io/kube-proxy:v1.35.2
ghcr.io/siderolabs/kubelet:v1.35.2
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.6
ghcr.io/siderolabs/installer-base:v1.12.6
ghcr.io/siderolabs/imager:v1.12.6
ghcr.io/siderolabs/talos:v1.12.6
ghcr.io/siderolabs/talosctl-all:v1.12.6
ghcr.io/siderolabs/overlays:v1.12.6
ghcr.io/siderolabs/extensions:v1.12.6

v1.12.5

Compare Source

Talos 1.12.5 (2026-03-09)

Welcome to the v1.12.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.15
Kubernetes: 1.35.2
etcd: 3.6.8

Talos is built with Go 1.25.8.

Contributors
  • Andrey Smirnov
  • Mateusz Urbanek
  • Dmitrii Sharshakov
  • Fritz Schaal
  • Jan Paul
  • Max Makarov
  • Mickaël Canévet
  • Nico Berlee
  • Orzelius
  • Spencer Smith
Changes
19 commits

  • @​da6c6e4 release(v1.12.5): prepare release
  • @​4f978a7 fix: correctly calculate end ranges for nftables sets
  • @​8d52e2d feat: add trusted roots generation to stdpatches
  • @​6284877 fix: use correct dhcp option for unicast dhcp renewal
  • @​dcf23be fix: ignore image digest when doing upgrade-k8s
  • @​f8a2a9b fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag
  • @​db9ff23 fix: patch with delete for LinkConfigs
  • @​e0c38e2 fix: update path handling on talosctl cgroups
  • @​ca2d4c1 fix: stop Kubernetes client from dynamically reloading the certs
  • @​70ae2f2 refactor: split locate and provision
  • @​c3b0484 fix: hold user volumes root mountpoint
  • @​d935420 fix: handle raw encryption keys with \n properly
  • @​7fe1a47 fix: remove stale endpoints
  • @​3ea0888 fix: allow static hosts in /etc/hosts without hostname
  • @​5ebb00f fix: switch to better Myers algorithm implementation
  • @​2b40379 feat: update etcd to v3.6.8
  • @​1ce9328 fix: disks flag parsing and handling in create qemu command
  • @​1f989df fix: read multi-doc machine config with newer talosctl
  • @​40ba6e3 feat: update Linux 6.18.15, Go 1.25.8

Changes from siderolabs/go-debug
1 commit

Changes from siderolabs/pkgs
7 commits

Changes from siderolabs/tools
1 commit

Dependency Changes
  • github.com/docker/cli v29.0.0 -> v29.2.1
  • github.com/siderolabs/go-blockdevice/v2 v2.0.23 -> v2.0.24
  • github.com/siderolabs/go-debug v0.6.1 -> v0.6.2
  • github.com/siderolabs/pkgs v1.12.0-39-gb1fc4c6 -> v1.12.0-46-ge695c74
  • github.com/siderolabs/talos/pkg/machinery v1.12.3 -> v1.12.5
  • github.com/siderolabs/tools v1.12.0-6-gdc37e09 -> v1.12.0-7-g57916cb
  • golang.org/x/net v0.48.0 -> v0.51.0
  • golang.org/x/sys v0.40.0 -> v0.41.0
  • golang.org/x/term v0.38.0 -> v0.40.0
  • golang.org/x/text v0.33.0 -> v0.34.0
  • google.golang.org/grpc v1.76.0 -> v1.78.0
  • google.golang.org/protobuf v1.36.10 -> v1.36.11
  • k8s.io/api v0.35.0 -> v0.35.2
  • k8s.io/apiextensions-apiserver v0.35.0 -> v0.35.2
  • k8s.io/apiserver v0.35.0 -> v0.35.2
  • k8s.io/client-go v0.35.0 -> v0.35.2
  • k8s.io/component-base v0.35.0 -> v0.35.2
  • k8s.io/kube-scheduler v0.35.0 -> v0.35.2
  • k8s.io/kubectl v0.35.0 -> v0.35.2
  • k8s.io/kubelet v0.35.0 -> v0.35.2
  • k8s.io/pod-security-admission v0.35.0 -> v0.35.2

Previous release can be found at v1.12.4

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.8
registry.k8s.io/kube-apiserver:v1.35.2
registry.k8s.io/kube-controller-manager:v1.35.2
registry.k8s.io/kube-scheduler:v1.35.2
registry.k8s.io/kube-proxy:v1.35.2
ghcr.io/siderolabs/kubelet:v1.35.2
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.5
ghcr.io/siderolabs/installer-base:v1.12.5
ghcr.io/siderolabs/imager:v1.12.5
ghcr.io/siderolabs/talos:v1.12.5
ghcr.io/siderolabs/talosctl-all:v1.12.5
ghcr.io/siderolabs/overlays:v1.12.5
ghcr.io/siderolabs/extensions:v1.12.5

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [siderolabs/talos](https://github.com/siderolabs/talos) | minor | `v1.12.4` → `v1.13.2` | --- ### Release Notes <details> <summary>siderolabs/talos (siderolabs/talos)</summary> ### [`v1.13.2`](https://github.com/siderolabs/talos/releases/tag/v1.13.2) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.0...v1.13.2) #### [Talos 1.13.2](https://github.com/siderolabs/talos/releases/tag/v1.13.2) (2026-05-12) Welcome to the v1.13.2 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Etcd: 3.6.11 Linux: 6.18.29 Talos is built with Go 1.26.3. ##### Contributors - Noel Georgi ##### Changes <details><summary>1 commit</summary> <p> - [@&#8203;`c5d7c65`](https://github.com/siderolabs/talos/commit/c5d7c6536) release(v1.13.2): prepare release </p> </details> ##### Dependency Changes - **github.com/siderolabs/talos/pkg/machinery** v1.13.1 -> v1.13.2 Previous release can be found at [v1.13.1](https://github.com/siderolabs/talos/releases/tag/v1.13.1) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.4 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.11 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.0 registry.k8s.io/kube-controller-manager:v1.36.0 registry.k8s.io/kube-scheduler:v1.36.0 registry.k8s.io/kube-proxy:v1.36.0 ghcr.io/siderolabs/kubelet:v1.36.0 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.2 ghcr.io/siderolabs/installer-base:v1.13.2 ghcr.io/siderolabs/imager:v1.13.2 ghcr.io/siderolabs/talos:v1.13.2 ghcr.io/siderolabs/talosctl-all:v1.13.2 ghcr.io/siderolabs/overlays:v1.13.2 ghcr.io/siderolabs/extensions:v1.13.2 ``` ### [`v1.13.0`](https://github.com/siderolabs/talos/blob/HEAD/CHANGELOG.md#Talos-1140-alpha0-2026-04-29) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.7...v1.13.0) Welcome to the v1.14.0-alpha.0 release of Talos!\ *This is a pre-release of Talos* Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Default Installer Image The default installer image has been updated to use the Image Factory. ##### Host DNS Configuration HostDNS configuration was moved from the v1alpha1 config `.machine.features.hostDNS` field to the new `hostDNS` in the `ResolverConfig` document. ##### NTS for Time Synchronization Talos now supports Network Time Security (NTS) for secure time synchronization. This feature enhances the security of NTP by providing cryptographic authentication of time sources. NTS is enabled by default (without any configuration sources) for the default `time.cloudflare.com` time server NTS can be enabled for custom time servers via the new `useNTS` field in the `TimeServerConfig` document. ##### TLS 1.3 Minimum Version Talos now runs etcd and kube-apiserver with a minimum TLS version of 1.3, improving security by leveraging the latest TLS features and cipher suites. Custom settings for cipher suites have been removed, as they are ignored when TLS 1.3 is used, which simplifies configuration and ensures the use of modern, secure defaults. ##### Component Updates Linux: 6.18.25 Kubernetes: 1.36.0 Talos is built with Go 1.26.2. ##### Contributors - Andrey Smirnov - Noel Georgi - Mateusz Urbanek - Utku Ozdemir - Orzelius - Oguz Kilcan - buckaroo - Ansgar Dahlen - Benoît Knecht - David Orman - Dharsan Baskar - Dmitrii Sharshakov - Dmitriy Matrenichev - Edward Sammut Alessi - Erwan Leboucher - Kevin Tijssen - Nico Berlee - Zadkiel AHARONIAN ##### Changes <details><summary>103 commits</summary> <p> - [`8a037a56e`](https://github.com/siderolabs/talos/commit/8a037a56ed501b99757ca29f718c6ad7dfa2f223) test: fix flaky tests - [`08c81d838`](https://github.com/siderolabs/talos/commit/08c81d8380b80090183df51f3a8b02ed5339adb4) feat: bump kernel to 6.18.25 - [`fe40b6e58`](https://github.com/siderolabs/talos/commit/fe40b6e588c38628e5cd9298dcaa56d2f2590827) fix(ci): fetch empty pr labels - [`837a9ed07`](https://github.com/siderolabs/talos/commit/837a9ed077156ad00a1d31e731cf396c466bf6f6) feat: move host DNS config into ResolverConfig - [`96a8ecd1e`](https://github.com/siderolabs/talos/commit/96a8ecd1eed06f3d04fea853a8673699130dded8) feat: default to factory installer image - [`f19eef78b`](https://github.com/siderolabs/talos/commit/f19eef78b9cc01c107f86a6eddf24da0d288d124) fix: revert add extraArgs from service-account-issuer - [`6821225b6`](https://github.com/siderolabs/talos/commit/6821225b64ddd48e5cc0d16ab80204d539110f78) fix: revert use append instead of prepend in service-account-issuer - [`b43c3a124`](https://github.com/siderolabs/talos/commit/b43c3a124f6c6d1523c1feaddc9c4a23454eeb56) feat: add quirk for talosctl factory downloads - [`df0b9a8da`](https://github.com/siderolabs/talos/commit/df0b9a8da1423842d830261e5ddc5dc8f5a234c1) refactor: make all controller unit-test follow modern patterns - [`c2948cef2`](https://github.com/siderolabs/talos/commit/c2948cef232f6a175312636369b444124cb995db) feat: support auth for Image Factory in cluster create - [`560bcf0ca`](https://github.com/siderolabs/talos/commit/560bcf0cae764015520b1d1efbef2a0bb4fe88b7) feat: enforce TLS 1.3 minmum version for Kubernetes components - [`3db14309e`](https://github.com/siderolabs/talos/commit/3db14309e058cacc2ab8664944fc18f80a3bb747) fix(talosctl): ensure uncordon runs after reboot/upgrade errors - [`ecf2fa855`](https://github.com/siderolabs/talos/commit/ecf2fa855b8eb19731b228990a3acbe1430ccad4) feat: update Kubernetes to v1.36.0 - [`71557eadd`](https://github.com/siderolabs/talos/commit/71557eadda51ba62fcc10d4ed859c390a93c565d) fix(ci): skip misc jobs not on pull request - [`026313b7c`](https://github.com/siderolabs/talos/commit/026313b7cc103a2dc7efdee1dfbad32c8050daf6) docs: rename security-insights.yml to lowercase for LFX detection - [`dc4ffd490`](https://github.com/siderolabs/talos/commit/dc4ffd490d878621b929af1ba1aca1d32e2530de) fix(ci): fix jobs not interpolating matrix due to condition - [`25e2f37e2`](https://github.com/siderolabs/talos/commit/25e2f37e2b1c3b6bdc5ee04ffa86e6fe34cf582a) chore: generate comments for fields in resource proto - [`149592fa5`](https://github.com/siderolabs/talos/commit/149592fa59d20c5aa29e4c0af9a3760585f378ce) fix: watch kubelet's kubeconfig and time out for cache sync - [`1f315e6e9`](https://github.com/siderolabs/talos/commit/1f315e6e903ec81e2989eb02404522a8b3c2dab7) feat: update Linux to 6.18.23 - [`0198eedc2`](https://github.com/siderolabs/talos/commit/0198eedc2b39477a62a2d6e6450934ff29bce8b3) feat: add NTS (Network Time Security) support for NTP time sync - [`6830a8b97`](https://github.com/siderolabs/talos/commit/6830a8b97df4a08f27516869363e13a53121b2e4) fix(ci): matrix jobs cleanups - [`71aeb347f`](https://github.com/siderolabs/talos/commit/71aeb347f90969cb6057651666bfda205269d917) test: fix OOM test flake - [`9b9542cc5`](https://github.com/siderolabs/talos/commit/9b9542cc55ee6d08f3490d270c1b497c7b9d3049) test: fix a flake in the manifest sync test - [`863d882b6`](https://github.com/siderolabs/talos/commit/863d882b6cbd50abcc4fc8717e5921c92a1f0f0b) test: add image verification for factory.talos.dev - [`bba0b4aee`](https://github.com/siderolabs/talos/commit/bba0b4aeefd7ec0daf7cc048e48c66d8b614f576) chore(ci): nvidia update helm values - [`3399ff4de`](https://github.com/siderolabs/talos/commit/3399ff4de05b4fafb8511d6399e919436f1178da) fix: propagate route table down to the resource - [`c684ec60e`](https://github.com/siderolabs/talos/commit/c684ec60ea5035e84517dac05a16eabf04f06a33) chore: prepare for Talos 1.14 release - [`ed9545d0d`](https://github.com/siderolabs/talos/commit/ed9545d0db55cdff8ad7f7755398913780a7540e) chore(ci): bump gpu operator version - [`4de3e4393`](https://github.com/siderolabs/talos/commit/4de3e4393e6ee968a7ef315c1a0f9fe4d86f449c) fix(ci): cron triggered workflows - [`212182e6f`](https://github.com/siderolabs/talos/commit/212182e6f655f61e8917059868fc381728e4a959) chore: bump container registry library - [`c028db0b8`](https://github.com/siderolabs/talos/commit/c028db0b8d25e85a4b580e10252d964785320291) fix: do not flip machine stage to rebooting during shutdown - [`6ce62d9e8`](https://github.com/siderolabs/talos/commit/6ce62d9e8eea41a37e90fec5551ac06d26ef8b28) fix(ci): workflow runs with `workflow_run` - [`509cd9733`](https://github.com/siderolabs/talos/commit/509cd9733926a6994843fb58ccdf38e5cd63a382) fix: boot entry detection - [`5e3f30188`](https://github.com/siderolabs/talos/commit/5e3f301887546bfc83b9819bbc3ae05fe92f3471) feat(ci): rework to schedule daily runs after a cron - [`7fa4d3919`](https://github.com/siderolabs/talos/commit/7fa4d39197e1a9e54ba8a259c111f2cb8047ef9c) fix: zfs extensions test - [`1ef8e630a`](https://github.com/siderolabs/talos/commit/1ef8e630ab77b3c849e7da6d1ff83e7c6795f070) test: allow more tests to run in FIPS strict mode - [`bdcc9321b`](https://github.com/siderolabs/talos/commit/bdcc9321b637da77f1007a571193c2e03c984b8b) fix: reduce memory dashboard usage - [`2d177af82`](https://github.com/siderolabs/talos/commit/2d177af82b96cefdc7aebb62d593d0ffcba1a418) chore: update Syft to v1.42.4+patches - [`0d8362119`](https://github.com/siderolabs/talos/commit/0d8362119e4415182caa9349e0ddfb27ea290d90) fix: return failed precondition on upgrade when not installed - [`be58eafab`](https://github.com/siderolabs/talos/commit/be58eafaba98bb7b1bcd20ac1ed8f8b03734c7e0) fix: wrong slot of encryption key was logged - [`015081c76`](https://github.com/siderolabs/talos/commit/015081c768ec85c3fb3b74ea22dd0b981db7c96a) feat: update dependencies - [`9fbb7c95d`](https://github.com/siderolabs/talos/commit/9fbb7c95df2b1dcd68fafa23865412bbd8300f4b) fix: audit trustd code for security - [`986e97fc7`](https://github.com/siderolabs/talos/commit/986e97fc757824bc998d81933e60108250316e5e) feat: update Flannel to 0.28.4 - [`f3817d1d1`](https://github.com/siderolabs/talos/commit/f3817d1d1c90bb2f2c19c209af154dc1a93eb507) chore: update sign images to support image name suffix - [`e776721f3`](https://github.com/siderolabs/talos/commit/e776721f33b1fedff1dff310298035b3d603e676) feat: update Kubernetes 1.36.0-rc.1 - [`f6e7346fa`](https://github.com/siderolabs/talos/commit/f6e7346fa725a703ac4281854150d7a3be12c8d1) fix: encode extra args fields in resources with new id - [`3c7bb80ba`](https://github.com/siderolabs/talos/commit/3c7bb80bab0323d72a1727256ccf339d2c79804c) chore: bump tools - [`3ba35c9b9`](https://github.com/siderolabs/talos/commit/3ba35c9b9fca9c54e596d5c6df61d515a4a39555) chore(ci): nvidia try UKI boot - [`e3e8f01ca`](https://github.com/siderolabs/talos/commit/e3e8f01ca66ee74898ebba5dadf4f199775d278e) chore: bump tools - [`181584a5f`](https://github.com/siderolabs/talos/commit/181584a5f1850f2bfb2a837c0d05bd9e30ee48b5) fix: handle boot failure - [`c464c7e88`](https://github.com/siderolabs/talos/commit/c464c7e88a3f058cb2bbc36af1910d69d903cd07) fix: upgrade API in maintenance mode (legacy) - [`b7512d912`](https://github.com/siderolabs/talos/commit/b7512d9125b623d2bb92e3a8b5839e85e1309a39) feat: update Kubernetes to 1.36.0-rc.0 - [`4ba11156f`](https://github.com/siderolabs/talos/commit/4ba11156fd164a0d94538508f5c028f249deed50) refactor: allow overriding out image name suffix - [`c81aa125c`](https://github.com/siderolabs/talos/commit/c81aa125c85d3886c5b9bb4d7f77ec2def104f21) fix: panic in reading PCR values - [`6a3ab87c5`](https://github.com/siderolabs/talos/commit/6a3ab87c54f83f70869a2e298e6ed7722cf4afad) feat(ci): add nvidia arm64 matrix - [`21f459aab`](https://github.com/siderolabs/talos/commit/21f459aab5d8ac2841aa69a9237ca3faa06da7df) fix(talosctl): always use default GRPC dial options - [`ca208e514`](https://github.com/siderolabs/talos/commit/ca208e51492c4584f9a4cea4d0762c2199f703e7) fix: validate hostDNS forwarding requires hostDNS to be enabled - [`9fcb9e05b`](https://github.com/siderolabs/talos/commit/9fcb9e05b668ba2fbc7df776ab32e57b1c15e221) feat: bump go to 1.26.2 - [`0bfdf7f70`](https://github.com/siderolabs/talos/commit/0bfdf7f7035fefe804ec4b568709cd6a09195293) fix: create correct blackhole routes for IPv4 - [`52b920032`](https://github.com/siderolabs/talos/commit/52b920032e97e1b241c1e0bd89c6e41cbc1c9a47) feat: add client-side Kubernetes node drain to reboot and upgrade commands - [`968ec1e0c`](https://github.com/siderolabs/talos/commit/968ec1e0ca26eb1f0de0836e0a55df09dea7dafe) refactor: propagate NAME properly, allow to set on build - [`acc69c346`](https://github.com/siderolabs/talos/commit/acc69c346f8816324b632fd33a5d0cb3f4b73509) fix: set the minimum TLS version to 1.3 - [`0cfa6e302`](https://github.com/siderolabs/talos/commit/0cfa6e3024100e34692a0b10e9dacb762c16a626) chore: bump some tool dependencies - [`4229bb9d2`](https://github.com/siderolabs/talos/commit/4229bb9d2ed263c309d0b0082f6e21d2f002c925) feat: add dis-vulncheck tool - [`d697f5538`](https://github.com/siderolabs/talos/commit/d697f5538a7a624a1ac7bafdfebc67dd9418c434) fix: don't set xattrs while decompressing extensions - [`34fb2cbe5`](https://github.com/siderolabs/talos/commit/34fb2cbe5148a9f60fd888551ba6eceb84b550cf) refactor: remove manual shell completion and replace with cobra completion - [`79fa2e300`](https://github.com/siderolabs/talos/commit/79fa2e3001082cf21be92c52b3da4e844313184d) feat: allow more nvidia and nvme files from extensions - [`414f78a29`](https://github.com/siderolabs/talos/commit/414f78a298fc1a196fe310b17b89d3aadc15e1b4) feat: allow glibc ld files in etc - [`1bbba4301`](https://github.com/siderolabs/talos/commit/1bbba4301495e256f2686a6b0d44663d3fdad2c4) feat: update Flannel to v0.28.2 - [`55815e0fa`](https://github.com/siderolabs/talos/commit/55815e0fa545de42997b89beaa7bf15ef9aa36f3) fix: handle ISOs with zeroes in volume labels - [`7b6ab0c1c`](https://github.com/siderolabs/talos/commit/7b6ab0c1c3cec7b6260e27dd5b6e72faa1975ab0) feat: add flag to force fallback to legacy upgrade - [`5e24d5265`](https://github.com/siderolabs/talos/commit/5e24d5265bde9adee92c02e675140de87ee126bf) feat: add resource view to talosctl dashboard - [`649ab7fe4`](https://github.com/siderolabs/talos/commit/649ab7fe4234de1a947071926603377e00910cb9) fix: add os:meta:writer role to the dashboard - [`10cdfa909`](https://github.com/siderolabs/talos/commit/10cdfa9099a3e40ca8182ecb69d836c06ca621e3) fix: drop talosctl install - [`087ced85f`](https://github.com/siderolabs/talos/commit/087ced85f5130656cbc647c2e4d838cab3ff1737) fix: unseal with "slow" TPM - [`11ab0a8c5`](https://github.com/siderolabs/talos/commit/11ab0a8c5aec1537542bddb851a9f71e92888e3b) fix: drop unused type from ExternalVolume schema - [`e2df0f6ce`](https://github.com/siderolabs/talos/commit/e2df0f6ce8c47b0dc3e93bf257afb8a1ae9243fb) fix: always grow disks - [`919d8c365`](https://github.com/siderolabs/talos/commit/919d8c36552a46ed326c9cb01bb474cee21e8d0a) chore: drop debug shell - [`783a35851`](https://github.com/siderolabs/talos/commit/783a35851ed1bac4ddd0f1fed583fc1b6477614d) fix: add metal-agent mode to runtime capabilities - [`37b2221cc`](https://github.com/siderolabs/talos/commit/37b2221ccfff64f37461397712c8b08ea3736dc0) docs: add SECURITY-INSIGHTS.yml for OSPS Baseline QA-04.01 - [`bed2bd414`](https://github.com/siderolabs/talos/commit/bed2bd414ea57866b5b31cb09f562fc7161ca74a) feat: add graceful power off support to QEMU VM launcher - [`3400059cc`](https://github.com/siderolabs/talos/commit/3400059ccf4811140a4326397d972f68693c708c) fix: incorrect route source for on-link routes - [`b3dfbf743`](https://github.com/siderolabs/talos/commit/b3dfbf743e6c2fd44020911ee1e0eea3a7676579) feat: bump musl to 1.2.6 - [`4227921b3`](https://github.com/siderolabs/talos/commit/4227921b3979d3a8542946fed4ceb622747adb00) test: fix the PKI mismatch test flake - [`f2bc2dcc6`](https://github.com/siderolabs/talos/commit/f2bc2dcc6e0391dbd4aa19e8366d657b2056790f) feat: update NVIDIA production drivers to 595.58.03 - [`aa5946dd3`](https://github.com/siderolabs/talos/commit/aa5946dd385a2b99d572f9318e4eeeeee441b51b) test: fix cron failures for provision-1 & provision-2 - [`1dd701efa`](https://github.com/siderolabs/talos/commit/1dd701efa8119b6515a62ff68c430c99a96f2b68) fix: allow blockdevice wipe in maintenance mode - [`786bf00ab`](https://github.com/siderolabs/talos/commit/786bf00abb309955616e440cd06fd0718b1b77ab) feat: add --platform=all support to image cache-create - [`e1f645e3c`](https://github.com/siderolabs/talos/commit/e1f645e3cbeee5306dc0075deb8942793eb80a81) feat: validate luks headers for tampering - [`ad72c7300`](https://github.com/siderolabs/talos/commit/ad72c73006abc3b51e5371496c61d8637b2222f0) test: improve maintenance API provision tests - [`70cefab6a`](https://github.com/siderolabs/talos/commit/70cefab6af3dacdc80921b55ca8dbf5644501c6c) test: fix the flakes in tests with trusted roots - [`aacff17f4`](https://github.com/siderolabs/talos/commit/aacff17f4c8890d6cada8efc6e715f69750f79cd) test: bump memory for Flannel netpolicy tests - [`9c3459114`](https://github.com/siderolabs/talos/commit/9c34591144f1e2fc759fdc6d56694541eb9f241a) feat: update Linux to 6.18.19, CNI to 1.9.1 - [`038cb8735`](https://github.com/siderolabs/talos/commit/038cb87354eea1c1ff4612bdd13d1e77e595955a) feat: enforce PID check on connections to services over file sockets - [`e2b2dd3ea`](https://github.com/siderolabs/talos/commit/e2b2dd3ea7eed8bc139cd0bd812253baee0dd95c) chore: update go-kubernetes library - [`9597714f6`](https://github.com/siderolabs/talos/commit/9597714f625ac07bf74de32a24c3e6dad5abdc91) fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin - [`8ac47d677`](https://github.com/siderolabs/talos/commit/8ac47d677703624ec6568294d94dcad7e533e6c4) fix: unset rlimits for extension services - [`b1a02f368`](https://github.com/siderolabs/talos/commit/b1a02f3681c7e361ee6a3ef3d230b47480b48408) feat: update Kubernetes to 1.36.0-beta.0 - [`362fdc9ec`](https://github.com/siderolabs/talos/commit/362fdc9ece81e805a5a6a4e0303bdf78a6b2c35d) feat: update etcd to 3.6.9 - [`0a47f40b3`](https://github.com/siderolabs/talos/commit/0a47f40b3cdf304a079c6b3fa964e9f82e91ec63) fix(machined): clear stale bond ARP/NS targets on decode - [`86344639f`](https://github.com/siderolabs/talos/commit/86344639fcb76d9430ac1e975c98db4488701e43) fix: update diff library to v1.0.1 - [`eff89d1ed`](https://github.com/siderolabs/talos/commit/eff89d1ed46e5f3c709305a8cb134dabae925420) fix: panics in diff algorithms - [`8e1c8a7a9`](https://github.com/siderolabs/talos/commit/8e1c8a7a90fb039fd8a639a1218c169bc683d141) test: fix the apid test against AWS/GCP </p> </details> ##### Changes from siderolabs/go-kubeconfig <details><summary>2 commits</summary> <p> - [`d0b8f82`](https://github.com/siderolabs/go-kubeconfig/commit/d0b8f82dece7359bb005d6c32ca225c1b29401c5) chore: rekres and bump deps - [`c356eeb`](https://github.com/siderolabs/go-kubeconfig/commit/c356eeb33f12542c1e29e81f7246f146b847bfb6) fix: fix context conflict detection add New() constructor </p> </details> ##### Changes from siderolabs/grpc-proxy <details><summary>3 commits</summary> <p> - [`d670c42`](https://github.com/siderolabs/grpc-proxy/commit/d670c420307acbdc1c71cc1572c1d826f07cf406) chore: bump dependencies - [`8614c71`](https://github.com/siderolabs/grpc-proxy/commit/8614c7158032488d36285ce2245d06f49d7447c4) chore: bump deps - [`80677e0`](https://github.com/siderolabs/grpc-proxy/commit/80677e04c18d908cacb69566ed95c78c400d4d99) fix: propagate the headers before the message </p> </details> ##### Changes from siderolabs/pkgs <details><summary>22 commits</summary> <p> - [`6a53a93`](https://github.com/siderolabs/pkgs/commit/6a53a933d1b9bf3c3e3d9fae8d7bc3e9021d418e) feat: bump kernel to 6.18.25 - [`f567bce`](https://github.com/siderolabs/pkgs/commit/f567bced2b6b5517cf70a5e925995e2dcdcd8444) feat: disable more stuff in Kconfig - [`ffd9790`](https://github.com/siderolabs/pkgs/commit/ffd97909dd732c3ba8520ea4354ab2ecf07e8ba9) feat: bump kernel to 6.18.24 - [`b7c709a`](https://github.com/siderolabs/pkgs/commit/b7c709add255e09b3b1101abad06b4f3b17952cd) feat: bump deps - [`e5e5b3c`](https://github.com/siderolabs/pkgs/commit/e5e5b3c0e65911069be6a62326fea677baac7245) feat: update Linux to 6.18.23 - [`1a4cd20`](https://github.com/siderolabs/pkgs/commit/1a4cd203fddcb04610bcf933c1f9058d94744863) fix: renovate config - [`d0ed6ed`](https://github.com/siderolabs/pkgs/commit/d0ed6ed134c4aca27b4c8ef9dfc87476905487d4) feat: update dependencies - [`6ea49c7`](https://github.com/siderolabs/pkgs/commit/6ea49c7264baf6948e8b793f0b8c1306f71efe5a) fix: support disabling module signature verification - [`6520ec4`](https://github.com/siderolabs/pkgs/commit/6520ec481c215cbfcd44996e07cdb87057f12c71) feat: update containerd to 2.2.3 - [`37ce992`](https://github.com/siderolabs/pkgs/commit/37ce992e6a7d576fce9432fcf30fb7a656056d89) feat: enable CONFIG\_UHID and CONFIG\_INPUT\_JOYDEV as modules - [`cddd934`](https://github.com/siderolabs/pkgs/commit/cddd934ff6704bce64fe5861518d40801d6574f4) feat: update backportable dependencies - [`32e4077`](https://github.com/siderolabs/pkgs/commit/32e4077a095576ac5b0f32fb08fd7601ccf4f30f) feat: update OpenSSL - [`2d241e7`](https://github.com/siderolabs/pkgs/commit/2d241e7ec587a16fcf16aac8ad2ed47dfa38253b) feat: update Go to 1.26.2 and small deps updates - [`7f540ce`](https://github.com/siderolabs/pkgs/commit/7f540ce7f367484cd44eb1d5ce25b59cf1cd1dce) feat: disable dynamic SCS - [`3bef043`](https://github.com/siderolabs/pkgs/commit/3bef04361931a686d163a0c3cc76165f1059b838) feat: update runc to 1.4.2 - [`c6e6f10`](https://github.com/siderolabs/pkgs/commit/c6e6f1004e9f2947e0aea42a0baee197e745576f) feat: update Linux to 6.18.21 - [`a9e8afa`](https://github.com/siderolabs/pkgs/commit/a9e8afa610b325c5cbc6470bc62be92849dc5b88) fix: libarchive install prefix - [`e4d0113`](https://github.com/siderolabs/pkgs/commit/e4d0113483e8c1920efc74037a10a82757493560) feat: update for musl 1.2.6 - [`9142603`](https://github.com/siderolabs/pkgs/commit/9142603113d8668de274b2cb207c69ae0a630e1c) feat: update NVIDIA production to 595.58.03 - [`22fa669`](https://github.com/siderolabs/pkgs/commit/22fa66967bf36b727a004495f0457049313be1f5) feat: update Linux to 6.18.19 - [`03680ae`](https://github.com/siderolabs/pkgs/commit/03680ae6e2e00501115415733a09891a5fd2fc35) feat: update containerd patch verifier role - [`bdc239e`](https://github.com/siderolabs/pkgs/commit/bdc239e6a293bad5ba274874ceaf5f3d98a62284) feat: enable CHECKPOINT\_RESTORE option </p> </details> ##### Changes from siderolabs/proto-codec <details><summary>1 commit</summary> <p> - [`9b8a14e`](https://github.com/siderolabs/proto-codec/commit/9b8a14eb93804d497f011b1c26d1936c9ef45dcd) chore: bump dependencies </p> </details> ##### Changes from siderolabs/siderolink <details><summary>1 commit</summary> <p> - [`0a1933c`](https://github.com/siderolabs/siderolink/commit/0a1933ce37ee5383dc0c875fa9da318f38c76e31) chore: bump dependencies </p> </details> ##### Changes from siderolabs/tools <details><summary>7 commits</summary> <p> - [`44ad18c`](https://github.com/siderolabs/tools/commit/44ad18c5a553eb2f728f369a8c56e3c257730da2) feat: bump deps - [`f3d0dd9`](https://github.com/siderolabs/tools/commit/f3d0dd9ca5c9006ca14890af1ab8a58248ae28d8) fix: renovate configs - [`4ac4449`](https://github.com/siderolabs/tools/commit/4ac444995923055b5c410dc957579f4b0b308394) feat: update dependencies - [`027744f`](https://github.com/siderolabs/tools/commit/027744f476f38f0fda9b1fd0ae7fb3aed0ab4ad1) feat: bump OpenSSL to 3.6.2 - [`7067f1f`](https://github.com/siderolabs/tools/commit/7067f1f966cff98c83cf2a4ecfaf06021397d954) feat: update util-linux to 2.41.4 - [`6cb3e56`](https://github.com/siderolabs/tools/commit/6cb3e561ff60abc78cefd570189651c8afdc7121) feat: update Go to 1.26.2 - [`9186c5f`](https://github.com/siderolabs/tools/commit/9186c5ffff2bffa4b92d7377d254faedceba6036) feat: update musl to 1.2.6 </p> </details> ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2/config** v1.32.12 -> v1.32.14 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.20 -> v1.18.21 - **github.com/aws/aws-sdk-go-v2/service/acm** v1.37.22 -> v1.38.1 - **github.com/aws/aws-sdk-go-v2/service/kms** v1.50.3 -> v1.50.4 - **github.com/aws/smithy-go** v1.24.2 -> v1.25.0 - **github.com/beevik/nts** v0.3.0 ***new*** - **github.com/containerd/containerd/v2** v2.2.2 -> v2.2.3 - **github.com/fatih/color** v1.18.0 -> v1.19.0 - **github.com/florianl/go-tc** v0.4.7 -> v0.4.8 - **github.com/hetznercloud/hcloud-go/v2** v2.36.0 -> v2.37.0 - **github.com/insomniacslk/dhcp** [`5adc3eb`](https://github.com/siderolabs/talos/commit/5adc3eb26f91) -> [`11b94ed`](https://github.com/siderolabs/talos/commit/11b94ed970f2) - **github.com/mdlayher/genetlink** v1.3.2 -> v1.4.0 - **github.com/mdlayher/netlink** v1.9.0 -> v1.11.0 - **github.com/pelletier/go-toml/v2** v2.2.4 -> v2.3.0 - **github.com/siderolabs/go-kubeconfig** v0.1.1 -> v0.1.2 - **github.com/siderolabs/grpc-proxy** v0.5.1 -> v0.5.2 - **github.com/siderolabs/pkgs** v1.13.0 -> v1.14.0-alpha.0-20-g6a53a93 - **github.com/siderolabs/proto-codec** v0.1.3 -> v0.1.4 - **github.com/siderolabs/siderolink** v0.3.15 -> v0.3.16 - **github.com/siderolabs/talos/pkg/machinery** v1.13.0 -> v1.13.0-beta.0 - **github.com/siderolabs/tools** v1.13.0 -> v1.14.0-alpha.0-6-g44ad18c - **github.com/sigstore/cosign/v3** v3.0.5 -> v3.0.6 - **go.etcd.io/etcd/api/v3** v3.6.9 -> v3.6.10 - **go.etcd.io/etcd/client/pkg/v3** v3.6.9 -> v3.6.10 - **go.etcd.io/etcd/client/v3** v3.6.9 -> v3.6.10 - **go.etcd.io/etcd/etcdutl/v3** v3.6.9 -> v3.6.10 - **google.golang.org/grpc** v1.79.3 -> v1.80.0 - **k8s.io/api** v0.35.3 -> v0.35.4 - **k8s.io/apiextensions-apiserver** v0.35.3 -> v0.35.4 - **k8s.io/apimachinery** v0.35.3 -> v0.35.4 - **k8s.io/apiserver** v0.35.3 -> v0.35.4 - **k8s.io/client-go** v0.35.3 -> v0.35.4 - **k8s.io/component-base** v0.35.3 -> v0.35.4 - **k8s.io/cri-api** v0.35.3 -> v0.35.4 - **k8s.io/kube-scheduler** v0.35.3 -> v0.35.4 - **k8s.io/kubectl** v0.35.3 -> v0.35.4 - **k8s.io/kubelet** v0.35.3 -> v0.35.4 - **k8s.io/pod-security-admission** v0.35.3 -> v0.35.4 - **kernel.org/pub/linux/libs/security/libcap/cap** v1.2.77 -> v1.2.78 Previous release can be found at [v1.13.0](https://github.com/siderolabs/talos/releases/tag/v1.13.0) ### [`v1.12.7`](https://github.com/siderolabs/talos/releases/tag/v1.12.7) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.6...v1.12.7) #### [Talos 1.12.7](https://github.com/siderolabs/talos/releases/tag/v1.12.7) (2026-04-24) Welcome to the v1.12.7 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.24 containerd: 2.1.7 etcd: 3.6.9 Kubernetes: v1.35.4 Talos is built with Go 1.25.9. ##### Contributors - Noel Georgi - Andrey Smirnov - Mateusz Urbanek - Orzelius - Utku Ozdemir ##### Changes <details><summary>19 commits</summary> <p> - [@&#8203;`91c6399`](https://github.com/siderolabs/talos/commit/91c63991e) release(v1.12.7): prepare release - [@&#8203;`3b228ca`](https://github.com/siderolabs/talos/commit/3b228caf1) feat: bring in apparmor profile files - [@&#8203;`1a05b4a`](https://github.com/siderolabs/talos/commit/1a05b4a11) feat: update kubernetes to v1.35.4 - [@&#8203;`b796be0`](https://github.com/siderolabs/talos/commit/b796be09b) feat: bump pkgs, spdystream - [@&#8203;`a75ce6f`](https://github.com/siderolabs/talos/commit/a75ce6f00) feat: bump pkgs, tools - [@&#8203;`c1ea8db`](https://github.com/siderolabs/talos/commit/c1ea8dbc7) test: fix OOM test flake - [@&#8203;`d5b691b`](https://github.com/siderolabs/talos/commit/d5b691b8f) fix: watch kubelet's kubeconfig and time out for cache sync - [@&#8203;`27655c5`](https://github.com/siderolabs/talos/commit/27655c5bc) fix: propagate route table down to the resource - [@&#8203;`fcda84b`](https://github.com/siderolabs/talos/commit/fcda84bc4) fix: boot entry detection - [@&#8203;`330561c`](https://github.com/siderolabs/talos/commit/330561c87) fix: do not flip machine stage to rebooting during shutdown - [@&#8203;`8ef4488`](https://github.com/siderolabs/talos/commit/8ef448884) fix: zfs extensions test - [@&#8203;`8bc593d`](https://github.com/siderolabs/talos/commit/8bc593d17) fix: wrong slot of encryption key was logged - [@&#8203;`89f5615`](https://github.com/siderolabs/talos/commit/89f561593) fix: panic in reading PCR values - [@&#8203;`317deed`](https://github.com/siderolabs/talos/commit/317deede0) feat: add dis-vulncheck tool - [@&#8203;`0654a7f`](https://github.com/siderolabs/talos/commit/0654a7f7e) fix: handle ISOs with zeroes in volume labels - [@&#8203;`e16007b`](https://github.com/siderolabs/talos/commit/e16007b44) fix: unseal with "slow" TPM - [@&#8203;`388a56b`](https://github.com/siderolabs/talos/commit/388a56b79) fix: incorrect route source for on-link routes - [@&#8203;`7e42474`](https://github.com/siderolabs/talos/commit/7e42474c5) test: fix the flakes in tests with trusted roots - [@&#8203;`d52ebe2`](https://github.com/siderolabs/talos/commit/d52ebe21d) feat: update etcd to 3.6.9 </p> </details> ##### Changes from siderolabs/pkgs <details><summary>8 commits</summary> <p> - [siderolabs/pkgs@`86d6af1`](https://github.com/siderolabs/pkgs/commit/86d6af1) fix: install apparmor parser require config files - [siderolabs/pkgs@`d6b125f`](https://github.com/siderolabs/pkgs/commit/d6b125f) feat: bump systemd - [siderolabs/pkgs@`191632c`](https://github.com/siderolabs/pkgs/commit/191632c) feat: bump kernel to 6.18.24 - [siderolabs/pkgs@`13cbc68`](https://github.com/siderolabs/pkgs/commit/13cbc68) feat: bump tools, toolchain and containerd - [siderolabs/pkgs@`709678d`](https://github.com/siderolabs/pkgs/commit/709678d) feat: update Linux to 6.18.23 - [siderolabs/pkgs@`34de6db`](https://github.com/siderolabs/pkgs/commit/34de6db) fix: support disabling module signature verification - [siderolabs/pkgs@`e30789a`](https://github.com/siderolabs/pkgs/commit/e30789a) feat: update backportable dependencies - [siderolabs/pkgs@`830d895`](https://github.com/siderolabs/pkgs/commit/830d895) feat: update Linux to 6.18.21 </p> </details> ##### Changes from siderolabs/tools <details><summary>3 commits</summary> <p> - [siderolabs/tools@`bbd753d`](https://github.com/siderolabs/tools/commit/bbd753d) feat: bump toolchain - [siderolabs/tools@`61955e9`](https://github.com/siderolabs/tools/commit/61955e9) feat: bump OpenSSL to 3.6.2 - [siderolabs/tools@`23de89f`](https://github.com/siderolabs/tools/commit/23de89f) feat: update util-linux to 2.41.4 </p> </details> ##### Dependency Changes - **github.com/siderolabs/go-blockdevice/v2** v2.0.26 -> v2.0.28 - **github.com/siderolabs/pkgs** v1.12.0-50-ga92bed5 -> v1.12.0-58-g86d6af1 - **github.com/siderolabs/talos/pkg/machinery** v1.12.6 -> v1.12.7 - **github.com/siderolabs/tools** v1.12.0-7-g57916cb -> v1.12.0-10-gbbd753d - **go.etcd.io/etcd/api/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/client/pkg/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/client/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/etcdutl/v3** v3.6.6 -> v3.6.9 - **k8s.io/api** v0.35.2 -> v0.35.4 - **k8s.io/apiextensions-apiserver** v0.35.2 -> v0.35.4 - **k8s.io/apimachinery** v0.35.2 -> v0.35.4 - **k8s.io/apiserver** v0.35.2 -> v0.35.4 - **k8s.io/client-go** v0.35.2 -> v0.35.4 - **k8s.io/component-base** v0.35.2 -> v0.35.4 - **k8s.io/cri-api** v0.35.2 -> v0.35.4 - **k8s.io/kube-scheduler** v0.35.2 -> v0.35.4 - **k8s.io/kubectl** v0.35.2 -> v0.35.4 - **k8s.io/kubelet** v0.35.2 -> v0.35.4 - **k8s.io/pod-security-admission** v0.35.2 -> v0.35.4 Previous release can be found at [v1.12.6](https://github.com/siderolabs/talos/releases/tag/v1.12.6) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.9 registry.k8s.io/kube-apiserver:v1.35.4 registry.k8s.io/kube-controller-manager:v1.35.4 registry.k8s.io/kube-scheduler:v1.35.4 registry.k8s.io/kube-proxy:v1.35.4 ghcr.io/siderolabs/kubelet:v1.35.4 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.7 ghcr.io/siderolabs/installer-base:v1.12.7 ghcr.io/siderolabs/imager:v1.12.7 ghcr.io/siderolabs/talos:v1.12.7 ghcr.io/siderolabs/talosctl-all:v1.12.7 ghcr.io/siderolabs/overlays:v1.12.7 ghcr.io/siderolabs/extensions:v1.12.7 ``` ### [`v1.12.6`](https://github.com/siderolabs/talos/releases/tag/v1.12.6) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.5...v1.12.6) #### [Talos 1.12.6](https://github.com/siderolabs/talos/releases/tag/v1.12.6) (2026-03-19) Welcome to the v1.12.6 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.18 runc: 1.3.5 Talos is built with Go 1.25.8. ##### Contributors - Mickaël Canévet - Andrey Smirnov - Dominik Pitz - Kai Zhang - Noel Georgi - Stanley Chan - Zadkiel AHARONIAN ##### Changes <details><summary>21 commits</summary> <p> - [@&#8203;`a1b8bd6`](https://github.com/siderolabs/talos/commit/a1b8bd612) release(v1.12.6): prepare release - [@&#8203;`72bd570`](https://github.com/siderolabs/talos/commit/72bd570f0) feat: update Linux to 6.18.18 - [@&#8203;`9d5638f`](https://github.com/siderolabs/talos/commit/9d5638f4c) fix: accept image cache volume encryption config - [@&#8203;`0f018bf`](https://github.com/siderolabs/talos/commit/0f018bf80) fix: panic in hardware.SystemInfoController - [@&#8203;`c46b898`](https://github.com/siderolabs/talos/commit/c46b89807) fix: validate missing apiVersion in config document decoder - [@&#8203;`c47cad9`](https://github.com/siderolabs/talos/commit/c47cad9ec) fix: pull in a fix for dmesg timestamps - [@&#8203;`190336a`](https://github.com/siderolabs/talos/commit/190336a66) fix: prevent stale discovered volumes reads - [@&#8203;`217e9bb`](https://github.com/siderolabs/talos/commit/217e9bb02) fix: bring in new version of go-cmd and go-blockdevice - [@&#8203;`d7779a5`](https://github.com/siderolabs/talos/commit/d7779a5ba) fix: stop pulling wrong platform for images - [@&#8203;`eb6eb66`](https://github.com/siderolabs/talos/commit/eb6eb664a) fix(machined): support USERDATA legacy fallback in OpenNebula driver - [@&#8203;`ba20c7c`](https://github.com/siderolabs/talos/commit/ba20c7c12) feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula - [@&#8203;`739f664`](https://github.com/siderolabs/talos/commit/739f66458) feat(machined): inherit IP6\_METHOD from METHOD in OpenNebula driver - [@&#8203;`93878c0`](https://github.com/siderolabs/talos/commit/93878c079) fix(machined): align OpenNebula hostname precedence with reference - [@&#8203;`9718d73`](https://github.com/siderolabs/talos/commit/9718d737f) feat(machined): add IPv6 alias address support for OpenNebula (ET&#x48;*\_ALIAS*\_IP6) - [@&#8203;`b649fb4`](https://github.com/siderolabs/talos/commit/b649fb467) feat(machined): support ETH\*\_IP6\_METHOD (static/dhcp/auto/disable) for OpenNebula - [@&#8203;`c81df6f`](https://github.com/siderolabs/talos/commit/c81df6fa9) refactor(machined): extract per-interface IPv4 helper in OpenNebula driver - [@&#8203;`501924e`](https://github.com/siderolabs/talos/commit/501924e5a) fix(machined): use ParseFQDN for hostname parsing in OpenNebula - [@&#8203;`e9331b2`](https://github.com/siderolabs/talos/commit/e9331b271) feat(machined): support per-interface route metric for OpenNebula (ETH\*\_METRIC) - [@&#8203;`6e78afb`](https://github.com/siderolabs/talos/commit/6e78afbab) feat(machined): add network alias support for OpenNebula (ET&#x48;*\_ALIAS*) - [@&#8203;`9f648b4`](https://github.com/siderolabs/talos/commit/9f648b491) feat(machined): merge global and per-interface DNS for OpenNebula - [@&#8203;`04fba03`](https://github.com/siderolabs/talos/commit/04fba03a9) feat(machined): add static routes support via ETH\*\_ROUTES for OpenNebula </p> </details> ##### Changes from siderolabs/go-cmd <details><summary>2 commits</summary> <p> - [siderolabs/go-cmd@`5f31ba9`](https://github.com/siderolabs/go-cmd/commit/5f31ba9) chore: rekres and update - [siderolabs/go-cmd@`fff5698`](https://github.com/siderolabs/go-cmd/commit/fff5698) feat: allow capturing full output to stdout, modernize API </p> </details> ##### Changes from siderolabs/go-kmsg <details><summary>3 commits</summary> <p> - [siderolabs/go-kmsg@`b53b36d`](https://github.com/siderolabs/go-kmsg/commit/b53b36d) chore: rekres and update - [siderolabs/go-kmsg@`6f7d20b`](https://github.com/siderolabs/go-kmsg/commit/6f7d20b) feat: calculate boot time correctly if the time jumps - [siderolabs/go-kmsg@`47655ee`](https://github.com/siderolabs/go-kmsg/commit/47655ee) feat: support PRINTK\_CALLER kmsg logs </p> </details> ##### Changes from siderolabs/pkgs <details><summary>4 commits</summary> <p> - [siderolabs/pkgs@`a92bed5`](https://github.com/siderolabs/pkgs/commit/a92bed5) feat: enable AMD GPU peer-to-peer DMA - [siderolabs/pkgs@`09e87a9`](https://github.com/siderolabs/pkgs/commit/09e87a9) feat: backportable deps update - [siderolabs/pkgs@`eb965e2`](https://github.com/siderolabs/pkgs/commit/eb965e2) feat(kernel): enable CONFIG\_USB\_UHCI\_HCD on amd64 - [siderolabs/pkgs@`6804ebd`](https://github.com/siderolabs/pkgs/commit/6804ebd) feat: update Linux 6.18.16, NVIDIA, ZFS </p> </details> ##### Dependency Changes - **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7 - **github.com/siderolabs/go-blockdevice/v2** v2.0.24 -> v2.0.26 - **github.com/siderolabs/go-cmd** v0.1.3 -> v0.2.0 - **github.com/siderolabs/go-kmsg** v0.1.4 -> v0.1.5 - **github.com/siderolabs/pkgs** v1.12.0-46-ge695c74 -> v1.12.0-50-ga92bed5 - **github.com/siderolabs/talos/pkg/machinery** v1.12.5 -> v1.12.6 - **github.com/spf13/cobra** v1.10.1 -> v1.10.2 - **golang.org/x/sys** v0.41.0 -> v0.42.0 - **google.golang.org/grpc** v1.78.0 -> v1.79.3 Previous release can be found at [v1.12.5](https://github.com/siderolabs/talos/releases/tag/v1.12.5) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.8 registry.k8s.io/kube-apiserver:v1.35.2 registry.k8s.io/kube-controller-manager:v1.35.2 registry.k8s.io/kube-scheduler:v1.35.2 registry.k8s.io/kube-proxy:v1.35.2 ghcr.io/siderolabs/kubelet:v1.35.2 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.6 ghcr.io/siderolabs/installer-base:v1.12.6 ghcr.io/siderolabs/imager:v1.12.6 ghcr.io/siderolabs/talos:v1.12.6 ghcr.io/siderolabs/talosctl-all:v1.12.6 ghcr.io/siderolabs/overlays:v1.12.6 ghcr.io/siderolabs/extensions:v1.12.6 ``` ### [`v1.12.5`](https://github.com/siderolabs/talos/releases/tag/v1.12.5) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.4...v1.12.5) #### [Talos 1.12.5](https://github.com/siderolabs/talos/releases/tag/v1.12.5) (2026-03-09) Welcome to the v1.12.5 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.15 Kubernetes: 1.35.2 etcd: 3.6.8 Talos is built with Go 1.25.8. ##### Contributors - Andrey Smirnov - Mateusz Urbanek - Dmitrii Sharshakov - Fritz Schaal - Jan Paul - Max Makarov - Mickaël Canévet - Nico Berlee - Orzelius - Spencer Smith ##### Changes <details><summary>19 commits</summary> <p> - [@&#8203;`da6c6e4`](https://github.com/siderolabs/talos/commit/da6c6e461) release(v1.12.5): prepare release - [@&#8203;`4f978a7`](https://github.com/siderolabs/talos/commit/4f978a747) fix: correctly calculate end ranges for nftables sets - [@&#8203;`8d52e2d`](https://github.com/siderolabs/talos/commit/8d52e2dbe) feat: add trusted roots generation to stdpatches - [@&#8203;`6284877`](https://github.com/siderolabs/talos/commit/628487715) fix: use correct dhcp option for unicast dhcp renewal - [@&#8203;`dcf23be`](https://github.com/siderolabs/talos/commit/dcf23be4f) fix: ignore image digest when doing upgrade-k8s - [@&#8203;`f8a2a9b`](https://github.com/siderolabs/talos/commit/f8a2a9b7a) fix(machined): opennebula: process ETH\*\_ vars regardless of NETWORK context flag - [@&#8203;`db9ff23`](https://github.com/siderolabs/talos/commit/db9ff23ae) fix: patch with delete for LinkConfigs - [@&#8203;`e0c38e2`](https://github.com/siderolabs/talos/commit/e0c38e2ae) fix: update path handling on talosctl cgroups - [@&#8203;`ca2d4c1`](https://github.com/siderolabs/talos/commit/ca2d4c146) fix: stop Kubernetes client from dynamically reloading the certs - [@&#8203;`70ae2f2`](https://github.com/siderolabs/talos/commit/70ae2f274) refactor: split locate and provision - [@&#8203;`c3b0484`](https://github.com/siderolabs/talos/commit/c3b04844e) fix: hold user volumes root mountpoint - [@&#8203;`d935420`](https://github.com/siderolabs/talos/commit/d935420b2) fix: handle raw encryption keys with `\n` properly - [@&#8203;`7fe1a47`](https://github.com/siderolabs/talos/commit/7fe1a47af) fix: remove stale endpoints - [@&#8203;`3ea0888`](https://github.com/siderolabs/talos/commit/3ea08888a) fix: allow static hosts in `/etc/hosts` without hostname - [@&#8203;`5ebb00f`](https://github.com/siderolabs/talos/commit/5ebb00fdc) fix: switch to better Myers algorithm implementation - [@&#8203;`2b40379`](https://github.com/siderolabs/talos/commit/2b4037935) feat: update etcd to v3.6.8 - [@&#8203;`1ce9328`](https://github.com/siderolabs/talos/commit/1ce9328e4) fix: disks flag parsing and handling in create qemu command - [@&#8203;`1f989df`](https://github.com/siderolabs/talos/commit/1f989dfb0) fix: read multi-doc machine config with newer talosctl - [@&#8203;`40ba6e3`](https://github.com/siderolabs/talos/commit/40ba6e3ec) feat: update Linux 6.18.15, Go 1.25.8 </p> </details> ##### Changes from siderolabs/go-debug <details><summary>1 commit</summary> <p> - [siderolabs/go-debug@`47fce68`](https://github.com/siderolabs/go-debug/commit/47fce68) feat: support Go 1.26, rekres </p> </details> ##### Changes from siderolabs/pkgs <details><summary>7 commits</summary> <p> - [siderolabs/pkgs@`e695c74`](https://github.com/siderolabs/pkgs/commit/e695c74) feat: update Linux to 6.18.15 - [siderolabs/pkgs@`7d4ef68`](https://github.com/siderolabs/pkgs/commit/7d4ef68) feat: update Linux to 6.18.14 - [siderolabs/pkgs@`300cd60`](https://github.com/siderolabs/pkgs/commit/300cd60) feat: update Linux firmware to [`2026022`](https://github.com/siderolabs/talos/commit/20260221) - [siderolabs/pkgs@`65f9fd3`](https://github.com/siderolabs/pkgs/commit/65f9fd3) feat: update Linux to 6.18.13 - [siderolabs/pkgs@`96fc8e3`](https://github.com/siderolabs/pkgs/commit/96fc8e3) feat: enable MLX5 Scalable Functions and TC offload in kernel - [siderolabs/pkgs@`f31edf1`](https://github.com/siderolabs/pkgs/commit/f31edf1) feat: add patch for Cilium BPF verifier rejection by the kernel - [siderolabs/pkgs@`8b4b129`](https://github.com/siderolabs/pkgs/commit/8b4b129) feat: update Go to 1.25.8 </p> </details> ##### Changes from siderolabs/tools <details><summary>1 commit</summary> <p> - [siderolabs/tools@`57916cb`](https://github.com/siderolabs/tools/commit/57916cb) feat: update Go to 1.25.8 </p> </details> ##### Dependency Changes - **github.com/docker/cli** v29.0.0 -> v29.2.1 - **github.com/siderolabs/go-blockdevice/v2** v2.0.23 -> v2.0.24 - **github.com/siderolabs/go-debug** v0.6.1 -> v0.6.2 - **github.com/siderolabs/pkgs** v1.12.0-39-gb1fc4c6 -> v1.12.0-46-ge695c74 - **github.com/siderolabs/talos/pkg/machinery** v1.12.3 -> v1.12.5 - **github.com/siderolabs/tools** v1.12.0-6-gdc37e09 -> v1.12.0-7-g57916cb - **golang.org/x/net** v0.48.0 -> v0.51.0 - **golang.org/x/sys** v0.40.0 -> v0.41.0 - **golang.org/x/term** v0.38.0 -> v0.40.0 - **golang.org/x/text** v0.33.0 -> v0.34.0 - **google.golang.org/grpc** v1.76.0 -> v1.78.0 - **google.golang.org/protobuf** v1.36.10 -> v1.36.11 - **k8s.io/api** v0.35.0 -> v0.35.2 - **k8s.io/apiextensions-apiserver** v0.35.0 -> v0.35.2 - **k8s.io/apiserver** v0.35.0 -> v0.35.2 - **k8s.io/client-go** v0.35.0 -> v0.35.2 - **k8s.io/component-base** v0.35.0 -> v0.35.2 - **k8s.io/kube-scheduler** v0.35.0 -> v0.35.2 - **k8s.io/kubectl** v0.35.0 -> v0.35.2 - **k8s.io/kubelet** v0.35.0 -> v0.35.2 - **k8s.io/pod-security-admission** v0.35.0 -> v0.35.2 Previous release can be found at [v1.12.4](https://github.com/siderolabs/talos/releases/tag/v1.12.4) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.8 registry.k8s.io/kube-apiserver:v1.35.2 registry.k8s.io/kube-controller-manager:v1.35.2 registry.k8s.io/kube-scheduler:v1.35.2 registry.k8s.io/kube-proxy:v1.35.2 ghcr.io/siderolabs/kubelet:v1.35.2 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.5 ghcr.io/siderolabs/installer-base:v1.12.5 ghcr.io/siderolabs/imager:v1.12.5 ghcr.io/siderolabs/talos:v1.12.5 ghcr.io/siderolabs/talosctl-all:v1.12.5 ghcr.io/siderolabs/overlays:v1.12.5 ghcr.io/siderolabs/extensions:v1.12.5 ``` </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuMTQxLjYiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
jaskaran force-pushed renovate/siderolabs-talos-1.x from d1acac562c to 500e7ba557 2026-03-22 00:01:59 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.5 to chore(deps): update dependency siderolabs/talos to v1.12.6 2026-03-22 00:02:04 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 500e7ba557 to 6fa94f633c 2026-04-25 00:01:22 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.6 to chore(deps): update dependency siderolabs/talos to v1.12.7 2026-04-25 00:01:28 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 6fa94f633c to 184f53d8d0 2026-05-01 00:03:55 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.7 to chore(deps): update dependency siderolabs/talos to v1.13.0 2026-05-01 00:04:02 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 184f53d8d0 to 7b1dba1f56 2026-05-14 00:03:35 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.0 to chore(deps): update dependency siderolabs/talos to v1.13.2 2026-05-14 00:03:44 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/siderolabs-talos-1.x:renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x
git rebase main
git switch main
git merge --ff-only renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x
git rebase main
git switch main
git merge --no-ff renovate/siderolabs-talos-1.x
git switch main
git merge --squash renovate/siderolabs-talos-1.x
git switch main
git merge --ff-only renovate/siderolabs-talos-1.x
git switch main
git merge renovate/siderolabs-talos-1.x
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jaskaran/homelab!24
No description provided.