chore(deps): update dependency siderolabs/talos to v1.13.6 #24

Open
jaskaran wants to merge 1 commit from renovate/siderolabs-talos-1.x into main
Owner

This PR contains the following updates:

Package Update Change
siderolabs/talos minor v1.12.4v1.13.6

Release Notes

siderolabs/talos (siderolabs/talos)

v1.13.6

Compare Source

Talos 1.13.6 (2026-07-09)

Welcome to the v1.13.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.38

Talos is built with Go 1.26.5.

Contributors
  • Andrey Smirnov
  • Mateusz Urbanek
  • Noel Georgi
  • Maja Bojarska
  • Mark Glants
Changes
15 commits

Changes from siderolabs/gen
1 commit

Changes from siderolabs/pkgs
7 commits

Changes from siderolabs/tools
1 commit

Dependency Changes
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 -> v1.21.1
  • github.com/aws/aws-sdk-go-v2 v1.41.4 -> v1.41.7
  • github.com/aws/aws-sdk-go-v2/config v1.32.12 -> v1.32.17
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 -> v1.18.23
  • github.com/aws/aws-sdk-go-v2/service/kms v1.50.3 -> v1.51.1
  • github.com/aws/smithy-go v1.24.2 -> v1.25.1
  • github.com/siderolabs/gen v0.8.6 -> v0.8.7
  • github.com/siderolabs/pkgs v1.13.0-36-g6b315f7 -> v1.13.0-43-gd8c80cc
  • github.com/siderolabs/talos/pkg/machinery v1.13.5 -> v1.13.6
  • github.com/siderolabs/tools v1.13.0-6-g9b78252 -> v1.13.0-7-gc58afd5
  • github.com/sigstore/cosign/v3 v3.0.5 -> v3.0.6
  • github.com/sigstore/sigstore v1.10.5 -> v1.10.6
  • go.uber.org/zap v1.27.1 -> v1.28.0

Previous release can be found at v1.13.5

Images

ghcr.io/siderolabs/flannel:v0.28.5
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.12
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.2
registry.k8s.io/kube-controller-manager:v1.36.2
registry.k8s.io/kube-scheduler:v1.36.2
registry.k8s.io/kube-proxy:v1.36.2
ghcr.io/siderolabs/kubelet:v1.36.2
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.6
ghcr.io/siderolabs/installer-base:v1.13.6
ghcr.io/siderolabs/imager:v1.13.6
ghcr.io/siderolabs/talos:v1.13.6
ghcr.io/siderolabs/talosctl-all:v1.13.6
ghcr.io/siderolabs/overlays:v1.13.6
ghcr.io/siderolabs/extensions:v1.13.6

v1.13.5

Compare Source

Talos 1.13.5 (2026-06-22)

Welcome to the v1.13.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.36
containerd: 2.2.5
runc: 1.4.3

Talos is built with Go 1.26.4.

Contributors
  • Andrey Smirnov
  • Maja Bojarska
  • Noel Georgi
  • Mateusz Urbanek
  • Aleksei Sviridkin
Changes
9 commits

Changes from siderolabs/pkgs
8 commits

Changes from siderolabs/tools
2 commits

Dependency Changes
  • github.com/ryanuber/columnize v2.1.2 new
  • github.com/siderolabs/go-blockdevice/v2 v2.0.28 -> v2.0.30
  • github.com/siderolabs/pkgs v1.13.0-28-g54ec9fc -> v1.13.0-36-g6b315f7
  • github.com/siderolabs/talos/pkg/machinery v1.13.4 -> v1.13.5
  • github.com/siderolabs/tools v1.13.0-4-ga06bb31 -> v1.13.0-6-g9b78252
  • k8s.io/api v0.36.1 -> v0.36.2
  • k8s.io/apiextensions-apiserver v0.36.1 -> v0.36.2
  • k8s.io/apimachinery v0.36.1 -> v0.36.2
  • k8s.io/apiserver v0.36.1 -> v0.36.2
  • k8s.io/client-go v0.36.1 -> v0.36.2
  • k8s.io/component-base v0.36.1 -> v0.36.2
  • k8s.io/cri-api v0.36.1 -> v0.36.2
  • k8s.io/kube-scheduler v0.36.1 -> v0.36.2
  • k8s.io/kubectl v0.36.1 -> v0.36.2
  • k8s.io/kubelet v0.36.1 -> v0.36.2
  • k8s.io/pod-security-admission v0.36.1 -> v0.36.2

Previous release can be found at v1.13.4

Images

ghcr.io/siderolabs/flannel:v0.28.5
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.12
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.2
registry.k8s.io/kube-controller-manager:v1.36.2
registry.k8s.io/kube-scheduler:v1.36.2
registry.k8s.io/kube-proxy:v1.36.2
ghcr.io/siderolabs/kubelet:v1.36.2
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.5
ghcr.io/siderolabs/installer-base:v1.13.5
ghcr.io/siderolabs/imager:v1.13.5
ghcr.io/siderolabs/talos:v1.13.5
ghcr.io/siderolabs/talosctl-all:v1.13.5
ghcr.io/siderolabs/overlays:v1.13.5
ghcr.io/siderolabs/extensions:v1.13.5

v1.13.4

Compare Source

Talos 1.13.4 (2026-06-09)

Welcome to the v1.13.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.34
etcd: v2.6.12
Flannel: v0.28.5

Talos is built with Go 1.26.4.

Contributors
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Orzelius
  • Erwan Leboucher
  • Jonny
  • Rokoucha
  • appkins
Changes
17 commits

Changes from siderolabs/go-kubernetes
1 commit

Changes from siderolabs/pkgs
5 commits

Changes from siderolabs/tools
2 commits

Dependency Changes
  • github.com/siderolabs/go-kubernetes v0.2.37 -> v0.2.38
  • github.com/siderolabs/pkgs v1.13.0-23-g8c18616 -> v1.13.0-28-g54ec9fc
  • github.com/siderolabs/talos/pkg/machinery v1.13.3 -> v1.13.4
  • github.com/siderolabs/tools v1.13.0-2-g1fb762a -> v1.13.0-4-ga06bb31
  • go.etcd.io/etcd/api/v3 v3.6.11 -> v3.6.12
  • go.etcd.io/etcd/client/pkg/v3 v3.6.11 -> v3.6.12
  • go.etcd.io/etcd/client/v3 v3.6.11 -> v3.6.12
  • go.etcd.io/etcd/etcdutl/v3 v3.6.11 -> v3.6.12

Previous release can be found at v1.13.3

Images

ghcr.io/siderolabs/flannel:v0.28.5
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.12
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.1
registry.k8s.io/kube-controller-manager:v1.36.1
registry.k8s.io/kube-scheduler:v1.36.1
registry.k8s.io/kube-proxy:v1.36.1
ghcr.io/siderolabs/kubelet:v1.36.1
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.4
ghcr.io/siderolabs/installer-base:v1.13.4
ghcr.io/siderolabs/imager:v1.13.4
ghcr.io/siderolabs/talos:v1.13.4
ghcr.io/siderolabs/talosctl-all:v1.13.4
ghcr.io/siderolabs/overlays:v1.13.4
ghcr.io/siderolabs/extensions:v1.13.4

v1.13.3

Compare Source

Talos 1.13.3 (2026-05-26)

Welcome to the v1.13.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.33
Kubernetes: 1.36.1
containerd: 2.2.4

Talos is built with Go 1.26.3.

Contributors
  • Andrey Smirnov
  • Noel Georgi
  • Lukasz Raczylo
  • Maja Bojarska
  • Mateusz Urbanek
  • Utku Ozdemir
Changes
19 commits

Changes from siderolabs/go-smbios
1 commit

Changes from siderolabs/pkgs
12 commits

Dependency Changes
  • github.com/containerd/containerd/v2 v2.2.2 -> v2.2.4
  • github.com/siderolabs/go-smbios v0.3.3 -> v0.3.4
  • github.com/siderolabs/pkgs v1.13.0-11-g969f61c -> v1.13.0-23-g8c18616
  • github.com/siderolabs/talos/pkg/machinery v1.13.2 -> v1.13.3
  • golang.org/x/net v0.53.0 -> v0.55.0
  • golang.org/x/sys v0.43.0 -> v0.45.0
  • golang.org/x/term v0.42.0 -> v0.43.0
  • golang.org/x/text v0.36.0 -> v0.37.0
  • google.golang.org/grpc v1.79.3 -> v1.81.0
  • k8s.io/api v0.36.0 -> v0.36.1
  • k8s.io/apiextensions-apiserver v0.36.0 -> v0.36.1
  • k8s.io/apimachinery v0.36.0 -> v0.36.1
  • k8s.io/apiserver v0.36.0 -> v0.36.1
  • k8s.io/client-go v0.36.0 -> v0.36.1
  • k8s.io/component-base v0.36.0 -> v0.36.1
  • k8s.io/kube-scheduler v0.36.0 -> v0.36.1
  • k8s.io/kubectl v0.36.0 -> v0.36.1
  • k8s.io/kubelet v0.36.0 -> v0.36.1
  • k8s.io/pod-security-admission v0.36.0 -> v0.36.1

Previous release can be found at v1.13.2

Images

ghcr.io/siderolabs/flannel:v0.28.4
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.11
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.1
registry.k8s.io/kube-controller-manager:v1.36.1
registry.k8s.io/kube-scheduler:v1.36.1
registry.k8s.io/kube-proxy:v1.36.1
ghcr.io/siderolabs/kubelet:v1.36.1
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.3
ghcr.io/siderolabs/installer-base:v1.13.3
ghcr.io/siderolabs/imager:v1.13.3
ghcr.io/siderolabs/talos:v1.13.3
ghcr.io/siderolabs/talosctl-all:v1.13.3
ghcr.io/siderolabs/overlays:v1.13.3
ghcr.io/siderolabs/extensions:v1.13.3

v1.13.2

Compare Source

Talos 1.13.2 (2026-05-12)

Welcome to the v1.13.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Etcd: 3.6.11
Linux: 6.18.29

Talos is built with Go 1.26.3.

Contributors
  • Noel Georgi
Changes
1 commit

Dependency Changes
  • github.com/siderolabs/talos/pkg/machinery v1.13.1 -> v1.13.2

Previous release can be found at v1.13.1

Images

ghcr.io/siderolabs/flannel:v0.28.4
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.11
registry.k8s.io/pause:3.10.1
registry.k8s.io/kube-apiserver:v1.36.0
registry.k8s.io/kube-controller-manager:v1.36.0
registry.k8s.io/kube-scheduler:v1.36.0
registry.k8s.io/kube-proxy:v1.36.0
ghcr.io/siderolabs/kubelet:v1.36.0
registry.k8s.io/networking/kube-network-policies:v1.0.0
ghcr.io/siderolabs/installer:v1.13.2
ghcr.io/siderolabs/installer-base:v1.13.2
ghcr.io/siderolabs/imager:v1.13.2
ghcr.io/siderolabs/talos:v1.13.2
ghcr.io/siderolabs/talosctl-all:v1.13.2
ghcr.io/siderolabs/overlays:v1.13.2
ghcr.io/siderolabs/extensions:v1.13.2

v1.13.0

Compare Source

Welcome to the v1.14.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

DNS over TLS (DoT) and DNS over HTTPS (DoH) Support

Talos now supports DNS over TLS (DoT) and DNS over HTTPS (DoH) for secure DNS resolution.
These features allow Talos to encrypt DNS queries and responses, enhancing privacy and security for DNS traffic.
The DNS protocol can be configured on a per-name server basis in the ResolverConfig document, allowing for flexible configuration of DNS resolution.

noexec on EPHEMERAL (/var)

The EPHEMERAL volume (/var) is now mounted with noexec in addition to the existing nosuid and nodev,
blocking binary execution from /var.

Workloads that exec binaries placed under /var will break.
For example, Longhorn v1's instance-manager exec's engine binaries the engine-image DaemonSet drops under /var/lib/longhorn/engine-binaries/,
which now fails with permission denied. Affected users can opt out via a VolumeConfig document:

apiVersion: v1alpha1
kind: VolumeConfig
name: EPHEMERAL
mount:
  secure: false

NOTE: Setting secure: false will also disable nosuid and nodev, which may have security implications. Use with caution.

Upgrade note: apply this VolumeConfig patch before upgrading, otherwise affected workloads will fail after the next reboot. Longhorn v2 (SPDK data engine) runs the data plane inside the instance manager process and is not affected.

Apply Configuration Modes

The '--mode=reboot' option has been removed from the talosctl apply-config command; by default, configuration is applied without a reboot.
Most configuration changes don't require a reboot; the documentation lists the changes that do.

Btrfs Support

Talos now supports mounting and provisioning btrfs filesystem for user volumes and existing volumes.

Support for btrfs is enabled by installing btrfs system extension.

Containerd NRI

Talos no longer disables NRI (Node Resource Interface) for the CRI containerd instance by default, so NRI is available
to use without any machine config patches.

To bring back the old behavior of NRI disabled by default, use the following machine config patch:

machine:
  files:
    - content: |
        [plugins]
          [plugins."io.containerd.nri.v1.nri"]
             disable = true
      path: /etc/cri/conf.d/20-customization.part
      op: create
Default Installer Image

The default installer image has been updated to use the Image Factory.
The ghcr.io/siderolabs/installer image is no longer published with releases; use the Image Factory installer image instead.

DHCP Search Domains

DHCPv4 search domains are now applied to the resolver configuration.

Encryption Discards

Volume encryption now supports an allowDiscards option (disabled by default) which passes TRIM/discard requests
through to the underlying device when the encrypted volume is opened.

This only enables passing discards through to the underlying device; Talos does not perform any fstrim/discard operation by itself.

etcd

Talos is now compatible with etcd v3.6.x only (the default etcd version was 3.6.x since Talos v1.11).
The default version is 3.7.0+ now.

etcd now serves its HTTP-only endpoints (/metrics, /health, the gRPC-gateway JSON API) on a dedicated
listener on port 2383, while the client port 2379 serves gRPC only. This keeps gRPC off Go's net/http
HTTP/2 server, avoiding watch-stream starvation under TLS (see etcd-io/etcd#15402, golang/go#58804,
etcd-io/etcd#21605).

Upgrade note: etcd metrics and the HTTP health endpoint are no longer reachable on 2379; scrape them on
port 2383 instead (same client mTLS as before). etcd gRPC clients and the Talos health check are unaffected.

Firewall might need to be adjusted to block the port 2383 if previously 2379 was blocked.

If --listen-metrics-urls was customized, the metrics should not move.

Filesystem Trim

Talos can now periodically trim (the equivalent of the fstrim command) mounted filesystems which support trimming,
discarding unused blocks. This is useful for SSDs and thin-provisioned storage.

Trimming is opt-in via a new FilesystemTrimConfig document which sets the global trim interval:

apiVersion: v1alpha1
kind: FilesystemTrimConfig
interval: 168h0m0s # one week

The default machine configuration for Talos 1.14+ includes a FilesystemTrimConfig document with a default trim interval of one week,
so trimming is enabled by default for eligible filesystems. For cluster which were upgraded from older versions, the FilesystemTrimConfig document will be missing,
so trimming will be disabled by default until the document is added.

When the document is present, Talos builds a stable schedule (hashed by node ID and volume ID, so trims are spread out
across volumes and across nodes in a cluster) and trims eligible volumes (ready disk/partition volumes with a
trim-capable filesystem; for encrypted volumes only when allowDiscards is set).

The trim interval can be overridden or disabled per-volume via a trim block on the volume documents
(VolumeConfig, UserVolumeConfig, ExistingVolumeConfig, ExternalVolumeConfig):

trim:
  enabled: true
  interval: 24h0m0s
Flannel CNI

Talos now configures Flannel with the EnableNFTables option enabled, which uses nftables native backend instead of iptables-nft compatibility layer.

Host DNS Configuration

HostDNS configuration was moved from the v1alpha1 config .machine.features.hostDNS field to the new hostDNS in the ResolverConfig document.

HTTP Probe Support

Talos now supports HTTP network probes, allowing for monitoring of HTTP endpoints.
HTTP responses with status 200-399 are considered successful, while connection and transport errors are treated as failures.

Image Cache Configuration

Talos now supports a new ImageCacheConfig document for configuring the Image Cache feature, replacing the old machine.features.imageCache field in the v1alpha1 config.
Old configuration is still supported for backwards compatibility.

Kernel Multi-document Configuration

Talos introduces new multi-document configuration for kernel parameters (sysctl and sysfs settings), replacing the old v1alpha1 config fields.
The old configuration is still supported for backwards compatibility, but new deployments should use the new documents.

If both old and new configuration sources are used, the new multi-document configuration takes precedence over the old v1alpha1 config on conflicting fields.

List of changes:

  • Deprecated .machine.sysctls in the v1alpha1 config; use the SysctlConfig document for kernel sysctl configuration.
  • Deprecated .machine.sysfs in the v1alpha1 config; use the SysfsConfig document for sysfs configuration.
Kernel Module Status

Talos now reports the status of both dynamically loaded, and built-in kernel modules.

The LoadedKernelModule resource has been deprecated and superseded by the new KernelModuleStatus resource.

Kubernetes Multi-document Configuration

Talos introduces new multi-document Kubernetes configuration, which allows for more flexible and modular configuration of Kubernetes components.
Talos still supports the old v1alpha1 config for backwards compatibility, but new features and fields will only be available in the new multi-document format.
Talos introduces support for configuring multiple discovery service endpoints.
The kube-proxy is now using configuration to manage its settings instead of command line arguments (with new KubeProxyConfig document).

List of changes:

  • Deprecated .cluster.secretboxEncryptionSecret in the v1alpha1 config; use the KubeEtcdEncryptionConfig document for full etcd encryption configuration.
  • Deprecated .cluster.apiServer in the v1alpha1 config; use the KubeAPIServerConfig, KubeAdmissionControlConfig, KubeAuditPolicyConfig, KubeAuthenticationConfig and KubeAuthorizerConfig documents for kube-apiserver configuration.
  • Deprecated .cluster.controllerManager in the v1alpha1 config; use the KubeControllerManagerConfig document for kube-controller-manager configuration.
  • Deprecated .cluster.scheduler in the v1alpha1 config; use the KubeSchedulerConfig document for kube-scheduler configuration.
  • Deprecated .cluster.proxy in the v1alpha1 config; use the KubeProxyConfig document for kube-proxy configuration.
  • Deprecated .cluster.network in the v1alpha1 config; use the KubeNetworkConfig document for Kubernetes network configuration; Flannel can be configured using the KubeFlannelCNIConfig document.
  • Deprecated .cluster.discovery in the v1alpha1 config; use the DiscoveryServiceConfig document for discovery service configuration. The v1alpha1 config and DiscoveryServiceConfig are mutually exclusive.
LVM Logical Volume Creation

Logical volumes can now be declared with a new LVMLogicalVolumeConfig multi-doc config kind. Each document
names a logical volume, its parent volumeGroup, a type (linear, raid0, raid1 or raid10) and a
maxSize (absolute, e.g. 50GiB, or a percentage of the volume group, e.g. 80%). RAID layouts accept
optional mirrors (raid1/raid10, default 1) and stripes (raid0/raid10, default: all available physical
volumes) fields. Once the volume group is assembled the logical volume is created via lvcreate.

Raising maxSize grows an existing logical volume via lvextend; percentage-sized volumes also grow when
their volume group is extended. Shrinking is never performed (it risks data loss) - a request to reduce the
size surfaces an LVMValidationError instead. Removal stays an explicit operation via the LVMService LV
remove RPC (talosctl wipe lv).

LVM Status

Talos now provides detailed LVM status information, allowing for better monitoring and management of LVM volumes.
New resources LVMPhysicalVolumeStatus, LVMVolumeGroupStatus, and LVMLogicalVolumeStatus expose PV, VG, and LV details.
DiscoveredVolume resources for logical volumes are listed by their kernel name (e.g. dm-0). To resolve the <vg>/<lv> for a given device, use the Disks or BlockSymlinks resources, which carry the udev-managed symlinks (e.g. /dev/disk/by-id/dm-name-<vg>-<lv>).

LVM Volume Group Creation

Talos can now create and grow LVM Volume Groups declaratively through a new LVMVolumeGroupConfig multi-doc
config kind. Each document names a Volume Group and a CEL volumeSelector over the disk inventory; matched
disks are initialised as Physical Volumes (pvcreate) and aggregated into the requested VG (vgcreate).
Newly matched disks added to an existing VG are attached via vgextend.

Reconciliation is strictly additive and safe-by-default.

LVM Wipe

Talos now provides the ability to securely wipe LVM metadata from logical volumes, volume groups, and physical volumes.
This feature allows for selective wiping of logical volumes, volume groups, and physical volumes.

With talosctl wipe lv/vg/pv <name>, users can wipe LVM metadata from a specific logical volume, volume group, or physical volume.

NTS for Time Synchronization

Talos now supports Network Time Security (NTS) for secure time synchronization.
This feature enhances the security of NTP by providing cryptographic authentication of time sources.

NTS is enabled by default (without any configuration sources) for the default time.cloudflare.com time server
NTS can be enabled for custom time servers via the new useNTS field in the TimeServerConfig document.

ICMP send_redirects Disabled by Default

Talos now sets net.ipv4.conf.all.send_redirects=0 and net.ipv4.conf.default.send_redirects=0 by default,
preventing the node from emitting ICMP redirect messages. This aligns with CIS Benchmark recommendations and
does not affect normal Kubernetes pod or service traffic. Nodes that deliberately act as L3 gateways relying
on ICMP redirects can override this via machine.sysctls.

Support Bundle Encryption

The talosctl support command now encrypts support bundles using the age encryption tool, enhancing the security of support data.
The default set of recipients includes the 'siderolabs' GitHub organization members, but it can be overridden with custom recipients.

TLS 1.3 Minimum Version

Talos now runs etcd and kube-apiserver with a minimum TLS version of 1.3, improving security by leveraging the latest TLS features and cipher suites.
Custom settings for cipher suites have been removed, as they are ignored when TLS 1.3 is used, which simplifies configuration and ensures the use of modern, secure defaults.

Component Updates

Linux: 6.18.36
Kubernetes: 1.36.2
containerd: 2.3.2
etcd: 3.7.0-rc.0-0
Flannel: v0.28.5
runc: 1.5.0-rc.3
CoreDNS: 1.14.2

Talos is built with Go 1.26.4.

Contributors
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Maja Bojarska
  • Orzelius
  • Erwan Leboucher
  • Utku Ozdemir
  • Lukasz Raczylo
  • Mickaël Canévet
  • Dmitrii Sharshakov
  • Dmitriy Matrenichev
  • Oguz Kilcan
  • Rokoucha
  • buckaroo
  • immanuwell
  • Aleksei Sviridkin
  • Ansgar Dahlen
  • Artem Chernyshev
  • Benoît Knecht
  • Christian Korneck
  • David Orman
  • Dharsan Baskar
  • Edward Sammut Alessi
  • Filip Boye-Kofi
  • Fritz Schaal
  • Immanuel Tikhonov
  • Jaakko Sirén
  • Jonny
  • Justin Garrison
  • Kevin Tijssen
  • Konstantin Nesterov
  • Nico Berlee
  • Pranav Patil
  • YANG JOO WOONG
  • Zadkiel AHARONIAN
  • appkins
  • kastakhov
Changes
331 commits

  • 917820cb3 chore: sync pkgs/tools
  • b34be14e9 fix: cli.md codeblock generation
  • 25abcc6b5 docs: update kubespanconfig to match discoveryserviceconfig
  • 742589f50 feat: support multiple discovery service configs
  • fc3f27d79 chore: enrich the SBOM with Go module licenses
  • 47d5c3351 fix: handle image cache being disabled
  • 1a965aec3 test: disable LongHorn ublk test and add more cores
  • 6d03b3f61 fix: align documented image cache partition label
  • 6447d854f fix(talosctl): use aio threads on darwin
  • f856d1808 fix: image verification with referrers
  • 11a7fbe4c feat: extract kube-apiserver config into multi-doc configs
  • 337654d2b test: fix rook-ceph tests
  • e33a86825 feat: add AMD XGBE driver to initramfs
  • bd2d6242a fix: revert coredns to 1.14.2
  • 7c4e644f8 feat: update Linux to 6.18.36
  • 6e23a5c2f chore: refactor bare opentree_clone into a mount helper
  • dfbd30959 fix(talosctl): prevent appending type 11 smbios values on restart
  • 5926dd70d test: support running integration test against remote provisioner
  • f146c6a18 feat: refactor /etc mounts
  • ebe364117 chore: bump containerd to 2.3.2
  • bc30c61a1 chore: bump deps (go, k8s, docker)
  • 00d739d0a test: skip fstrim default schedule on cloud tests
  • d9c6edf01 fix: bump number of open files for etcd
  • 990c5395c chore: update tools and pkgs 2026-06-17
  • 325be7cd8 refactor: config generate uses multi-doc sysctlconfig
  • d6930633b fix: clean up and overhaul mount ops
  • a0219404d fix: cgroups cleanup
  • 58d8b71c4 fix: stop the log persistence and close all files on shutdown
  • 4b32ebc17 refactor: simplify trustd/apid rootfs setup
  • dc98e3553 feat: implement filesystem trim support
  • 897bef633 feat: introduce KubeProxyConfig multi-doc
  • ebde543cf feat: introduce BootID resource
  • cd178b9f3 fix: ensure consistent manifest apply order
  • 19fac6151 feat: remote provisioner
  • b6412e031 fix: drop one more reference to removed 'nodes'
  • be7f7a7db feat: add human-readable size fields to LVM resources
  • d4e0ca1ba fix: make LVM reconciliation robust and idempotent
  • 0dbc1e529 chore(ci): fix flaky test
  • b687a47ab feat: implement an option to allow discards on encrypted volumes
  • 3fc981c57 fix: improve security of scheduler/controller-manager
  • 5d4af9f33 fix: gracefully stop node containers before removal
  • c1593d8a3 fix: honor FailurePauseTimeout when pausing before reboot
  • 506dc1323 feat: add imager flag to set the SecureBoot key enrollment mode
  • 5d4ba702e refactor: generate pod definitions in k8stemplates
  • 995bc30d5 feat: drop apply config method reboot
  • 18f6cb4d0 fix: increment time epoch on wall-clock jump when time sync is disabled
  • 755a8c8eb feat: update etcd to 3.7.0-rc.0
  • a0c76fad1 feat(talosctl): implement cluster logs
  • db052165c feat(talosctl): support rebooting cluster nodes
  • 0a04f463a feat(talosctl): use gateway dns for cluster
  • cf3eb1cad chore(talosctl): disable kexec for cluster create on arm64
  • 180182b0f fix: correct the link alias condition
  • ac9014f05 fix: introduce pull attempt stall detection for image pull
  • f2286d616 fix: move Flannel netpol patch to the controlplane
  • 9986c0b16 feat: bump kernel to 6.18.35
  • e8845fba6 fix: route ProxyURL test via reachable endpoint
  • 44acedf30 feat: add declarative LVM logical volume provisioning
  • f6058a11b feat: grab support bundle via client factory
  • cdd719773 feat: add CPUCores resource
  • 8e41eb1bd feat: verify go.mod tidiness in generate target
  • b19e2ea42 feat: add kube-apiserver probes
  • a321a1dcc feat: support proxy-url in talosconfig context
  • bb2ac7546 feat: parse schematic info out of extension status
  • 0c02a5a07 fix: align flannel MTU with kubespan to avoid permanent fragmentation
  • 3d5fd822c feat: expose disk firmware and BIOS version
  • 30115981c fix: relax LUKS header validation
  • 5923199fb refactor: use ClientFactory for the action tracker
  • 72c0ced3c refactor: deprecate sysfs and sysctl in machineconfig
  • ee74a41fb fix: handle cluster-scoped resources with a namespace correctly
  • 9df5a647a feat: allow to disable access time for EPHEMERAL partition
  • 9b667dbde chore: fix lint error in test
  • 311378386 test: increase resource inmem buffer to stabilize the tests
  • 6f85ce3d2 docs: hack/release.toml explains kernelmodulestatus
  • 9bb0a5d01 fix(talosctl): add scrolling to dashboard footer node list
  • 4c029c2d6 fix: machine configuration schemas
  • c3052e845 feat: move CNI config out of v1alpha1 config
  • 1d2f1208c feat: add declarative LVM volume group provisioning
  • 85f1d428f chore: refactor tests to use debug api
  • c901d47a5 refactor: talosctl streaming commands and more fixes
  • 166854959 fix: mark more resources as sensitive
  • 58adf2e00 fix: classify installer and imager exits
  • 9549930ff feat: update Flannel to v0.28.5
  • 27362d18e refactor: replace the callback strategy for most commands
  • cb42d9d9a feat: implement support bundle encryption
  • 9ae260b55 feat: enable NRI by default
  • d1d5847b0 fix: flaky test
  • 0f2331586 feat: support external secureboot and pcr signers
  • b349d919d feat: enforce strict QoS ordering in OOM victim selection
  • 76d9b49bd fix(ci): aws nvidia tests
  • 3131826cd fix: provide NTS sync with bad initial clock state
  • 89e307e58 fix: etcd client leak in the (legacy) Upgrade API
  • 476c4d050 fix: recreate dns server and listeners on host DNS runner restart
  • 9a283d9b1 feat: bump Go to 1.26.4
  • 4759dc246 chore: bump dependencies
  • 26a25a073 chore(ci): drop homebrew workflow
  • fa8a55192 feat: update etcd to v3.6.12
  • 41fcab476 feat: update kernel to 6.18.34
  • 8ba00612b feat: update dependencies
  • 6e2dec1ea refactor: update talosctl commands to stop using WithNodes
  • f9ad63a35 feat: add custom logging convention linter
  • 30dbce03f chore: make oci images reproducible
  • 38244fd5b feat: add sbom builder
  • 5177c50e2 refactor: deprecate loadedkernelmodule
  • c2eef3645 fix: health request server-side
  • d6eff8eff refactor: drop multi-nodes proxying for the dashboard
  • 2e547a964 refactor: deprecate multi-node proxying
  • ddcc519e1 fix: add --fail to image-signer curl download
  • e5b0b1dde fix: normalize log fields
  • d8e95c396 fix: drop installer from bundle
  • 7aad9ec81 feat: update pkgs, tools, Go dependencies
  • b50ee396f fix: fix trace fix to also lookup release branches
  • 027c93d25 release(v1.14.0-alpha.1): prepare release
  • 4eb862d09 feat: add LVMService for VG/LV/PV removal
  • b88f16a52 fix: use POSIX shell idioms for error propagation
  • 5290eb374 fix: suppress ICMP redirects by default
  • 7b4aba2e5 fix: marshal kube-scheduler config correctly with int types
  • 894be9bf5 fix: touch rootfs files with SOURCE_DATE_EPOCH
  • cde82224e fix: ignore cgroups with zero rank in OOM handler
  • bc0372411 fix: bring in a change to BCM2712_MIP
  • f572c33f1 chore: fail on makefile error
  • e317d4b47 fix: drop modprobe path and enforce usermode helper
  • 89e53f610 fix(machined): make built-in mod state always 'permanent'
  • cfbec9bd5 test: skip UEFI vars wipe if TPM is enabled
  • 1e31deda3 fix: create parent directories when extracting tar archives
  • 14dc188bd chore: verify go-containerregistry preserves symlinks
  • 951922dfb fix: guard apply config API call
  • 3e173adf4 feat: move kube-controller-manager config to multi-doc
  • b5cda3438 fix: reset QEMU UEFI variable store when disk is wiped
  • 4a17ac6ac chore: script for tracking fixes made in upstream toolchain/tools/pkgs
  • d71edeead feat: add LVM status resource definitions
  • 4aeba1cde fix: perform backwards-compatible kernel args cleanup
  • 9b7b2bf36 feat: implement support for btrfs user volumes
  • 03ee8ee3a feat(machined): support instance tags on Akamai
  • d19f9ade0 fix: memorymodules resource reporting
  • a6edcf6f3 chore: move out adv library
  • 40e66eac7 fix: bump Go golang.org/x modules
  • e23ca4a0a chore(ci): add upgrade tests for trustedboot
  • e3003c0ec chore: bump tpm nonce size to match the algorithm used
  • 8fd04da1f feat: add bnxt_re module to the rootfs
  • 1cfab00f1 fix: update etcd experimental args
  • ad96fc6ae fix: relax hostname config validation
  • efd735334 chore(ci): add missing labels, move release metadata check to job
  • 9ec045059 feat: update containerd to 2.3.1
  • 42f4144a1 feat: introduce new KubeSchedulerConfig
  • f2b7f39db refactor: move Args type out of config/v1alpha1
  • b959dcb3e fix: bump Kubernetes to 1.36.1 in one more place
  • 8ecc77f1a feat: update default Kubernetes version to 1.36.1
  • cbd9c3745 chore: rekres to secure slack workflows
  • 6a92fc653 test: update Canal version used in the tests
  • be12d3d08 feat: support 4k sector size disk images
  • a7e8f4c28 chore(ci): fix cloud image upload job name
  • 4319399f6 feat: introduce more modular Linux kernel
  • ed5df89f6 feat(ci): rotate credentials
  • a6a984ff7 chore(ci): fix the job conditions
  • ecb7d4588 feat: enable Flannel nftables mode
  • 9919ff781 feat: update Linux to 6.18.32
  • 1a7d136e4 feat: add Azure Secure Boot imager profile
  • df68e7391 feat: implement kernel module status resource
  • e98ee99d4 fix: streamline config validation flow
  • d7f0a2fd4 feat: update Linux to 6.18.31
  • 2b66e25a5 chore: update image signer
  • 5aa1795f9 chore: drop e2e step dependencies
  • d42b3b396 feat: update Linux to 6.18.30
  • c3f6f3507 feat: implement static host resolving via host DNS
  • 2f06a68ef refactor: split host DNS handler
  • e99c5be5a feat: implement DNS over HTTP(S)
  • cf6065238 chore: stop publishing installer to ghcr
  • 0edabd29c fix: restore some shared (and some lower tier slave) mount propagation
  • f1578dc63 fix: image verification issue with registry.k8s.io
  • 46b1f8a24 fix: rework how scheduler config is marshaled
  • 820a9fa59 chore: fix typos in comments
  • 649a384a9 feat: move more kernel stuff to modules
  • 4f3ab2012 chore(ci): try fixing homebrew action
  • 600c0ab5d feat(ci): validate that extensions PKGS and TOOLS sync with talos
  • 76080416b feat: redact more machine config secrets and audit redactors
  • aabf63957 docs: drop controlplane endpoint examples
  • b48a2bef4 test: relax kernel-default routing rule assertion
  • d2208b034 refactor(talosctl): propagate command context throughout, handle interrupts
  • 0760b5c28 fix: normalize source name for syft consistency
  • c49ac0ec2 docs: document release policy
  • ec7e6ef9f feat: bump in-toto indirect dependency
  • 21858a674 feat: update kernel to 6.18.29
  • 5a49dc61d feat: migrate Image Cache config to multi-doc
  • 574298ec1 fix: handle empty GCP operation errors
  • 366b10b79 feat: dockerfile improvements
  • 9a1d9d0af feat: bump go 1.26.3
  • 6eec1c229 feat: support DNS over TLS for upstream resolvers
  • dee139aef feat: revert update CoreDNS to 1.14.3
  • 087bc4c18 chore: lint packages under tools
  • 9e7516fae fix: clarify documentation for image verification pattern
  • 41c8e9dc4 feat: bump dependencies
  • 2b6c06ef5 feat: update CoreDNS to 1.14.3
  • 6b6f7978b feat: update containerd to 2.3.0
  • f9c4f90da feat(ci): longhorn v2 ublk tests
  • 84d169c62 fix: make dnsd retry listening
  • 689974bd5 fix: volume mount permissions
  • ff0f66bdf fix: skip reserved routing rule priorities
  • 850e2c754 feat: drop fakeroot, use go helper
  • 0c1bd701a feat: add golangci-lint fmt target
  • 53bd66956 feat: support conditional start of IPv6 dns servers
  • b31d93e0d feat: auto-enroll SecureBoot keys for disk images
  • 849a68006 test: update pkgs to test new extensions
  • c30a6dfcb fix: preserve DHCP DNS servers
  • 5b81b20d3 feat: apply DHCP search domains
  • 4e5ff8fa2 fix(ci): zfs test
  • 14abe5140 fix: handle gateways which are not on-link routes in dhcp4
  • e1f759af8 chore: fix lint issues automatically
  • 664c5f643 chore: update tools
  • c64df2b61 fix: add missing kernel modules in rootfs
  • f73c24594 feat: run depmod with verification on rootfs build
  • 1371596d7 fix: provide proper AWS platform metadata
  • 4f11f021d feat: implement etcd encryption config (kube-apiserver)
  • 876f83643 feat: add support for HTTP Probes
  • 9b776d598 feat: update etcd to 3.6.11
  • 631a1bc5e fix: bring in hardened kernel
  • a349dac03 fix: stale discovered volume children
  • 13ce01879 fix: re-enable kexec on arm64
  • 32539d4ac fix: deadlock in the makefs ext4 with populated source
  • 0f3e1966a fix: panic in Kubernetes manifest sync
  • 3bae01ac1 fix: do not pick up a system disk from a loop device
  • dedb7a96c fix(talosctl): protect k8sNames map writes with mutex
  • cc2be213a fix: drop explicit platform matcher
  • 1dffebaf2 fix: mount throws EPERM on virtiofs with SELinux
  • 48a481c29 fix: replace Canal manifest with a more recent one
  • 6a445406e fix: make lacp active nilable
  • 0d1d95c7d fix: bump go-kmsg to fix the timestamp drift
  • bd344fd53 fix: reset the ticker when the KubeSpan is disabled/enabled
  • 462015bcd release(v1.14.0-alpha.0): prepare release
  • 8a037a56e test: fix flaky tests
  • 08c81d838 feat: bump kernel to 6.18.25
  • fe40b6e58 fix(ci): fetch empty pr labels
  • 837a9ed07 feat: move host DNS config into ResolverConfig
  • 96a8ecd1e feat: default to factory installer image
  • f19eef78b fix: revert add extraArgs from service-account-issuer
  • 6821225b6 fix: revert use append instead of prepend in service-account-issuer
  • b43c3a124 feat: add quirk for talosctl factory downloads
  • df0b9a8da refactor: make all controller unit-test follow modern patterns
  • c2948cef2 feat: support auth for Image Factory in cluster create
  • 560bcf0ca feat: enforce TLS 1.3 minmum version for Kubernetes components
  • 3db14309e fix(talosctl): ensure uncordon runs after reboot/upgrade errors
  • ecf2fa855 feat: update Kubernetes to v1.36.0
  • 71557eadd fix(ci): skip misc jobs not on pull request
  • 026313b7c docs: rename security-insights.yml to lowercase for LFX detection
  • dc4ffd490 fix(ci): fix jobs not interpolating matrix due to condition
  • 25e2f37e2 chore: generate comments for fields in resource proto
  • 149592fa5 fix: watch kubelet's kubeconfig and time out for cache sync
  • 1f315e6e9 feat: update Linux to 6.18.23
  • 0198eedc2 feat: add NTS (Network Time Security) support for NTP time sync
  • 6830a8b97 fix(ci): matrix jobs cleanups
  • 71aeb347f test: fix OOM test flake
  • 9b9542cc5 test: fix a flake in the manifest sync test
  • 863d882b6 test: add image verification for factory.talos.dev
  • bba0b4aee chore(ci): nvidia update helm values
  • 3399ff4de fix: propagate route table down to the resource
  • c684ec60e chore: prepare for Talos 1.14 release
  • ed9545d0d chore(ci): bump gpu operator version
  • 4de3e4393 fix(ci): cron triggered workflows
  • 212182e6f chore: bump container registry library
  • c028db0b8 fix: do not flip machine stage to rebooting during shutdown
  • 6ce62d9e8 fix(ci): workflow runs with workflow_run
  • 509cd9733 fix: boot entry detection
  • 5e3f30188 feat(ci): rework to schedule daily runs after a cron
  • 7fa4d3919 fix: zfs extensions test
  • 1ef8e630a test: allow more tests to run in FIPS strict mode
  • bdcc9321b fix: reduce memory dashboard usage
  • 2d177af82 chore: update Syft to v1.42.4+patches
  • 0d8362119 fix: return failed precondition on upgrade when not installed
  • be58eafab fix: wrong slot of encryption key was logged
  • 015081c76 feat: update dependencies
  • 9fbb7c95d fix: audit trustd code for security
  • 986e97fc7 feat: update Flannel to 0.28.4
  • f3817d1d1 chore: update sign images to support image name suffix
  • e776721f3 feat: update Kubernetes 1.36.0-rc.1
  • f6e7346fa fix: encode extra args fields in resources with new id
  • 3c7bb80ba chore: bump tools
  • 3ba35c9b9 chore(ci): nvidia try UKI boot
  • e3e8f01ca chore: bump tools
  • 181584a5f fix: handle boot failure
  • c464c7e88 fix: upgrade API in maintenance mode (legacy)
  • b7512d912 feat: update Kubernetes to 1.36.0-rc.0
  • 4ba11156f refactor: allow overriding out image name suffix
  • c81aa125c fix: panic in reading PCR values
  • 6a3ab87c5 feat(ci): add nvidia arm64 matrix
  • 21f459aab fix(talosctl): always use default GRPC dial options
  • ca208e514 fix: validate hostDNS forwarding requires hostDNS to be enabled
  • 9fcb9e05b feat: bump go to 1.26.2
  • 0bfdf7f70 fix: create correct blackhole routes for IPv4
  • 52b920032 feat: add client-side Kubernetes node drain to reboot and upgrade commands
  • 968ec1e0c refactor: propagate NAME properly, allow to set on build
  • acc69c346 fix: set the minimum TLS version to 1.3
  • 0cfa6e302 chore: bump some tool dependencies
  • 4229bb9d2 feat: add dis-vulncheck tool
  • d697f5538 fix: don't set xattrs while decompressing extensions
  • 34fb2cbe5 refactor: remove manual shell completion and replace with cobra completion
  • 79fa2e300 feat: allow more nvidia and nvme files from extensions
  • 414f78a29 feat: allow glibc ld files in etc
  • 1bbba4301 feat: update Flannel to v0.28.2
  • 55815e0fa fix: handle ISOs with zeroes in volume labels
  • 7b6ab0c1c feat: add flag to force fallback to legacy upgrade
  • 5e24d5265 feat: add resource view to talosctl dashboard
  • 649ab7fe4 fix: add os:meta:writer role to the dashboard
  • 10cdfa909 fix: drop talosctl install
  • 087ced85f fix: unseal with "slow" TPM
  • 11ab0a8c5 fix: drop unused type from ExternalVolume schema
  • e2df0f6ce fix: always grow disks
  • 919d8c365 chore: drop debug shell
  • 783a35851 fix: add metal-agent mode to runtime capabilities
  • 37b2221cc docs: add SECURITY-INSIGHTS.yml for OSPS Baseline QA-04.01
  • bed2bd414 feat: add graceful power off support to QEMU VM launcher
  • 3400059cc fix: incorrect route source for on-link routes
  • b3dfbf743 feat: bump musl to 1.2.6
  • 4227921b3 test: fix the PKI mismatch test flake
  • f2bc2dcc6 feat: update NVIDIA production drivers to 595.58.03
  • aa5946dd3 test: fix cron failures for provision-1 & provision-2
  • 1dd701efa fix: allow blockdevice wipe in maintenance mode
  • 786bf00ab feat: add --platform=all support to image cache-create
  • e1f645e3c feat: validate luks headers for tampering
  • ad72c7300 test: improve maintenance API provision tests
  • 70cefab6a test: fix the flakes in tests with trusted roots
  • aacff17f4 test: bump memory for Flannel netpolicy tests
  • 9c3459114 feat: update Linux to 6.18.19, CNI to 1.9.1
  • 038cb8735 feat: enforce PID check on connections to services over file sockets
  • e2b2dd3ea chore: update go-kubernetes library
  • 9597714f6 fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin
  • 8ac47d677 fix: unset rlimits for extension services
  • b1a02f368 feat: update Kubernetes to 1.36.0-beta.0
  • 362fdc9ec feat: update etcd to 3.6.9
  • 0a47f40b3 fix(machined): clear stale bond ARP/NS targets on decode
  • 86344639f fix: update diff library to v1.0.1
  • eff89d1ed fix: panics in diff algorithms
  • 8e1c8a7a9 test: fix the apid test against AWS/GCP

Changes since v1.14.0-alpha.1
111 commits

  • 917820cb3 chore: sync pkgs/tools
  • b34be14e9 fix: cli.md codeblock generation
  • 25abcc6b5 docs: update kubespanconfig to match discoveryserviceconfig
  • 742589f50 feat: support multiple discovery service configs
  • fc3f27d79 chore: enrich the SBOM with Go module licenses
  • 47d5c3351 fix: handle image cache being disabled
  • 1a965aec3 test: disable LongHorn ublk test and add more cores
  • 6d03b3f61 fix: align documented image cache partition label
  • 6447d854f fix(talosctl): use aio threads on darwin
  • f856d1808 fix: image verification with referrers
  • 11a7fbe4c feat: extract kube-apiserver config into multi-doc configs
  • 337654d2b test: fix rook-ceph tests
  • e33a86825 feat: add AMD XGBE driver to initramfs
  • bd2d6242a fix: revert coredns to 1.14.2
  • 7c4e644f8 feat: update Linux to 6.18.36
  • 6e23a5c2f chore: refactor bare opentree_clone into a mount helper
  • dfbd30959 fix(talosctl): prevent appending type 11 smbios values on restart
  • 5926dd70d test: support running integration test against remote provisioner
  • f146c6a18 feat: refactor /etc mounts
  • ebe364117 chore: bump containerd to 2.3.2
  • bc30c61a1 chore: bump deps (go, k8s, docker)
  • 00d739d0a test: skip fstrim default schedule on cloud tests
  • d9c6edf01 fix: bump number of open files for etcd
  • 990c5395c chore: update tools and pkgs 2026-06-17
  • 325be7cd8 refactor: config generate uses multi-doc sysctlconfig
  • d6930633b fix: clean up and overhaul mount ops
  • a0219404d fix: cgroups cleanup
  • 58d8b71c4 fix: stop the log persistence and close all files on shutdown
  • 4b32ebc17 refactor: simplify trustd/apid rootfs setup
  • dc98e3553 feat: implement filesystem trim support
  • 897bef633 feat: introduce KubeProxyConfig multi-doc
  • ebde543cf feat: introduce BootID resource
  • cd178b9f3 fix: ensure consistent manifest apply order
  • 19fac6151 feat: remote provisioner
  • b6412e031 fix: drop one more reference to removed 'nodes'
  • be7f7a7db feat: add human-readable size fields to LVM resources
  • d4e0ca1ba fix: make LVM reconciliation robust and idempotent
  • 0dbc1e529 chore(ci): fix flaky test
  • b687a47ab feat: implement an option to allow discards on encrypted volumes
  • 3fc981c57 fix: improve security of scheduler/controller-manager
  • 5d4af9f33 fix: gracefully stop node containers before removal
  • c1593d8a3 fix: honor FailurePauseTimeout when pausing before reboot
  • 506dc1323 feat: add imager flag to set the SecureBoot key enrollment mode
  • 5d4ba702e refactor: generate pod definitions in k8stemplates
  • 995bc30d5 feat: drop apply config method reboot
  • 18f6cb4d0 fix: increment time epoch on wall-clock jump when time sync is disabled
  • 755a8c8eb feat: update etcd to 3.7.0-rc.0
  • a0c76fad1 feat(talosctl): implement cluster logs
  • db052165c feat(talosctl): support rebooting cluster nodes
  • 0a04f463a feat(talosctl): use gateway dns for cluster
  • cf3eb1cad chore(talosctl): disable kexec for cluster create on arm64
  • 180182b0f fix: correct the link alias condition
  • ac9014f05 fix: introduce pull attempt stall detection for image pull
  • f2286d616 fix: move Flannel netpol patch to the controlplane
  • 9986c0b16 feat: bump kernel to 6.18.35
  • e8845fba6 fix: route ProxyURL test via reachable endpoint
  • 44acedf30 feat: add declarative LVM logical volume provisioning
  • f6058a11b feat: grab support bundle via client factory
  • cdd719773 feat: add CPUCores resource
  • 8e41eb1bd feat: verify go.mod tidiness in generate target
  • b19e2ea42 feat: add kube-apiserver probes
  • a321a1dcc feat: support proxy-url in talosconfig context
  • bb2ac7546 feat: parse schematic info out of extension status
  • 0c02a5a07 fix: align flannel MTU with kubespan to avoid permanent fragmentation
  • 3d5fd822c feat: expose disk firmware and BIOS version
  • 30115981c fix: relax LUKS header validation
  • 5923199fb refactor: use ClientFactory for the action tracker
  • 72c0ced3c refactor: deprecate sysfs and sysctl in machineconfig
  • ee74a41fb fix: handle cluster-scoped resources with a namespace correctly
  • 9df5a647a feat: allow to disable access time for EPHEMERAL partition
  • 9b667dbde chore: fix lint error in test
  • 311378386 test: increase resource inmem buffer to stabilize the tests
  • 6f85ce3d2 docs: hack/release.toml explains kernelmodulestatus
  • 9bb0a5d01 fix(talosctl): add scrolling to dashboard footer node list
  • 4c029c2d6 fix: machine configuration schemas
  • c3052e845 feat: move CNI config out of v1alpha1 config
  • 1d2f1208c feat: add declarative LVM volume group provisioning
  • 85f1d428f chore: refactor tests to use debug api
  • c901d47a5 refactor: talosctl streaming commands and more fixes
  • 166854959 fix: mark more resources as sensitive
  • 58adf2e00 fix: classify installer and imager exits
  • 9549930ff feat: update Flannel to v0.28.5
  • 27362d18e refactor: replace the callback strategy for most commands
  • cb42d9d9a feat: implement support bundle encryption
  • 9ae260b55 feat: enable NRI by default
  • d1d5847b0 fix: flaky test
  • 0f2331586 feat: support external secureboot and pcr signers
  • b349d919d feat: enforce strict QoS ordering in OOM victim selection
  • 76d9b49bd fix(ci): aws nvidia tests
  • 3131826cd fix: provide NTS sync with bad initial clock state
  • 89e307e58 fix: etcd client leak in the (legacy) Upgrade API
  • 476c4d050 fix: recreate dns server and listeners on host DNS runner restart
  • 9a283d9b1 feat: bump Go to 1.26.4
  • 4759dc246 chore: bump dependencies
  • 26a25a073 chore(ci): drop homebrew workflow
  • fa8a55192 feat: update etcd to v3.6.12
  • 41fcab476 feat: update kernel to 6.18.34
  • 8ba00612b feat: update dependencies
  • 6e2dec1ea refactor: update talosctl commands to stop using WithNodes
  • f9ad63a35 feat: add custom logging convention linter
  • 30dbce03f chore: make oci images reproducible
  • 38244fd5b feat: add sbom builder
  • 5177c50e2 refactor: deprecate loadedkernelmodule
  • c2eef3645 fix: health request server-side
  • d6eff8eff refactor: drop multi-nodes proxying for the dashboard
  • 2e547a964 refactor: deprecate multi-node proxying
  • ddcc519e1 fix: add --fail to image-signer curl download
  • e5b0b1dde fix: normalize log fields
  • d8e95c396 fix: drop installer from bundle
  • 7aad9ec81 feat: update pkgs, tools, Go dependencies
  • b50ee396f fix: fix trace fix to also lookup release branches

Changes from siderolabs/go-adv
2 commits

Changes from siderolabs/go-kmsg
1 commit

  • 65e97cb fix: boot time offset calculation

Changes from siderolabs/go-kubeconfig
2 commits

  • d0b8f82 chore: rekres and bump deps
  • c356eeb fix: fix context conflict detection add New() constructor

Changes from siderolabs/go-kubernetes
4 commits

  • cc8c2c9 fix: return the apply results in a consistent order
  • 131a2bd fix: handle cluster-scoped resources with a ns correctly
  • 38c182f fix: normalize the changeset to be keyed without apiVersion
  • ca35008 feat: update k8s api to 0.36.0

Changes from siderolabs/go-smbios
1 commit

  • 063f5dc chore: rekres + new testdata

Changes from siderolabs/go-talos-support
2 commits

  • 59d47af feat: rewrite support bundle library around client provider
  • 8dd4326 feat: support encryption of the support bundle using age

Changes from siderolabs/grpc-proxy
3 commits

  • d670c42 chore: bump dependencies
  • 8614c71 chore: bump deps
  • 80677e0 fix: propagate the headers before the message

Changes from siderolabs/pkgs
90 commits

  • ea48e8b fix: patch Linux kernel for tunnel metadata buffer overflow
  • ff80d88 feat: add support for AMD XGBE driver
  • 9f8ab22 feat: enable NF_TABLES_ARP option
  • bedfbeb feat: update Linux to 6.18.36
  • a9f2bb3 chore: bump containerd to 2.3.2
  • 73e76f8 chore: upgrade runc to 1.5.0-rc.3
  • 28db1ca chore: update nvidia driver lts to 580.167.08
  • 5df1a44 chore: update zfs to 2.4.3
  • cd77c4f chore: update dependencies 2026-06-16
  • 0f27ecc feat: bump runc
  • d213ff5 feat: bump OpenSSL to 3.6.3
  • cb713ae feat: bump kernel to 6.18.35
  • 09cb04e fix: avoid page_table_check BUG on time namespace VVAR page
  • bfb88f6 feat: add nvidia-fs kernel module
  • f2850d1 feat: enable USB hiddev for apcupsd support
  • 55aa64f feat: bump go to 1.26.4
  • f27dbe1 feat: bump kernel to 6.18.34
  • aa9fe00 feat: add DVB USB Modules
  • 0870a4b feat: bump dependencies
  • f9134e5 fix: enable CONFIG_BCM2712_MIP as built-in in arm64 kernel config
  • 285c6ae fix: set usermode static helper to machine
  • bd2a754 feat: pre-generate drbd patches using spatch out of tree
  • 898844e feat: update Linux to 6.18.33
  • a8dfbf7 fix: disable kernel modprobe path
  • c542950 fix: pull in tools with zstd sbom
  • c0ec8f3 feat: enable PPP and INFINIBAND_BNXT_RE
  • c62c4e1 feat: update containerd to 2.3.1
  • 270f9f8 chore: update deps
  • 4f7feb4 feat: enable more options for CRI-U checkpoint/restore
  • 87994f7 feat: move autoloadable stuff as modules
  • 80c27f3 fix: drop legacy network protocols
  • fbb7360 feat: drop legacy iptables/ebtables support
  • eac5f86 feat: bump kernel 6.18.32
  • d616f6c feat: update Linux to 6.18.31
  • 02bcfce fix: macb silent TX stall on BCM2712/RP1 (v2 patches from netdev)
  • 12ca698 feat: update ZFS & NVIDIA LTS
  • 9fff943 feat: update Linux to 6.18.30
  • c5a1685 feat: move HWMON as modules
  • b2a45fb feat: move CONFIG_INTEL_IOATDMA as a module
  • ea8d35f feat: move ACPI device drivers as modules
  • 501ba58 feat: move HID quirks as modules
  • b35312c feat: move PS/2 mouse drivers as modules
  • 3a5d9d7 feat: move IPMI driver to be a module
  • 792a69a feat: disable AGP drivers
  • 99990b4 feat: move Hyper-V drivers as modules
  • fb697d6 feat: move Xen frontend drivers as modules
  • 1df1713 feat: move ATA / MMC controllers as modules
  • f7f9341 feat: move USB class drivers as modules
  • ba873e9 feat: move USB host controllers as modules
  • 8f25baa feat: move virtio bus stuff as modules
  • d0c5480 feat: bump kernel to 6.18.29
  • dfb09f0 feat: bump kernel 6.18.28
  • c97bc24 feat: update Go to 1.26.3
  • dfe8926 feat: add btrfsprogs
  • 06ff9dc feat: update Linux to 6.18.27
  • 2265fc9 feat(kernel): backport two PCI bridge realloc fixes from v6.19
  • 5a21d99 feat: bump dependencies
  • cb3f406 feat: update containerd to 2.3.0
  • e192574 feat: update Linux to 6.18.26
  • e5e6cb8 feat: update DRBD to 9.3.2
  • 77538b1 feat: update NVIDIA drivers
  • adeaafc feat: preserve System.map on kernel builds
  • c77f985 fix: disable legacy framebuffer drivers
  • 8f3ef77 fix: enable safesetid LSM
  • f82d3af fix: disable CONFIG_DEVPORT
  • b189a96 fix: disable crypto user API
  • 9a718f6 docs: list net macb silent TX stall fixes in kernel/build/patches/README.md
  • ca3599f fix: macb silent TX stall on BCM2712/RP1 (RFC patches from netdev)
  • 6a53a93 feat: bump kernel to 6.18.25
  • f567bce feat: disable more stuff in Kconfig
  • ffd9790 feat: bump kernel to 6.18.24
  • b7c709a feat: bump deps
  • e5e5b3c feat: update Linux to 6.18.23
  • 1a4cd20 fix: renovate config
  • d0ed6ed feat: update dependencies
  • 6ea49c7 fix: support disabling module signature verification
  • 6520ec4 feat: update containerd to 2.2.3
  • 37ce992 feat: enable CONFIG_UHID and CONFIG_INPUT_JOYDEV as modules
  • cddd934 feat: update backportable dependencies
  • 32e4077 feat: update OpenSSL
  • 2d241e7 feat: update Go to 1.26.2 and small deps updates
  • 7f540ce feat: disable dynamic SCS
  • 3bef043 feat: update runc to 1.4.2
  • c6e6f10 feat: update Linux to 6.18.21
  • a9e8afa fix: libarchive install prefix
  • e4d0113 feat: update for musl 1.2.6
  • 9142603 feat: update NVIDIA production to 595.58.03
  • 22fa669 feat: update Linux to 6.18.19
  • 03680ae feat: update containerd patch verifier role
  • bdc239e feat: enable CHECKPOINT_RESTORE option

Changes from siderolabs/proto-codec
1 commit

1 commit

Changes from siderolabs/tools
18 commits

  • 0f1c859 chore: make rekres
  • 5c0c9be chore: update dependencies 2026-06-16
  • b88d99c feat: bump OpenSSL to 3.6.3
  • 42c59b9 feat: bump toolchain to bring in Go 1.26.4
  • 206a4c0 feat: update dependencies, rework LLVM build
  • f9f37df fix: add proper name for zlib-ng sbom
  • aa45c41 fix: add SBOM for zstd library
  • 808f34f feat: update Go to 1.26.3
  • 5dfe83d feat: drop fakeroot and policycoreutils
  • 618fd20 feat: add Python wheel package
  • df3c1b7 feat: bump dependencies
  • 44ad18c feat: bump deps
  • f3d0dd9 fix: renovate configs
  • 4ac4449 feat: update dependencies
  • 027744f feat: bump OpenSSL to 3.6.2
  • 7067f1f feat: update util-linux to 2.41.4
  • 6cb3e56 feat: update Go to 1.26.2
  • 9186c5f feat: update musl to 1.2.6

Dependency Changes
  • codeberg.org/miekg/dns v0.6.79 new
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 -> v1.21.1
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.4.0 -> v1.5.0
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 -> v1.5.0
  • github.com/aws/aws-sdk-go-v2 v1.41.9 new
  • github.com/aws/aws-sdk-go-v2/config v1.32.12 -> v1.32.20
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 -> v1.18.25
  • github.com/aws/aws-sdk-go-v2/service/acm v1.37.22 -> v1.39.2
  • github.com/aws/aws-sdk-go-v2/service/kms v1.50.3 -> v1.53.0
  • github.com/aws/smithy-go v1.24.2 -> v1.26.0
  • github.com/beevik/nts v0.3.0 new
  • github.com/containerd/containerd/api v1.10.0 -> v1.11.1
  • github.com/containerd/containerd/v2 v2.2.2 -> v2.3.2
  • github.com/containerd/platforms v1.0.0-rc.2 -> v1.0.0-rc.4
  • github.com/containerd/typeurl/v2 v2.2.3 -> v2.3.0
  • github.com/cosi-project/runtime v1.14.1 -> v1.16.1
  • github.com/docker/cli v29.4.0 -> v29.5.2
  • github.com/fatih/color v1.18.0 -> v1.19.0
  • github.com/florianl/go-tc v0.4.7 -> v0.4.8
  • github.com/fsnotify/fsnotify v1.9.0 -> v1.10.1
  • github.com/gdamore/tcell/v2 v2.13.8 -> v2.13.10
  • github.com/google/cadvisor v0.56.2 -> v0.57.0
  • github.com/google/cel-go v0.28.0 -> v0.28.1
  • github.com/google/go-containerregistry v0.21.5 -> v0.21.6
  • github.com/gopacket/gopacket v1.5.0 -> v1.6.0
  • github.com/hetznercloud/hcloud-go/v2 v2.36.0 -> v2.42.0
  • github.com/insomniacslk/dhcp 5adc3eb -> 11b94ed
  • github.com/jsimonetti/rtnetlink/v2 310581b -> ab86016
  • github.com/klauspost/compress v1.18.5 -> v1.18.6
  • github.com/mattn/go-isatty v0.0.20 -> v0.0.22
  • github.com/mdlayher/arp 6706a29 -> 93566ba
  • github.com/mdlayher/ethtool v0.5.1 -> v0.6.1
  • github.com/mdlayher/genetlink v1.3.2 -> v1.4.0
  • github.com/mdlayher/netlink v1.9.0 -> v1.11.2
  • github.com/moby/moby/api v1.54.1 -> v1.54.2
  • github.com/moby/moby/client v0.4.0 -> v0.4.1
  • github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.1
  • github.com/planetscale/vtprotobuf ba97887 new
  • github.com/siderolabs/go-adv v1.0.0 new
  • github.com/siderolabs/go-blockdevice/v2 v2.0.28 -> v2.0.31
  • github.com/siderolabs/go-kmsg v0.1.5 -> v0.1.6
  • github.com/siderolabs/go-kubeconfig v0.1.1 -> v0.1.2
  • github.com/siderolabs/go-kubernetes v0.2.36 -> v0.2.39
  • github.com/siderolabs/go-smbios v0.3.3 -> v0.3.4
  • github.com/siderolabs/go-talos-support v0.2.1 -> v0.3.0
  • github.com/siderolabs/grpc-proxy v0.5.1 -> v0.5.2
  • github.com/siderolabs/pkgs v1.13.0 -> v1.14.0-alpha.0-88-gea48e8b
  • github.com/siderolabs/proto-codec v0.1.3 -> v0.1.4
  • github.com/siderolabs/siderolink v0.3.15 -> v0.3.16
  • github.com/siderolabs/talos/pkg/machinery v1.13.0 -> v1.14.0-alpha.1
  • github.com/siderolabs/tools v1.13.0 -> v1.14.0-alpha.0-17-g0f1c859
  • github.com/sigstore/cosign/v3 v3.0.5 -> v3.0.6
  • github.com/sigstore/sigstore v1.10.5 -> v1.10.8
  • github.com/theupdateframework/go-tuf/v2 v2.4.1 -> v2.4.2
  • go.etcd.io/etcd/api/v3 v3.6.9 -> v3.7.0-rc.0
  • go.etcd.io/etcd/client/pkg/v3 v3.6.9 -> v3.7.0-rc.0
  • go.etcd.io/etcd/client/v3 v3.6.9 -> v3.7.0-rc.0
  • go.etcd.io/etcd/etcdutl/v3 v3.6.9 -> v3.7.0-rc.0
  • go.uber.org/zap v1.27.1 -> v1.28.0
  • go.yaml.in/yaml/v4 v4.0.0-rc.4 -> v4.0.0-rc.5
  • golang.org/x/net v0.53.0 -> v0.56.0
  • golang.org/x/sync v0.20.0 -> v0.21.0
  • golang.org/x/sys v0.43.0 -> v0.46.0
  • golang.org/x/term v0.42.0 -> v0.44.0
  • golang.org/x/text v0.36.0 -> v0.38.0
  • google.golang.org/grpc v1.79.3 -> v1.81.1
  • k8s.io/api v0.35.3 -> v0.36.2
  • k8s.io/apiextensions-apiserver v0.35.3 -> v0.36.2
  • k8s.io/apimachinery v0.35.3 -> v0.36.2
  • k8s.io/apiserver v0.35.3 -> v0.36.2
  • k8s.io/client-go v0.35.3 -> v0.36.2
  • k8s.io/component-base v0.35.3 -> v0.36.2
  • k8s.io/cri-api v0.35.3 -> v0.36.2
  • k8s.io/kube-proxy v0.36.2 new
  • k8s.io/kube-scheduler v0.35.3 -> v0.36.2
  • k8s.io/kubectl v0.35.3 -> v0.36.2
  • k8s.io/kubelet v0.35.3 -> v0.36.2
  • k8s.io/pod-security-admission v0.35.3 -> v0.36.2
  • kernel.org/pub/linux/libs/security/libcap/cap v1.2.77 -> v1.2.78
  • sigs.k8s.io/yaml v1.6.0 new

Previous release can be found at v1.13.0

v1.12.9

Compare Source

Talos 1.12.9 (2026-06-19)

Welcome to the v1.12.9 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.35
runc: 1.3.6
CoreDNS: 1.14.2
containerd: 2.2.5

Talos is built with Go 1.25.11.

Contributors
  • Maja Bojarska
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • appkins
Changes
18 commits

Changes from siderolabs/pkgs
11 commits

Changes from siderolabs/tools
3 commits

Dependency Changes
  • github.com/aws/aws-sdk-go-v2 v1.39.6 new
  • github.com/containerd/containerd/v2 v2.2.4 -> v2.2.5
  • github.com/containerd/platforms v1.0.0-rc.1 -> v1.0.0-rc.2
  • github.com/klauspost/compress v1.18.3 -> v1.18.5
  • github.com/opencontainers/runtime-spec v1.2.1 -> v1.3.0
  • github.com/siderolabs/go-blockdevice/v2 v2.0.28 -> v2.0.30
  • github.com/siderolabs/pkgs v1.12.0-75-g153574b -> v1.12.0-86-g0516a46
  • github.com/siderolabs/talos/pkg/machinery v1.12.8 -> v1.12.9
  • github.com/siderolabs/tools v1.12.0-12-gcbb843d -> v1.12.0-15-g3841297
  • golang.org/x/net v0.54.0 -> v0.56.0
  • golang.org/x/sync v0.20.0 -> v0.21.0
  • golang.org/x/sys v0.44.0 -> v0.46.0
  • golang.org/x/term v0.43.0 -> v0.44.0
  • golang.org/x/text v0.37.0 -> v0.38.0

Previous release can be found at v1.12.8

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.14.2
registry.k8s.io/etcd:v3.6.11
registry.k8s.io/kube-apiserver:v1.35.4
registry.k8s.io/kube-controller-manager:v1.35.4
registry.k8s.io/kube-scheduler:v1.35.4
registry.k8s.io/kube-proxy:v1.35.4
ghcr.io/siderolabs/kubelet:v1.35.4
registry.k8s.io/pause:3.10.1
ghcr.io/siderolabs/installer:v1.12.9
ghcr.io/siderolabs/installer-base:v1.12.9
ghcr.io/siderolabs/imager:v1.12.9
ghcr.io/siderolabs/talos:v1.12.9
ghcr.io/siderolabs/talosctl-all:v1.12.9
ghcr.io/siderolabs/overlays:v1.12.9
ghcr.io/siderolabs/extensions:v1.12.9

v1.12.8

Compare Source

Talos 1.12.8 (2026-05-22)

Welcome to the v1.12.8 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Containerd Update

This release includes an update to containerd v2.2.4 due to v2.1.x releases being EOL and affected by CVE-2026-46680.

Component Updates

Linux: 6.18.32
etcd: 3.6.11
CoreDNS: 1.14.3
containerd: 2.2.4

Talos is built with Go 1.25.10.

Contributors
  • Andrey Smirnov
  • Mateusz Urbanek
  • Noel Georgi
  • Lukasz Raczylo
  • YANG JOO WOONG
Changes
17 commits

Changes from siderolabs/go-kmsg
1 commit

Changes from siderolabs/pkgs
17 commits

Changes from siderolabs/tools
2 commits

Dependency Changes
  • github.com/containerd/cgroups/v3 v3.0.5 -> v3.1.3
  • github.com/containerd/containerd/api v1.9.0 -> v1.10.0
  • github.com/containerd/containerd/v2 v2.1.5 -> v2.2.4
  • github.com/siderolabs/go-kmsg v0.1.5 -> v0.1.6
  • github.com/siderolabs/pkgs v1.12.0-58-g86d6af1 -> v1.12.0-75-g153574b
  • github.com/siderolabs/talos/pkg/machinery v1.12.7 -> v1.12.8
  • github.com/siderolabs/tools v1.12.0-10-gbbd753d -> v1.12.0-12-gcbb843d
  • go.etcd.io/etcd/api/v3 v3.6.9 -> v3.6.11
  • go.etcd.io/etcd/client/pkg/v3 v3.6.9 -> v3.6.11
  • go.etcd.io/etcd/client/v3 v3.6.9 -> v3.6.11
  • go.etcd.io/etcd/etcdutl/v3 v3.6.9 -> v3.6.11
  • golang.org/x/net v0.51.0 -> v0.54.0
  • golang.org/x/sync v0.19.0 -> v0.20.0
  • golang.org/x/sys v0.42.0 -> v0.44.0
  • golang.org/x/term v0.40.0 -> v0.43.0
  • golang.org/x/text v0.34.0 -> v0.37.0

Previous release can be found at v1.12.7

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.14.3
registry.k8s.io/etcd:v3.6.11
registry.k8s.io/kube-apiserver:v1.35.4
registry.k8s.io/kube-controller-manager:v1.35.4
registry.k8s.io/kube-scheduler:v1.35.4
registry.k8s.io/kube-proxy:v1.35.4
ghcr.io/siderolabs/kubelet:v1.35.4
registry.k8s.io/pause:3.10.1
ghcr.io/siderolabs/installer:v1.12.8
ghcr.io/siderolabs/installer-base:v1.12.8
ghcr.io/siderolabs/imager:v1.12.8
ghcr.io/siderolabs/talos:v1.12.8
ghcr.io/siderolabs/talosctl-all:v1.12.8
ghcr.io/siderolabs/overlays:v1.12.8
ghcr.io/siderolabs/extensions:v1.12.8

v1.12.7

Compare Source

Talos 1.12.7 (2026-04-24)

Welcome to the v1.12.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.24
containerd: 2.1.7
etcd: 3.6.9
Kubernetes: v1.35.4

Talos is built with Go 1.25.9.

Contributors
  • Noel Georgi
  • Andrey Smirnov
  • Mateusz Urbanek
  • Orzelius
  • Utku Ozdemir
Changes
19 commits

Changes from siderolabs/pkgs
8 commits

Changes from siderolabs/tools
3 commits

Dependency Changes
  • github.com/siderolabs/go-blockdevice/v2 v2.0.26 -> v2.0.28
  • github.com/siderolabs/pkgs v1.12.0-50-ga92bed5 -> v1.12.0-58-g86d6af1
  • github.com/siderolabs/talos/pkg/machinery v1.12.6 -> v1.12.7
  • github.com/siderolabs/tools v1.12.0-7-g57916cb -> v1.12.0-10-gbbd753d
  • go.etcd.io/etcd/api/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/client/pkg/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/client/v3 v3.6.6 -> v3.6.9
  • go.etcd.io/etcd/etcdutl/v3 v3.6.6 -> v3.6.9
  • k8s.io/api v0.35.2 -> v0.35.4
  • k8s.io/apiextensions-apiserver v0.35.2 -> v0.35.4
  • k8s.io/apimachinery v0.35.2 -> v0.35.4
  • k8s.io/apiserver v0.35.2 -> v0.35.4
  • k8s.io/client-go v0.35.2 -> v0.35.4
  • k8s.io/component-base v0.35.2 -> v0.35.4
  • k8s.io/cri-api v0.35.2 -> v0.35.4
  • k8s.io/kube-scheduler v0.35.2 -> v0.35.4
  • k8s.io/kubectl v0.35.2 -> v0.35.4
  • k8s.io/kubelet v0.35.2 -> v0.35.4
  • k8s.io/pod-security-admission v0.35.2 -> v0.35.4

Previous release can be found at v1.12.6

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.9
registry.k8s.io/kube-apiserver:v1.35.4
registry.k8s.io/kube-controller-manager:v1.35.4
registry.k8s.io/kube-scheduler:v1.35.4
registry.k8s.io/kube-proxy:v1.35.4
ghcr.io/siderolabs/kubelet:v1.35.4
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.7
ghcr.io/siderolabs/installer-base:v1.12.7
ghcr.io/siderolabs/imager:v1.12.7
ghcr.io/siderolabs/talos:v1.12.7
ghcr.io/siderolabs/talosctl-all:v1.12.7
ghcr.io/siderolabs/overlays:v1.12.7
ghcr.io/siderolabs/extensions:v1.12.7

v1.12.6

Compare Source

Talos 1.12.6 (2026-03-19)

Welcome to the v1.12.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.18
runc: 1.3.5

Talos is built with Go 1.25.8.

Contributors
  • Mickaël Canévet
  • Andrey Smirnov
  • Dominik Pitz
  • Kai Zhang
  • Noel Georgi
  • Stanley Chan
  • Zadkiel AHARONIAN
Changes
21 commits

  • @​a1b8bd6 release(v1.12.6): prepare release
  • @​72bd570 feat: update Linux to 6.18.18
  • @​9d5638f fix: accept image cache volume encryption config
  • @​0f018bf fix: panic in hardware.SystemInfoController
  • @​c46b898 fix: validate missing apiVersion in config document decoder
  • @​c47cad9 fix: pull in a fix for dmesg timestamps
  • @​190336a fix: prevent stale discovered volumes reads
  • @​217e9bb fix: bring in new version of go-cmd and go-blockdevice
  • @​d7779a5 fix: stop pulling wrong platform for images
  • @​eb6eb66 fix(machined): support USERDATA legacy fallback in OpenNebula driver
  • @​ba20c7c feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula
  • @​739f664 feat(machined): inherit IP6_METHOD from METHOD in OpenNebula driver
  • @​93878c0 fix(machined): align OpenNebula hostname precedence with reference
  • @​9718d73 feat(machined): add IPv6 alias address support for OpenNebula (ETH_ALIAS_IP6)
  • @​b649fb4 feat(machined): support ETH*_IP6_METHOD (static/dhcp/auto/disable) for OpenNebula
  • @​c81df6f refactor(machined): extract per-interface IPv4 helper in OpenNebula driver
  • @​501924e fix(machined): use ParseFQDN for hostname parsing in OpenNebula
  • @​e9331b2 feat(machined): support per-interface route metric for OpenNebula (ETH*_METRIC)
  • @​6e78afb feat(machined): add network alias support for OpenNebula (ETH_ALIAS)
  • @​9f648b4 feat(machined): merge global and per-interface DNS for OpenNebula
  • @​04fba03 feat(machined): add static routes support via ETH*_ROUTES for OpenNebula

Changes from siderolabs/go-cmd
2 commits

Changes from siderolabs/go-kmsg
3 commits

Changes from siderolabs/pkgs
4 commits

Dependency Changes
  • github.com/google/go-containerregistry v0.20.6 -> v0.20.7
  • github.com/siderolabs/go-blockdevice/v2 v2.0.24 -> v2.0.26
  • github.com/siderolabs/go-cmd v0.1.3 -> v0.2.0
  • github.com/siderolabs/go-kmsg v0.1.4 -> v0.1.5
  • github.com/siderolabs/pkgs v1.12.0-46-ge695c74 -> v1.12.0-50-ga92bed5
  • github.com/siderolabs/talos/pkg/machinery v1.12.5 -> v1.12.6
  • github.com/spf13/cobra v1.10.1 -> v1.10.2
  • golang.org/x/sys v0.41.0 -> v0.42.0
  • google.golang.org/grpc v1.78.0 -> v1.79.3

Previous release can be found at v1.12.5

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.8
registry.k8s.io/kube-apiserver:v1.35.2
registry.k8s.io/kube-controller-manager:v1.35.2
registry.k8s.io/kube-scheduler:v1.35.2
registry.k8s.io/kube-proxy:v1.35.2
ghcr.io/siderolabs/kubelet:v1.35.2
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.6
ghcr.io/siderolabs/installer-base:v1.12.6
ghcr.io/siderolabs/imager:v1.12.6
ghcr.io/siderolabs/talos:v1.12.6
ghcr.io/siderolabs/talosctl-all:v1.12.6
ghcr.io/siderolabs/overlays:v1.12.6
ghcr.io/siderolabs/extensions:v1.12.6

v1.12.5

Compare Source

Talos 1.12.5 (2026-03-09)

Welcome to the v1.12.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.18.15
Kubernetes: 1.35.2
etcd: 3.6.8

Talos is built with Go 1.25.8.

Contributors
  • Andrey Smirnov
  • Mateusz Urbanek
  • Dmitrii Sharshakov
  • Fritz Schaal
  • Jan Paul
  • Max Makarov
  • Mickaël Canévet
  • Nico Berlee
  • Orzelius
  • Spencer Smith
Changes
19 commits

  • @​da6c6e4 release(v1.12.5): prepare release
  • @​4f978a7 fix: correctly calculate end ranges for nftables sets
  • @​8d52e2d feat: add trusted roots generation to stdpatches
  • @​6284877 fix: use correct dhcp option for unicast dhcp renewal
  • @​dcf23be fix: ignore image digest when doing upgrade-k8s
  • @​f8a2a9b fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag
  • @​db9ff23 fix: patch with delete for LinkConfigs
  • @​e0c38e2 fix: update path handling on talosctl cgroups
  • @​ca2d4c1 fix: stop Kubernetes client from dynamically reloading the certs
  • @​70ae2f2 refactor: split locate and provision
  • @​c3b0484 fix: hold user volumes root mountpoint
  • @​d935420 fix: handle raw encryption keys with \n properly
  • @​7fe1a47 fix: remove stale endpoints
  • @​3ea0888 fix: allow static hosts in /etc/hosts without hostname
  • @​5ebb00f fix: switch to better Myers algorithm implementation
  • @​2b40379 feat: update etcd to v3.6.8
  • @​1ce9328 fix: disks flag parsing and handling in create qemu command
  • @​1f989df fix: read multi-doc machine config with newer talosctl
  • @​40ba6e3 feat: update Linux 6.18.15, Go 1.25.8

Changes from siderolabs/go-debug
1 commit

Changes from siderolabs/pkgs
7 commits

Changes from siderolabs/tools
1 commit

Dependency Changes
  • github.com/docker/cli v29.0.0 -> v29.2.1
  • github.com/siderolabs/go-blockdevice/v2 v2.0.23 -> v2.0.24
  • github.com/siderolabs/go-debug v0.6.1 -> v0.6.2
  • github.com/siderolabs/pkgs v1.12.0-39-gb1fc4c6 -> v1.12.0-46-ge695c74
  • github.com/siderolabs/talos/pkg/machinery v1.12.3 -> v1.12.5
  • github.com/siderolabs/tools v1.12.0-6-gdc37e09 -> v1.12.0-7-g57916cb
  • golang.org/x/net v0.48.0 -> v0.51.0
  • golang.org/x/sys v0.40.0 -> v0.41.0
  • golang.org/x/term v0.38.0 -> v0.40.0
  • golang.org/x/text v0.33.0 -> v0.34.0
  • google.golang.org/grpc v1.76.0 -> v1.78.0
  • google.golang.org/protobuf v1.36.10 -> v1.36.11
  • k8s.io/api v0.35.0 -> v0.35.2
  • k8s.io/apiextensions-apiserver v0.35.0 -> v0.35.2
  • k8s.io/apiserver v0.35.0 -> v0.35.2
  • k8s.io/client-go v0.35.0 -> v0.35.2
  • k8s.io/component-base v0.35.0 -> v0.35.2
  • k8s.io/kube-scheduler v0.35.0 -> v0.35.2
  • k8s.io/kubectl v0.35.0 -> v0.35.2
  • k8s.io/kubelet v0.35.0 -> v0.35.2
  • k8s.io/pod-security-admission v0.35.0 -> v0.35.2

Previous release can be found at v1.12.4

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.8
registry.k8s.io/kube-apiserver:v1.35.2
registry.k8s.io/kube-controller-manager:v1.35.2
registry.k8s.io/kube-scheduler:v1.35.2
registry.k8s.io/kube-proxy:v1.35.2
ghcr.io/siderolabs/kubelet:v1.35.2
registry.k8s.io/pause:3.10
ghcr.io/siderolabs/installer:v1.12.5
ghcr.io/siderolabs/installer-base:v1.12.5
ghcr.io/siderolabs/imager:v1.12.5
ghcr.io/siderolabs/talos:v1.12.5
ghcr.io/siderolabs/talosctl-all:v1.12.5
ghcr.io/siderolabs/overlays:v1.12.5
ghcr.io/siderolabs/extensions:v1.12.5

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [siderolabs/talos](https://github.com/siderolabs/talos) | minor | `v1.12.4` → `v1.13.6` | --- ### Release Notes <details> <summary>siderolabs/talos (siderolabs/talos)</summary> ### [`v1.13.6`](https://github.com/siderolabs/talos/releases/tag/v1.13.6) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.5...v1.13.6) #### [Talos 1.13.6](https://github.com/siderolabs/talos/releases/tag/v1.13.6) (2026-07-09) Welcome to the v1.13.6 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.38 Talos is built with Go 1.26.5. ##### Contributors - Andrey Smirnov - Mateusz Urbanek - Noel Georgi - Maja Bojarska - Mark Glants ##### Changes <details><summary>15 commits</summary> <p> - [@&#8203;`0431885`](https://github.com/siderolabs/talos/commit/04318854e) release(v1.13.6): prepare release - [@&#8203;`9d8e47d`](https://github.com/siderolabs/talos/commit/9d8e47dd3) chore: update pkgs and tools - [@&#8203;`31552f4`](https://github.com/siderolabs/talos/commit/31552f400) fix: shutdown/reboot via usermode helpers - [@&#8203;`bc0c3f3`](https://github.com/siderolabs/talos/commit/bc0c3f3d3) fix: flaky serviceaccount suite test - [@&#8203;`3e75592`](https://github.com/siderolabs/talos/commit/3e7559258) fix: flaky tests - [@&#8203;`fbe4d90`](https://github.com/siderolabs/talos/commit/fbe4d900d) fix: data race in manifest sync - [@&#8203;`6df3a45`](https://github.com/siderolabs/talos/commit/6df3a452b) fix: provide cooldown period for the QoS trigger - [@&#8203;`85f8dd6`](https://github.com/siderolabs/talos/commit/85f8dd63e) fix: decode extraArgs list values correctly - [@&#8203;`c2a56d5`](https://github.com/siderolabs/talos/commit/c2a56d592) fix: kubelet stuck restarting - [@&#8203;`8714408`](https://github.com/siderolabs/talos/commit/871440858) chore: bump rekor for GHSA-47q9-m4ww-924m - [@&#8203;`3e37ef8`](https://github.com/siderolabs/talos/commit/3e37ef8cd) fix: handle image cache being disabled - [@&#8203;`466bcd8`](https://github.com/siderolabs/talos/commit/466bcd804) fix: align documented image cache partition label - [@&#8203;`d3cf09b`](https://github.com/siderolabs/talos/commit/d3cf09bcb) fix: image verification with referrers - [@&#8203;`e9609b9`](https://github.com/siderolabs/talos/commit/e9609b992) feat: add AMD XGBE driver to initramfs - [@&#8203;`f18efcc`](https://github.com/siderolabs/talos/commit/f18efcc4d) chore: update deps </p> </details> ##### Changes from siderolabs/gen <details><summary>1 commit</summary> <p> - [siderolabs/gen@`c526410`](https://github.com/siderolabs/gen/commit/c526410) fix: skip unknown-key check for types with custom YAML unmarshaler </p> </details> ##### Changes from siderolabs/pkgs <details><summary>7 commits</summary> <p> - [siderolabs/pkgs@`d8c80cc`](https://github.com/siderolabs/pkgs/commit/d8c80cc) chore: update toolchain and tools - [siderolabs/pkgs@`71874fb`](https://github.com/siderolabs/pkgs/commit/71874fb) feat: bump kernel to 6.18.38 - [siderolabs/pkgs@`a2406a1`](https://github.com/siderolabs/pkgs/commit/a2406a1) feat: bump kernel 6.18.37 - [siderolabs/pkgs@`e410c35`](https://github.com/siderolabs/pkgs/commit/e410c35) feat: update Linux firmware to [`2026062`](https://github.com/siderolabs/talos/commit/20260622) - [siderolabs/pkgs@`389b8aa`](https://github.com/siderolabs/pkgs/commit/389b8aa) fix: patch Linux kernel for tunnel metadata buffer overflow - [siderolabs/pkgs@`7e4a719`](https://github.com/siderolabs/pkgs/commit/7e4a719) feat: add support for AMD XGBE driver - [siderolabs/pkgs@`1915c58`](https://github.com/siderolabs/pkgs/commit/1915c58) feat: enable NF\_TABLES\_ARP option </p> </details> ##### Changes from siderolabs/tools <details><summary>1 commit</summary> <p> - [siderolabs/tools@`c58afd5`](https://github.com/siderolabs/tools/commit/c58afd5) chore: bump toolchain </p> </details> ##### Dependency Changes - **github.com/Azure/azure-sdk-for-go/sdk/azcore** v1.21.0 -> v1.21.1 - **github.com/aws/aws-sdk-go-v2** v1.41.4 -> v1.41.7 - **github.com/aws/aws-sdk-go-v2/config** v1.32.12 -> v1.32.17 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.20 -> v1.18.23 - **github.com/aws/aws-sdk-go-v2/service/kms** v1.50.3 -> v1.51.1 - **github.com/aws/smithy-go** v1.24.2 -> v1.25.1 - **github.com/siderolabs/gen** v0.8.6 -> v0.8.7 - **github.com/siderolabs/pkgs** v1.13.0-36-g6b315f7 -> v1.13.0-43-gd8c80cc - **github.com/siderolabs/talos/pkg/machinery** v1.13.5 -> v1.13.6 - **github.com/siderolabs/tools** v1.13.0-6-g9b78252 -> v1.13.0-7-gc58afd5 - **github.com/sigstore/cosign/v3** v3.0.5 -> v3.0.6 - **github.com/sigstore/sigstore** v1.10.5 -> v1.10.6 - **go.uber.org/zap** v1.27.1 -> v1.28.0 Previous release can be found at [v1.13.5](https://github.com/siderolabs/talos/releases/tag/v1.13.5) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.5 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.12 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.2 registry.k8s.io/kube-controller-manager:v1.36.2 registry.k8s.io/kube-scheduler:v1.36.2 registry.k8s.io/kube-proxy:v1.36.2 ghcr.io/siderolabs/kubelet:v1.36.2 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.6 ghcr.io/siderolabs/installer-base:v1.13.6 ghcr.io/siderolabs/imager:v1.13.6 ghcr.io/siderolabs/talos:v1.13.6 ghcr.io/siderolabs/talosctl-all:v1.13.6 ghcr.io/siderolabs/overlays:v1.13.6 ghcr.io/siderolabs/extensions:v1.13.6 ``` ### [`v1.13.5`](https://github.com/siderolabs/talos/releases/tag/v1.13.5) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.4...v1.13.5) #### [Talos 1.13.5](https://github.com/siderolabs/talos/releases/tag/v1.13.5) (2026-06-22) Welcome to the v1.13.5 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.36 containerd: 2.2.5 runc: 1.4.3 Talos is built with Go 1.26.4. ##### Contributors - Andrey Smirnov - Maja Bojarska - Noel Georgi - Mateusz Urbanek - Aleksei Sviridkin ##### Changes <details><summary>9 commits</summary> <p> - [@&#8203;`51b0d8e`](https://github.com/siderolabs/talos/commit/51b0d8ed0) release(v1.13.5): prepare release - [@&#8203;`c5089c6`](https://github.com/siderolabs/talos/commit/c5089c655) fix: bump number of open files for etcd - [@&#8203;`e0b4d9d`](https://github.com/siderolabs/talos/commit/e0b4d9d75) fix: stop the log persistence and close all files on shutdown - [@&#8203;`23a080d`](https://github.com/siderolabs/talos/commit/23a080dcf) fix: honor FailurePauseTimeout when pausing before reboot - [@&#8203;`9adc63a`](https://github.com/siderolabs/talos/commit/9adc63a32) fix: correct the link alias condition - [@&#8203;`b902f9d`](https://github.com/siderolabs/talos/commit/b902f9de9) feat: verify go.mod tidiness in generate target - [@&#8203;`765f0a1`](https://github.com/siderolabs/talos/commit/765f0a1dc) fix: relax LUKS header validation - [@&#8203;`d63aba4`](https://github.com/siderolabs/talos/commit/d63aba4c7) feat: update pkgs and Kubernetes - [@&#8203;`f0a5842`](https://github.com/siderolabs/talos/commit/f0a5842ab) fix: update go.mod and rekres </p> </details> ##### Changes from siderolabs/pkgs <details><summary>8 commits</summary> <p> - [siderolabs/pkgs@`6b315f7`](https://github.com/siderolabs/pkgs/commit/6b315f7) chore: update zfs to 2.4.3 - [siderolabs/pkgs@`ebf23f3`](https://github.com/siderolabs/pkgs/commit/ebf23f3) feat: update Linux to 6.18.36 - [siderolabs/pkgs@`7eed62d`](https://github.com/siderolabs/pkgs/commit/7eed62d) chore: bump containerd to 2.2.5 (cve patches) - [siderolabs/pkgs@`8b67bab`](https://github.com/siderolabs/pkgs/commit/8b67bab) chore: update nvidia driver lts to 580.167.08 - [siderolabs/pkgs@`8cb61b2`](https://github.com/siderolabs/pkgs/commit/8cb61b2) feat: bump runc - [siderolabs/pkgs@`d736aef`](https://github.com/siderolabs/pkgs/commit/d736aef) feat: bump kernel to 6.18.35 - [siderolabs/pkgs@`7ede376`](https://github.com/siderolabs/pkgs/commit/7ede376) fix: avoid page\_table\_check BUG on time namespace VVAR page - [siderolabs/pkgs@`e69debd`](https://github.com/siderolabs/pkgs/commit/e69debd) feat: update tools and rekres </p> </details> ##### Changes from siderolabs/tools <details><summary>2 commits</summary> <p> - [siderolabs/tools@`9b78252`](https://github.com/siderolabs/tools/commit/9b78252) feat: update ca-certificates to 2026-05-14 - [siderolabs/tools@`4d13aff`](https://github.com/siderolabs/tools/commit/4d13aff) feat: bump OpenSSL to 3.6.3 </p> </details> ##### Dependency Changes - **github.com/ryanuber/columnize** v2.1.2 ***new*** - **github.com/siderolabs/go-blockdevice/v2** v2.0.28 -> v2.0.30 - **github.com/siderolabs/pkgs** v1.13.0-28-g54ec9fc -> v1.13.0-36-g6b315f7 - **github.com/siderolabs/talos/pkg/machinery** v1.13.4 -> v1.13.5 - **github.com/siderolabs/tools** v1.13.0-4-ga06bb31 -> v1.13.0-6-g9b78252 - **k8s.io/api** v0.36.1 -> v0.36.2 - **k8s.io/apiextensions-apiserver** v0.36.1 -> v0.36.2 - **k8s.io/apimachinery** v0.36.1 -> v0.36.2 - **k8s.io/apiserver** v0.36.1 -> v0.36.2 - **k8s.io/client-go** v0.36.1 -> v0.36.2 - **k8s.io/component-base** v0.36.1 -> v0.36.2 - **k8s.io/cri-api** v0.36.1 -> v0.36.2 - **k8s.io/kube-scheduler** v0.36.1 -> v0.36.2 - **k8s.io/kubectl** v0.36.1 -> v0.36.2 - **k8s.io/kubelet** v0.36.1 -> v0.36.2 - **k8s.io/pod-security-admission** v0.36.1 -> v0.36.2 Previous release can be found at [v1.13.4](https://github.com/siderolabs/talos/releases/tag/v1.13.4) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.5 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.12 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.2 registry.k8s.io/kube-controller-manager:v1.36.2 registry.k8s.io/kube-scheduler:v1.36.2 registry.k8s.io/kube-proxy:v1.36.2 ghcr.io/siderolabs/kubelet:v1.36.2 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.5 ghcr.io/siderolabs/installer-base:v1.13.5 ghcr.io/siderolabs/imager:v1.13.5 ghcr.io/siderolabs/talos:v1.13.5 ghcr.io/siderolabs/talosctl-all:v1.13.5 ghcr.io/siderolabs/overlays:v1.13.5 ghcr.io/siderolabs/extensions:v1.13.5 ``` ### [`v1.13.4`](https://github.com/siderolabs/talos/releases/tag/v1.13.4) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.3...v1.13.4) #### [Talos 1.13.4](https://github.com/siderolabs/talos/releases/tag/v1.13.4) (2026-06-09) Welcome to the v1.13.4 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.34 etcd: v2.6.12 Flannel: v0.28.5 Talos is built with Go 1.26.4. ##### Contributors - Andrey Smirnov - Noel Georgi - Mateusz Urbanek - Orzelius - Erwan Leboucher - Jonny - Rokoucha - appkins ##### Changes <details><summary>17 commits</summary> <p> - [@&#8203;`707dbd8`](https://github.com/siderolabs/talos/commit/707dbd89b) release(v1.13.4): prepare release - [@&#8203;`27d7a19`](https://github.com/siderolabs/talos/commit/27d7a1985) fix: handle cluster-scoped resources with a namespace correctly - [@&#8203;`fe74e00`](https://github.com/siderolabs/talos/commit/fe74e00fb) chore: update deps - [@&#8203;`f44cafb`](https://github.com/siderolabs/talos/commit/f44cafbcd) fix: recreate dns server and listeners on host DNS runner restart - [@&#8203;`5ed296b`](https://github.com/siderolabs/talos/commit/5ed296b76) fix: marshal kube-scheduler config correctly with int types - [@&#8203;`5992015`](https://github.com/siderolabs/talos/commit/5992015b0) fix: machine configuration schemas - [@&#8203;`b8dfda7`](https://github.com/siderolabs/talos/commit/b8dfda7ee) fix: mark more resources as sensitive - [@&#8203;`aad841b`](https://github.com/siderolabs/talos/commit/aad841b7f) feat: update Flannel to v0.28.5 - [@&#8203;`7c0900b`](https://github.com/siderolabs/talos/commit/7c0900b85) fix(ci): aws nvidia tests - [@&#8203;`9f5122d`](https://github.com/siderolabs/talos/commit/9f5122db7) fix: flaky test - [@&#8203;`cf62af3`](https://github.com/siderolabs/talos/commit/cf62af3e2) fix: etcd client leak in the (legacy) Upgrade API - [@&#8203;`d5c3136`](https://github.com/siderolabs/talos/commit/d5c3136e0) feat: enforce strict QoS ordering in OOM victim selection - [@&#8203;`b5ad39e`](https://github.com/siderolabs/talos/commit/b5ad39e65) feat: update etcd to v3.6.12 - [@&#8203;`c83dad3`](https://github.com/siderolabs/talos/commit/c83dad3c5) fix: health request server-side - [@&#8203;`577cc6f`](https://github.com/siderolabs/talos/commit/577cc6f6c) fix: bring in a change to BCM2712\_MIP - [@&#8203;`29da68a`](https://github.com/siderolabs/talos/commit/29da68ae2) fix: touch rootfs files with SOURCE\_DATE\_EPOCH - [@&#8203;`b19a03b`](https://github.com/siderolabs/talos/commit/b19a03bc2) fix: ignore cgroups with zero rank in OOM handler </p> </details> ##### Changes from siderolabs/go-kubernetes <details><summary>1 commit</summary> <p> - [siderolabs/go-kubernetes@`131a2bd`](https://github.com/siderolabs/go-kubernetes/commit/131a2bd) fix: handle cluster-scoped resources with a ns correctly </p> </details> ##### Changes from siderolabs/pkgs <details><summary>5 commits</summary> <p> - [siderolabs/pkgs@`54ec9fc`](https://github.com/siderolabs/pkgs/commit/54ec9fc) fix: disable PAGE\_TABLE\_CHECK\_ENFORCED in kernel config - [siderolabs/pkgs@`0d5985a`](https://github.com/siderolabs/pkgs/commit/0d5985a) feat: enable USB hiddev for apcupsd support - [siderolabs/pkgs@`593e34c`](https://github.com/siderolabs/pkgs/commit/593e34c) feat: bump kernel to 6.18.34 - [siderolabs/pkgs@`366f575`](https://github.com/siderolabs/pkgs/commit/366f575) fix: enable CONFIG\_BCM2712\_MIP as built-in in arm64 kernel config - [siderolabs/pkgs@`b45e84c`](https://github.com/siderolabs/pkgs/commit/b45e84c) feat: bump Go to 1.26.4 </p> </details> ##### Changes from siderolabs/tools <details><summary>2 commits</summary> <p> - [siderolabs/tools@`a06bb31`](https://github.com/siderolabs/tools/commit/a06bb31) feat: bump go to 1.26.4 - [siderolabs/tools@`9bb7abe`](https://github.com/siderolabs/tools/commit/9bb7abe) feat: update libcap to 2.78 </p> </details> ##### Dependency Changes - **github.com/siderolabs/go-kubernetes** v0.2.37 -> v0.2.38 - **github.com/siderolabs/pkgs** v1.13.0-23-g8c18616 -> v1.13.0-28-g54ec9fc - **github.com/siderolabs/talos/pkg/machinery** v1.13.3 -> v1.13.4 - **github.com/siderolabs/tools** v1.13.0-2-g1fb762a -> v1.13.0-4-ga06bb31 - **go.etcd.io/etcd/api/v3** v3.6.11 -> v3.6.12 - **go.etcd.io/etcd/client/pkg/v3** v3.6.11 -> v3.6.12 - **go.etcd.io/etcd/client/v3** v3.6.11 -> v3.6.12 - **go.etcd.io/etcd/etcdutl/v3** v3.6.11 -> v3.6.12 Previous release can be found at [v1.13.3](https://github.com/siderolabs/talos/releases/tag/v1.13.3) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.5 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.12 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.1 registry.k8s.io/kube-controller-manager:v1.36.1 registry.k8s.io/kube-scheduler:v1.36.1 registry.k8s.io/kube-proxy:v1.36.1 ghcr.io/siderolabs/kubelet:v1.36.1 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.4 ghcr.io/siderolabs/installer-base:v1.13.4 ghcr.io/siderolabs/imager:v1.13.4 ghcr.io/siderolabs/talos:v1.13.4 ghcr.io/siderolabs/talosctl-all:v1.13.4 ghcr.io/siderolabs/overlays:v1.13.4 ghcr.io/siderolabs/extensions:v1.13.4 ``` ### [`v1.13.3`](https://github.com/siderolabs/talos/releases/tag/v1.13.3) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.2...v1.13.3) #### [Talos 1.13.3](https://github.com/siderolabs/talos/releases/tag/v1.13.3) (2026-05-26) Welcome to the v1.13.3 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.33 Kubernetes: 1.36.1 containerd: 2.2.4 Talos is built with Go 1.26.3. ##### Contributors - Andrey Smirnov - Noel Georgi - Lukasz Raczylo - Maja Bojarska - Mateusz Urbanek - Utku Ozdemir ##### Changes <details><summary>19 commits</summary> <p> - [@&#8203;`befeda7`](https://github.com/siderolabs/talos/commit/befeda7cb) release(v1.13.3): prepare release - [@&#8203;`f4d4510`](https://github.com/siderolabs/talos/commit/f4d451054) feat(ci): rotate credentials - [@&#8203;`01b4348`](https://github.com/siderolabs/talos/commit/01b434870) fix: guard apply config API call - [@&#8203;`a42c37f`](https://github.com/siderolabs/talos/commit/a42c37f24) feat(machined): support instance tags on Akamai - [@&#8203;`d62d54c`](https://github.com/siderolabs/talos/commit/d62d54ca7) fix: memorymodules resource reporting - [@&#8203;`b673b4b`](https://github.com/siderolabs/talos/commit/b673b4be7) fix: bump Go golang.org/x modules - [@&#8203;`19755ad`](https://github.com/siderolabs/talos/commit/19755ad14) feat: add bnxt\_re module to the rootfs - [@&#8203;`532bc6b`](https://github.com/siderolabs/talos/commit/532bc6baa) fix: relax hostname config validation - [@&#8203;`3bbd3ed`](https://github.com/siderolabs/talos/commit/3bbd3ed35) fix: bump Kubernetes to 1.36.1 in one more place - [@&#8203;`472b9d9`](https://github.com/siderolabs/talos/commit/472b9d991) feat: update default Kubernetes version to 1.36.1 - [@&#8203;`6d53ce0`](https://github.com/siderolabs/talos/commit/6d53ce0d5) chore(ci): fix cloud image upload job name - [@&#8203;`5633c77`](https://github.com/siderolabs/talos/commit/5633c7791) fix: rework how scheduler config is marshaled - [@&#8203;`52f0560`](https://github.com/siderolabs/talos/commit/52f056084) fix: restore some shared (and some lower tier slave) mount propagation - [@&#8203;`9de3c12`](https://github.com/siderolabs/talos/commit/9de3c12d9) fix: image verification issue with registry.k8s.io - [@&#8203;`7dc716d`](https://github.com/siderolabs/talos/commit/7dc716d85) feat: redact more machine config secrets and audit redactors - [@&#8203;`d5448c6`](https://github.com/siderolabs/talos/commit/d5448c60d) chore(ci): try fixing homebrew action - [@&#8203;`ef9f0bf`](https://github.com/siderolabs/talos/commit/ef9f0bf02) docs: drop controlplane endpoint examples - [@&#8203;`7ee3e78`](https://github.com/siderolabs/talos/commit/7ee3e787b) feat: update Linux to 6.18.33 - [@&#8203;`e99744b`](https://github.com/siderolabs/talos/commit/e99744bad) fix: update containerd to 2.2.4 </p> </details> ##### Changes from siderolabs/go-smbios <details><summary>1 commit</summary> <p> - [siderolabs/go-smbios@`063f5dc`](https://github.com/siderolabs/go-smbios/commit/063f5dc) chore: rekres + new testdata </p> </details> ##### Changes from siderolabs/pkgs <details><summary>12 commits</summary> <p> - [siderolabs/pkgs@`8c18616`](https://github.com/siderolabs/pkgs/commit/8c18616) feat: pre-generate drbd patches using spatch out of tree - [siderolabs/pkgs@`82e70a0`](https://github.com/siderolabs/pkgs/commit/82e70a0) feat: update Linux to 6.18.33 - [siderolabs/pkgs@`993d4a6`](https://github.com/siderolabs/pkgs/commit/993d4a6) feat: enable PPP and INFINIBAND\_BNXT\_RE - [siderolabs/pkgs@`12d5337`](https://github.com/siderolabs/pkgs/commit/12d5337) feat: enable more options for CRI-U checkpoint/restore - [siderolabs/pkgs@`c2e43aa`](https://github.com/siderolabs/pkgs/commit/c2e43aa) feat: preserve System.map on kernel builds - [siderolabs/pkgs@`230b4bc`](https://github.com/siderolabs/pkgs/commit/230b4bc) chore: update deps - [siderolabs/pkgs@`847a37e`](https://github.com/siderolabs/pkgs/commit/847a37e) feat: bump kernel 6.18.32 - [siderolabs/pkgs@`d7ae843`](https://github.com/siderolabs/pkgs/commit/d7ae843) feat: update Linux to 6.18.31 - [siderolabs/pkgs@`a26d3c0`](https://github.com/siderolabs/pkgs/commit/a26d3c0) feat: update ZFS & NVIDIA LTS - [siderolabs/pkgs@`94d28c5`](https://github.com/siderolabs/pkgs/commit/94d28c5) feat: update Linux to 6.18.30 - [siderolabs/pkgs@`b3dd525`](https://github.com/siderolabs/pkgs/commit/b3dd525) fix: macb silent TX stall on BCM2712/RP1 (v2 patches from netdev) - [siderolabs/pkgs@`8bdd5e0`](https://github.com/siderolabs/pkgs/commit/8bdd5e0) feat: update containerd to 2.2.4 </p> </details> ##### Dependency Changes - **github.com/containerd/containerd/v2** v2.2.2 -> v2.2.4 - **github.com/siderolabs/go-smbios** v0.3.3 -> v0.3.4 - **github.com/siderolabs/pkgs** v1.13.0-11-g969f61c -> v1.13.0-23-g8c18616 - **github.com/siderolabs/talos/pkg/machinery** v1.13.2 -> v1.13.3 - **golang.org/x/net** v0.53.0 -> v0.55.0 - **golang.org/x/sys** v0.43.0 -> v0.45.0 - **golang.org/x/term** v0.42.0 -> v0.43.0 - **golang.org/x/text** v0.36.0 -> v0.37.0 - **google.golang.org/grpc** v1.79.3 -> v1.81.0 - **k8s.io/api** v0.36.0 -> v0.36.1 - **k8s.io/apiextensions-apiserver** v0.36.0 -> v0.36.1 - **k8s.io/apimachinery** v0.36.0 -> v0.36.1 - **k8s.io/apiserver** v0.36.0 -> v0.36.1 - **k8s.io/client-go** v0.36.0 -> v0.36.1 - **k8s.io/component-base** v0.36.0 -> v0.36.1 - **k8s.io/kube-scheduler** v0.36.0 -> v0.36.1 - **k8s.io/kubectl** v0.36.0 -> v0.36.1 - **k8s.io/kubelet** v0.36.0 -> v0.36.1 - **k8s.io/pod-security-admission** v0.36.0 -> v0.36.1 Previous release can be found at [v1.13.2](https://github.com/siderolabs/talos/releases/tag/v1.13.2) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.4 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.11 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.1 registry.k8s.io/kube-controller-manager:v1.36.1 registry.k8s.io/kube-scheduler:v1.36.1 registry.k8s.io/kube-proxy:v1.36.1 ghcr.io/siderolabs/kubelet:v1.36.1 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.3 ghcr.io/siderolabs/installer-base:v1.13.3 ghcr.io/siderolabs/imager:v1.13.3 ghcr.io/siderolabs/talos:v1.13.3 ghcr.io/siderolabs/talosctl-all:v1.13.3 ghcr.io/siderolabs/overlays:v1.13.3 ghcr.io/siderolabs/extensions:v1.13.3 ``` ### [`v1.13.2`](https://github.com/siderolabs/talos/releases/tag/v1.13.2) [Compare Source](https://github.com/siderolabs/talos/compare/v1.13.0...v1.13.2) #### [Talos 1.13.2](https://github.com/siderolabs/talos/releases/tag/v1.13.2) (2026-05-12) Welcome to the v1.13.2 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Etcd: 3.6.11 Linux: 6.18.29 Talos is built with Go 1.26.3. ##### Contributors - Noel Georgi ##### Changes <details><summary>1 commit</summary> <p> - [@&#8203;`c5d7c65`](https://github.com/siderolabs/talos/commit/c5d7c6536) release(v1.13.2): prepare release </p> </details> ##### Dependency Changes - **github.com/siderolabs/talos/pkg/machinery** v1.13.1 -> v1.13.2 Previous release can be found at [v1.13.1](https://github.com/siderolabs/talos/releases/tag/v1.13.1) #### Images ``` ghcr.io/siderolabs/flannel:v0.28.4 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.11 registry.k8s.io/pause:3.10.1 registry.k8s.io/kube-apiserver:v1.36.0 registry.k8s.io/kube-controller-manager:v1.36.0 registry.k8s.io/kube-scheduler:v1.36.0 registry.k8s.io/kube-proxy:v1.36.0 ghcr.io/siderolabs/kubelet:v1.36.0 registry.k8s.io/networking/kube-network-policies:v1.0.0 ghcr.io/siderolabs/installer:v1.13.2 ghcr.io/siderolabs/installer-base:v1.13.2 ghcr.io/siderolabs/imager:v1.13.2 ghcr.io/siderolabs/talos:v1.13.2 ghcr.io/siderolabs/talosctl-all:v1.13.2 ghcr.io/siderolabs/overlays:v1.13.2 ghcr.io/siderolabs/extensions:v1.13.2 ``` ### [`v1.13.0`](https://github.com/siderolabs/talos/blob/HEAD/CHANGELOG.md#Talos-1140-alpha2-2026-06-26) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.9...v1.13.0) Welcome to the v1.14.0-alpha.2 release of Talos!\ *This is a pre-release of Talos* Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### DNS over TLS (DoT) and DNS over HTTPS (DoH) Support Talos now supports DNS over TLS (DoT) and DNS over HTTPS (DoH) for secure DNS resolution. These features allow Talos to encrypt DNS queries and responses, enhancing privacy and security for DNS traffic. The DNS protocol can be configured on a per-name server basis in the `ResolverConfig` document, allowing for flexible configuration of DNS resolution. ##### noexec on EPHEMERAL (/var) The EPHEMERAL volume (`/var`) is now mounted with `noexec` in addition to the existing `nosuid` and `nodev`, blocking binary execution from `/var`. Workloads that exec binaries placed under `/var` will break. For example, Longhorn v1's `instance-manager` exec's engine binaries the `engine-image` DaemonSet drops under `/var/lib/longhorn/engine-binaries/`, which now fails with `permission denied`. Affected users can opt out via a `VolumeConfig` document: ```yaml apiVersion: v1alpha1 kind: VolumeConfig name: EPHEMERAL mount: secure: false ``` > NOTE: Setting `secure: false` will also disable `nosuid` and `nodev`, which may have security implications. Use with caution. Upgrade note: apply this `VolumeConfig` patch *before* upgrading, otherwise affected workloads will fail after the next reboot. Longhorn v2 (SPDK data engine) runs the data plane inside the instance manager process and is not affected. ##### Apply Configuration Modes The '--mode=reboot' option has been removed from the `talosctl apply-config` command; by default, configuration is applied without a reboot. Most configuration changes don't require a reboot; the documentation lists the changes that do. ##### Btrfs Support Talos now supports mounting and provisioning `btrfs` filesystem for user volumes and existing volumes. Support for `btrfs` is enabled by installing `btrfs` system extension. ##### Containerd NRI Talos no longer disables NRI (Node Resource Interface) for the CRI containerd instance by default, so NRI is available to use without any machine config patches. To bring back the old behavior of NRI disabled by default, use the following machine config patch: ```yaml machine: files: - content: | [plugins] [plugins."io.containerd.nri.v1.nri"] disable = true path: /etc/cri/conf.d/20-customization.part op: create ``` ##### Default Installer Image The default installer image has been updated to use the Image Factory. The `ghcr.io/siderolabs/installer` image is no longer published with releases; use the Image Factory installer image instead. ##### DHCP Search Domains DHCPv4 search domains are now applied to the resolver configuration. ##### Encryption Discards Volume encryption now supports an `allowDiscards` option (disabled by default) which passes TRIM/discard requests through to the underlying device when the encrypted volume is opened. This only enables passing discards through to the underlying device; Talos does not perform any fstrim/discard operation by itself. ##### etcd Talos is now compatible with etcd v3.6.x only (the default etcd version was 3.6.x since Talos v1.11). The default version is 3.7.0+ now. etcd now serves its HTTP-only endpoints (`/metrics`, `/health`, the gRPC-gateway JSON API) on a dedicated listener on port `2383`, while the client port `2379` serves gRPC only. This keeps gRPC off Go's `net/http` HTTP/2 server, avoiding watch-stream starvation under TLS (see [etcd-io/etcd#15402](https://github.com/etcd-io/etcd/issues/15402), [golang/go#58804](https://github.com/golang/go/issues/58804), [etcd-io/etcd#21605](https://github.com/etcd-io/etcd/issues/21605)). Upgrade note: etcd metrics and the HTTP health endpoint are no longer reachable on `2379`; scrape them on port `2383` instead (same client mTLS as before). etcd gRPC clients and the Talos health check are unaffected. Firewall might need to be adjusted to block the port `2383` if previously `2379` was blocked. If `--listen-metrics-urls` was customized, the metrics should not move. ##### Filesystem Trim Talos can now periodically trim (the equivalent of the `fstrim` command) mounted filesystems which support trimming, discarding unused blocks. This is useful for SSDs and thin-provisioned storage. Trimming is opt-in via a new `FilesystemTrimConfig` document which sets the global trim interval: ```yaml apiVersion: v1alpha1 kind: FilesystemTrimConfig interval: 168h0m0s # one week ``` The default machine configuration for Talos 1.14+ includes a `FilesystemTrimConfig` document with a default trim interval of one week, so trimming is enabled by default for eligible filesystems. For cluster which were upgraded from older versions, the `FilesystemTrimConfig` document will be missing, so trimming will be disabled by default until the document is added. When the document is present, Talos builds a stable schedule (hashed by node ID and volume ID, so trims are spread out across volumes and across nodes in a cluster) and trims eligible volumes (ready disk/partition volumes with a trim-capable filesystem; for encrypted volumes only when `allowDiscards` is set). The trim interval can be overridden or disabled per-volume via a `trim` block on the volume documents (`VolumeConfig`, `UserVolumeConfig`, `ExistingVolumeConfig`, `ExternalVolumeConfig`): ```yaml trim: enabled: true interval: 24h0m0s ``` ##### Flannel CNI Talos now configures Flannel with the `EnableNFTables` option enabled, which uses nftables native backend instead of `iptables-nft` compatibility layer. ##### Host DNS Configuration HostDNS configuration was moved from the v1alpha1 config `.machine.features.hostDNS` field to the new `hostDNS` in the `ResolverConfig` document. ##### HTTP Probe Support Talos now supports HTTP network probes, allowing for monitoring of HTTP endpoints. HTTP responses with status 200-399 are considered successful, while connection and transport errors are treated as failures. ##### Image Cache Configuration Talos now supports a new `ImageCacheConfig` document for configuring the Image Cache feature, replacing the old `machine.features.imageCache` field in the v1alpha1 config. Old configuration is still supported for backwards compatibility. ##### Kernel Multi-document Configuration Talos introduces new multi-document configuration for kernel parameters (sysctl and sysfs settings), replacing the old v1alpha1 config fields. The old configuration is still supported for backwards compatibility, but new deployments should use the new documents. If both old and new configuration sources are used, the new multi-document configuration takes precedence over the old v1alpha1 config on conflicting fields. List of changes: - Deprecated `.machine.sysctls` in the v1alpha1 config; use the `SysctlConfig` document for kernel sysctl configuration. - Deprecated `.machine.sysfs` in the v1alpha1 config; use the `SysfsConfig` document for sysfs configuration. ##### Kernel Module Status Talos now reports the status of both dynamically loaded, and built-in kernel modules. The `LoadedKernelModule` resource has been deprecated and superseded by the new `KernelModuleStatus` resource. ##### Kubernetes Multi-document Configuration Talos introduces new multi-document Kubernetes configuration, which allows for more flexible and modular configuration of Kubernetes components. Talos still supports the old v1alpha1 config for backwards compatibility, but new features and fields will only be available in the new multi-document format. Talos introduces support for configuring multiple discovery service endpoints. The `kube-proxy` is now using configuration to manage its settings instead of command line arguments (with new `KubeProxyConfig` document). List of changes: - Deprecated `.cluster.secretboxEncryptionSecret` in the v1alpha1 config; use the `KubeEtcdEncryptionConfig` document for full etcd encryption configuration. - Deprecated `.cluster.apiServer` in the v1alpha1 config; use the `KubeAPIServerConfig`, `KubeAdmissionControlConfig`, `KubeAuditPolicyConfig`, `KubeAuthenticationConfig` and `KubeAuthorizerConfig` documents for kube-apiserver configuration. - Deprecated `.cluster.controllerManager` in the v1alpha1 config; use the `KubeControllerManagerConfig` document for kube-controller-manager configuration. - Deprecated `.cluster.scheduler` in the v1alpha1 config; use the `KubeSchedulerConfig` document for kube-scheduler configuration. - Deprecated `.cluster.proxy` in the v1alpha1 config; use the `KubeProxyConfig` document for kube-proxy configuration. - Deprecated `.cluster.network` in the v1alpha1 config; use the `KubeNetworkConfig` document for Kubernetes network configuration; Flannel can be configured using the `KubeFlannelCNIConfig` document. - Deprecated `.cluster.discovery` in the v1alpha1 config; use the `DiscoveryServiceConfig` document for discovery service configuration. The v1alpha1 config and `DiscoveryServiceConfig` are mutually exclusive. ##### LVM Logical Volume Creation Logical volumes can now be declared with a new `LVMLogicalVolumeConfig` multi-doc config kind. Each document names a logical volume, its parent `volumeGroup`, a `type` (`linear`, `raid0`, `raid1` or `raid10`) and a `maxSize` (absolute, e.g. `50GiB`, or a percentage of the volume group, e.g. `80%`). RAID layouts accept optional `mirrors` (raid1/raid10, default 1) and `stripes` (raid0/raid10, default: all available physical volumes) fields. Once the volume group is assembled the logical volume is created via `lvcreate`. Raising `maxSize` grows an existing logical volume via `lvextend`; percentage-sized volumes also grow when their volume group is extended. Shrinking is never performed (it risks data loss) - a request to reduce the size surfaces an `LVMValidationError` instead. Removal stays an explicit operation via the LVMService LV remove RPC (`talosctl wipe lv`). ##### LVM Status Talos now provides detailed LVM status information, allowing for better monitoring and management of LVM volumes. New resources `LVMPhysicalVolumeStatus`, `LVMVolumeGroupStatus`, and `LVMLogicalVolumeStatus` expose PV, VG, and LV details. `DiscoveredVolume` resources for logical volumes are listed by their kernel name (e.g. `dm-0`). To resolve the `<vg>/<lv>` for a given device, use the `Disks` or `BlockSymlinks` resources, which carry the udev-managed symlinks (e.g. `/dev/disk/by-id/dm-name-<vg>-<lv>`). ##### LVM Volume Group Creation Talos can now create and grow LVM Volume Groups declaratively through a new `LVMVolumeGroupConfig` multi-doc config kind. Each document names a Volume Group and a CEL `volumeSelector` over the disk inventory; matched disks are initialised as Physical Volumes (`pvcreate`) and aggregated into the requested VG (`vgcreate`). Newly matched disks added to an existing VG are attached via `vgextend`. Reconciliation is strictly additive and safe-by-default. ##### LVM Wipe Talos now provides the ability to securely wipe LVM metadata from logical volumes, volume groups, and physical volumes. This feature allows for selective wiping of logical volumes, volume groups, and physical volumes. With `talosctl wipe lv/vg/pv <name>`, users can wipe LVM metadata from a specific logical volume, volume group, or physical volume. ##### NTS for Time Synchronization Talos now supports Network Time Security (NTS) for secure time synchronization. This feature enhances the security of NTP by providing cryptographic authentication of time sources. NTS is enabled by default (without any configuration sources) for the default `time.cloudflare.com` time server NTS can be enabled for custom time servers via the new `useNTS` field in the `TimeServerConfig` document. ##### ICMP send\_redirects Disabled by Default Talos now sets `net.ipv4.conf.all.send_redirects=0` and `net.ipv4.conf.default.send_redirects=0` by default, preventing the node from emitting ICMP redirect messages. This aligns with CIS Benchmark recommendations and does not affect normal Kubernetes pod or service traffic. Nodes that deliberately act as L3 gateways relying on ICMP redirects can override this via `machine.sysctls`. ##### Support Bundle Encryption The `talosctl support` command now encrypts support bundles using the age encryption tool, enhancing the security of support data. The default set of recipients includes the 'siderolabs' GitHub organization members, but it can be overridden with custom recipients. ##### TLS 1.3 Minimum Version Talos now runs etcd and kube-apiserver with a minimum TLS version of 1.3, improving security by leveraging the latest TLS features and cipher suites. Custom settings for cipher suites have been removed, as they are ignored when TLS 1.3 is used, which simplifies configuration and ensures the use of modern, secure defaults. ##### Component Updates Linux: 6.18.36 Kubernetes: 1.36.2 containerd: 2.3.2 etcd: 3.7.0-rc.0-0 Flannel: v0.28.5 runc: 1.5.0-rc.3 CoreDNS: 1.14.2 Talos is built with Go 1.26.4. ##### Contributors - Andrey Smirnov - Noel Georgi - Mateusz Urbanek - Maja Bojarska - Orzelius - Erwan Leboucher - Utku Ozdemir - Lukasz Raczylo - Mickaël Canévet - Dmitrii Sharshakov - Dmitriy Matrenichev - Oguz Kilcan - Rokoucha - buckaroo - immanuwell - Aleksei Sviridkin - Ansgar Dahlen - Artem Chernyshev - Benoît Knecht - Christian Korneck - David Orman - Dharsan Baskar - Edward Sammut Alessi - Filip Boye-Kofi - Fritz Schaal - Immanuel Tikhonov - Jaakko Sirén - Jonny - Justin Garrison - Kevin Tijssen - Konstantin Nesterov - Nico Berlee - Pranav Patil - YANG JOO WOONG - Zadkiel AHARONIAN - appkins - kastakhov ##### Changes <details><summary>331 commits</summary> <p> - [`917820cb3`](https://github.com/siderolabs/talos/commit/917820cb3ebe74e58bde1f78b74e1ae55ba111bf) chore: sync pkgs/tools - [`b34be14e9`](https://github.com/siderolabs/talos/commit/b34be14e90f81f3bccb539d589185e757a02e55a) fix: cli.md codeblock generation - [`25abcc6b5`](https://github.com/siderolabs/talos/commit/25abcc6b5973e9485af996c0d866ff28ca126b65) docs: update kubespanconfig to match discoveryserviceconfig - [`742589f50`](https://github.com/siderolabs/talos/commit/742589f50ef7ea0ef9b0fc69d0ee80dc24369933) feat: support multiple discovery service configs - [`fc3f27d79`](https://github.com/siderolabs/talos/commit/fc3f27d796cc33ea3dce9e0ed202fbb007b2922b) chore: enrich the SBOM with Go module licenses - [`47d5c3351`](https://github.com/siderolabs/talos/commit/47d5c33514b05454ec67c488e3b2f0997596dac8) fix: handle image cache being disabled - [`1a965aec3`](https://github.com/siderolabs/talos/commit/1a965aec37ea9e9551237255e11a0a33667f1876) test: disable LongHorn ublk test and add more cores - [`6d03b3f61`](https://github.com/siderolabs/talos/commit/6d03b3f611de4ca06a6ee0587b91f8957e1e867f) fix: align documented image cache partition label - [`6447d854f`](https://github.com/siderolabs/talos/commit/6447d854f20de6ee712f541f84cdbac9c2b33b85) fix(talosctl): use aio threads on darwin - [`f856d1808`](https://github.com/siderolabs/talos/commit/f856d18084a6bfb119aaccc6af36b2b80e2f5b7c) fix: image verification with referrers - [`11a7fbe4c`](https://github.com/siderolabs/talos/commit/11a7fbe4c6cba823f69205ed9ccfc36b7ab027bb) feat: extract kube-apiserver config into multi-doc configs - [`337654d2b`](https://github.com/siderolabs/talos/commit/337654d2b8f0468507b40f53d03beb9a799a8c43) test: fix rook-ceph tests - [`e33a86825`](https://github.com/siderolabs/talos/commit/e33a868254098659ce069d73570fb69ff4f148c6) feat: add AMD XGBE driver to initramfs - [`bd2d6242a`](https://github.com/siderolabs/talos/commit/bd2d6242a3b0b5c51e6a56a0accc9137bcb7372e) fix: revert coredns to 1.14.2 - [`7c4e644f8`](https://github.com/siderolabs/talos/commit/7c4e644f810678e91a00656c124e886e38b0f12c) feat: update Linux to 6.18.36 - [`6e23a5c2f`](https://github.com/siderolabs/talos/commit/6e23a5c2f6d915bf9ddb8e23c0738119cccc8001) chore: refactor bare opentree\_clone into a mount helper - [`dfbd30959`](https://github.com/siderolabs/talos/commit/dfbd30959bb51d92f15cf4d4d43942591b9829f5) fix(talosctl): prevent appending type 11 smbios values on restart - [`5926dd70d`](https://github.com/siderolabs/talos/commit/5926dd70d3df61ced4be38db604248d2dd4d53d6) test: support running integration test against remote provisioner - [`f146c6a18`](https://github.com/siderolabs/talos/commit/f146c6a18334ea35cc5640f47e9756aaadadb153) feat: refactor /etc mounts - [`ebe364117`](https://github.com/siderolabs/talos/commit/ebe364117cb32a227d9f995c59e75aea20a9e75a) chore: bump containerd to 2.3.2 - [`bc30c61a1`](https://github.com/siderolabs/talos/commit/bc30c61a14a785ee979d163c28a531247231845c) chore: bump deps (go, k8s, docker) - [`00d739d0a`](https://github.com/siderolabs/talos/commit/00d739d0a92a334b3b619d161e68adedf09bb7d1) test: skip fstrim default schedule on cloud tests - [`d9c6edf01`](https://github.com/siderolabs/talos/commit/d9c6edf01e2072971610f5eecf5601092649289f) fix: bump number of open files for etcd - [`990c5395c`](https://github.com/siderolabs/talos/commit/990c5395c6fb6272ff4b5361f09d354f047c534a) chore: update tools and pkgs 2026-06-17 - [`325be7cd8`](https://github.com/siderolabs/talos/commit/325be7cd821128cc3e0b32ecf6244ee1b41ec20a) refactor: config generate uses multi-doc sysctlconfig - [`d6930633b`](https://github.com/siderolabs/talos/commit/d6930633bfe02ec11cc47544f9d1ac9632d96b8c) fix: clean up and overhaul mount ops - [`a0219404d`](https://github.com/siderolabs/talos/commit/a0219404d0f95af50c35804ee0375e66cdf44979) fix: cgroups cleanup - [`58d8b71c4`](https://github.com/siderolabs/talos/commit/58d8b71c420f97aeb259aa04e2c776fcbbeaf261) fix: stop the log persistence and close all files on shutdown - [`4b32ebc17`](https://github.com/siderolabs/talos/commit/4b32ebc17e4e37f8bd0547a496bc7a86f7b60bad) refactor: simplify trustd/apid rootfs setup - [`dc98e3553`](https://github.com/siderolabs/talos/commit/dc98e3553d513aadb1588a0df605fb28de4e3f8e) feat: implement filesystem trim support - [`897bef633`](https://github.com/siderolabs/talos/commit/897bef633ec9a1e0e9e292ab68a9dbf5704f9ac9) feat: introduce KubeProxyConfig multi-doc - [`ebde543cf`](https://github.com/siderolabs/talos/commit/ebde543cf32a46c6a5f520aea52f7bdea8deb1d1) feat: introduce BootID resource - [`cd178b9f3`](https://github.com/siderolabs/talos/commit/cd178b9f34bdcdf6d2a0a6d59de1c97e8523c9a5) fix: ensure consistent manifest apply order - [`19fac6151`](https://github.com/siderolabs/talos/commit/19fac61511744a2b50342c512c06a6917787ebfc) feat: remote provisioner - [`b6412e031`](https://github.com/siderolabs/talos/commit/b6412e031b6d8ac7d88addf79d1967fceb35c45b) fix: drop one more reference to removed 'nodes' - [`be7f7a7db`](https://github.com/siderolabs/talos/commit/be7f7a7db50caf095fecebd62e881f6b96a4a9de) feat: add human-readable size fields to LVM resources - [`d4e0ca1ba`](https://github.com/siderolabs/talos/commit/d4e0ca1ba94c48b7d6bd9de686c78a7fed7c6d39) fix: make LVM reconciliation robust and idempotent - [`0dbc1e529`](https://github.com/siderolabs/talos/commit/0dbc1e529536f90727663184d8870a7e37b283e7) chore(ci): fix flaky test - [`b687a47ab`](https://github.com/siderolabs/talos/commit/b687a47ab9ab58e43b4e045c0851b19e04f92680) feat: implement an option to allow discards on encrypted volumes - [`3fc981c57`](https://github.com/siderolabs/talos/commit/3fc981c570205e3a71df32ad1a607c9730beaf1c) fix: improve security of scheduler/controller-manager - [`5d4af9f33`](https://github.com/siderolabs/talos/commit/5d4af9f337a241a012dc324884ce6b9acdf461da) fix: gracefully stop node containers before removal - [`c1593d8a3`](https://github.com/siderolabs/talos/commit/c1593d8a303ea95ab9733d5dc75779b3a18c7959) fix: honor FailurePauseTimeout when pausing before reboot - [`506dc1323`](https://github.com/siderolabs/talos/commit/506dc132344d2d966ac2f6e31ea4b9e55c4d9107) feat: add imager flag to set the SecureBoot key enrollment mode - [`5d4ba702e`](https://github.com/siderolabs/talos/commit/5d4ba702e8acd2ad8ec4948de899047d2a193d5b) refactor: generate pod definitions in k8stemplates - [`995bc30d5`](https://github.com/siderolabs/talos/commit/995bc30d5df5beadd28e37a04959f315942d2182) feat: drop apply config method reboot - [`18f6cb4d0`](https://github.com/siderolabs/talos/commit/18f6cb4d008b6a39493611e819d1915fde369b09) fix: increment time epoch on wall-clock jump when time sync is disabled - [`755a8c8eb`](https://github.com/siderolabs/talos/commit/755a8c8eb5b8bd1eb935339288af1c4d5e621077) feat: update etcd to 3.7.0-rc.0 - [`a0c76fad1`](https://github.com/siderolabs/talos/commit/a0c76fad133234243956c3411ee386cea2416d07) feat(talosctl): implement cluster logs - [`db052165c`](https://github.com/siderolabs/talos/commit/db052165c4cee767036668c490108d11e0eb1558) feat(talosctl): support rebooting cluster nodes - [`0a04f463a`](https://github.com/siderolabs/talos/commit/0a04f463a1d3f19729e2ba0b1884017411df3783) feat(talosctl): use gateway dns for cluster - [`cf3eb1cad`](https://github.com/siderolabs/talos/commit/cf3eb1cad1eeae4b90e010bca5bfa87c6fe334ed) chore(talosctl): disable kexec for cluster create on arm64 - [`180182b0f`](https://github.com/siderolabs/talos/commit/180182b0f50bcdb8b50d36112c308693b146bc70) fix: correct the link alias condition - [`ac9014f05`](https://github.com/siderolabs/talos/commit/ac9014f051716adda826ee5a319ba83415fa87b3) fix: introduce pull attempt stall detection for image pull - [`f2286d616`](https://github.com/siderolabs/talos/commit/f2286d616e86ce19c59a29a32e8334914cee9d3a) fix: move Flannel netpol patch to the controlplane - [`9986c0b16`](https://github.com/siderolabs/talos/commit/9986c0b16a984974bdcd421d95bd533cc3c63fad) feat: bump kernel to 6.18.35 - [`e8845fba6`](https://github.com/siderolabs/talos/commit/e8845fba6b7e4a6342def670387ad498eee97810) fix: route ProxyURL test via reachable endpoint - [`44acedf30`](https://github.com/siderolabs/talos/commit/44acedf3093a3e19b92f561a699ecc65f5cd5c96) feat: add declarative LVM logical volume provisioning - [`f6058a11b`](https://github.com/siderolabs/talos/commit/f6058a11bc1b5fb359d512cc1601ff7f43feec96) feat: grab support bundle via client factory - [`cdd719773`](https://github.com/siderolabs/talos/commit/cdd719773f5bd225689c6fa3e13eecfd82261325) feat: add CPUCores resource - [`8e41eb1bd`](https://github.com/siderolabs/talos/commit/8e41eb1bd6f6970c9f7dc41bead1f7cd2d554a39) feat: verify go.mod tidiness in generate target - [`b19e2ea42`](https://github.com/siderolabs/talos/commit/b19e2ea42dffdcf9a32b44fbd6d5369ed6a123ae) feat: add kube-apiserver probes - [`a321a1dcc`](https://github.com/siderolabs/talos/commit/a321a1dccc449c586a6787f2c09cc79c3b26d3b9) feat: support proxy-url in talosconfig context - [`bb2ac7546`](https://github.com/siderolabs/talos/commit/bb2ac7546cd5e93e88c305b2a0c4237227f2250f) feat: parse schematic info out of extension status - [`0c02a5a07`](https://github.com/siderolabs/talos/commit/0c02a5a074115acd0d1899af5c973a4a5b743436) fix: align flannel MTU with kubespan to avoid permanent fragmentation - [`3d5fd822c`](https://github.com/siderolabs/talos/commit/3d5fd822c57e6e87d574c59a1f0198c56a3cfe3c) feat: expose disk firmware and BIOS version - [`30115981c`](https://github.com/siderolabs/talos/commit/30115981c4ce815437feeff6c43a18f6c308cca1) fix: relax LUKS header validation - [`5923199fb`](https://github.com/siderolabs/talos/commit/5923199fba6107113541700c5485117aef6976d7) refactor: use ClientFactory for the action tracker - [`72c0ced3c`](https://github.com/siderolabs/talos/commit/72c0ced3ca15ac1a5ca98d4af7560c84191af191) refactor: deprecate sysfs and sysctl in machineconfig - [`ee74a41fb`](https://github.com/siderolabs/talos/commit/ee74a41fbb6d31b1fb44b0293943a8d1082ef610) fix: handle cluster-scoped resources with a namespace correctly - [`9df5a647a`](https://github.com/siderolabs/talos/commit/9df5a647af72be48dd431eb5d506dfa0dc70b2fc) feat: allow to disable access time for EPHEMERAL partition - [`9b667dbde`](https://github.com/siderolabs/talos/commit/9b667dbdeeddac1318166c4f59fa60da427d1847) chore: fix lint error in test - [`311378386`](https://github.com/siderolabs/talos/commit/31137838691f03aad157339734d10d8275e75c09) test: increase resource inmem buffer to stabilize the tests - [`6f85ce3d2`](https://github.com/siderolabs/talos/commit/6f85ce3d2bb0cd8884e84da83d464d578298524f) docs: hack/release.toml explains kernelmodulestatus - [`9bb0a5d01`](https://github.com/siderolabs/talos/commit/9bb0a5d01a02460689e92f8a27dac511fbb55104) fix(talosctl): add scrolling to dashboard footer node list - [`4c029c2d6`](https://github.com/siderolabs/talos/commit/4c029c2d64c6523625a0533418e5e446d33b1ec6) fix: machine configuration schemas - [`c3052e845`](https://github.com/siderolabs/talos/commit/c3052e845e0e1c001386dc89511a0d2ed99fafa7) feat: move CNI config out of v1alpha1 config - [`1d2f1208c`](https://github.com/siderolabs/talos/commit/1d2f1208c02f879ee13e1674305cca7e823f088b) feat: add declarative LVM volume group provisioning - [`85f1d428f`](https://github.com/siderolabs/talos/commit/85f1d428f19e362b3bb2b10d1dfec7b4d1685695) chore: refactor tests to use debug api - [`c901d47a5`](https://github.com/siderolabs/talos/commit/c901d47a57b742abd6520308f0605b9c4be3cd9e) refactor: talosctl streaming commands and more fixes - [`166854959`](https://github.com/siderolabs/talos/commit/1668549593350110884c5c0a40219ea654359edc) fix: mark more resources as sensitive - [`58adf2e00`](https://github.com/siderolabs/talos/commit/58adf2e00de7c55dd098c318d487ab5fec52d278) fix: classify installer and imager exits - [`9549930ff`](https://github.com/siderolabs/talos/commit/9549930ff7cadb58215721c160b9fa3993ae2f1f) feat: update Flannel to v0.28.5 - [`27362d18e`](https://github.com/siderolabs/talos/commit/27362d18ee6637484e0d69458257b6e76fd7470c) refactor: replace the callback strategy for most commands - [`cb42d9d9a`](https://github.com/siderolabs/talos/commit/cb42d9d9a8856a3607b4968f2d8d171dc244a9e6) feat: implement support bundle encryption - [`9ae260b55`](https://github.com/siderolabs/talos/commit/9ae260b555074a79b06984a7e63d723733b98407) feat: enable NRI by default - [`d1d5847b0`](https://github.com/siderolabs/talos/commit/d1d5847b0eb59e5fbf48a575db291aab9a4ca8ad) fix: flaky test - [`0f2331586`](https://github.com/siderolabs/talos/commit/0f23315866b45d7506f6084e8d970883720480a7) feat: support external secureboot and pcr signers - [`b349d919d`](https://github.com/siderolabs/talos/commit/b349d919db6b7b5aa327f60b7fc7cf5ede64d578) feat: enforce strict QoS ordering in OOM victim selection - [`76d9b49bd`](https://github.com/siderolabs/talos/commit/76d9b49bd16e57942dbd5a156839a6543da41778) fix(ci): aws nvidia tests - [`3131826cd`](https://github.com/siderolabs/talos/commit/3131826cded77002b18fd30f59b081b40ec8b55f) fix: provide NTS sync with bad initial clock state - [`89e307e58`](https://github.com/siderolabs/talos/commit/89e307e5847befce2894a295c9479d8101078b6c) fix: etcd client leak in the (legacy) Upgrade API - [`476c4d050`](https://github.com/siderolabs/talos/commit/476c4d0500d3c2f7753cb1f583f369256c3148e2) fix: recreate dns server and listeners on host DNS runner restart - [`9a283d9b1`](https://github.com/siderolabs/talos/commit/9a283d9b190f9a1042246bc4830e75dae5826ce8) feat: bump Go to 1.26.4 - [`4759dc246`](https://github.com/siderolabs/talos/commit/4759dc24699dc03690511f7648412d0c9e70877f) chore: bump dependencies - [`26a25a073`](https://github.com/siderolabs/talos/commit/26a25a0736c3575b0acd1661d5f67bf3ee72c0f2) chore(ci): drop homebrew workflow - [`fa8a55192`](https://github.com/siderolabs/talos/commit/fa8a551928783ceb9efbb771837004474f64fa68) feat: update etcd to v3.6.12 - [`41fcab476`](https://github.com/siderolabs/talos/commit/41fcab476b06ce1d150c14d8a41a05727b064a25) feat: update kernel to 6.18.34 - [`8ba00612b`](https://github.com/siderolabs/talos/commit/8ba00612bea4303d28cd36ef97715a840238d9d5) feat: update dependencies - [`6e2dec1ea`](https://github.com/siderolabs/talos/commit/6e2dec1eaf5ed62bea7e1563295bb590754e6546) refactor: update talosctl commands to stop using WithNodes - [`f9ad63a35`](https://github.com/siderolabs/talos/commit/f9ad63a35a40cfb0bd3bc15a0368b50334fa5f11) feat: add custom logging convention linter - [`30dbce03f`](https://github.com/siderolabs/talos/commit/30dbce03f359cdf3718659eb335b4b23eb95b450) chore: make oci images reproducible - [`38244fd5b`](https://github.com/siderolabs/talos/commit/38244fd5b5aadd3e474f78b6a1c2c371b6ada766) feat: add sbom builder - [`5177c50e2`](https://github.com/siderolabs/talos/commit/5177c50e2ea586d09c328190a65802571210b987) refactor: deprecate loadedkernelmodule - [`c2eef3645`](https://github.com/siderolabs/talos/commit/c2eef3645a91bd76c69379b61a34470c927c37cc) fix: health request server-side - [`d6eff8eff`](https://github.com/siderolabs/talos/commit/d6eff8eff42f2c324c9e08ef9da3edf8db17a515) refactor: drop multi-nodes proxying for the dashboard - [`2e547a964`](https://github.com/siderolabs/talos/commit/2e547a964b20f91bf06fce4a5a35b8c5ef56a6e3) refactor: deprecate multi-node proxying - [`ddcc519e1`](https://github.com/siderolabs/talos/commit/ddcc519e12e487123e19594c6ed0c7a406c0539c) fix: add --fail to image-signer curl download - [`e5b0b1dde`](https://github.com/siderolabs/talos/commit/e5b0b1dded16b01d56e44182163652d2a66d1cee) fix: normalize log fields - [`d8e95c396`](https://github.com/siderolabs/talos/commit/d8e95c3965b8690fd4e3d575d77dedec550328fd) fix: drop installer from bundle - [`7aad9ec81`](https://github.com/siderolabs/talos/commit/7aad9ec81bc1a2f8ae6e4917173637b465613b30) feat: update pkgs, tools, Go dependencies - [`b50ee396f`](https://github.com/siderolabs/talos/commit/b50ee396f6c6acdd97b79d92f149a25efa38aa22) fix: fix trace fix to also lookup release branches - [`027c93d25`](https://github.com/siderolabs/talos/commit/027c93d254debaa8d7f62936cf05ff3c4ed9872c) release(v1.14.0-alpha.1): prepare release - [`4eb862d09`](https://github.com/siderolabs/talos/commit/4eb862d09082e5bf187ccc3df10f33e02644cf48) feat: add LVMService for VG/LV/PV removal - [`b88f16a52`](https://github.com/siderolabs/talos/commit/b88f16a529ff69a1b77ac3f6c14d90922399912e) fix: use POSIX shell idioms for error propagation - [`5290eb374`](https://github.com/siderolabs/talos/commit/5290eb3742f1258669b5c608e3e43dcddd85c7c5) fix: suppress ICMP redirects by default - [`7b4aba2e5`](https://github.com/siderolabs/talos/commit/7b4aba2e578f66e5282a1e20fab3dcf4043ba316) fix: marshal kube-scheduler config correctly with int types - [`894be9bf5`](https://github.com/siderolabs/talos/commit/894be9bf5f9f3e4f365d43956e92c155355815ef) fix: touch rootfs files with SOURCE\_DATE\_EPOCH - [`cde82224e`](https://github.com/siderolabs/talos/commit/cde82224e06af4fcc763a182a263fb68ba801536) fix: ignore cgroups with zero rank in OOM handler - [`bc0372411`](https://github.com/siderolabs/talos/commit/bc03724111dff9e8c22edee4cf4e3ba1b7640317) fix: bring in a change to BCM2712\_MIP - [`f572c33f1`](https://github.com/siderolabs/talos/commit/f572c33f1c8b56f8b0b55fc74477689b8e354794) chore: fail on makefile error - [`e317d4b47`](https://github.com/siderolabs/talos/commit/e317d4b47239695f87a67e9b9484bb9aa4812fe7) fix: drop modprobe path and enforce usermode helper - [`89e53f610`](https://github.com/siderolabs/talos/commit/89e53f6102ea74f37b144be80ac6be185e5cff62) fix(machined): make built-in mod state always 'permanent' - [`cfbec9bd5`](https://github.com/siderolabs/talos/commit/cfbec9bd584da34d33201c1404e7291166b3fc2b) test: skip UEFI vars wipe if TPM is enabled - [`1e31deda3`](https://github.com/siderolabs/talos/commit/1e31deda39dfc38118b176bed276788103268895) fix: create parent directories when extracting tar archives - [`14dc188bd`](https://github.com/siderolabs/talos/commit/14dc188bd68a54761bb44c58af87d1ba48707037) chore: verify go-containerregistry preserves symlinks - [`951922dfb`](https://github.com/siderolabs/talos/commit/951922dfbc8fb72e87f26d09c95d6bf958efef07) fix: guard apply config API call - [`3e173adf4`](https://github.com/siderolabs/talos/commit/3e173adf418950166a720501b32a37f8a3c92ac2) feat: move kube-controller-manager config to multi-doc - [`b5cda3438`](https://github.com/siderolabs/talos/commit/b5cda3438c8ab2d9b2506087287a1fb2df87f8fb) fix: reset QEMU UEFI variable store when disk is wiped - [`4a17ac6ac`](https://github.com/siderolabs/talos/commit/4a17ac6ac09373a92cb8690c6fe2364c4852fe1c) chore: script for tracking fixes made in upstream toolchain/tools/pkgs - [`d71edeead`](https://github.com/siderolabs/talos/commit/d71edeead9d9c38018e69524cf5e2d764109a57e) feat: add LVM status resource definitions - [`4aeba1cde`](https://github.com/siderolabs/talos/commit/4aeba1cde061e45ef523033ecae575f2475b0fce) fix: perform backwards-compatible kernel args cleanup - [`9b7b2bf36`](https://github.com/siderolabs/talos/commit/9b7b2bf36a9790da34a7b8121c69d4df698c78cb) feat: implement support for btrfs user volumes - [`03ee8ee3a`](https://github.com/siderolabs/talos/commit/03ee8ee3a3d7c40a0c060770ca8e20f9de3dd2a4) feat(machined): support instance tags on Akamai - [`d19f9ade0`](https://github.com/siderolabs/talos/commit/d19f9ade01226d6092815a4545987a1e147f8ae4) fix: memorymodules resource reporting - [`a6edcf6f3`](https://github.com/siderolabs/talos/commit/a6edcf6f33a44c8ce443805fd97477f3b7e41344) chore: move out adv library - [`40e66eac7`](https://github.com/siderolabs/talos/commit/40e66eac7d6ef925f937de024b8d4fa9efdda231) fix: bump Go golang.org/x modules - [`e23ca4a0a`](https://github.com/siderolabs/talos/commit/e23ca4a0abfa2aaf97e1ad3e89488e6f399a45e1) chore(ci): add upgrade tests for trustedboot - [`e3003c0ec`](https://github.com/siderolabs/talos/commit/e3003c0ec7ec4961ee16cc053afc236314cecbad) chore: bump tpm nonce size to match the algorithm used - [`8fd04da1f`](https://github.com/siderolabs/talos/commit/8fd04da1f75a61ef04ced0131a2effc1ae747211) feat: add bnxt\_re module to the rootfs - [`1cfab00f1`](https://github.com/siderolabs/talos/commit/1cfab00f14ad29b957f61b266f0d82c8d8d72114) fix: update etcd experimental args - [`ad96fc6ae`](https://github.com/siderolabs/talos/commit/ad96fc6ae7a1be3aaff9ce89d7ee4e7ae8329085) fix: relax hostname config validation - [`efd735334`](https://github.com/siderolabs/talos/commit/efd73533490e678a40fa7a9b89e0510e2b829653) chore(ci): add missing labels, move release metadata check to job - [`9ec045059`](https://github.com/siderolabs/talos/commit/9ec04505954cde51be41d6fff8f0ceace0d84a39) feat: update containerd to 2.3.1 - [`42f4144a1`](https://github.com/siderolabs/talos/commit/42f4144a175c5bc1bccdbbcf82696e15af378d55) feat: introduce new KubeSchedulerConfig - [`f2b7f39db`](https://github.com/siderolabs/talos/commit/f2b7f39dbfa816599d330b256de4dc5c20a97853) refactor: move Args type out of config/v1alpha1 - [`b959dcb3e`](https://github.com/siderolabs/talos/commit/b959dcb3eb1b7243e7fb4618e3d9bef19657dd0e) fix: bump Kubernetes to 1.36.1 in one more place - [`8ecc77f1a`](https://github.com/siderolabs/talos/commit/8ecc77f1a8ad9fdd619f7c427277e876146f3b80) feat: update default Kubernetes version to 1.36.1 - [`cbd9c3745`](https://github.com/siderolabs/talos/commit/cbd9c374591f1967c98bb5a2194832bcb3f98ccb) chore: rekres to secure slack workflows - [`6a92fc653`](https://github.com/siderolabs/talos/commit/6a92fc6535f6dfb3df00d00556c3108817b27368) test: update Canal version used in the tests - [`be12d3d08`](https://github.com/siderolabs/talos/commit/be12d3d081d7f10aff8b305b2f7685b4aad8451e) feat: support 4k sector size disk images - [`a7e8f4c28`](https://github.com/siderolabs/talos/commit/a7e8f4c282d461840d04d6a045465aab7da3765c) chore(ci): fix cloud image upload job name - [`4319399f6`](https://github.com/siderolabs/talos/commit/4319399f62c144aa9b66d9defe803d9d81771dcd) feat: introduce more modular Linux kernel - [`ed5df89f6`](https://github.com/siderolabs/talos/commit/ed5df89f6ec161b80e0a9a522db3fce6d5b94a04) feat(ci): rotate credentials - [`a6a984ff7`](https://github.com/siderolabs/talos/commit/a6a984ff733dbd5b91568aed62a5c67348b6e047) chore(ci): fix the job conditions - [`ecb7d4588`](https://github.com/siderolabs/talos/commit/ecb7d45883bc1de46c4adbe37dcf556c59e78a25) feat: enable Flannel nftables mode - [`9919ff781`](https://github.com/siderolabs/talos/commit/9919ff781326a01dd1776d4cfaa2834f701c3e05) feat: update Linux to 6.18.32 - [`1a7d136e4`](https://github.com/siderolabs/talos/commit/1a7d136e41a327957c7e6e75010ff7d191acbca6) feat: add Azure Secure Boot imager profile - [`df68e7391`](https://github.com/siderolabs/talos/commit/df68e73912da0d57ecebe340d1bf70ecaa3e47c9) feat: implement kernel module status resource - [`e98ee99d4`](https://github.com/siderolabs/talos/commit/e98ee99d42491bca8ac15eafd7b03fc2bb2c7a6b) fix: streamline config validation flow - [`d7f0a2fd4`](https://github.com/siderolabs/talos/commit/d7f0a2fd49efae514f4e7315201cd57be54ac8ae) feat: update Linux to 6.18.31 - [`2b66e25a5`](https://github.com/siderolabs/talos/commit/2b66e25a50de71bcd3bb5c4d8b059de0e08ffb9b) chore: update image signer - [`5aa1795f9`](https://github.com/siderolabs/talos/commit/5aa1795f973daed1c87382d6a08e048345b504f4) chore: drop e2e step dependencies - [`d42b3b396`](https://github.com/siderolabs/talos/commit/d42b3b396fb14036720cda44f9b2044e98c62f06) feat: update Linux to 6.18.30 - [`c3f6f3507`](https://github.com/siderolabs/talos/commit/c3f6f3507816c8dd81daa8baa2e3900ec78140c9) feat: implement static host resolving via host DNS - [`2f06a68ef`](https://github.com/siderolabs/talos/commit/2f06a68efa525b917c9626be2e7adeb5186aff60) refactor: split host DNS handler - [`e99c5be5a`](https://github.com/siderolabs/talos/commit/e99c5be5adf24c56a5fb482356d679e914a467f7) feat: implement DNS over HTTP(S) - [`cf6065238`](https://github.com/siderolabs/talos/commit/cf606523846a63066d193be7e6669c0fb2d3ce23) chore: stop publishing installer to ghcr - [`0edabd29c`](https://github.com/siderolabs/talos/commit/0edabd29c42cf01025f5c0e49e32440bb7a768ef) fix: restore some shared (and some lower tier slave) mount propagation - [`f1578dc63`](https://github.com/siderolabs/talos/commit/f1578dc634f23d797e7d0c491bc516eada9f8171) fix: image verification issue with registry.k8s.io - [`46b1f8a24`](https://github.com/siderolabs/talos/commit/46b1f8a24f92b449084b6897d2f299c762e9e9dc) fix: rework how scheduler config is marshaled - [`820a9fa59`](https://github.com/siderolabs/talos/commit/820a9fa59f7a8096fce77f7f7ac1c9dc0215331f) chore: fix typos in comments - [`649a384a9`](https://github.com/siderolabs/talos/commit/649a384a961c64c036dcc0b82ecbc102b951d2e2) feat: move more kernel stuff to modules - [`4f3ab2012`](https://github.com/siderolabs/talos/commit/4f3ab2012bdefd9191c2f1772cdc8afd607381db) chore(ci): try fixing homebrew action - [`600c0ab5d`](https://github.com/siderolabs/talos/commit/600c0ab5d8fefeb197c35c2ac1ad6f01e7e7ef67) feat(ci): validate that extensions PKGS and TOOLS sync with talos - [`76080416b`](https://github.com/siderolabs/talos/commit/76080416beee6460375c0d0db3cab76cc493ad3e) feat: redact more machine config secrets and audit redactors - [`aabf63957`](https://github.com/siderolabs/talos/commit/aabf63957d70b2a3a53def32b4bcf6ef35885ea8) docs: drop controlplane endpoint examples - [`b48a2bef4`](https://github.com/siderolabs/talos/commit/b48a2bef4d4df861ffd035a1cd80f2a40e0a4486) test: relax kernel-default routing rule assertion - [`d2208b034`](https://github.com/siderolabs/talos/commit/d2208b0348ca9a9e0054a61807fdb0551d6ccd56) refactor(talosctl): propagate command context throughout, handle interrupts - [`0760b5c28`](https://github.com/siderolabs/talos/commit/0760b5c28b998b0d939f6ff3de1158dbb55cbbcb) fix: normalize source name for syft consistency - [`c49ac0ec2`](https://github.com/siderolabs/talos/commit/c49ac0ec2f2774b601c79978787d90a2effa0adb) docs: document release policy - [`ec7e6ef9f`](https://github.com/siderolabs/talos/commit/ec7e6ef9f461b3fde20a8534e10123d515558658) feat: bump in-toto indirect dependency - [`21858a674`](https://github.com/siderolabs/talos/commit/21858a6745adfa356c81d6e78d92c20396c12d0b) feat: update kernel to 6.18.29 - [`5a49dc61d`](https://github.com/siderolabs/talos/commit/5a49dc61dbebbe91f3bb00bb043351ffabf3c6c2) feat: migrate Image Cache config to multi-doc - [`574298ec1`](https://github.com/siderolabs/talos/commit/574298ec11a9aaeb3375733cc539c308bbdc4984) fix: handle empty GCP operation errors - [`366b10b79`](https://github.com/siderolabs/talos/commit/366b10b7990bf01a4bbec7bf543f198842fa4df6) feat: dockerfile improvements - [`9a1d9d0af`](https://github.com/siderolabs/talos/commit/9a1d9d0afd8b726f952f7d96af229381bd407b6b) feat: bump go 1.26.3 - [`6eec1c229`](https://github.com/siderolabs/talos/commit/6eec1c2293d7ca86c73d2fcac05e9e73befadc26) feat: support DNS over TLS for upstream resolvers - [`dee139aef`](https://github.com/siderolabs/talos/commit/dee139aef05edfb1b4f23c24336102c1ee2a76e8) feat: revert update CoreDNS to 1.14.3 - [`087bc4c18`](https://github.com/siderolabs/talos/commit/087bc4c188e2096e1536202ffff07771235dacce) chore: lint packages under tools - [`9e7516fae`](https://github.com/siderolabs/talos/commit/9e7516faee8c08195ffb85fa0874dc11992c9d82) fix: clarify documentation for image verification pattern - [`41c8e9dc4`](https://github.com/siderolabs/talos/commit/41c8e9dc496bde6ee67c39368858844dc35c5bb7) feat: bump dependencies - [`2b6c06ef5`](https://github.com/siderolabs/talos/commit/2b6c06ef51fdd3c7ffcbf621eacbb37d798e5228) feat: update CoreDNS to 1.14.3 - [`6b6f7978b`](https://github.com/siderolabs/talos/commit/6b6f7978be5b555a7124903f26bcb5b669b02e90) feat: update containerd to 2.3.0 - [`f9c4f90da`](https://github.com/siderolabs/talos/commit/f9c4f90da7cde25f84fff99b94844cb82fc23e95) feat(ci): longhorn v2 ublk tests - [`84d169c62`](https://github.com/siderolabs/talos/commit/84d169c62a69c9a35f9dc7a4dd0851e503b7d539) fix: make dnsd retry listening - [`689974bd5`](https://github.com/siderolabs/talos/commit/689974bd55ca28ccdd519f11dee0c3b8bc727601) fix: volume mount permissions - [`ff0f66bdf`](https://github.com/siderolabs/talos/commit/ff0f66bdfa57a583398808b3dda23da4f900098b) fix: skip reserved routing rule priorities - [`850e2c754`](https://github.com/siderolabs/talos/commit/850e2c754ce3c81549a8e390031a8c3ef6da61d7) feat: drop fakeroot, use go helper - [`0c1bd701a`](https://github.com/siderolabs/talos/commit/0c1bd701a028e7e858224e0fa91492dda699f985) feat: add golangci-lint fmt target - [`53bd66956`](https://github.com/siderolabs/talos/commit/53bd669562401409a03365c591586179f5b4c442) feat: support conditional start of IPv6 dns servers - [`b31d93e0d`](https://github.com/siderolabs/talos/commit/b31d93e0d0e61d93fe18a77d80658d1a0aba42c3) feat: auto-enroll SecureBoot keys for disk images - [`849a68006`](https://github.com/siderolabs/talos/commit/849a68006399dd677e4fb5152ef13c87578ba652) test: update pkgs to test new extensions - [`c30a6dfcb`](https://github.com/siderolabs/talos/commit/c30a6dfcb1780860bed3ebed0cf9ee1d3af0d8ab) fix: preserve DHCP DNS servers - [`5b81b20d3`](https://github.com/siderolabs/talos/commit/5b81b20d3cf2751b52ec0621aa74b627d6e11c49) feat: apply DHCP search domains - [`4e5ff8fa2`](https://github.com/siderolabs/talos/commit/4e5ff8fa2191af92d5e8f3833dd279a01ed78d30) fix(ci): zfs test - [`14abe5140`](https://github.com/siderolabs/talos/commit/14abe514006e4a30eb59a92742c92ca685962826) fix: handle gateways which are not on-link routes in dhcp4 - [`e1f759af8`](https://github.com/siderolabs/talos/commit/e1f759af80c7a51f4649cb64700286dc822f2d7a) chore: fix lint issues automatically - [`664c5f643`](https://github.com/siderolabs/talos/commit/664c5f6432168e54e0f7a4723502df3705e1ce0a) chore: update tools - [`c64df2b61`](https://github.com/siderolabs/talos/commit/c64df2b61971304b21f8333a993098ea0c3d15b7) fix: add missing kernel modules in rootfs - [`f73c24594`](https://github.com/siderolabs/talos/commit/f73c24594132364fb39c68b901b1f70b57e72674) feat: run depmod with verification on rootfs build - [`1371596d7`](https://github.com/siderolabs/talos/commit/1371596d750b431776cdcb4fd68916d4e9b710bb) fix: provide proper AWS platform metadata - [`4f11f021d`](https://github.com/siderolabs/talos/commit/4f11f021de71015d5a7e1c39e38d1da21456a448) feat: implement etcd encryption config (kube-apiserver) - [`876f83643`](https://github.com/siderolabs/talos/commit/876f8364302f7ab5fa9638fd297cd3fbfb3863ab) feat: add support for HTTP Probes - [`9b776d598`](https://github.com/siderolabs/talos/commit/9b776d59819c98539fcc7649de464e70af27f606) feat: update etcd to 3.6.11 - [`631a1bc5e`](https://github.com/siderolabs/talos/commit/631a1bc5e1230b14ddc018e7f5116b2d0ebe8821) fix: bring in hardened kernel - [`a349dac03`](https://github.com/siderolabs/talos/commit/a349dac03688971cc2322d2e64647efcf949a191) fix: stale discovered volume children - [`13ce01879`](https://github.com/siderolabs/talos/commit/13ce0187959297bfaa7ba80080c5e472fe1bd0c3) fix: re-enable kexec on arm64 - [`32539d4ac`](https://github.com/siderolabs/talos/commit/32539d4ac4b4a62803dd840f84183da9597653ad) fix: deadlock in the makefs ext4 with populated source - [`0f3e1966a`](https://github.com/siderolabs/talos/commit/0f3e1966af51cf815cf05f7a8c9b9e0e175b25fe) fix: panic in Kubernetes manifest sync - [`3bae01ac1`](https://github.com/siderolabs/talos/commit/3bae01ac11cd64265f0aaaa9e2e7f83e39bd7d73) fix: do not pick up a system disk from a loop device - [`dedb7a96c`](https://github.com/siderolabs/talos/commit/dedb7a96c16b8d90dd4dfa7e3b5a622952da246d) fix(talosctl): protect k8sNames map writes with mutex - [`cc2be213a`](https://github.com/siderolabs/talos/commit/cc2be213a81a63f8f01534263924f152f5f083d5) fix: drop explicit platform matcher - [`1dffebaf2`](https://github.com/siderolabs/talos/commit/1dffebaf2abbb9628cc09b29ec0881738c3756cd) fix: mount throws EPERM on virtiofs with SELinux - [`48a481c29`](https://github.com/siderolabs/talos/commit/48a481c29fdabb82727acc6de9a4b7cb58156982) fix: replace Canal manifest with a more recent one - [`6a445406e`](https://github.com/siderolabs/talos/commit/6a445406e0df4e33044cc429fabd92b658d05743) fix: make lacp active nilable - [`0d1d95c7d`](https://github.com/siderolabs/talos/commit/0d1d95c7dac0b60f65b213ecaa5ab7c662147687) fix: bump go-kmsg to fix the timestamp drift - [`bd344fd53`](https://github.com/siderolabs/talos/commit/bd344fd53ff5b74c7a9379bec00b33e5eb62879b) fix: reset the ticker when the KubeSpan is disabled/enabled - [`462015bcd`](https://github.com/siderolabs/talos/commit/462015bcd9c196e458d318f0c1de3202aceed467) release(v1.14.0-alpha.0): prepare release - [`8a037a56e`](https://github.com/siderolabs/talos/commit/8a037a56ed501b99757ca29f718c6ad7dfa2f223) test: fix flaky tests - [`08c81d838`](https://github.com/siderolabs/talos/commit/08c81d8380b80090183df51f3a8b02ed5339adb4) feat: bump kernel to 6.18.25 - [`fe40b6e58`](https://github.com/siderolabs/talos/commit/fe40b6e588c38628e5cd9298dcaa56d2f2590827) fix(ci): fetch empty pr labels - [`837a9ed07`](https://github.com/siderolabs/talos/commit/837a9ed077156ad00a1d31e731cf396c466bf6f6) feat: move host DNS config into ResolverConfig - [`96a8ecd1e`](https://github.com/siderolabs/talos/commit/96a8ecd1eed06f3d04fea853a8673699130dded8) feat: default to factory installer image - [`f19eef78b`](https://github.com/siderolabs/talos/commit/f19eef78b9cc01c107f86a6eddf24da0d288d124) fix: revert add extraArgs from service-account-issuer - [`6821225b6`](https://github.com/siderolabs/talos/commit/6821225b64ddd48e5cc0d16ab80204d539110f78) fix: revert use append instead of prepend in service-account-issuer - [`b43c3a124`](https://github.com/siderolabs/talos/commit/b43c3a124f6c6d1523c1feaddc9c4a23454eeb56) feat: add quirk for talosctl factory downloads - [`df0b9a8da`](https://github.com/siderolabs/talos/commit/df0b9a8da1423842d830261e5ddc5dc8f5a234c1) refactor: make all controller unit-test follow modern patterns - [`c2948cef2`](https://github.com/siderolabs/talos/commit/c2948cef232f6a175312636369b444124cb995db) feat: support auth for Image Factory in cluster create - [`560bcf0ca`](https://github.com/siderolabs/talos/commit/560bcf0cae764015520b1d1efbef2a0bb4fe88b7) feat: enforce TLS 1.3 minmum version for Kubernetes components - [`3db14309e`](https://github.com/siderolabs/talos/commit/3db14309e058cacc2ab8664944fc18f80a3bb747) fix(talosctl): ensure uncordon runs after reboot/upgrade errors - [`ecf2fa855`](https://github.com/siderolabs/talos/commit/ecf2fa855b8eb19731b228990a3acbe1430ccad4) feat: update Kubernetes to v1.36.0 - [`71557eadd`](https://github.com/siderolabs/talos/commit/71557eadda51ba62fcc10d4ed859c390a93c565d) fix(ci): skip misc jobs not on pull request - [`026313b7c`](https://github.com/siderolabs/talos/commit/026313b7cc103a2dc7efdee1dfbad32c8050daf6) docs: rename security-insights.yml to lowercase for LFX detection - [`dc4ffd490`](https://github.com/siderolabs/talos/commit/dc4ffd490d878621b929af1ba1aca1d32e2530de) fix(ci): fix jobs not interpolating matrix due to condition - [`25e2f37e2`](https://github.com/siderolabs/talos/commit/25e2f37e2b1c3b6bdc5ee04ffa86e6fe34cf582a) chore: generate comments for fields in resource proto - [`149592fa5`](https://github.com/siderolabs/talos/commit/149592fa59d20c5aa29e4c0af9a3760585f378ce) fix: watch kubelet's kubeconfig and time out for cache sync - [`1f315e6e9`](https://github.com/siderolabs/talos/commit/1f315e6e903ec81e2989eb02404522a8b3c2dab7) feat: update Linux to 6.18.23 - [`0198eedc2`](https://github.com/siderolabs/talos/commit/0198eedc2b39477a62a2d6e6450934ff29bce8b3) feat: add NTS (Network Time Security) support for NTP time sync - [`6830a8b97`](https://github.com/siderolabs/talos/commit/6830a8b97df4a08f27516869363e13a53121b2e4) fix(ci): matrix jobs cleanups - [`71aeb347f`](https://github.com/siderolabs/talos/commit/71aeb347f90969cb6057651666bfda205269d917) test: fix OOM test flake - [`9b9542cc5`](https://github.com/siderolabs/talos/commit/9b9542cc55ee6d08f3490d270c1b497c7b9d3049) test: fix a flake in the manifest sync test - [`863d882b6`](https://github.com/siderolabs/talos/commit/863d882b6cbd50abcc4fc8717e5921c92a1f0f0b) test: add image verification for factory.talos.dev - [`bba0b4aee`](https://github.com/siderolabs/talos/commit/bba0b4aeefd7ec0daf7cc048e48c66d8b614f576) chore(ci): nvidia update helm values - [`3399ff4de`](https://github.com/siderolabs/talos/commit/3399ff4de05b4fafb8511d6399e919436f1178da) fix: propagate route table down to the resource - [`c684ec60e`](https://github.com/siderolabs/talos/commit/c684ec60ea5035e84517dac05a16eabf04f06a33) chore: prepare for Talos 1.14 release - [`ed9545d0d`](https://github.com/siderolabs/talos/commit/ed9545d0db55cdff8ad7f7755398913780a7540e) chore(ci): bump gpu operator version - [`4de3e4393`](https://github.com/siderolabs/talos/commit/4de3e4393e6ee968a7ef315c1a0f9fe4d86f449c) fix(ci): cron triggered workflows - [`212182e6f`](https://github.com/siderolabs/talos/commit/212182e6f655f61e8917059868fc381728e4a959) chore: bump container registry library - [`c028db0b8`](https://github.com/siderolabs/talos/commit/c028db0b8d25e85a4b580e10252d964785320291) fix: do not flip machine stage to rebooting during shutdown - [`6ce62d9e8`](https://github.com/siderolabs/talos/commit/6ce62d9e8eea41a37e90fec5551ac06d26ef8b28) fix(ci): workflow runs with `workflow_run` - [`509cd9733`](https://github.com/siderolabs/talos/commit/509cd9733926a6994843fb58ccdf38e5cd63a382) fix: boot entry detection - [`5e3f30188`](https://github.com/siderolabs/talos/commit/5e3f301887546bfc83b9819bbc3ae05fe92f3471) feat(ci): rework to schedule daily runs after a cron - [`7fa4d3919`](https://github.com/siderolabs/talos/commit/7fa4d39197e1a9e54ba8a259c111f2cb8047ef9c) fix: zfs extensions test - [`1ef8e630a`](https://github.com/siderolabs/talos/commit/1ef8e630ab77b3c849e7da6d1ff83e7c6795f070) test: allow more tests to run in FIPS strict mode - [`bdcc9321b`](https://github.com/siderolabs/talos/commit/bdcc9321b637da77f1007a571193c2e03c984b8b) fix: reduce memory dashboard usage - [`2d177af82`](https://github.com/siderolabs/talos/commit/2d177af82b96cefdc7aebb62d593d0ffcba1a418) chore: update Syft to v1.42.4+patches - [`0d8362119`](https://github.com/siderolabs/talos/commit/0d8362119e4415182caa9349e0ddfb27ea290d90) fix: return failed precondition on upgrade when not installed - [`be58eafab`](https://github.com/siderolabs/talos/commit/be58eafaba98bb7b1bcd20ac1ed8f8b03734c7e0) fix: wrong slot of encryption key was logged - [`015081c76`](https://github.com/siderolabs/talos/commit/015081c768ec85c3fb3b74ea22dd0b981db7c96a) feat: update dependencies - [`9fbb7c95d`](https://github.com/siderolabs/talos/commit/9fbb7c95df2b1dcd68fafa23865412bbd8300f4b) fix: audit trustd code for security - [`986e97fc7`](https://github.com/siderolabs/talos/commit/986e97fc757824bc998d81933e60108250316e5e) feat: update Flannel to 0.28.4 - [`f3817d1d1`](https://github.com/siderolabs/talos/commit/f3817d1d1c90bb2f2c19c209af154dc1a93eb507) chore: update sign images to support image name suffix - [`e776721f3`](https://github.com/siderolabs/talos/commit/e776721f33b1fedff1dff310298035b3d603e676) feat: update Kubernetes 1.36.0-rc.1 - [`f6e7346fa`](https://github.com/siderolabs/talos/commit/f6e7346fa725a703ac4281854150d7a3be12c8d1) fix: encode extra args fields in resources with new id - [`3c7bb80ba`](https://github.com/siderolabs/talos/commit/3c7bb80bab0323d72a1727256ccf339d2c79804c) chore: bump tools - [`3ba35c9b9`](https://github.com/siderolabs/talos/commit/3ba35c9b9fca9c54e596d5c6df61d515a4a39555) chore(ci): nvidia try UKI boot - [`e3e8f01ca`](https://github.com/siderolabs/talos/commit/e3e8f01ca66ee74898ebba5dadf4f199775d278e) chore: bump tools - [`181584a5f`](https://github.com/siderolabs/talos/commit/181584a5f1850f2bfb2a837c0d05bd9e30ee48b5) fix: handle boot failure - [`c464c7e88`](https://github.com/siderolabs/talos/commit/c464c7e88a3f058cb2bbc36af1910d69d903cd07) fix: upgrade API in maintenance mode (legacy) - [`b7512d912`](https://github.com/siderolabs/talos/commit/b7512d9125b623d2bb92e3a8b5839e85e1309a39) feat: update Kubernetes to 1.36.0-rc.0 - [`4ba11156f`](https://github.com/siderolabs/talos/commit/4ba11156fd164a0d94538508f5c028f249deed50) refactor: allow overriding out image name suffix - [`c81aa125c`](https://github.com/siderolabs/talos/commit/c81aa125c85d3886c5b9bb4d7f77ec2def104f21) fix: panic in reading PCR values - [`6a3ab87c5`](https://github.com/siderolabs/talos/commit/6a3ab87c54f83f70869a2e298e6ed7722cf4afad) feat(ci): add nvidia arm64 matrix - [`21f459aab`](https://github.com/siderolabs/talos/commit/21f459aab5d8ac2841aa69a9237ca3faa06da7df) fix(talosctl): always use default GRPC dial options - [`ca208e514`](https://github.com/siderolabs/talos/commit/ca208e51492c4584f9a4cea4d0762c2199f703e7) fix: validate hostDNS forwarding requires hostDNS to be enabled - [`9fcb9e05b`](https://github.com/siderolabs/talos/commit/9fcb9e05b668ba2fbc7df776ab32e57b1c15e221) feat: bump go to 1.26.2 - [`0bfdf7f70`](https://github.com/siderolabs/talos/commit/0bfdf7f7035fefe804ec4b568709cd6a09195293) fix: create correct blackhole routes for IPv4 - [`52b920032`](https://github.com/siderolabs/talos/commit/52b920032e97e1b241c1e0bd89c6e41cbc1c9a47) feat: add client-side Kubernetes node drain to reboot and upgrade commands - [`968ec1e0c`](https://github.com/siderolabs/talos/commit/968ec1e0ca26eb1f0de0836e0a55df09dea7dafe) refactor: propagate NAME properly, allow to set on build - [`acc69c346`](https://github.com/siderolabs/talos/commit/acc69c346f8816324b632fd33a5d0cb3f4b73509) fix: set the minimum TLS version to 1.3 - [`0cfa6e302`](https://github.com/siderolabs/talos/commit/0cfa6e3024100e34692a0b10e9dacb762c16a626) chore: bump some tool dependencies - [`4229bb9d2`](https://github.com/siderolabs/talos/commit/4229bb9d2ed263c309d0b0082f6e21d2f002c925) feat: add dis-vulncheck tool - [`d697f5538`](https://github.com/siderolabs/talos/commit/d697f5538a7a624a1ac7bafdfebc67dd9418c434) fix: don't set xattrs while decompressing extensions - [`34fb2cbe5`](https://github.com/siderolabs/talos/commit/34fb2cbe5148a9f60fd888551ba6eceb84b550cf) refactor: remove manual shell completion and replace with cobra completion - [`79fa2e300`](https://github.com/siderolabs/talos/commit/79fa2e3001082cf21be92c52b3da4e844313184d) feat: allow more nvidia and nvme files from extensions - [`414f78a29`](https://github.com/siderolabs/talos/commit/414f78a298fc1a196fe310b17b89d3aadc15e1b4) feat: allow glibc ld files in etc - [`1bbba4301`](https://github.com/siderolabs/talos/commit/1bbba4301495e256f2686a6b0d44663d3fdad2c4) feat: update Flannel to v0.28.2 - [`55815e0fa`](https://github.com/siderolabs/talos/commit/55815e0fa545de42997b89beaa7bf15ef9aa36f3) fix: handle ISOs with zeroes in volume labels - [`7b6ab0c1c`](https://github.com/siderolabs/talos/commit/7b6ab0c1c3cec7b6260e27dd5b6e72faa1975ab0) feat: add flag to force fallback to legacy upgrade - [`5e24d5265`](https://github.com/siderolabs/talos/commit/5e24d5265bde9adee92c02e675140de87ee126bf) feat: add resource view to talosctl dashboard - [`649ab7fe4`](https://github.com/siderolabs/talos/commit/649ab7fe4234de1a947071926603377e00910cb9) fix: add os:meta:writer role to the dashboard - [`10cdfa909`](https://github.com/siderolabs/talos/commit/10cdfa9099a3e40ca8182ecb69d836c06ca621e3) fix: drop talosctl install - [`087ced85f`](https://github.com/siderolabs/talos/commit/087ced85f5130656cbc647c2e4d838cab3ff1737) fix: unseal with "slow" TPM - [`11ab0a8c5`](https://github.com/siderolabs/talos/commit/11ab0a8c5aec1537542bddb851a9f71e92888e3b) fix: drop unused type from ExternalVolume schema - [`e2df0f6ce`](https://github.com/siderolabs/talos/commit/e2df0f6ce8c47b0dc3e93bf257afb8a1ae9243fb) fix: always grow disks - [`919d8c365`](https://github.com/siderolabs/talos/commit/919d8c36552a46ed326c9cb01bb474cee21e8d0a) chore: drop debug shell - [`783a35851`](https://github.com/siderolabs/talos/commit/783a35851ed1bac4ddd0f1fed583fc1b6477614d) fix: add metal-agent mode to runtime capabilities - [`37b2221cc`](https://github.com/siderolabs/talos/commit/37b2221ccfff64f37461397712c8b08ea3736dc0) docs: add SECURITY-INSIGHTS.yml for OSPS Baseline QA-04.01 - [`bed2bd414`](https://github.com/siderolabs/talos/commit/bed2bd414ea57866b5b31cb09f562fc7161ca74a) feat: add graceful power off support to QEMU VM launcher - [`3400059cc`](https://github.com/siderolabs/talos/commit/3400059ccf4811140a4326397d972f68693c708c) fix: incorrect route source for on-link routes - [`b3dfbf743`](https://github.com/siderolabs/talos/commit/b3dfbf743e6c2fd44020911ee1e0eea3a7676579) feat: bump musl to 1.2.6 - [`4227921b3`](https://github.com/siderolabs/talos/commit/4227921b3979d3a8542946fed4ceb622747adb00) test: fix the PKI mismatch test flake - [`f2bc2dcc6`](https://github.com/siderolabs/talos/commit/f2bc2dcc6e0391dbd4aa19e8366d657b2056790f) feat: update NVIDIA production drivers to 595.58.03 - [`aa5946dd3`](https://github.com/siderolabs/talos/commit/aa5946dd385a2b99d572f9318e4eeeeee441b51b) test: fix cron failures for provision-1 & provision-2 - [`1dd701efa`](https://github.com/siderolabs/talos/commit/1dd701efa8119b6515a62ff68c430c99a96f2b68) fix: allow blockdevice wipe in maintenance mode - [`786bf00ab`](https://github.com/siderolabs/talos/commit/786bf00abb309955616e440cd06fd0718b1b77ab) feat: add --platform=all support to image cache-create - [`e1f645e3c`](https://github.com/siderolabs/talos/commit/e1f645e3cbeee5306dc0075deb8942793eb80a81) feat: validate luks headers for tampering - [`ad72c7300`](https://github.com/siderolabs/talos/commit/ad72c73006abc3b51e5371496c61d8637b2222f0) test: improve maintenance API provision tests - [`70cefab6a`](https://github.com/siderolabs/talos/commit/70cefab6af3dacdc80921b55ca8dbf5644501c6c) test: fix the flakes in tests with trusted roots - [`aacff17f4`](https://github.com/siderolabs/talos/commit/aacff17f4c8890d6cada8efc6e715f69750f79cd) test: bump memory for Flannel netpolicy tests - [`9c3459114`](https://github.com/siderolabs/talos/commit/9c34591144f1e2fc759fdc6d56694541eb9f241a) feat: update Linux to 6.18.19, CNI to 1.9.1 - [`038cb8735`](https://github.com/siderolabs/talos/commit/038cb87354eea1c1ff4612bdd13d1e77e595955a) feat: enforce PID check on connections to services over file sockets - [`e2b2dd3ea`](https://github.com/siderolabs/talos/commit/e2b2dd3ea7eed8bc139cd0bd812253baee0dd95c) chore: update go-kubernetes library - [`9597714f6`](https://github.com/siderolabs/talos/commit/9597714f625ac07bf74de32a24c3e6dad5abdc91) fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin - [`8ac47d677`](https://github.com/siderolabs/talos/commit/8ac47d677703624ec6568294d94dcad7e533e6c4) fix: unset rlimits for extension services - [`b1a02f368`](https://github.com/siderolabs/talos/commit/b1a02f3681c7e361ee6a3ef3d230b47480b48408) feat: update Kubernetes to 1.36.0-beta.0 - [`362fdc9ec`](https://github.com/siderolabs/talos/commit/362fdc9ece81e805a5a6a4e0303bdf78a6b2c35d) feat: update etcd to 3.6.9 - [`0a47f40b3`](https://github.com/siderolabs/talos/commit/0a47f40b3cdf304a079c6b3fa964e9f82e91ec63) fix(machined): clear stale bond ARP/NS targets on decode - [`86344639f`](https://github.com/siderolabs/talos/commit/86344639fcb76d9430ac1e975c98db4488701e43) fix: update diff library to v1.0.1 - [`eff89d1ed`](https://github.com/siderolabs/talos/commit/eff89d1ed46e5f3c709305a8cb134dabae925420) fix: panics in diff algorithms - [`8e1c8a7a9`](https://github.com/siderolabs/talos/commit/8e1c8a7a90fb039fd8a639a1218c169bc683d141) test: fix the apid test against AWS/GCP </p> </details> ##### Changes since v1.14.0-alpha.1 <details><summary>111 commits</summary> <p> - [`917820cb3`](https://github.com/siderolabs/talos/commit/917820cb3ebe74e58bde1f78b74e1ae55ba111bf) chore: sync pkgs/tools - [`b34be14e9`](https://github.com/siderolabs/talos/commit/b34be14e90f81f3bccb539d589185e757a02e55a) fix: cli.md codeblock generation - [`25abcc6b5`](https://github.com/siderolabs/talos/commit/25abcc6b5973e9485af996c0d866ff28ca126b65) docs: update kubespanconfig to match discoveryserviceconfig - [`742589f50`](https://github.com/siderolabs/talos/commit/742589f50ef7ea0ef9b0fc69d0ee80dc24369933) feat: support multiple discovery service configs - [`fc3f27d79`](https://github.com/siderolabs/talos/commit/fc3f27d796cc33ea3dce9e0ed202fbb007b2922b) chore: enrich the SBOM with Go module licenses - [`47d5c3351`](https://github.com/siderolabs/talos/commit/47d5c33514b05454ec67c488e3b2f0997596dac8) fix: handle image cache being disabled - [`1a965aec3`](https://github.com/siderolabs/talos/commit/1a965aec37ea9e9551237255e11a0a33667f1876) test: disable LongHorn ublk test and add more cores - [`6d03b3f61`](https://github.com/siderolabs/talos/commit/6d03b3f611de4ca06a6ee0587b91f8957e1e867f) fix: align documented image cache partition label - [`6447d854f`](https://github.com/siderolabs/talos/commit/6447d854f20de6ee712f541f84cdbac9c2b33b85) fix(talosctl): use aio threads on darwin - [`f856d1808`](https://github.com/siderolabs/talos/commit/f856d18084a6bfb119aaccc6af36b2b80e2f5b7c) fix: image verification with referrers - [`11a7fbe4c`](https://github.com/siderolabs/talos/commit/11a7fbe4c6cba823f69205ed9ccfc36b7ab027bb) feat: extract kube-apiserver config into multi-doc configs - [`337654d2b`](https://github.com/siderolabs/talos/commit/337654d2b8f0468507b40f53d03beb9a799a8c43) test: fix rook-ceph tests - [`e33a86825`](https://github.com/siderolabs/talos/commit/e33a868254098659ce069d73570fb69ff4f148c6) feat: add AMD XGBE driver to initramfs - [`bd2d6242a`](https://github.com/siderolabs/talos/commit/bd2d6242a3b0b5c51e6a56a0accc9137bcb7372e) fix: revert coredns to 1.14.2 - [`7c4e644f8`](https://github.com/siderolabs/talos/commit/7c4e644f810678e91a00656c124e886e38b0f12c) feat: update Linux to 6.18.36 - [`6e23a5c2f`](https://github.com/siderolabs/talos/commit/6e23a5c2f6d915bf9ddb8e23c0738119cccc8001) chore: refactor bare opentree\_clone into a mount helper - [`dfbd30959`](https://github.com/siderolabs/talos/commit/dfbd30959bb51d92f15cf4d4d43942591b9829f5) fix(talosctl): prevent appending type 11 smbios values on restart - [`5926dd70d`](https://github.com/siderolabs/talos/commit/5926dd70d3df61ced4be38db604248d2dd4d53d6) test: support running integration test against remote provisioner - [`f146c6a18`](https://github.com/siderolabs/talos/commit/f146c6a18334ea35cc5640f47e9756aaadadb153) feat: refactor /etc mounts - [`ebe364117`](https://github.com/siderolabs/talos/commit/ebe364117cb32a227d9f995c59e75aea20a9e75a) chore: bump containerd to 2.3.2 - [`bc30c61a1`](https://github.com/siderolabs/talos/commit/bc30c61a14a785ee979d163c28a531247231845c) chore: bump deps (go, k8s, docker) - [`00d739d0a`](https://github.com/siderolabs/talos/commit/00d739d0a92a334b3b619d161e68adedf09bb7d1) test: skip fstrim default schedule on cloud tests - [`d9c6edf01`](https://github.com/siderolabs/talos/commit/d9c6edf01e2072971610f5eecf5601092649289f) fix: bump number of open files for etcd - [`990c5395c`](https://github.com/siderolabs/talos/commit/990c5395c6fb6272ff4b5361f09d354f047c534a) chore: update tools and pkgs 2026-06-17 - [`325be7cd8`](https://github.com/siderolabs/talos/commit/325be7cd821128cc3e0b32ecf6244ee1b41ec20a) refactor: config generate uses multi-doc sysctlconfig - [`d6930633b`](https://github.com/siderolabs/talos/commit/d6930633bfe02ec11cc47544f9d1ac9632d96b8c) fix: clean up and overhaul mount ops - [`a0219404d`](https://github.com/siderolabs/talos/commit/a0219404d0f95af50c35804ee0375e66cdf44979) fix: cgroups cleanup - [`58d8b71c4`](https://github.com/siderolabs/talos/commit/58d8b71c420f97aeb259aa04e2c776fcbbeaf261) fix: stop the log persistence and close all files on shutdown - [`4b32ebc17`](https://github.com/siderolabs/talos/commit/4b32ebc17e4e37f8bd0547a496bc7a86f7b60bad) refactor: simplify trustd/apid rootfs setup - [`dc98e3553`](https://github.com/siderolabs/talos/commit/dc98e3553d513aadb1588a0df605fb28de4e3f8e) feat: implement filesystem trim support - [`897bef633`](https://github.com/siderolabs/talos/commit/897bef633ec9a1e0e9e292ab68a9dbf5704f9ac9) feat: introduce KubeProxyConfig multi-doc - [`ebde543cf`](https://github.com/siderolabs/talos/commit/ebde543cf32a46c6a5f520aea52f7bdea8deb1d1) feat: introduce BootID resource - [`cd178b9f3`](https://github.com/siderolabs/talos/commit/cd178b9f34bdcdf6d2a0a6d59de1c97e8523c9a5) fix: ensure consistent manifest apply order - [`19fac6151`](https://github.com/siderolabs/talos/commit/19fac61511744a2b50342c512c06a6917787ebfc) feat: remote provisioner - [`b6412e031`](https://github.com/siderolabs/talos/commit/b6412e031b6d8ac7d88addf79d1967fceb35c45b) fix: drop one more reference to removed 'nodes' - [`be7f7a7db`](https://github.com/siderolabs/talos/commit/be7f7a7db50caf095fecebd62e881f6b96a4a9de) feat: add human-readable size fields to LVM resources - [`d4e0ca1ba`](https://github.com/siderolabs/talos/commit/d4e0ca1ba94c48b7d6bd9de686c78a7fed7c6d39) fix: make LVM reconciliation robust and idempotent - [`0dbc1e529`](https://github.com/siderolabs/talos/commit/0dbc1e529536f90727663184d8870a7e37b283e7) chore(ci): fix flaky test - [`b687a47ab`](https://github.com/siderolabs/talos/commit/b687a47ab9ab58e43b4e045c0851b19e04f92680) feat: implement an option to allow discards on encrypted volumes - [`3fc981c57`](https://github.com/siderolabs/talos/commit/3fc981c570205e3a71df32ad1a607c9730beaf1c) fix: improve security of scheduler/controller-manager - [`5d4af9f33`](https://github.com/siderolabs/talos/commit/5d4af9f337a241a012dc324884ce6b9acdf461da) fix: gracefully stop node containers before removal - [`c1593d8a3`](https://github.com/siderolabs/talos/commit/c1593d8a303ea95ab9733d5dc75779b3a18c7959) fix: honor FailurePauseTimeout when pausing before reboot - [`506dc1323`](https://github.com/siderolabs/talos/commit/506dc132344d2d966ac2f6e31ea4b9e55c4d9107) feat: add imager flag to set the SecureBoot key enrollment mode - [`5d4ba702e`](https://github.com/siderolabs/talos/commit/5d4ba702e8acd2ad8ec4948de899047d2a193d5b) refactor: generate pod definitions in k8stemplates - [`995bc30d5`](https://github.com/siderolabs/talos/commit/995bc30d5df5beadd28e37a04959f315942d2182) feat: drop apply config method reboot - [`18f6cb4d0`](https://github.com/siderolabs/talos/commit/18f6cb4d008b6a39493611e819d1915fde369b09) fix: increment time epoch on wall-clock jump when time sync is disabled - [`755a8c8eb`](https://github.com/siderolabs/talos/commit/755a8c8eb5b8bd1eb935339288af1c4d5e621077) feat: update etcd to 3.7.0-rc.0 - [`a0c76fad1`](https://github.com/siderolabs/talos/commit/a0c76fad133234243956c3411ee386cea2416d07) feat(talosctl): implement cluster logs - [`db052165c`](https://github.com/siderolabs/talos/commit/db052165c4cee767036668c490108d11e0eb1558) feat(talosctl): support rebooting cluster nodes - [`0a04f463a`](https://github.com/siderolabs/talos/commit/0a04f463a1d3f19729e2ba0b1884017411df3783) feat(talosctl): use gateway dns for cluster - [`cf3eb1cad`](https://github.com/siderolabs/talos/commit/cf3eb1cad1eeae4b90e010bca5bfa87c6fe334ed) chore(talosctl): disable kexec for cluster create on arm64 - [`180182b0f`](https://github.com/siderolabs/talos/commit/180182b0f50bcdb8b50d36112c308693b146bc70) fix: correct the link alias condition - [`ac9014f05`](https://github.com/siderolabs/talos/commit/ac9014f051716adda826ee5a319ba83415fa87b3) fix: introduce pull attempt stall detection for image pull - [`f2286d616`](https://github.com/siderolabs/talos/commit/f2286d616e86ce19c59a29a32e8334914cee9d3a) fix: move Flannel netpol patch to the controlplane - [`9986c0b16`](https://github.com/siderolabs/talos/commit/9986c0b16a984974bdcd421d95bd533cc3c63fad) feat: bump kernel to 6.18.35 - [`e8845fba6`](https://github.com/siderolabs/talos/commit/e8845fba6b7e4a6342def670387ad498eee97810) fix: route ProxyURL test via reachable endpoint - [`44acedf30`](https://github.com/siderolabs/talos/commit/44acedf3093a3e19b92f561a699ecc65f5cd5c96) feat: add declarative LVM logical volume provisioning - [`f6058a11b`](https://github.com/siderolabs/talos/commit/f6058a11bc1b5fb359d512cc1601ff7f43feec96) feat: grab support bundle via client factory - [`cdd719773`](https://github.com/siderolabs/talos/commit/cdd719773f5bd225689c6fa3e13eecfd82261325) feat: add CPUCores resource - [`8e41eb1bd`](https://github.com/siderolabs/talos/commit/8e41eb1bd6f6970c9f7dc41bead1f7cd2d554a39) feat: verify go.mod tidiness in generate target - [`b19e2ea42`](https://github.com/siderolabs/talos/commit/b19e2ea42dffdcf9a32b44fbd6d5369ed6a123ae) feat: add kube-apiserver probes - [`a321a1dcc`](https://github.com/siderolabs/talos/commit/a321a1dccc449c586a6787f2c09cc79c3b26d3b9) feat: support proxy-url in talosconfig context - [`bb2ac7546`](https://github.com/siderolabs/talos/commit/bb2ac7546cd5e93e88c305b2a0c4237227f2250f) feat: parse schematic info out of extension status - [`0c02a5a07`](https://github.com/siderolabs/talos/commit/0c02a5a074115acd0d1899af5c973a4a5b743436) fix: align flannel MTU with kubespan to avoid permanent fragmentation - [`3d5fd822c`](https://github.com/siderolabs/talos/commit/3d5fd822c57e6e87d574c59a1f0198c56a3cfe3c) feat: expose disk firmware and BIOS version - [`30115981c`](https://github.com/siderolabs/talos/commit/30115981c4ce815437feeff6c43a18f6c308cca1) fix: relax LUKS header validation - [`5923199fb`](https://github.com/siderolabs/talos/commit/5923199fba6107113541700c5485117aef6976d7) refactor: use ClientFactory for the action tracker - [`72c0ced3c`](https://github.com/siderolabs/talos/commit/72c0ced3ca15ac1a5ca98d4af7560c84191af191) refactor: deprecate sysfs and sysctl in machineconfig - [`ee74a41fb`](https://github.com/siderolabs/talos/commit/ee74a41fbb6d31b1fb44b0293943a8d1082ef610) fix: handle cluster-scoped resources with a namespace correctly - [`9df5a647a`](https://github.com/siderolabs/talos/commit/9df5a647af72be48dd431eb5d506dfa0dc70b2fc) feat: allow to disable access time for EPHEMERAL partition - [`9b667dbde`](https://github.com/siderolabs/talos/commit/9b667dbdeeddac1318166c4f59fa60da427d1847) chore: fix lint error in test - [`311378386`](https://github.com/siderolabs/talos/commit/31137838691f03aad157339734d10d8275e75c09) test: increase resource inmem buffer to stabilize the tests - [`6f85ce3d2`](https://github.com/siderolabs/talos/commit/6f85ce3d2bb0cd8884e84da83d464d578298524f) docs: hack/release.toml explains kernelmodulestatus - [`9bb0a5d01`](https://github.com/siderolabs/talos/commit/9bb0a5d01a02460689e92f8a27dac511fbb55104) fix(talosctl): add scrolling to dashboard footer node list - [`4c029c2d6`](https://github.com/siderolabs/talos/commit/4c029c2d64c6523625a0533418e5e446d33b1ec6) fix: machine configuration schemas - [`c3052e845`](https://github.com/siderolabs/talos/commit/c3052e845e0e1c001386dc89511a0d2ed99fafa7) feat: move CNI config out of v1alpha1 config - [`1d2f1208c`](https://github.com/siderolabs/talos/commit/1d2f1208c02f879ee13e1674305cca7e823f088b) feat: add declarative LVM volume group provisioning - [`85f1d428f`](https://github.com/siderolabs/talos/commit/85f1d428f19e362b3bb2b10d1dfec7b4d1685695) chore: refactor tests to use debug api - [`c901d47a5`](https://github.com/siderolabs/talos/commit/c901d47a57b742abd6520308f0605b9c4be3cd9e) refactor: talosctl streaming commands and more fixes - [`166854959`](https://github.com/siderolabs/talos/commit/1668549593350110884c5c0a40219ea654359edc) fix: mark more resources as sensitive - [`58adf2e00`](https://github.com/siderolabs/talos/commit/58adf2e00de7c55dd098c318d487ab5fec52d278) fix: classify installer and imager exits - [`9549930ff`](https://github.com/siderolabs/talos/commit/9549930ff7cadb58215721c160b9fa3993ae2f1f) feat: update Flannel to v0.28.5 - [`27362d18e`](https://github.com/siderolabs/talos/commit/27362d18ee6637484e0d69458257b6e76fd7470c) refactor: replace the callback strategy for most commands - [`cb42d9d9a`](https://github.com/siderolabs/talos/commit/cb42d9d9a8856a3607b4968f2d8d171dc244a9e6) feat: implement support bundle encryption - [`9ae260b55`](https://github.com/siderolabs/talos/commit/9ae260b555074a79b06984a7e63d723733b98407) feat: enable NRI by default - [`d1d5847b0`](https://github.com/siderolabs/talos/commit/d1d5847b0eb59e5fbf48a575db291aab9a4ca8ad) fix: flaky test - [`0f2331586`](https://github.com/siderolabs/talos/commit/0f23315866b45d7506f6084e8d970883720480a7) feat: support external secureboot and pcr signers - [`b349d919d`](https://github.com/siderolabs/talos/commit/b349d919db6b7b5aa327f60b7fc7cf5ede64d578) feat: enforce strict QoS ordering in OOM victim selection - [`76d9b49bd`](https://github.com/siderolabs/talos/commit/76d9b49bd16e57942dbd5a156839a6543da41778) fix(ci): aws nvidia tests - [`3131826cd`](https://github.com/siderolabs/talos/commit/3131826cded77002b18fd30f59b081b40ec8b55f) fix: provide NTS sync with bad initial clock state - [`89e307e58`](https://github.com/siderolabs/talos/commit/89e307e5847befce2894a295c9479d8101078b6c) fix: etcd client leak in the (legacy) Upgrade API - [`476c4d050`](https://github.com/siderolabs/talos/commit/476c4d0500d3c2f7753cb1f583f369256c3148e2) fix: recreate dns server and listeners on host DNS runner restart - [`9a283d9b1`](https://github.com/siderolabs/talos/commit/9a283d9b190f9a1042246bc4830e75dae5826ce8) feat: bump Go to 1.26.4 - [`4759dc246`](https://github.com/siderolabs/talos/commit/4759dc24699dc03690511f7648412d0c9e70877f) chore: bump dependencies - [`26a25a073`](https://github.com/siderolabs/talos/commit/26a25a0736c3575b0acd1661d5f67bf3ee72c0f2) chore(ci): drop homebrew workflow - [`fa8a55192`](https://github.com/siderolabs/talos/commit/fa8a551928783ceb9efbb771837004474f64fa68) feat: update etcd to v3.6.12 - [`41fcab476`](https://github.com/siderolabs/talos/commit/41fcab476b06ce1d150c14d8a41a05727b064a25) feat: update kernel to 6.18.34 - [`8ba00612b`](https://github.com/siderolabs/talos/commit/8ba00612bea4303d28cd36ef97715a840238d9d5) feat: update dependencies - [`6e2dec1ea`](https://github.com/siderolabs/talos/commit/6e2dec1eaf5ed62bea7e1563295bb590754e6546) refactor: update talosctl commands to stop using WithNodes - [`f9ad63a35`](https://github.com/siderolabs/talos/commit/f9ad63a35a40cfb0bd3bc15a0368b50334fa5f11) feat: add custom logging convention linter - [`30dbce03f`](https://github.com/siderolabs/talos/commit/30dbce03f359cdf3718659eb335b4b23eb95b450) chore: make oci images reproducible - [`38244fd5b`](https://github.com/siderolabs/talos/commit/38244fd5b5aadd3e474f78b6a1c2c371b6ada766) feat: add sbom builder - [`5177c50e2`](https://github.com/siderolabs/talos/commit/5177c50e2ea586d09c328190a65802571210b987) refactor: deprecate loadedkernelmodule - [`c2eef3645`](https://github.com/siderolabs/talos/commit/c2eef3645a91bd76c69379b61a34470c927c37cc) fix: health request server-side - [`d6eff8eff`](https://github.com/siderolabs/talos/commit/d6eff8eff42f2c324c9e08ef9da3edf8db17a515) refactor: drop multi-nodes proxying for the dashboard - [`2e547a964`](https://github.com/siderolabs/talos/commit/2e547a964b20f91bf06fce4a5a35b8c5ef56a6e3) refactor: deprecate multi-node proxying - [`ddcc519e1`](https://github.com/siderolabs/talos/commit/ddcc519e12e487123e19594c6ed0c7a406c0539c) fix: add --fail to image-signer curl download - [`e5b0b1dde`](https://github.com/siderolabs/talos/commit/e5b0b1dded16b01d56e44182163652d2a66d1cee) fix: normalize log fields - [`d8e95c396`](https://github.com/siderolabs/talos/commit/d8e95c3965b8690fd4e3d575d77dedec550328fd) fix: drop installer from bundle - [`7aad9ec81`](https://github.com/siderolabs/talos/commit/7aad9ec81bc1a2f8ae6e4917173637b465613b30) feat: update pkgs, tools, Go dependencies - [`b50ee396f`](https://github.com/siderolabs/talos/commit/b50ee396f6c6acdd97b79d92f149a25efa38aa22) fix: fix trace fix to also lookup release branches </p> </details> ##### Changes from siderolabs/go-adv <details><summary>2 commits</summary> <p> - [`3818a65`](https://github.com/siderolabs/go-adv/commit/3818a65435881c8d151635bfd7003ce63928124d) feat: initial implementation - [`95e583c`](https://github.com/siderolabs/go-adv/commit/95e583cf83a64bd42c0a84b1bc31c2067f7f3f9d) Initial commit </p> </details> ##### Changes from siderolabs/go-kmsg <details><summary>1 commit</summary> <p> - [`65e97cb`](https://github.com/siderolabs/go-kmsg/commit/65e97cb418de5211ac2bfdc9d4569af74fbbb9f8) fix: boot time offset calculation </p> </details> ##### Changes from siderolabs/go-kubeconfig <details><summary>2 commits</summary> <p> - [`d0b8f82`](https://github.com/siderolabs/go-kubeconfig/commit/d0b8f82dece7359bb005d6c32ca225c1b29401c5) chore: rekres and bump deps - [`c356eeb`](https://github.com/siderolabs/go-kubeconfig/commit/c356eeb33f12542c1e29e81f7246f146b847bfb6) fix: fix context conflict detection add New() constructor </p> </details> ##### Changes from siderolabs/go-kubernetes <details><summary>4 commits</summary> <p> - [`cc8c2c9`](https://github.com/siderolabs/go-kubernetes/commit/cc8c2c91aef9ffebba7d5405dd23b91c5ed035b0) fix: return the apply results in a consistent order - [`131a2bd`](https://github.com/siderolabs/go-kubernetes/commit/131a2bd641eb725630ce3c49576a360f69e7ab66) fix: handle cluster-scoped resources with a ns correctly - [`38c182f`](https://github.com/siderolabs/go-kubernetes/commit/38c182f7b3a25a320c867d4e8138ef40dfc2a1a7) fix: normalize the changeset to be keyed without apiVersion - [`ca35008`](https://github.com/siderolabs/go-kubernetes/commit/ca350083a113b49a5efec1feac6f10cd594280ef) feat: update k8s api to 0.36.0 </p> </details> ##### Changes from siderolabs/go-smbios <details><summary>1 commit</summary> <p> - [`063f5dc`](https://github.com/siderolabs/go-smbios/commit/063f5dc16e0a86d4dbb8290d197bdb134d9bafac) chore: rekres + new testdata </p> </details> ##### Changes from siderolabs/go-talos-support <details><summary>2 commits</summary> <p> - [`59d47af`](https://github.com/siderolabs/go-talos-support/commit/59d47afcf6fa9ed945a702812bcb0dd1310c67ff) feat: rewrite support bundle library around client provider - [`8dd4326`](https://github.com/siderolabs/go-talos-support/commit/8dd43267326ead5caad4f199276c5bfc8b5583e8) feat: support encryption of the support bundle using age </p> </details> ##### Changes from siderolabs/grpc-proxy <details><summary>3 commits</summary> <p> - [`d670c42`](https://github.com/siderolabs/grpc-proxy/commit/d670c420307acbdc1c71cc1572c1d826f07cf406) chore: bump dependencies - [`8614c71`](https://github.com/siderolabs/grpc-proxy/commit/8614c7158032488d36285ce2245d06f49d7447c4) chore: bump deps - [`80677e0`](https://github.com/siderolabs/grpc-proxy/commit/80677e04c18d908cacb69566ed95c78c400d4d99) fix: propagate the headers before the message </p> </details> ##### Changes from siderolabs/pkgs <details><summary>90 commits</summary> <p> - [`ea48e8b`](https://github.com/siderolabs/pkgs/commit/ea48e8b66153a7909eef240bec10949783b6ac87) fix: patch Linux kernel for tunnel metadata buffer overflow - [`ff80d88`](https://github.com/siderolabs/pkgs/commit/ff80d88660cde1e201ca9bd039e058bbf87f9a4f) feat: add support for AMD XGBE driver - [`9f8ab22`](https://github.com/siderolabs/pkgs/commit/9f8ab22a224f16d30adba8a0b4c980866866abd0) feat: enable NF\_TABLES\_ARP option - [`bedfbeb`](https://github.com/siderolabs/pkgs/commit/bedfbeb545665f6fe8678aa0729dae49f9c1815e) feat: update Linux to 6.18.36 - [`a9f2bb3`](https://github.com/siderolabs/pkgs/commit/a9f2bb37ad8c8958276e3da8bffa366001042227) chore: bump containerd to 2.3.2 - [`73e76f8`](https://github.com/siderolabs/pkgs/commit/73e76f8ec71d93a963d80710706b2138de2c6d74) chore: upgrade runc to 1.5.0-rc.3 - [`28db1ca`](https://github.com/siderolabs/pkgs/commit/28db1ca7b99651482597c0a69445be47f61bca38) chore: update nvidia driver lts to 580.167.08 - [`5df1a44`](https://github.com/siderolabs/pkgs/commit/5df1a442eb041df2ae4e484798d5c28e518f8b36) chore: update zfs to 2.4.3 - [`cd77c4f`](https://github.com/siderolabs/pkgs/commit/cd77c4f0dfd611a67afd2656fde11c5bf197a004) chore: update dependencies 2026-06-16 - [`0f27ecc`](https://github.com/siderolabs/pkgs/commit/0f27ecc3f22c2c526037be262a2678a539e29708) feat: bump runc - [`d213ff5`](https://github.com/siderolabs/pkgs/commit/d213ff5e7d88436fd4082fb4defdf4c17c23a8ac) feat: bump OpenSSL to 3.6.3 - [`cb713ae`](https://github.com/siderolabs/pkgs/commit/cb713ae48611f7c8ae31a08232cda482f2d6bfc1) feat: bump kernel to 6.18.35 - [`09cb04e`](https://github.com/siderolabs/pkgs/commit/09cb04e048191a92de49261be6291595eda0ffda) fix: avoid page\_table\_check BUG on time namespace VVAR page - [`bfb88f6`](https://github.com/siderolabs/pkgs/commit/bfb88f6eac299390bee7a112f01803b1d27fe7e5) feat: add nvidia-fs kernel module - [`f2850d1`](https://github.com/siderolabs/pkgs/commit/f2850d169be4a440103ac30a8cd82be6ee05110b) feat: enable USB hiddev for apcupsd support - [`55aa64f`](https://github.com/siderolabs/pkgs/commit/55aa64fa75a804ece0d356d913382b03e198af5e) feat: bump go to 1.26.4 - [`f27dbe1`](https://github.com/siderolabs/pkgs/commit/f27dbe1f053adf9eb1def340fe5fd801f514daa9) feat: bump kernel to 6.18.34 - [`aa9fe00`](https://github.com/siderolabs/pkgs/commit/aa9fe0089646c4917c5968e7b99d2609fd7e7fc3) feat: add DVB USB Modules - [`0870a4b`](https://github.com/siderolabs/pkgs/commit/0870a4b6b1d9a01bbdf8ed4586465d1caf013a20) feat: bump dependencies - [`f9134e5`](https://github.com/siderolabs/pkgs/commit/f9134e53a1cb2eb9555753e7206c7cb80178dd7c) fix: enable CONFIG\_BCM2712\_MIP as built-in in arm64 kernel config - [`285c6ae`](https://github.com/siderolabs/pkgs/commit/285c6ae7cca6a6f2f3d44f0c7362f0991b4ba9b5) fix: set usermode static helper to machine - [`bd2a754`](https://github.com/siderolabs/pkgs/commit/bd2a754171fff6eac35fa9de1bf02eb1df16fac1) feat: pre-generate drbd patches using spatch out of tree - [`898844e`](https://github.com/siderolabs/pkgs/commit/898844e7da04836dfeda8cc7ca7335bef3ca415a) feat: update Linux to 6.18.33 - [`a8dfbf7`](https://github.com/siderolabs/pkgs/commit/a8dfbf7c0e8c490a4c0cd461ebf251af6654fdd0) fix: disable kernel modprobe path - [`c542950`](https://github.com/siderolabs/pkgs/commit/c542950c046bfd7d90a34c708a00d955db8c2c9a) fix: pull in tools with zstd sbom - [`c0ec8f3`](https://github.com/siderolabs/pkgs/commit/c0ec8f389155de453b92a6184bea2dccc831573a) feat: enable PPP and INFINIBAND\_BNXT\_RE - [`c62c4e1`](https://github.com/siderolabs/pkgs/commit/c62c4e1fb164b02ad941721c6dd50c9706e1156e) feat: update containerd to 2.3.1 - [`270f9f8`](https://github.com/siderolabs/pkgs/commit/270f9f821d1f7d18b4cc229f4c8e0e7f759bd96b) chore: update deps - [`4f7feb4`](https://github.com/siderolabs/pkgs/commit/4f7feb4103eab8ab0d6eeb04e34a9dc3cf07067c) feat: enable more options for CRI-U checkpoint/restore - [`87994f7`](https://github.com/siderolabs/pkgs/commit/87994f7fce1012efe898688d7dcc9a80c3637b1b) feat: move autoloadable stuff as modules - [`80c27f3`](https://github.com/siderolabs/pkgs/commit/80c27f3295b832e44f897681a0eb0218adfe88cb) fix: drop legacy network protocols - [`fbb7360`](https://github.com/siderolabs/pkgs/commit/fbb73601696a73ed0de65ef95a1c182f65d7afc9) feat: drop legacy iptables/ebtables support - [`eac5f86`](https://github.com/siderolabs/pkgs/commit/eac5f865f69f8fbedbf5ade03adb17d2c4200c89) feat: bump kernel 6.18.32 - [`d616f6c`](https://github.com/siderolabs/pkgs/commit/d616f6cc9260e3b167e98c66e13f7f39f2fb64c8) feat: update Linux to 6.18.31 - [`02bcfce`](https://github.com/siderolabs/pkgs/commit/02bcfced0848d0d4c066aed993171f40415e1d72) fix: macb silent TX stall on BCM2712/RP1 (v2 patches from netdev) - [`12ca698`](https://github.com/siderolabs/pkgs/commit/12ca69857d8a71788708753a8da26e8e2ab11983) feat: update ZFS & NVIDIA LTS - [`9fff943`](https://github.com/siderolabs/pkgs/commit/9fff9435215dc6eb6b96fea566b3aea7f9bda2a7) feat: update Linux to 6.18.30 - [`c5a1685`](https://github.com/siderolabs/pkgs/commit/c5a168538eac21a4b4cfab4cd2c08eb8fdcd05af) feat: move HWMON as modules - [`b2a45fb`](https://github.com/siderolabs/pkgs/commit/b2a45fb2569aa7cf4b48700d8edf14a4a0728612) feat: move CONFIG\_INTEL\_IOATDMA as a module - [`ea8d35f`](https://github.com/siderolabs/pkgs/commit/ea8d35f8a099027960a91dba1a0bbb90415575b9) feat: move ACPI device drivers as modules - [`501ba58`](https://github.com/siderolabs/pkgs/commit/501ba580184ae4581503628a591e4fc6181e9dd0) feat: move HID quirks as modules - [`b35312c`](https://github.com/siderolabs/pkgs/commit/b35312c50f460b06d5eaab6c80d2af8fa469de9e) feat: move PS/2 mouse drivers as modules - [`3a5d9d7`](https://github.com/siderolabs/pkgs/commit/3a5d9d79db30c7659e90b1a35616ec677b766e65) feat: move IPMI driver to be a module - [`792a69a`](https://github.com/siderolabs/pkgs/commit/792a69a0fbc3f86ea64340eb511e139e2db793a0) feat: disable AGP drivers - [`99990b4`](https://github.com/siderolabs/pkgs/commit/99990b4b572dcdde7aac145f7a761dce04829eae) feat: move Hyper-V drivers as modules - [`fb697d6`](https://github.com/siderolabs/pkgs/commit/fb697d66ae2cf7d7c4be8b2d85c3ef5fa90267e4) feat: move Xen frontend drivers as modules - [`1df1713`](https://github.com/siderolabs/pkgs/commit/1df171313352ca866e8a8c43ee19974897c46630) feat: move ATA / MMC controllers as modules - [`f7f9341`](https://github.com/siderolabs/pkgs/commit/f7f93412d618d0790e23d58b7ba2d9fd982f320b) feat: move USB class drivers as modules - [`ba873e9`](https://github.com/siderolabs/pkgs/commit/ba873e9c4716d4e55199f5903b02bf407fdb52aa) feat: move USB host controllers as modules - [`8f25baa`](https://github.com/siderolabs/pkgs/commit/8f25baadeed5447c2246f4cd1253f39837903c79) feat: move virtio bus stuff as modules - [`d0c5480`](https://github.com/siderolabs/pkgs/commit/d0c548047d258834d43c64159edb3d079cbefea4) feat: bump kernel to 6.18.29 - [`dfb09f0`](https://github.com/siderolabs/pkgs/commit/dfb09f02d0b87fb2361331733380e64653396e24) feat: bump kernel 6.18.28 - [`c97bc24`](https://github.com/siderolabs/pkgs/commit/c97bc24ea16ab8a66b9ea0478a41b1e421cadfd1) feat: update Go to 1.26.3 - [`dfe8926`](https://github.com/siderolabs/pkgs/commit/dfe8926a029f6360b27afbd0bb0367358b847210) feat: add btrfsprogs - [`06ff9dc`](https://github.com/siderolabs/pkgs/commit/06ff9dcde8e75e7ccbc7f4b705d4ec220fed0e2d) feat: update Linux to 6.18.27 - [`2265fc9`](https://github.com/siderolabs/pkgs/commit/2265fc968f5dcf30fabe7270930f8b6dece744e3) feat(kernel): backport two PCI bridge realloc fixes from v6.19 - [`5a21d99`](https://github.com/siderolabs/pkgs/commit/5a21d99a6d47a27f3b0a250a76a830e929a608de) feat: bump dependencies - [`cb3f406`](https://github.com/siderolabs/pkgs/commit/cb3f4069708650a9e4add8f5203d29fbb30c7ca7) feat: update containerd to 2.3.0 - [`e192574`](https://github.com/siderolabs/pkgs/commit/e192574207d1093e9a43a723309b30d028c31b8c) feat: update Linux to 6.18.26 - [`e5e6cb8`](https://github.com/siderolabs/pkgs/commit/e5e6cb816acb97ddca2b1f0ed64897eac0a3eb07) feat: update DRBD to 9.3.2 - [`77538b1`](https://github.com/siderolabs/pkgs/commit/77538b1543a3c2c6ffadd587c47930b96c3b8517) feat: update NVIDIA drivers - [`adeaafc`](https://github.com/siderolabs/pkgs/commit/adeaafc45f6a87259b51d452a44d279a1d48b0da) feat: preserve System.map on kernel builds - [`c77f985`](https://github.com/siderolabs/pkgs/commit/c77f9851d2c9e4ac90639d392eeaf27d8319fb0b) fix: disable legacy framebuffer drivers - [`8f3ef77`](https://github.com/siderolabs/pkgs/commit/8f3ef7751868f62e153f5a679702b3f2c4634c30) fix: enable safesetid LSM - [`f82d3af`](https://github.com/siderolabs/pkgs/commit/f82d3afec43ef086b1b06b163b94d119e88fc3a3) fix: disable CONFIG\_DEVPORT - [`b189a96`](https://github.com/siderolabs/pkgs/commit/b189a96319de60a6d3cd2261ee7d7c3dad6f3657) fix: disable crypto user API - [`9a718f6`](https://github.com/siderolabs/pkgs/commit/9a718f6a64aaeb260a9e5182c93817676beff270) docs: list net macb silent TX stall fixes in kernel/build/patches/README.md - [`ca3599f`](https://github.com/siderolabs/pkgs/commit/ca3599f4b801dfe0218ae0486bbcc0e26761b103) fix: macb silent TX stall on BCM2712/RP1 (RFC patches from netdev) - [`6a53a93`](https://github.com/siderolabs/pkgs/commit/6a53a933d1b9bf3c3e3d9fae8d7bc3e9021d418e) feat: bump kernel to 6.18.25 - [`f567bce`](https://github.com/siderolabs/pkgs/commit/f567bced2b6b5517cf70a5e925995e2dcdcd8444) feat: disable more stuff in Kconfig - [`ffd9790`](https://github.com/siderolabs/pkgs/commit/ffd97909dd732c3ba8520ea4354ab2ecf07e8ba9) feat: bump kernel to 6.18.24 - [`b7c709a`](https://github.com/siderolabs/pkgs/commit/b7c709add255e09b3b1101abad06b4f3b17952cd) feat: bump deps - [`e5e5b3c`](https://github.com/siderolabs/pkgs/commit/e5e5b3c0e65911069be6a62326fea677baac7245) feat: update Linux to 6.18.23 - [`1a4cd20`](https://github.com/siderolabs/pkgs/commit/1a4cd203fddcb04610bcf933c1f9058d94744863) fix: renovate config - [`d0ed6ed`](https://github.com/siderolabs/pkgs/commit/d0ed6ed134c4aca27b4c8ef9dfc87476905487d4) feat: update dependencies - [`6ea49c7`](https://github.com/siderolabs/pkgs/commit/6ea49c7264baf6948e8b793f0b8c1306f71efe5a) fix: support disabling module signature verification - [`6520ec4`](https://github.com/siderolabs/pkgs/commit/6520ec481c215cbfcd44996e07cdb87057f12c71) feat: update containerd to 2.2.3 - [`37ce992`](https://github.com/siderolabs/pkgs/commit/37ce992e6a7d576fce9432fcf30fb7a656056d89) feat: enable CONFIG\_UHID and CONFIG\_INPUT\_JOYDEV as modules - [`cddd934`](https://github.com/siderolabs/pkgs/commit/cddd934ff6704bce64fe5861518d40801d6574f4) feat: update backportable dependencies - [`32e4077`](https://github.com/siderolabs/pkgs/commit/32e4077a095576ac5b0f32fb08fd7601ccf4f30f) feat: update OpenSSL - [`2d241e7`](https://github.com/siderolabs/pkgs/commit/2d241e7ec587a16fcf16aac8ad2ed47dfa38253b) feat: update Go to 1.26.2 and small deps updates - [`7f540ce`](https://github.com/siderolabs/pkgs/commit/7f540ce7f367484cd44eb1d5ce25b59cf1cd1dce) feat: disable dynamic SCS - [`3bef043`](https://github.com/siderolabs/pkgs/commit/3bef04361931a686d163a0c3cc76165f1059b838) feat: update runc to 1.4.2 - [`c6e6f10`](https://github.com/siderolabs/pkgs/commit/c6e6f1004e9f2947e0aea42a0baee197e745576f) feat: update Linux to 6.18.21 - [`a9e8afa`](https://github.com/siderolabs/pkgs/commit/a9e8afa610b325c5cbc6470bc62be92849dc5b88) fix: libarchive install prefix - [`e4d0113`](https://github.com/siderolabs/pkgs/commit/e4d0113483e8c1920efc74037a10a82757493560) feat: update for musl 1.2.6 - [`9142603`](https://github.com/siderolabs/pkgs/commit/9142603113d8668de274b2cb207c69ae0a630e1c) feat: update NVIDIA production to 595.58.03 - [`22fa669`](https://github.com/siderolabs/pkgs/commit/22fa66967bf36b727a004495f0457049313be1f5) feat: update Linux to 6.18.19 - [`03680ae`](https://github.com/siderolabs/pkgs/commit/03680ae6e2e00501115415733a09891a5fd2fc35) feat: update containerd patch verifier role - [`bdc239e`](https://github.com/siderolabs/pkgs/commit/bdc239e6a293bad5ba274874ceaf5f3d98a62284) feat: enable CHECKPOINT\_RESTORE option </p> </details> ##### Changes from siderolabs/proto-codec <details><summary>1 commit</summary> <p> - [`9b8a14e`](https://github.com/siderolabs/proto-codec/commit/9b8a14eb93804d497f011b1c26d1936c9ef45dcd) chore: bump dependencies </p> </details> ##### Changes from siderolabs/siderolink <details><summary>1 commit</summary> <p> - [`0a1933c`](https://github.com/siderolabs/siderolink/commit/0a1933ce37ee5383dc0c875fa9da318f38c76e31) chore: bump dependencies </p> </details> ##### Changes from siderolabs/tools <details><summary>18 commits</summary> <p> - [`0f1c859`](https://github.com/siderolabs/tools/commit/0f1c859d7e22e8534ad5de6c6ea99ffbb77a1400) chore: make rekres - [`5c0c9be`](https://github.com/siderolabs/tools/commit/5c0c9be532cadebc2a94346f1c1a1437c3637be3) chore: update dependencies 2026-06-16 - [`b88d99c`](https://github.com/siderolabs/tools/commit/b88d99c4d556f8b715502bdac873e627a863e9ec) feat: bump OpenSSL to 3.6.3 - [`42c59b9`](https://github.com/siderolabs/tools/commit/42c59b990ed6e95fa3dda7347b7fa5684c37fbb3) feat: bump toolchain to bring in Go 1.26.4 - [`206a4c0`](https://github.com/siderolabs/tools/commit/206a4c0ea091efa8939247069cfeee712da7c077) feat: update dependencies, rework LLVM build - [`f9f37df`](https://github.com/siderolabs/tools/commit/f9f37df3c44979542901d88690ce93108ef6a037) fix: add proper name for zlib-ng sbom - [`aa45c41`](https://github.com/siderolabs/tools/commit/aa45c41b733c450b21d7503a978c8b8044ebc2fa) fix: add SBOM for zstd library - [`808f34f`](https://github.com/siderolabs/tools/commit/808f34f620e698863c509595a60ecf192310bfb1) feat: update Go to 1.26.3 - [`5dfe83d`](https://github.com/siderolabs/tools/commit/5dfe83d244c4c4a6cc104b4f45cd4f76ae2873d8) feat: drop fakeroot and policycoreutils - [`618fd20`](https://github.com/siderolabs/tools/commit/618fd2061fe885a54014cbe1222cbd3c95471807) feat: add Python wheel package - [`df3c1b7`](https://github.com/siderolabs/tools/commit/df3c1b7bde417e33e67f4fb43494ff1ecd0b3399) feat: bump dependencies - [`44ad18c`](https://github.com/siderolabs/tools/commit/44ad18c5a553eb2f728f369a8c56e3c257730da2) feat: bump deps - [`f3d0dd9`](https://github.com/siderolabs/tools/commit/f3d0dd9ca5c9006ca14890af1ab8a58248ae28d8) fix: renovate configs - [`4ac4449`](https://github.com/siderolabs/tools/commit/4ac444995923055b5c410dc957579f4b0b308394) feat: update dependencies - [`027744f`](https://github.com/siderolabs/tools/commit/027744f476f38f0fda9b1fd0ae7fb3aed0ab4ad1) feat: bump OpenSSL to 3.6.2 - [`7067f1f`](https://github.com/siderolabs/tools/commit/7067f1f966cff98c83cf2a4ecfaf06021397d954) feat: update util-linux to 2.41.4 - [`6cb3e56`](https://github.com/siderolabs/tools/commit/6cb3e561ff60abc78cefd570189651c8afdc7121) feat: update Go to 1.26.2 - [`9186c5f`](https://github.com/siderolabs/tools/commit/9186c5ffff2bffa4b92d7377d254faedceba6036) feat: update musl to 1.2.6 </p> </details> ##### Dependency Changes - **codeberg.org/miekg/dns** v0.6.79 ***new*** - **github.com/Azure/azure-sdk-for-go/sdk/azcore** v1.21.0 -> v1.21.1 - **github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates** v1.4.0 -> v1.5.0 - **github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys** v1.4.0 -> v1.5.0 - **github.com/aws/aws-sdk-go-v2** v1.41.9 ***new*** - **github.com/aws/aws-sdk-go-v2/config** v1.32.12 -> v1.32.20 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.20 -> v1.18.25 - **github.com/aws/aws-sdk-go-v2/service/acm** v1.37.22 -> v1.39.2 - **github.com/aws/aws-sdk-go-v2/service/kms** v1.50.3 -> v1.53.0 - **github.com/aws/smithy-go** v1.24.2 -> v1.26.0 - **github.com/beevik/nts** v0.3.0 ***new*** - **github.com/containerd/containerd/api** v1.10.0 -> v1.11.1 - **github.com/containerd/containerd/v2** v2.2.2 -> v2.3.2 - **github.com/containerd/platforms** v1.0.0-rc.2 -> v1.0.0-rc.4 - **github.com/containerd/typeurl/v2** v2.2.3 -> v2.3.0 - **github.com/cosi-project/runtime** v1.14.1 -> v1.16.1 - **github.com/docker/cli** v29.4.0 -> v29.5.2 - **github.com/fatih/color** v1.18.0 -> v1.19.0 - **github.com/florianl/go-tc** v0.4.7 -> v0.4.8 - **github.com/fsnotify/fsnotify** v1.9.0 -> v1.10.1 - **github.com/gdamore/tcell/v2** v2.13.8 -> v2.13.10 - **github.com/google/cadvisor** v0.56.2 -> v0.57.0 - **github.com/google/cel-go** v0.28.0 -> v0.28.1 - **github.com/google/go-containerregistry** v0.21.5 -> v0.21.6 - **github.com/gopacket/gopacket** v1.5.0 -> v1.6.0 - **github.com/hetznercloud/hcloud-go/v2** v2.36.0 -> v2.42.0 - **github.com/insomniacslk/dhcp** [`5adc3eb`](https://github.com/siderolabs/talos/commit/5adc3eb26f91) -> [`11b94ed`](https://github.com/siderolabs/talos/commit/11b94ed970f2) - **github.com/jsimonetti/rtnetlink/v2** [`310581b`](https://github.com/siderolabs/talos/commit/310581b9c6ac) -> [`ab86016`](https://github.com/siderolabs/talos/commit/ab8601692836) - **github.com/klauspost/compress** v1.18.5 -> v1.18.6 - **github.com/mattn/go-isatty** v0.0.20 -> v0.0.22 - **github.com/mdlayher/arp** [`6706a29`](https://github.com/siderolabs/talos/commit/6706a2966875) -> [`93566ba`](https://github.com/siderolabs/talos/commit/93566ba168e9) - **github.com/mdlayher/ethtool** v0.5.1 -> v0.6.1 - **github.com/mdlayher/genetlink** v1.3.2 -> v1.4.0 - **github.com/mdlayher/netlink** v1.9.0 -> v1.11.2 - **github.com/moby/moby/api** v1.54.1 -> v1.54.2 - **github.com/moby/moby/client** v0.4.0 -> v0.4.1 - **github.com/pelletier/go-toml/v2** v2.2.4 -> v2.3.1 - **github.com/planetscale/vtprotobuf** [`ba97887`](https://github.com/siderolabs/talos/commit/ba97887b0a25) ***new*** - **github.com/siderolabs/go-adv** v1.0.0 ***new*** - **github.com/siderolabs/go-blockdevice/v2** v2.0.28 -> v2.0.31 - **github.com/siderolabs/go-kmsg** v0.1.5 -> v0.1.6 - **github.com/siderolabs/go-kubeconfig** v0.1.1 -> v0.1.2 - **github.com/siderolabs/go-kubernetes** v0.2.36 -> v0.2.39 - **github.com/siderolabs/go-smbios** v0.3.3 -> v0.3.4 - **github.com/siderolabs/go-talos-support** v0.2.1 -> v0.3.0 - **github.com/siderolabs/grpc-proxy** v0.5.1 -> v0.5.2 - **github.com/siderolabs/pkgs** v1.13.0 -> v1.14.0-alpha.0-88-gea48e8b - **github.com/siderolabs/proto-codec** v0.1.3 -> v0.1.4 - **github.com/siderolabs/siderolink** v0.3.15 -> v0.3.16 - **github.com/siderolabs/talos/pkg/machinery** v1.13.0 -> v1.14.0-alpha.1 - **github.com/siderolabs/tools** v1.13.0 -> v1.14.0-alpha.0-17-g0f1c859 - **github.com/sigstore/cosign/v3** v3.0.5 -> v3.0.6 - **github.com/sigstore/sigstore** v1.10.5 -> v1.10.8 - **github.com/theupdateframework/go-tuf/v2** v2.4.1 -> v2.4.2 - **go.etcd.io/etcd/api/v3** v3.6.9 -> v3.7.0-rc.0 - **go.etcd.io/etcd/client/pkg/v3** v3.6.9 -> v3.7.0-rc.0 - **go.etcd.io/etcd/client/v3** v3.6.9 -> v3.7.0-rc.0 - **go.etcd.io/etcd/etcdutl/v3** v3.6.9 -> v3.7.0-rc.0 - **go.uber.org/zap** v1.27.1 -> v1.28.0 - **go.yaml.in/yaml/v4** v4.0.0-rc.4 -> v4.0.0-rc.5 - **golang.org/x/net** v0.53.0 -> v0.56.0 - **golang.org/x/sync** v0.20.0 -> v0.21.0 - **golang.org/x/sys** v0.43.0 -> v0.46.0 - **golang.org/x/term** v0.42.0 -> v0.44.0 - **golang.org/x/text** v0.36.0 -> v0.38.0 - **google.golang.org/grpc** v1.79.3 -> v1.81.1 - **k8s.io/api** v0.35.3 -> v0.36.2 - **k8s.io/apiextensions-apiserver** v0.35.3 -> v0.36.2 - **k8s.io/apimachinery** v0.35.3 -> v0.36.2 - **k8s.io/apiserver** v0.35.3 -> v0.36.2 - **k8s.io/client-go** v0.35.3 -> v0.36.2 - **k8s.io/component-base** v0.35.3 -> v0.36.2 - **k8s.io/cri-api** v0.35.3 -> v0.36.2 - **k8s.io/kube-proxy** v0.36.2 ***new*** - **k8s.io/kube-scheduler** v0.35.3 -> v0.36.2 - **k8s.io/kubectl** v0.35.3 -> v0.36.2 - **k8s.io/kubelet** v0.35.3 -> v0.36.2 - **k8s.io/pod-security-admission** v0.35.3 -> v0.36.2 - **kernel.org/pub/linux/libs/security/libcap/cap** v1.2.77 -> v1.2.78 - **sigs.k8s.io/yaml** v1.6.0 ***new*** Previous release can be found at [v1.13.0](https://github.com/siderolabs/talos/releases/tag/v1.13.0) ### [`v1.12.9`](https://github.com/siderolabs/talos/releases/tag/v1.12.9) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.8...v1.12.9) #### [Talos 1.12.9](https://github.com/siderolabs/talos/releases/tag/v1.12.9) (2026-06-19) Welcome to the v1.12.9 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.35 runc: 1.3.6 CoreDNS: 1.14.2 containerd: 2.2.5 Talos is built with Go 1.25.11. ##### Contributors - Maja Bojarska - Andrey Smirnov - Noel Georgi - Mateusz Urbanek - appkins ##### Changes <details><summary>18 commits</summary> <p> - [@&#8203;`150ee5b`](https://github.com/siderolabs/talos/commit/150ee5ba0) release(v1.12.9): prepare release - [@&#8203;`cba53b4`](https://github.com/siderolabs/talos/commit/cba53b450) fix: revert coredns to 1.14.2 - [@&#8203;`70a9d61`](https://github.com/siderolabs/talos/commit/70a9d61d1) fix: bump number of open files for etcd - [@&#8203;`045146c`](https://github.com/siderolabs/talos/commit/045146c1d) fix: guard apply config API call - [@&#8203;`6593d3b`](https://github.com/siderolabs/talos/commit/6593d3b00) fix: honor FailurePauseTimeout when pausing before reboot - [@&#8203;`e7eeb32`](https://github.com/siderolabs/talos/commit/e7eeb320f) feat: verify go.mod tidiness in generate target - [@&#8203;`cd429e9`](https://github.com/siderolabs/talos/commit/cd429e9e4) fix: relax LUKS header validation - [@&#8203;`4c288ca`](https://github.com/siderolabs/talos/commit/4c288caf2) fix: mark more resources as sensitive - [@&#8203;`3c57602`](https://github.com/siderolabs/talos/commit/3c576021e) fix: etcd client leak in the (legacy) Upgrade API - [@&#8203;`e002e47`](https://github.com/siderolabs/talos/commit/e002e470c) fix: recreate dns server and listeners on host DNS runner restart - [@&#8203;`9b12c51`](https://github.com/siderolabs/talos/commit/9b12c5178) fix: bring in a change to BCM2712\_MIP - [@&#8203;`dd4926f`](https://github.com/siderolabs/talos/commit/dd4926f31) fix: touch rootfs files with SOURCE\_DATE\_EPOCH - [@&#8203;`0e9ef3d`](https://github.com/siderolabs/talos/commit/0e9ef3d13) feat: enforce strict QoS ordering in OOM victim selection - [@&#8203;`d040a7d`](https://github.com/siderolabs/talos/commit/d040a7d84) fix: relax hostname config validation - [@&#8203;`b63a69b`](https://github.com/siderolabs/talos/commit/b63a69bc6) fix: memorymodules resource reporting - [@&#8203;`0263a99`](https://github.com/siderolabs/talos/commit/0263a99dd) chore: bump containerd to 2.2.5 (cve patches) - [@&#8203;`26a2889`](https://github.com/siderolabs/talos/commit/26a2889ef) chore: bump vuln go pkgs, go mod tidy - [@&#8203;`19daa72`](https://github.com/siderolabs/talos/commit/19daa72a6) chore: bump pkgs and tools </p> </details> ##### Changes from siderolabs/pkgs <details><summary>11 commits</summary> <p> - [siderolabs/pkgs@`0516a46`](https://github.com/siderolabs/pkgs/commit/0516a46) chore: bump containerd to 2.2.5 (cve patches) - [siderolabs/pkgs@`8ce6127`](https://github.com/siderolabs/pkgs/commit/8ce6127) chore: bump tools - [siderolabs/pkgs@`becfefa`](https://github.com/siderolabs/pkgs/commit/becfefa) feat: bump OpenSSL to 3.6.3 - [siderolabs/pkgs@`298b394`](https://github.com/siderolabs/pkgs/commit/298b394) feat: bump kernel to 6.18.35 - [siderolabs/pkgs@`435044b`](https://github.com/siderolabs/pkgs/commit/435044b) fix: avoid page\_table\_check BUG on time namespace VVAR page - [siderolabs/pkgs@`a909a84`](https://github.com/siderolabs/pkgs/commit/a909a84) fix: disable PAGE\_TABLE\_CHECK\_ENFORCED in kernel config - [siderolabs/pkgs@`af985d6`](https://github.com/siderolabs/pkgs/commit/af985d6) fix: enable CONFIG\_BCM2712\_MIP as built-in in arm64 kernel config - [siderolabs/pkgs@`de0e5b9`](https://github.com/siderolabs/pkgs/commit/de0e5b9) feat: bump kernel to 6.18.34 - [siderolabs/pkgs@`1e6b222`](https://github.com/siderolabs/pkgs/commit/1e6b222) feat: pre-generate drbd patches using spatch out of tree - [siderolabs/pkgs@`283a3e6`](https://github.com/siderolabs/pkgs/commit/283a3e6) feat: update Linux to 6.18.33 - [siderolabs/pkgs@`56397e0`](https://github.com/siderolabs/pkgs/commit/56397e0) feat: bump runc to 1.3.6 </p> </details> ##### Changes from siderolabs/tools <details><summary>3 commits</summary> <p> - [siderolabs/tools@`3841297`](https://github.com/siderolabs/tools/commit/3841297) chore: bump openssl, libcap, fakeroot; fix texinfo - [siderolabs/tools@`4ff7ad2`](https://github.com/siderolabs/tools/commit/4ff7ad2) chore: make rekres - [siderolabs/tools@`2cc5cac`](https://github.com/siderolabs/tools/commit/2cc5cac) chore: bump Go to 1.25.11 </p> </details> ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2** v1.39.6 ***new*** - **github.com/containerd/containerd/v2** v2.2.4 -> v2.2.5 - **github.com/containerd/platforms** v1.0.0-rc.1 -> v1.0.0-rc.2 - **github.com/klauspost/compress** v1.18.3 -> v1.18.5 - **github.com/opencontainers/runtime-spec** v1.2.1 -> v1.3.0 - **github.com/siderolabs/go-blockdevice/v2** v2.0.28 -> v2.0.30 - **github.com/siderolabs/pkgs** v1.12.0-75-g153574b -> v1.12.0-86-g0516a46 - **github.com/siderolabs/talos/pkg/machinery** v1.12.8 -> v1.12.9 - **github.com/siderolabs/tools** v1.12.0-12-gcbb843d -> v1.12.0-15-g3841297 - **golang.org/x/net** v0.54.0 -> v0.56.0 - **golang.org/x/sync** v0.20.0 -> v0.21.0 - **golang.org/x/sys** v0.44.0 -> v0.46.0 - **golang.org/x/term** v0.43.0 -> v0.44.0 - **golang.org/x/text** v0.37.0 -> v0.38.0 Previous release can be found at [v1.12.8](https://github.com/siderolabs/talos/releases/tag/v1.12.8) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.14.2 registry.k8s.io/etcd:v3.6.11 registry.k8s.io/kube-apiserver:v1.35.4 registry.k8s.io/kube-controller-manager:v1.35.4 registry.k8s.io/kube-scheduler:v1.35.4 registry.k8s.io/kube-proxy:v1.35.4 ghcr.io/siderolabs/kubelet:v1.35.4 registry.k8s.io/pause:3.10.1 ghcr.io/siderolabs/installer:v1.12.9 ghcr.io/siderolabs/installer-base:v1.12.9 ghcr.io/siderolabs/imager:v1.12.9 ghcr.io/siderolabs/talos:v1.12.9 ghcr.io/siderolabs/talosctl-all:v1.12.9 ghcr.io/siderolabs/overlays:v1.12.9 ghcr.io/siderolabs/extensions:v1.12.9 ``` ### [`v1.12.8`](https://github.com/siderolabs/talos/releases/tag/v1.12.8) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.7...v1.12.8) #### [Talos 1.12.8](https://github.com/siderolabs/talos/releases/tag/v1.12.8) (2026-05-22) Welcome to the v1.12.8 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Containerd Update This release includes an update to containerd v2.2.4 due to v2.1.x releases being EOL and affected by CVE-2026-46680. ##### Component Updates Linux: 6.18.32 etcd: 3.6.11 CoreDNS: 1.14.3 containerd: 2.2.4 Talos is built with Go 1.25.10. ##### Contributors - Andrey Smirnov - Mateusz Urbanek - Noel Georgi - Lukasz Raczylo - YANG JOO WOONG ##### Changes <details><summary>17 commits</summary> <p> - [@&#8203;`aef64ca`](https://github.com/siderolabs/talos/commit/aef64cac3) release(v1.12.8): prepare release - [@&#8203;`faff617`](https://github.com/siderolabs/talos/commit/faff61707) fix: update containerd to 2.2.4 - [@&#8203;`ea3cc69`](https://github.com/siderolabs/talos/commit/ea3cc6922) chore: update dependencies - [@&#8203;`7a96c02`](https://github.com/siderolabs/talos/commit/7a96c021b) feat(ci): rotate credentials - [@&#8203;`99a1aab`](https://github.com/siderolabs/talos/commit/99a1aabb8) test: fix flaky tests - [@&#8203;`3f8572d`](https://github.com/siderolabs/talos/commit/3f8572db7) feat: update CoreDNS to 1.14.3 - [@&#8203;`d4a83c8`](https://github.com/siderolabs/talos/commit/d4a83c8f6) fix: provide proper AWS platform metadata - [@&#8203;`1ab16c0`](https://github.com/siderolabs/talos/commit/1ab16c0af) feat: update etcd to 3.6.11 - [@&#8203;`ad7bfb6`](https://github.com/siderolabs/talos/commit/ad7bfb641) fix: add missing kernel modules in rootfs - [@&#8203;`ff0fe19`](https://github.com/siderolabs/talos/commit/ff0fe198e) feat: run depmod with verification on rootfs build - [@&#8203;`55cd11a`](https://github.com/siderolabs/talos/commit/55cd11acc) fix: stale discovered volume children - [@&#8203;`555bc84`](https://github.com/siderolabs/talos/commit/555bc8418) fix(ci): zfs test - [@&#8203;`fbfe83f`](https://github.com/siderolabs/talos/commit/fbfe83f60) fix: do not pick up a system disk from a loop device - [@&#8203;`7e035bc`](https://github.com/siderolabs/talos/commit/7e035bcb6) fix: bump go-kmsg to fix the timestamp drift - [@&#8203;`0f23c2c`](https://github.com/siderolabs/talos/commit/0f23c2c4f) fix: make lacp active nilable - [@&#8203;`c00250f`](https://github.com/siderolabs/talos/commit/c00250f8f) fix: reset the ticker when the KubeSpan is disabled/enabled - [@&#8203;`07a0e93`](https://github.com/siderolabs/talos/commit/07a0e935d) fix: replace Canal manifest with a more recent one </p> </details> ##### Changes from siderolabs/go-kmsg <details><summary>1 commit</summary> <p> - [siderolabs/go-kmsg@`65e97cb`](https://github.com/siderolabs/go-kmsg/commit/65e97cb) fix: boot time offset calculation </p> </details> ##### Changes from siderolabs/pkgs <details><summary>17 commits</summary> <p> - [siderolabs/pkgs@`153574b`](https://github.com/siderolabs/pkgs/commit/153574b) chore: update containerd to v2.2.4 - [siderolabs/pkgs@`a9a3868`](https://github.com/siderolabs/pkgs/commit/a9a3868) chore: update deps - [siderolabs/pkgs@`fe604f9`](https://github.com/siderolabs/pkgs/commit/fe604f9) feat: preserve System.map on kernel builds - [siderolabs/pkgs@`b00971e`](https://github.com/siderolabs/pkgs/commit/b00971e) chore: bump toolchain and tools - [siderolabs/pkgs@`3b9b487`](https://github.com/siderolabs/pkgs/commit/3b9b487) feat: bump kernel 6.18.32 - [siderolabs/pkgs@`87acdb5`](https://github.com/siderolabs/pkgs/commit/87acdb5) feat: update Linux to 6.18.31 - [siderolabs/pkgs@`ea936f1`](https://github.com/siderolabs/pkgs/commit/ea936f1) chore: run rekres - [siderolabs/pkgs@`b2c955e`](https://github.com/siderolabs/pkgs/commit/b2c955e) feat: update Linux to 6.18.30 - [siderolabs/pkgs@`9a77690`](https://github.com/siderolabs/pkgs/commit/9a77690) fix: macb silent TX stall on BCM2712/RP1 (v2 patches from netdev) - [siderolabs/pkgs@`d73927e`](https://github.com/siderolabs/pkgs/commit/d73927e) feat: bump kernel to 6.18.29 - [siderolabs/pkgs@`57ab006`](https://github.com/siderolabs/pkgs/commit/57ab006) feat: bump kernel 6.18.28 - [siderolabs/pkgs@`a3d2b15`](https://github.com/siderolabs/pkgs/commit/a3d2b15) feat: update Linux to 6.18.27 - [siderolabs/pkgs@`dc3a7c1`](https://github.com/siderolabs/pkgs/commit/dc3a7c1) feat(kernel): backport two PCI bridge realloc fixes from v6.19 - [siderolabs/pkgs@`cd6601f`](https://github.com/siderolabs/pkgs/commit/cd6601f) feat: update Linux to 6.18.26 - [siderolabs/pkgs@`dd845d1`](https://github.com/siderolabs/pkgs/commit/dd845d1) docs: list net macb silent TX stall fixes in kernel/build/patches/README.md - [siderolabs/pkgs@`df2aee2`](https://github.com/siderolabs/pkgs/commit/df2aee2) fix: macb silent TX stall on BCM2712/RP1 (RFC patches from netdev) - [siderolabs/pkgs@`c0ef955`](https://github.com/siderolabs/pkgs/commit/c0ef955) feat: bump kernel to 6.18.25 </p> </details> ##### Changes from siderolabs/tools <details><summary>2 commits</summary> <p> - [siderolabs/tools@`cbb843d`](https://github.com/siderolabs/tools/commit/cbb843d) chore: update dependencies for 1.12.8 - [siderolabs/tools@`2584442`](https://github.com/siderolabs/tools/commit/2584442) fix: renovate configs </p> </details> ##### Dependency Changes - **github.com/containerd/cgroups/v3** v3.0.5 -> v3.1.3 - **github.com/containerd/containerd/api** v1.9.0 -> v1.10.0 - **github.com/containerd/containerd/v2** v2.1.5 -> v2.2.4 - **github.com/siderolabs/go-kmsg** v0.1.5 -> v0.1.6 - **github.com/siderolabs/pkgs** v1.12.0-58-g86d6af1 -> v1.12.0-75-g153574b - **github.com/siderolabs/talos/pkg/machinery** v1.12.7 -> v1.12.8 - **github.com/siderolabs/tools** v1.12.0-10-gbbd753d -> v1.12.0-12-gcbb843d - **go.etcd.io/etcd/api/v3** v3.6.9 -> v3.6.11 - **go.etcd.io/etcd/client/pkg/v3** v3.6.9 -> v3.6.11 - **go.etcd.io/etcd/client/v3** v3.6.9 -> v3.6.11 - **go.etcd.io/etcd/etcdutl/v3** v3.6.9 -> v3.6.11 - **golang.org/x/net** v0.51.0 -> v0.54.0 - **golang.org/x/sync** v0.19.0 -> v0.20.0 - **golang.org/x/sys** v0.42.0 -> v0.44.0 - **golang.org/x/term** v0.40.0 -> v0.43.0 - **golang.org/x/text** v0.34.0 -> v0.37.0 Previous release can be found at [v1.12.7](https://github.com/siderolabs/talos/releases/tag/v1.12.7) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.14.3 registry.k8s.io/etcd:v3.6.11 registry.k8s.io/kube-apiserver:v1.35.4 registry.k8s.io/kube-controller-manager:v1.35.4 registry.k8s.io/kube-scheduler:v1.35.4 registry.k8s.io/kube-proxy:v1.35.4 ghcr.io/siderolabs/kubelet:v1.35.4 registry.k8s.io/pause:3.10.1 ghcr.io/siderolabs/installer:v1.12.8 ghcr.io/siderolabs/installer-base:v1.12.8 ghcr.io/siderolabs/imager:v1.12.8 ghcr.io/siderolabs/talos:v1.12.8 ghcr.io/siderolabs/talosctl-all:v1.12.8 ghcr.io/siderolabs/overlays:v1.12.8 ghcr.io/siderolabs/extensions:v1.12.8 ``` ### [`v1.12.7`](https://github.com/siderolabs/talos/releases/tag/v1.12.7) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.6...v1.12.7) #### [Talos 1.12.7](https://github.com/siderolabs/talos/releases/tag/v1.12.7) (2026-04-24) Welcome to the v1.12.7 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.24 containerd: 2.1.7 etcd: 3.6.9 Kubernetes: v1.35.4 Talos is built with Go 1.25.9. ##### Contributors - Noel Georgi - Andrey Smirnov - Mateusz Urbanek - Orzelius - Utku Ozdemir ##### Changes <details><summary>19 commits</summary> <p> - [@&#8203;`91c6399`](https://github.com/siderolabs/talos/commit/91c63991e) release(v1.12.7): prepare release - [@&#8203;`3b228ca`](https://github.com/siderolabs/talos/commit/3b228caf1) feat: bring in apparmor profile files - [@&#8203;`1a05b4a`](https://github.com/siderolabs/talos/commit/1a05b4a11) feat: update kubernetes to v1.35.4 - [@&#8203;`b796be0`](https://github.com/siderolabs/talos/commit/b796be09b) feat: bump pkgs, spdystream - [@&#8203;`a75ce6f`](https://github.com/siderolabs/talos/commit/a75ce6f00) feat: bump pkgs, tools - [@&#8203;`c1ea8db`](https://github.com/siderolabs/talos/commit/c1ea8dbc7) test: fix OOM test flake - [@&#8203;`d5b691b`](https://github.com/siderolabs/talos/commit/d5b691b8f) fix: watch kubelet's kubeconfig and time out for cache sync - [@&#8203;`27655c5`](https://github.com/siderolabs/talos/commit/27655c5bc) fix: propagate route table down to the resource - [@&#8203;`fcda84b`](https://github.com/siderolabs/talos/commit/fcda84bc4) fix: boot entry detection - [@&#8203;`330561c`](https://github.com/siderolabs/talos/commit/330561c87) fix: do not flip machine stage to rebooting during shutdown - [@&#8203;`8ef4488`](https://github.com/siderolabs/talos/commit/8ef448884) fix: zfs extensions test - [@&#8203;`8bc593d`](https://github.com/siderolabs/talos/commit/8bc593d17) fix: wrong slot of encryption key was logged - [@&#8203;`89f5615`](https://github.com/siderolabs/talos/commit/89f561593) fix: panic in reading PCR values - [@&#8203;`317deed`](https://github.com/siderolabs/talos/commit/317deede0) feat: add dis-vulncheck tool - [@&#8203;`0654a7f`](https://github.com/siderolabs/talos/commit/0654a7f7e) fix: handle ISOs with zeroes in volume labels - [@&#8203;`e16007b`](https://github.com/siderolabs/talos/commit/e16007b44) fix: unseal with "slow" TPM - [@&#8203;`388a56b`](https://github.com/siderolabs/talos/commit/388a56b79) fix: incorrect route source for on-link routes - [@&#8203;`7e42474`](https://github.com/siderolabs/talos/commit/7e42474c5) test: fix the flakes in tests with trusted roots - [@&#8203;`d52ebe2`](https://github.com/siderolabs/talos/commit/d52ebe21d) feat: update etcd to 3.6.9 </p> </details> ##### Changes from siderolabs/pkgs <details><summary>8 commits</summary> <p> - [siderolabs/pkgs@`86d6af1`](https://github.com/siderolabs/pkgs/commit/86d6af1) fix: install apparmor parser require config files - [siderolabs/pkgs@`d6b125f`](https://github.com/siderolabs/pkgs/commit/d6b125f) feat: bump systemd - [siderolabs/pkgs@`191632c`](https://github.com/siderolabs/pkgs/commit/191632c) feat: bump kernel to 6.18.24 - [siderolabs/pkgs@`13cbc68`](https://github.com/siderolabs/pkgs/commit/13cbc68) feat: bump tools, toolchain and containerd - [siderolabs/pkgs@`709678d`](https://github.com/siderolabs/pkgs/commit/709678d) feat: update Linux to 6.18.23 - [siderolabs/pkgs@`34de6db`](https://github.com/siderolabs/pkgs/commit/34de6db) fix: support disabling module signature verification - [siderolabs/pkgs@`e30789a`](https://github.com/siderolabs/pkgs/commit/e30789a) feat: update backportable dependencies - [siderolabs/pkgs@`830d895`](https://github.com/siderolabs/pkgs/commit/830d895) feat: update Linux to 6.18.21 </p> </details> ##### Changes from siderolabs/tools <details><summary>3 commits</summary> <p> - [siderolabs/tools@`bbd753d`](https://github.com/siderolabs/tools/commit/bbd753d) feat: bump toolchain - [siderolabs/tools@`61955e9`](https://github.com/siderolabs/tools/commit/61955e9) feat: bump OpenSSL to 3.6.2 - [siderolabs/tools@`23de89f`](https://github.com/siderolabs/tools/commit/23de89f) feat: update util-linux to 2.41.4 </p> </details> ##### Dependency Changes - **github.com/siderolabs/go-blockdevice/v2** v2.0.26 -> v2.0.28 - **github.com/siderolabs/pkgs** v1.12.0-50-ga92bed5 -> v1.12.0-58-g86d6af1 - **github.com/siderolabs/talos/pkg/machinery** v1.12.6 -> v1.12.7 - **github.com/siderolabs/tools** v1.12.0-7-g57916cb -> v1.12.0-10-gbbd753d - **go.etcd.io/etcd/api/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/client/pkg/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/client/v3** v3.6.6 -> v3.6.9 - **go.etcd.io/etcd/etcdutl/v3** v3.6.6 -> v3.6.9 - **k8s.io/api** v0.35.2 -> v0.35.4 - **k8s.io/apiextensions-apiserver** v0.35.2 -> v0.35.4 - **k8s.io/apimachinery** v0.35.2 -> v0.35.4 - **k8s.io/apiserver** v0.35.2 -> v0.35.4 - **k8s.io/client-go** v0.35.2 -> v0.35.4 - **k8s.io/component-base** v0.35.2 -> v0.35.4 - **k8s.io/cri-api** v0.35.2 -> v0.35.4 - **k8s.io/kube-scheduler** v0.35.2 -> v0.35.4 - **k8s.io/kubectl** v0.35.2 -> v0.35.4 - **k8s.io/kubelet** v0.35.2 -> v0.35.4 - **k8s.io/pod-security-admission** v0.35.2 -> v0.35.4 Previous release can be found at [v1.12.6](https://github.com/siderolabs/talos/releases/tag/v1.12.6) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.9 registry.k8s.io/kube-apiserver:v1.35.4 registry.k8s.io/kube-controller-manager:v1.35.4 registry.k8s.io/kube-scheduler:v1.35.4 registry.k8s.io/kube-proxy:v1.35.4 ghcr.io/siderolabs/kubelet:v1.35.4 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.7 ghcr.io/siderolabs/installer-base:v1.12.7 ghcr.io/siderolabs/imager:v1.12.7 ghcr.io/siderolabs/talos:v1.12.7 ghcr.io/siderolabs/talosctl-all:v1.12.7 ghcr.io/siderolabs/overlays:v1.12.7 ghcr.io/siderolabs/extensions:v1.12.7 ``` ### [`v1.12.6`](https://github.com/siderolabs/talos/releases/tag/v1.12.6) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.5...v1.12.6) #### [Talos 1.12.6](https://github.com/siderolabs/talos/releases/tag/v1.12.6) (2026-03-19) Welcome to the v1.12.6 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.18 runc: 1.3.5 Talos is built with Go 1.25.8. ##### Contributors - Mickaël Canévet - Andrey Smirnov - Dominik Pitz - Kai Zhang - Noel Georgi - Stanley Chan - Zadkiel AHARONIAN ##### Changes <details><summary>21 commits</summary> <p> - [@&#8203;`a1b8bd6`](https://github.com/siderolabs/talos/commit/a1b8bd612) release(v1.12.6): prepare release - [@&#8203;`72bd570`](https://github.com/siderolabs/talos/commit/72bd570f0) feat: update Linux to 6.18.18 - [@&#8203;`9d5638f`](https://github.com/siderolabs/talos/commit/9d5638f4c) fix: accept image cache volume encryption config - [@&#8203;`0f018bf`](https://github.com/siderolabs/talos/commit/0f018bf80) fix: panic in hardware.SystemInfoController - [@&#8203;`c46b898`](https://github.com/siderolabs/talos/commit/c46b89807) fix: validate missing apiVersion in config document decoder - [@&#8203;`c47cad9`](https://github.com/siderolabs/talos/commit/c47cad9ec) fix: pull in a fix for dmesg timestamps - [@&#8203;`190336a`](https://github.com/siderolabs/talos/commit/190336a66) fix: prevent stale discovered volumes reads - [@&#8203;`217e9bb`](https://github.com/siderolabs/talos/commit/217e9bb02) fix: bring in new version of go-cmd and go-blockdevice - [@&#8203;`d7779a5`](https://github.com/siderolabs/talos/commit/d7779a5ba) fix: stop pulling wrong platform for images - [@&#8203;`eb6eb66`](https://github.com/siderolabs/talos/commit/eb6eb664a) fix(machined): support USERDATA legacy fallback in OpenNebula driver - [@&#8203;`ba20c7c`](https://github.com/siderolabs/talos/commit/ba20c7c12) feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula - [@&#8203;`739f664`](https://github.com/siderolabs/talos/commit/739f66458) feat(machined): inherit IP6\_METHOD from METHOD in OpenNebula driver - [@&#8203;`93878c0`](https://github.com/siderolabs/talos/commit/93878c079) fix(machined): align OpenNebula hostname precedence with reference - [@&#8203;`9718d73`](https://github.com/siderolabs/talos/commit/9718d737f) feat(machined): add IPv6 alias address support for OpenNebula (ET&#x48;*\_ALIAS*\_IP6) - [@&#8203;`b649fb4`](https://github.com/siderolabs/talos/commit/b649fb467) feat(machined): support ETH\*\_IP6\_METHOD (static/dhcp/auto/disable) for OpenNebula - [@&#8203;`c81df6f`](https://github.com/siderolabs/talos/commit/c81df6fa9) refactor(machined): extract per-interface IPv4 helper in OpenNebula driver - [@&#8203;`501924e`](https://github.com/siderolabs/talos/commit/501924e5a) fix(machined): use ParseFQDN for hostname parsing in OpenNebula - [@&#8203;`e9331b2`](https://github.com/siderolabs/talos/commit/e9331b271) feat(machined): support per-interface route metric for OpenNebula (ETH\*\_METRIC) - [@&#8203;`6e78afb`](https://github.com/siderolabs/talos/commit/6e78afbab) feat(machined): add network alias support for OpenNebula (ET&#x48;*\_ALIAS*) - [@&#8203;`9f648b4`](https://github.com/siderolabs/talos/commit/9f648b491) feat(machined): merge global and per-interface DNS for OpenNebula - [@&#8203;`04fba03`](https://github.com/siderolabs/talos/commit/04fba03a9) feat(machined): add static routes support via ETH\*\_ROUTES for OpenNebula </p> </details> ##### Changes from siderolabs/go-cmd <details><summary>2 commits</summary> <p> - [siderolabs/go-cmd@`5f31ba9`](https://github.com/siderolabs/go-cmd/commit/5f31ba9) chore: rekres and update - [siderolabs/go-cmd@`fff5698`](https://github.com/siderolabs/go-cmd/commit/fff5698) feat: allow capturing full output to stdout, modernize API </p> </details> ##### Changes from siderolabs/go-kmsg <details><summary>3 commits</summary> <p> - [siderolabs/go-kmsg@`b53b36d`](https://github.com/siderolabs/go-kmsg/commit/b53b36d) chore: rekres and update - [siderolabs/go-kmsg@`6f7d20b`](https://github.com/siderolabs/go-kmsg/commit/6f7d20b) feat: calculate boot time correctly if the time jumps - [siderolabs/go-kmsg@`47655ee`](https://github.com/siderolabs/go-kmsg/commit/47655ee) feat: support PRINTK\_CALLER kmsg logs </p> </details> ##### Changes from siderolabs/pkgs <details><summary>4 commits</summary> <p> - [siderolabs/pkgs@`a92bed5`](https://github.com/siderolabs/pkgs/commit/a92bed5) feat: enable AMD GPU peer-to-peer DMA - [siderolabs/pkgs@`09e87a9`](https://github.com/siderolabs/pkgs/commit/09e87a9) feat: backportable deps update - [siderolabs/pkgs@`eb965e2`](https://github.com/siderolabs/pkgs/commit/eb965e2) feat(kernel): enable CONFIG\_USB\_UHCI\_HCD on amd64 - [siderolabs/pkgs@`6804ebd`](https://github.com/siderolabs/pkgs/commit/6804ebd) feat: update Linux 6.18.16, NVIDIA, ZFS </p> </details> ##### Dependency Changes - **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7 - **github.com/siderolabs/go-blockdevice/v2** v2.0.24 -> v2.0.26 - **github.com/siderolabs/go-cmd** v0.1.3 -> v0.2.0 - **github.com/siderolabs/go-kmsg** v0.1.4 -> v0.1.5 - **github.com/siderolabs/pkgs** v1.12.0-46-ge695c74 -> v1.12.0-50-ga92bed5 - **github.com/siderolabs/talos/pkg/machinery** v1.12.5 -> v1.12.6 - **github.com/spf13/cobra** v1.10.1 -> v1.10.2 - **golang.org/x/sys** v0.41.0 -> v0.42.0 - **google.golang.org/grpc** v1.78.0 -> v1.79.3 Previous release can be found at [v1.12.5](https://github.com/siderolabs/talos/releases/tag/v1.12.5) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.8 registry.k8s.io/kube-apiserver:v1.35.2 registry.k8s.io/kube-controller-manager:v1.35.2 registry.k8s.io/kube-scheduler:v1.35.2 registry.k8s.io/kube-proxy:v1.35.2 ghcr.io/siderolabs/kubelet:v1.35.2 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.6 ghcr.io/siderolabs/installer-base:v1.12.6 ghcr.io/siderolabs/imager:v1.12.6 ghcr.io/siderolabs/talos:v1.12.6 ghcr.io/siderolabs/talosctl-all:v1.12.6 ghcr.io/siderolabs/overlays:v1.12.6 ghcr.io/siderolabs/extensions:v1.12.6 ``` ### [`v1.12.5`](https://github.com/siderolabs/talos/releases/tag/v1.12.5) [Compare Source](https://github.com/siderolabs/talos/compare/v1.12.4...v1.12.5) #### [Talos 1.12.5](https://github.com/siderolabs/talos/releases/tag/v1.12.5) (2026-03-09) Welcome to the v1.12.5 release of Talos! Please try out the release binaries and report any issues at <https://github.com/siderolabs/talos/issues>. ##### Component Updates Linux: 6.18.15 Kubernetes: 1.35.2 etcd: 3.6.8 Talos is built with Go 1.25.8. ##### Contributors - Andrey Smirnov - Mateusz Urbanek - Dmitrii Sharshakov - Fritz Schaal - Jan Paul - Max Makarov - Mickaël Canévet - Nico Berlee - Orzelius - Spencer Smith ##### Changes <details><summary>19 commits</summary> <p> - [@&#8203;`da6c6e4`](https://github.com/siderolabs/talos/commit/da6c6e461) release(v1.12.5): prepare release - [@&#8203;`4f978a7`](https://github.com/siderolabs/talos/commit/4f978a747) fix: correctly calculate end ranges for nftables sets - [@&#8203;`8d52e2d`](https://github.com/siderolabs/talos/commit/8d52e2dbe) feat: add trusted roots generation to stdpatches - [@&#8203;`6284877`](https://github.com/siderolabs/talos/commit/628487715) fix: use correct dhcp option for unicast dhcp renewal - [@&#8203;`dcf23be`](https://github.com/siderolabs/talos/commit/dcf23be4f) fix: ignore image digest when doing upgrade-k8s - [@&#8203;`f8a2a9b`](https://github.com/siderolabs/talos/commit/f8a2a9b7a) fix(machined): opennebula: process ETH\*\_ vars regardless of NETWORK context flag - [@&#8203;`db9ff23`](https://github.com/siderolabs/talos/commit/db9ff23ae) fix: patch with delete for LinkConfigs - [@&#8203;`e0c38e2`](https://github.com/siderolabs/talos/commit/e0c38e2ae) fix: update path handling on talosctl cgroups - [@&#8203;`ca2d4c1`](https://github.com/siderolabs/talos/commit/ca2d4c146) fix: stop Kubernetes client from dynamically reloading the certs - [@&#8203;`70ae2f2`](https://github.com/siderolabs/talos/commit/70ae2f274) refactor: split locate and provision - [@&#8203;`c3b0484`](https://github.com/siderolabs/talos/commit/c3b04844e) fix: hold user volumes root mountpoint - [@&#8203;`d935420`](https://github.com/siderolabs/talos/commit/d935420b2) fix: handle raw encryption keys with `\n` properly - [@&#8203;`7fe1a47`](https://github.com/siderolabs/talos/commit/7fe1a47af) fix: remove stale endpoints - [@&#8203;`3ea0888`](https://github.com/siderolabs/talos/commit/3ea08888a) fix: allow static hosts in `/etc/hosts` without hostname - [@&#8203;`5ebb00f`](https://github.com/siderolabs/talos/commit/5ebb00fdc) fix: switch to better Myers algorithm implementation - [@&#8203;`2b40379`](https://github.com/siderolabs/talos/commit/2b4037935) feat: update etcd to v3.6.8 - [@&#8203;`1ce9328`](https://github.com/siderolabs/talos/commit/1ce9328e4) fix: disks flag parsing and handling in create qemu command - [@&#8203;`1f989df`](https://github.com/siderolabs/talos/commit/1f989dfb0) fix: read multi-doc machine config with newer talosctl - [@&#8203;`40ba6e3`](https://github.com/siderolabs/talos/commit/40ba6e3ec) feat: update Linux 6.18.15, Go 1.25.8 </p> </details> ##### Changes from siderolabs/go-debug <details><summary>1 commit</summary> <p> - [siderolabs/go-debug@`47fce68`](https://github.com/siderolabs/go-debug/commit/47fce68) feat: support Go 1.26, rekres </p> </details> ##### Changes from siderolabs/pkgs <details><summary>7 commits</summary> <p> - [siderolabs/pkgs@`e695c74`](https://github.com/siderolabs/pkgs/commit/e695c74) feat: update Linux to 6.18.15 - [siderolabs/pkgs@`7d4ef68`](https://github.com/siderolabs/pkgs/commit/7d4ef68) feat: update Linux to 6.18.14 - [siderolabs/pkgs@`300cd60`](https://github.com/siderolabs/pkgs/commit/300cd60) feat: update Linux firmware to [`2026022`](https://github.com/siderolabs/talos/commit/20260221) - [siderolabs/pkgs@`65f9fd3`](https://github.com/siderolabs/pkgs/commit/65f9fd3) feat: update Linux to 6.18.13 - [siderolabs/pkgs@`96fc8e3`](https://github.com/siderolabs/pkgs/commit/96fc8e3) feat: enable MLX5 Scalable Functions and TC offload in kernel - [siderolabs/pkgs@`f31edf1`](https://github.com/siderolabs/pkgs/commit/f31edf1) feat: add patch for Cilium BPF verifier rejection by the kernel - [siderolabs/pkgs@`8b4b129`](https://github.com/siderolabs/pkgs/commit/8b4b129) feat: update Go to 1.25.8 </p> </details> ##### Changes from siderolabs/tools <details><summary>1 commit</summary> <p> - [siderolabs/tools@`57916cb`](https://github.com/siderolabs/tools/commit/57916cb) feat: update Go to 1.25.8 </p> </details> ##### Dependency Changes - **github.com/docker/cli** v29.0.0 -> v29.2.1 - **github.com/siderolabs/go-blockdevice/v2** v2.0.23 -> v2.0.24 - **github.com/siderolabs/go-debug** v0.6.1 -> v0.6.2 - **github.com/siderolabs/pkgs** v1.12.0-39-gb1fc4c6 -> v1.12.0-46-ge695c74 - **github.com/siderolabs/talos/pkg/machinery** v1.12.3 -> v1.12.5 - **github.com/siderolabs/tools** v1.12.0-6-gdc37e09 -> v1.12.0-7-g57916cb - **golang.org/x/net** v0.48.0 -> v0.51.0 - **golang.org/x/sys** v0.40.0 -> v0.41.0 - **golang.org/x/term** v0.38.0 -> v0.40.0 - **golang.org/x/text** v0.33.0 -> v0.34.0 - **google.golang.org/grpc** v1.76.0 -> v1.78.0 - **google.golang.org/protobuf** v1.36.10 -> v1.36.11 - **k8s.io/api** v0.35.0 -> v0.35.2 - **k8s.io/apiextensions-apiserver** v0.35.0 -> v0.35.2 - **k8s.io/apiserver** v0.35.0 -> v0.35.2 - **k8s.io/client-go** v0.35.0 -> v0.35.2 - **k8s.io/component-base** v0.35.0 -> v0.35.2 - **k8s.io/kube-scheduler** v0.35.0 -> v0.35.2 - **k8s.io/kubectl** v0.35.0 -> v0.35.2 - **k8s.io/kubelet** v0.35.0 -> v0.35.2 - **k8s.io/pod-security-admission** v0.35.0 -> v0.35.2 Previous release can be found at [v1.12.4](https://github.com/siderolabs/talos/releases/tag/v1.12.4) #### Images ``` ghcr.io/siderolabs/flannel:v0.27.4 registry.k8s.io/coredns/coredns:v1.13.2 registry.k8s.io/etcd:v3.6.8 registry.k8s.io/kube-apiserver:v1.35.2 registry.k8s.io/kube-controller-manager:v1.35.2 registry.k8s.io/kube-scheduler:v1.35.2 registry.k8s.io/kube-proxy:v1.35.2 ghcr.io/siderolabs/kubelet:v1.35.2 registry.k8s.io/pause:3.10 ghcr.io/siderolabs/installer:v1.12.5 ghcr.io/siderolabs/installer-base:v1.12.5 ghcr.io/siderolabs/imager:v1.12.5 ghcr.io/siderolabs/talos:v1.12.5 ghcr.io/siderolabs/talosctl-all:v1.12.5 ghcr.io/siderolabs/overlays:v1.12.5 ghcr.io/siderolabs/extensions:v1.12.5 ``` </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuMTk3LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
jaskaran force-pushed renovate/siderolabs-talos-1.x from d1acac562c to 500e7ba557 2026-03-22 00:01:59 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.5 to chore(deps): update dependency siderolabs/talos to v1.12.6 2026-03-22 00:02:04 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 500e7ba557 to 6fa94f633c 2026-04-25 00:01:22 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.6 to chore(deps): update dependency siderolabs/talos to v1.12.7 2026-04-25 00:01:28 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 6fa94f633c to 184f53d8d0 2026-05-01 00:03:55 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.12.7 to chore(deps): update dependency siderolabs/talos to v1.13.0 2026-05-01 00:04:02 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 184f53d8d0 to 7b1dba1f56 2026-05-14 00:03:35 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.0 to chore(deps): update dependency siderolabs/talos to v1.13.2 2026-05-14 00:03:44 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 7b1dba1f56 to 54ff7f2daa 2026-05-28 00:03:31 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.2 to chore(deps): update dependency siderolabs/talos to v1.13.3 2026-05-28 00:03:45 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 54ff7f2daa to 1e0608edff 2026-06-10 00:02:54 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.3 to chore(deps): update dependency siderolabs/talos to v1.13.4 2026-06-10 00:03:10 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 1e0608edff to 709f35540c 2026-06-23 00:03:13 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.4 to chore(deps): update dependency siderolabs/talos to v1.13.5 2026-06-23 00:03:31 +00:00
jaskaran force-pushed renovate/siderolabs-talos-1.x from 709f35540c to 80d0c58f5a 2026-07-10 00:03:19 +00:00 Compare
jaskaran changed title from chore(deps): update dependency siderolabs/talos to v1.13.5 to chore(deps): update dependency siderolabs/talos to v1.13.6 2026-07-10 00:03:37 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/siderolabs-talos-1.x:renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x
git rebase main
git switch main
git merge --ff-only renovate/siderolabs-talos-1.x
git switch renovate/siderolabs-talos-1.x
git rebase main
git switch main
git merge --no-ff renovate/siderolabs-talos-1.x
git switch main
git merge --squash renovate/siderolabs-talos-1.x
git switch main
git merge --ff-only renovate/siderolabs-talos-1.x
git switch main
git merge renovate/siderolabs-talos-1.x
git push origin main
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jaskaran/homelab!24
No description provided.