-
adam released this
2025-11-11 20:17:02 +01:00 | 87 commits to main since this release📅 Originally published on GitHub: Tue, 11 Nov 2025 19:32:29 GMT
🏷️ Git tag created: Tue, 11 Nov 2025 19:17:02 GMTMinimum supported Tailscale client version: v1.64.0
Changes
- Expire nodes with a custom timestamp
#2828 - Fix issue where node expiry was reset when tailscaled restarts
#2875 - Fix OIDC authentication when multiple login URLs are opened
#2861 - Fix node re-registration failing with expired auth keys
#2859 - Remove old unused database tables and indices
#2844
#2872 - Ignore litestream tables during database validation
#2843 - Fix exit node visibility to respect ACL rules
#2855 - Fix SSH policy becoming empty when unknown user is referenced
#2874 - Fix policy validation when using bypass-grpc mode
#2854 - Fix autogroup:self interaction with other ACL rules
#2842 - Fix flaky DERP map shuffle test
#2848 - Use current stable base images for Debian and Alpine containers
#2827
Upgrade
Please follow the steps outlined in the upgrade guide to update your existing Headscale installation.
It's best to update from one stable version to the next (e.g., 0.24.0 → 0.25.1 → 0.26.1) in case you are multiple releases behind. You should always pick the latest available patch release.
Be sure to check the changelog above for version-specific upgrade instructions and breaking changes.
Backup Your Database
Always backup your database before upgrading. Here's how to backup a SQLite database:
# Stop headscale systemctl stop headscale # Backup sqlite database cp /var/lib/headscale/db.sqlite /var/lib/headscale/db.sqlite.backup # Backup sqlite WAL/SHM files (if they exist) cp /var/lib/headscale/db.sqlite-wal /var/lib/headscale/db.sqlite-wal.backup cp /var/lib/headscale/db.sqlite-shm /var/lib/headscale/db.sqlite-shm.backup # Start headscale (migration will run automatically) systemctl start headscaleChangelog
abed534628Document how to restrict access to exit nodes per user/groupd23fa26395Fix flaky TestShuffleDERPMapDeterministic by ensuring deterministic map iteration (#2848)0a43aab8f5Use Debian 12 as minimum version for the deb package4bd614a559Use current stable base images for Debian and Alpine785168a7b8changelog: prepare for 0.27.119a33394f6changelog: set 0.27 date (#2823)af2de35b6cchore: fix autogroup:self with other acl rules (#2842)02c7c1a0e7cli: only validate bypass-grpc set policy (#2854)5a2ee0c391db: add comment about removing migrations28faf8cd71db: add defensive removal of old indicies456a5d5ccedb: ignore _litestream tables when validating (#2843)ddbd3e14badb: remove all old, unused tables (#2844)f9bb88ad24expire nodes with a custom timestamp (#2828)5cd15c3656fix: make state cookies valid when client uses multiple login URLs3bd4ecd9cdfix: preserve node expiry when tailscaled restarts3455d1cb59hscontrol/db: fix RenameUser to use Updates()4a8dc2d445hscontrol/state,db: preserve node expiry on MapRequest updates4728a2ba9ehscontrol/state: allow expired auth keys for node re-registrationddd31ba774hscontrol: use Updates() instead of Save() for partial updates773a46a968integration: add test to replicate #286284fe3de251integration: reduce TestAutoApproveMultiNetwork matrix to 3 tests (#2815)d9c3eaf8c8matcher: Add func for comparing Dests and TheInternetf658a8eacdmkdocs: 0.27.1c649c89e00policy: Reproduce exit node visibility issues21e3f2598dpolicy: fix issue where non existent user results in empty ssh pola28d9bed6dpolicy: reproduce 2863 in testd7a43a7cf1state: use AllApprovedRoutes instead of SubnetRoutes2024219bd1types: Distinguish subnet and exit node accessbd9cf42b96types: NodeView CanAccess uses internal1c0bb0338dtypes: split SubnetRoutes and ExitRoutes
Downloads
- Expire nodes with a custom timestamp
mirror of
https://github.com/juanfont/headscale.git
synced 2026-01-11 03:40:28 +01:00