Skip to content

v0.27.1

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Nov 19:32
· 29 commits to main since this release
v0.27.1
f658a8e

Minimum supported Tailscale client version: v1.64.0

Changes

  • Expire nodes with a custom timestamp
    #2828
  • Fix issue where node expiry was reset when tailscaled restarts
    #2875
  • Fix OIDC authentication when multiple login URLs are opened
    #2861
  • Fix node re-registration failing with expired auth keys
    #2859
  • Remove old unused database tables and indices
    #2844
    #2872
  • Ignore litestream tables during database validation
    #2843
  • Fix exit node visibility to respect ACL rules
    #2855
  • Fix SSH policy becoming empty when unknown user is referenced
    #2874
  • Fix policy validation when using bypass-grpc mode
    #2854
  • Fix autogroup:self interaction with other ACL rules
    #2842
  • Fix flaky DERP map shuffle test
    #2848
  • Use current stable base images for Debian and Alpine containers
    #2827

Upgrade

Please follow the steps outlined in the upgrade guide to update your existing Headscale installation.

It's best to update from one stable version to the next (e.g., 0.24.0 → 0.25.1 → 0.26.1) in case you are multiple releases behind. You should always pick the latest available patch release.

Be sure to check the changelog above for version-specific upgrade instructions and breaking changes.

Backup Your Database

Always backup your database before upgrading. Here's how to backup a SQLite database:

# Stop headscale
systemctl stop headscale

# Backup sqlite database
cp /var/lib/headscale/db.sqlite /var/lib/headscale/db.sqlite.backup

# Backup sqlite WAL/SHM files (if they exist)
cp /var/lib/headscale/db.sqlite-wal /var/lib/headscale/db.sqlite-wal.backup
cp /var/lib/headscale/db.sqlite-shm /var/lib/headscale/db.sqlite-shm.backup

# Start headscale (migration will run automatically)
systemctl start headscale

Changelog

  • abed534 Document how to restrict access to exit nodes per user/group
  • d23fa26 Fix flaky TestShuffleDERPMapDeterministic by ensuring deterministic map iteration (#2848)
  • 0a43aab Use Debian 12 as minimum version for the deb package
  • 4bd614a Use current stable base images for Debian and Alpine
  • 785168a changelog: prepare for 0.27.1
  • 19a3339 changelog: set 0.27 date (#2823)
  • af2de35 chore: fix autogroup:self with other acl rules (#2842)
  • 02c7c1a cli: only validate bypass-grpc set policy (#2854)
  • 5a2ee0c db: add comment about removing migrations
  • 28faf8c db: add defensive removal of old indicies
  • 456a5d5 db: ignore _litestream tables when validating (#2843)
  • ddbd3e1 db: remove all old, unused tables (#2844)
  • f9bb88a expire nodes with a custom timestamp (#2828)
  • 5cd15c3 fix: make state cookies valid when client uses multiple login URLs
  • 3bd4ecd fix: preserve node expiry when tailscaled restarts
  • 3455d1c hscontrol/db: fix RenameUser to use Updates()
  • 4a8dc2d hscontrol/state,db: preserve node expiry on MapRequest updates
  • 4728a2b hscontrol/state: allow expired auth keys for node re-registration
  • ddd31ba hscontrol: use Updates() instead of Save() for partial updates
  • 773a46a integration: add test to replicate #2862
  • 84fe3de integration: reduce TestAutoApproveMultiNetwork matrix to 3 tests (#2815)
  • d9c3eaf matcher: Add func for comparing Dests and TheInternet
  • f658a8e mkdocs: 0.27.1
  • c649c89 policy: Reproduce exit node visibility issues
  • 21e3f25 policy: fix issue where non existent user results in empty ssh pol
  • a28d9be policy: reproduce 2863 in test
  • d7a43a7 state: use AllApprovedRoutes instead of SubnetRoutes
  • 2024219 types: Distinguish subnet and exit node access
  • bd9cf42 types: NodeView CanAccess uses internal
  • 1c0bb03 types: split SubnetRoutes and ExitRoutes
Assets 11
Loading