Tailscale SSH Unix socket forwarding respects symlink
permissions. This fix addresses a security vulnerability
described in TS-2026-004.
Tailscale Serve Unix socket proxy targets are restricted
to the root user. This fix addresses a security
vulnerability described in TS-2026-005.
Tailscale SSH does not allow the use of UIDs or
numeric-only usernames. This fix addresses a security
vulnerability described in TS-2026-006.
Nodes advertising Tailscale Services filter and reject
packets from service IPs on ports they do not
advertise. This fix addresses a security vulnerability
described in TS-2026-007.
Tailscale Serve and Tailscale Funnel terminate path walks
for non-absolute paths, preventing CPU core pinning. This
fix addresses a security vulnerability described in
TS-2026-008.
Tailscale SSH does not allow the use of usernames with
leading dashes. This fix addresses a security vulnerability
described in TS-2026-009.