siderolabs/talos v1.11.0 on GitHub

Talos 1.11.0 (2025-09-01)

Welcome to the v1.11.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Azure

Talos on Azure now defaults to MTU of 1400 bytes for the eth0 interface to avoid packet fragmentation issues.
The default MTU can be overriden via machine configuration.

Boot

Talos boot partition size increased to 2 GiB to accommodate large images (with many system extensions included).

Kernel Command Line

Talos now exposes the kernel command line as a KernelCmdline resource (talosctl get cmdline).

Disk Encryption

Disk encryption for system volumes is now managed by the VolumeConfig machine configuration document.
Legacy configuration in valpha1 machine configuration is still supported.

New per-key option lockToSTATE is added to the VolumeConfig document, which allows to lock the volume encryption key to the secret salt in the STATE volume.
So, if the STATE volume is wiped or replaced, the volume encryption key will not be usable anymore.

Disk Wipe

Talos now supports talosctl disk wipe command in maintenance mode (talosctl disk wipe <disk> --insecure).

Early Inline Configuration

Talos now supports passing early inline configuration via the talos.config.early kernel parameter.
This allows to pass the configuration before the platform config source is probed, which is useful for early boot configuration.
The value of this parameter has the same format as the talos.config.inline parameter, i.e. it should be base64 encoded and zstd-compressed.

ETCD downgrade API

Added ETCD downgrade API mimicking the ETCD API and etcdctl interfaces.
This API allows to downgrade ETCD cluster (storage format) to a previous version.

IMA support removed

Talos now drops the IMA (Integrity Measurement Architecture) support. This feature was not used in Talos for any meaningful security purpose
and has historically caused performance issues. See #11133 for more details.

Kubernetes Version Validation

Talos now validates the Kubernetes version in the image specified in the machine configuration.
Previously this check was performed only on upgrade, but now it is consistently applied to upgrade, initial provisioning, and machine configuration updates.

This implies that all image references should contain the tag, even if the image is pinned by digest.

Qemu provisioner on MacOS

On MacOS talosctl cluster create command now supports the Qemu provisioner in addition to the Docker provisioner.

Kernel Modules

Talosctl now returns the loaded modules, not the modules configured to be loaded (talosctl get modules).

SBOM

Talos now publishes Software Bill of Materials (SBOM) in the SPDX format.

Swap Suport

Talos now supports swap on block devices.
This feature can be enable by using SwapVolumeConfig document in the machine configuration.

Component Updates

Linux: 6.12.43
Kubernetes: 1.34.0
runc: 1.3.0
etcd: 3.6.4
containerd: 2.1.4
Flannel CNI plugin: 1.7.1-flannel1
Flannel: 0.27.2
CoreDNS: 1.12.2
xfsprogs: 6.15.0
systemd-udevd and systemd-boot: 257.7
lvm2: 2.03.33
cryptsetup: 2.8.0

Talos is built with Go 1.24.6.

VMware

Talos VMWare platform now supports arm64 architecture in addition to amd64.

Volumes

Talos now supports raw user volumes, allowing to allocate unformatted disk space as partition.
In addition to that, support for existing volumes has been added, allowing to mount existing partitions without formatting them.

Zswap Support

Talos now supports zswap, a compressed cache for swap pages.
This feature can be enabled by using ZswapConfig document in the machine configuration.

Contributors

Andrey Smirnov
Noel Georgi
Dmitrii Sharshakov
Orzelius
Mateusz Urbanek
Orzelius
Justin Garrison
Oguz Kilcan
Spencer Smith
Steve Francis
Till Hoffmann
Utku Ozdemir
Andrew Longwill
Artem Chernyshev
Michael Robbins
Alexandre GV
Marat Bakeev
Olav Thoresen
Thibault VINCENT
Alp Celik
Alvaro "Chamo" Linares Cabre
Amarachi Iheanacho
Brian Brookman
Bryan Mora
Clément Nussbaumer
Damien
David R
Dennis Marttinen
Dmitriy Matrenichev
Guillaume LEGRAIN
Joakim Nohlgård
Jorik Jonker
Justin Seely
Luke Cousins
Marco Mihai Condrache
Markus Reiter
Martyn Ranyard
Michael Moerz
Mike
Tan Siewert
Tom Keur
jvanthienen-gluo
killcity
yashutanu

Changes

279 commits

d9d89a3a8 release(v1.11.0): prepare release
364b48690 feat: update pkgs/tools for pcre2 10.46
be70ea03f feat: update pkgs for NVIDIA prod 570.172.08
a5f80b4fe fix: bring back linux/armv7 build and update xz
751dae432 fix: drop linux/armv7 build
8cbd75320 fix: update xz module (security)
803ed1ef9 feat: update Kubernetes to 1.34.0
a80898da9 feat: update Linux to 6.12.43
30c14aa71 feat: update Kubernetes default to v1.34.0-rc.2
ed7d8cbac docs: link to kubernetes linux swap tuning
1ee82120e docs: apply fixes for what is new
36102eae1 release(v1.11.0-rc.0): prepare release
0f22913d9 fix: image cache lockup on a missing volume
46cf25c7c feat: update Linux to 6.12.41
62f6c97fe fix: provide mitigation CVE-1999-0524
350319063 fix: actually use SIDEROV1_KEYS_DIR env var if it's provided
430a27dc2 fix: kubernetes upgrade options for kubelet
e3a9097c4 fix: set secs field in DHCPv4 packets
babddd0e4 fix: dial with proxy
23efda4db feat: use key provider with fallback option for auth type SideroV1
e2a5a9b3f chore: re-enable vulncheck
f5d700a0c release(v1.11.0-beta.2): prepare release
6186d1821 chore: disable vulncheck temporarily
e4a2a8d9c feat: update default Kubernetes to v1.34.0-rc.1
4c4236d7e feat: update Go to 1.24.6
a01a390f6 chore: add deadcode elimination linter
49fad0ede feat: add a pause function to dashboard
21e8e9dc9 refactor: replace containerd/containerd/v2 module for proper DCE
bbd01b6b7 refactor: fix deadcode elimination with godbus
e8d9c81cc refactor: stop using text/template in machined code paths
85589662a fix: unmarshal encryption STATE from META
f10a626d2 docs: add what is new notes for 1.11
5a15ce88b release(v1.11.0-beta.1): prepare release
614ca2e22 fix: one more attempt to fix volume mount race on restart
4b86dfe6f feat: implement encryption locking to STATE
8ae76c320 feat: implement talos.config.early command line arg
19f8c605e docs: remove talos API flags from mgmt commands
fa1d6fef8 feat: bootedentry resource
7dee810d4 fix: live reload of TLS client config for discovery client
a5dc22466 fix: enforce minimum size on user volumes if not set explicitly
7836e924d feat: update containerd to 2.1.4
5012550ec feat: add F71808E watchdog driver
10ddc4cdd fix: grype scan
d108e0a08 fix(ci): use a random suffix for ami names
504225546 fix: issues with reading GPT
bdaf08dd4 feat: update PCI DB module to v0.3.2
667dcebec test: wait for service account test job longer
ae176a4b7 feat: update etcd to 3.6.4
201b6801f fix: issue with volume remount on service restart
2a911402b chore: tag aws snapshots created via ci with the image name
d8bd84b56 docs: add SBOM documentation
7eec61993 feat: unify disk encryption configuration
4ff2bf9e0 feat: update etcd to v3.5.22
31a67d379 fix: do not download artifacts for cron Grype scan
c6b6e0bb3 docs: rewrite the getting started and prod docs for v1.10 and v1.11
ca1c656e6 chore(ci): add more nvidia test matrix
7a2e0f068 feat: sync pkgs, update Linux to 6.12.40
85e7989cf release(v1.11.0-beta.0): prepare release
3039162dc feat: update Flannel to v0.27.2
7e6052e63 feat: increase boot partition to 2 GiB
cb7ca17bb feat: implement ExistingVolumeConfig
a857c696f chore(machined): remove deprecated Endpoints
a60101c55 fix: fill serial using helpers
5420e9979 refactor: output default selection for profiles
023a24cd4 test: use Grype to scan SBOM for vulnerabilities
96896fddb chore: build less images by default
75b5dec06 fix: sd-boot kexec with disk images
10546d6f8 feat: update Kuberentes 1.34.0-beta.0
3f35b83ae fix: ignore absent extensions SBOM directory
9920da3e1 feat: add etcd downgrade API
c38682279 feat: bump pkgs and tools, read extensions' SBOMs, rekres
9c0d2706c docs: add release notes about v3.6.x bug
d21994210 test: refactor various merge controller tests
da5a4449f feat: implement raw volume support
41adda1cf docs: add secure boot setup mode note for Xen
993b4ade8 docs: fix typo in hugo config: pre-releaase
130b7fd6e test: fix flaky TestDNS
35b45ae6e feat(talosctl): support tpm operation on mac
24628db20 feat: update Kubernetes to v1.34.0-alpha.3
ff68286d1 feat: include hwrandom modules
a5b07c9a5 test: split tests and lint from the default pipeline
a957ef416 feat: add SBOMs to the imager container
506212a71 feat: include AMD encrypted mem modules into base
a966321cc fix: add more bootloader probe logs on upgrade
b38fa568a feat: add validation for secrets bundle
2d89bcc71 feat: bump Linux, Go and other packages
0b8c180b8 fix: rename instances to referenceCount
378fe4f2f feat: support writing EFI boot order
9f0792632 fix: improve volume provisioning errors
b8fcf3c71 fix: change module instance evaluation
d680e560d docs: create FUNDING.yml
641505584 feat: support project quota support for user volumes
52656cc3c feat: allow taloscl disk wipe in maintenance mode
850579448 feat: export SBOM as resources
4f3a2ffab test: update unit-test runner
d531b682c fix: provide FIPS 140-3 compliance
3e3129d36 feat: include packages into SBOM
54bd50be3 fix: talos endpoint might not be created in Kubernetes
8789a02c3 feat: present loaded kernel modules
33ecbaec6 test: update apply config tests
7d2fd390c chore: bump Talos version in the Image Factory CI pipeline
de77f2142 docs: add example for fluentbit config
1f1f78106 fix: add limited retries for not found images
3d6a2c14e chore: generate and upload signatures on release
380141330 feat: expose kernel cmdline as a resource
4c6b3b14d docs: document disabling SELinux
3a6e5a71e feat: add talosctl mulitarch bundle image
be671ee6d chore: add sbom step to the release pipeline
7fd0e8fc7 release(v1.11.0-alpha.3): prepare release
777335f23 chore: improve cloud image uploader resilience
14e5eee7d release(v1.11.0-alpha.2): prepare release
1e5a008f5 fix: hold user volume mount point across kubelet restarts
cdad50590 docs: user volumes and kubernetes upgrade updates
c880835c8 feat: implement zswap support
7f0300f10 feat: update dependencies, Kubernetes 1.34.0-alpha.2
61afbe3d2 docs: add vc4 documentation
b9dbdc8e7 fix: etcd recover with multiple advertised addresses
19d94c357 feat: update Linux to 6.12.35, containerd to 2.1.3
44a1fc3b7 fix: treat context canceled as expected error on image pull
4da2dd537 feat: enforce Kubernetes version compatibility
6c7f8201a fix: set default MTU on Azure to 1400
091cd6989 docs: small yaml typo fix
66ecbd48f docs: update support matrix with omni version
c948d7617 docs: minor fixes for creating kernel modules
cc14c4a25 docs: add docs for creating kernel modules
93bcd3b56 docs: create SBOM for Go dependencies
38c4ce415 feat: add user-space InfiniBand modules
251dc934f feat: arm64 support for platform vmware
09b3ad577 feat: update containerd to 2.1.2
0767dd07b chore: enable --with-siderolink-agent on Darwin
9642198d7 fix: userspace wireguard library overrides
208f0763e chore: fix talosctl build on non-Linux hosts
87421af87 docs: expand documentation description
d32ccfa59 feat: implement swap support
8f5cf81db docs: update kvm documentation
8e84c8b0f fix: nil pointer deref in quirk
6e74a3676 docs: aad ery basic details on how to run on scaleway
260d1bc9a fix: correctl close encrypted volumes
034ef42af fix: update siderolink library for wgtunnel panic fix
3035744a8 fix: correctly predict interface name on darwin
cfcfad3c4 chore: move checkUnknownKeys function to github.com/siderolabs/gen
5ecc53c69 docs: add macos section to developing-talos.md
b5b35307f chore: update Go to 1.24.4
fde772d8d feat: update Flannel to 0.27.0
81ca27949 release(v1.11.0-alpha.1): prepare release
58a868e68 chore: fix renovate config, add release-gate label
a59aaee84 feat: bump dependencies, Linux 6.12.31
e954ee30a docs: typo correction: LongHorn -> Longhorn
aab053394 fix: mashal resource byte slices as strings in YAML
c7d4191e7 fix: rework the way CRI config generation is waited for
0114183de docs: update lastRelease to 1.10.3
938b0760a docs: update issue template
2a7b735b2 feat: drop IMA support
2d5a805b0 fix: typo in DiscoverdVolume spec
60c12bad9 feat: support nocloud include url userdata directive
0fd622c82 fix(talosctl): correct --help output for dashboard command
a90c936a1 feat: support qemu provisioner on darwin
5322ca0d3 docs: update overlay docs
a60b6322d fix(ci): drop nebula from extensions test
dbbb59a67 docs: add note for default dataDirHostPath for Rook
e26054378 docs: macos qemu provider
5d0224093 docs: use the cilium-cli image repo in the job installation manifest
ff80e4cca docs: fix CIDR name
a5fd15e8b fix(ci): reproducibility test
8f8963e50 docs: update Nexxen brand
c6b86872d fix(ci): iso reproducibility file permissions
995a1dec4 chore: add a check for unsupported darwin flags
9db5d0c97 fix: nocloud metadata for hostname
3cf325654 feat: modularize more arm64 kernel
3524745cc fix: allow any PKI in Talos API
f438cdb09 chore: use custom dhcpd server on macos qemu
11c17fb9a fix: metal-iso reproducibility
7fcb89ee3 chore: add darwin vmnet qemu support
fc1237343 chore: clean up /usr/bin
b551f32ce feat: update containerd to v2.1.1
67f4154f9 docs: update disk-management.md
0cb137ad7 fix: make disk size check work on old Talos
7c057edd5 fix: use vmdk-convert istead of qemu-img to create VMDK for OVA files
cd618dad0 chore: update the go-blockdevice package
0b99631a0 fix: bump apid memory limit
5451f35b1 docs: update virtualbox
bd4d202a5 refactor: bring owned.State from COSI to simplify tests
0b96df574 feat: update containerd to 2.1.0
e1a939144 docs: fix formatting in disk encryption
7a817df1c docs: fix typo
f35b213b2 test: fix DHCP unicast failures in QEMU environment
7064bbf05 docs: fix vmware factory URL
78c33bcdb feat: update default Kubernetes to v1.33.1
da6795266 fix: disable automatic MAC assignment to bridge interfaces
ca34adf58 chore(ci): drop azure keys
ea5de19fa fix: selinux detection
52c76ea3a fix: consistently apply dynamic grpc proxy dialer
aa9569e5d chore: refactor cluster create cmd flags
1161faa05 docs: fix typo in Cilium docs
164745e44 docs: remove preserve flag mention in upgrade notes
9a2ecbaaf fix: makefile operating system param
118aa69d6 chore: update cloud-image-uploader dependencies
acdd721cf chore: dump qemu pachine ipam records on darwin
bb9094534 chore: rotate aws iam credentials
0bfa4ae1b chore: update deps for cloud-image-uploader
956d7c71b chore: update sops keys
e2f819d88 test: fix the process runner log collection
fdac4cfb9 fix: upgrade go-kubernetes for DRA flag bug
09d88e1e8 test: fix some flaky tests
ec1f41a94 chore: make qemu config server bind work on darwin
980f4d2b9 feat: bump dependencies
95259337e fix: k8s 1.32->1.33 upgrade check
c3c326b40 fix: improve volume mounter automaton
918b94d9a refactor: rewrite disk size check
ab7e693d7 chore: make qemu lb address bind work on darwin
97ceab001 fix: multiple logic issues in platform network config controller
46349a9df docs: remove azure image gallery instructions
0cfcdd3de docs: fix search on base talos.dev
78646b4e0 docs: add registryd debug command
c6824c211 fix: deny apply config requests without v1alpha1 in "normal" mode
7df0408e4 fix: interactive installer config gen
881c5d62b fix: suppress duplicate platform config updates
66d77888e fix: replace downloaded asset paths correctly in cluster create cmd
6bd6c9b5a fix: generate iso greater than 4 gig
ac140324e fix: skip PCR extension if TPM1.2 is found
09ef1f8a4 fix: ignore http proxy on grpc socket dial
22a72dc80 chore: split options between three structs
22c34a50f fix(ci): provision cron jobs
b3b20eff3 fix: containerd crashing with sigsegv
f7891c301 chore: calculate vmnet interface name preemptively
ae87edffb fix: drop libseccomp from rootfs
f74a805bb fix: do correct backoff for nocloud reconcile
01bb294af fix(ci): provision tests
e4945be3b docs: add registryd debug command
d8c670ad3 release(v1.11.0-alpha.0): prepare release
ace44ea61 test: update hydrophone to 0.7.0
3a1163692 chore: cross platform qemu preflight checks
7914fb104 chore: move the create command to it's own package
c8e619608 chore: prepare for release 1.11
1299aaa45 chore(ci): add extensions test for Youki runtime
e50ceb221 docs: activate Talos 1.10 docs
9d12aaeb1 test: improve config patch test
106a656b6 chore: make qemu provider build on darwin
8013aa06c test: replace platform metadata test
2b89c2810 fix: relax etcd APIs RBAC requirements
1e677587c fix: preserve kubelet image suffix
62ab8af45 fix: disk image generation with image cache
d60626f01 fix: handle encryption type mismatch
a9109ebd0 feat: allow SideroLink unique token in machine config
2ff3a6e40 feat(kernel): add bcache kernel module to core talos
fa95a2146 fix(ci): bios provision test
f7c5b86be fix: sync PCR extension with volume provisioning lifecycle
f90c79474 chore: show bound driver in pcidevices info
8db34624c fix: handle correctly changing platform network config
77c7a075b feat: update Kubernetes to 1.33.0
74f0c48c7 feat: add version compatibility for Talos 1.11
c4fb7dad0 fix: force DNS runner shutdown on timeout
c49b4836e docs: hetzner: add note about public iso
16ea2b113 docs: add what is new for 1.10
be3f0c018 fix: fix Gvisor tests with containerd patch
37db132b3 chore(ci): add provision test with bios
ec60b70e7 fix: set media type to OCI for image cache layer
a471eb31b feat: update Linux 6.12.24, containerd 2.0.5
54ad5b872 fix: extension services logging to console
601f036ba docs: correct flannel extra args example
ae94377d1 feat: support encryption config for user volumes
9616f6e8d docs: add caveat for kubespan and host ports
a1d08a362 docs: fixes typo at OpenEBS Mayastor worker patches
a91e8726e docs: add a dark theme
c76189c58 fix: grub EFI mount point
4ca985c65 fix: grub efi platform install
b31260281 docs: update storage.md
396a29040 feat: add new SBCs
a902f6580 feat: update Flannel to v0.26.7
2bbefec1a docs: use cache in preview
6028a8d2d docs: update kubeprism.md
e51a8ef8c fix: prefer new MountStatus resource
d9c7e7946 docs: fix search
b32fa029b feat: update Kubernetes to 1.33.0-rc.1
f0ea478cb feat: support address priority
8cd3c8dc7 test: fix NVIDIA OSS tests
62f2d27cd docs: update virtualbox.md
141326ea3 docs: fix tabpane styling
134aa53cc feat: update base CoreDNS code in host DNS to 1.12.1

Changes since v1.11.0-rc.0

11 commits

d9d89a3a8 release(v1.11.0): prepare release
364b48690 feat: update pkgs/tools for pcre2 10.46
be70ea03f feat: update pkgs for NVIDIA prod 570.172.08
a5f80b4fe fix: bring back linux/armv7 build and update xz
751dae432 fix: drop linux/armv7 build
8cbd75320 fix: update xz module (security)
803ed1ef9 feat: update Kubernetes to 1.34.0
a80898da9 feat: update Linux to 6.12.43
30c14aa71 feat: update Kubernetes default to v1.34.0-rc.2
ed7d8cbac docs: link to kubernetes linux swap tuning
1ee82120e docs: apply fixes for what is new

Changes from siderolabs/crypto

5 commits

siderolabs/crypto@62a079b fix: update TLS config, add tests for TLS interactions
siderolabs/crypto@c2b4e26 fix: remove code duplication and fix Ed255119 CA generation
siderolabs/crypto@2a07632 fix: enforce FIPS-140-3 compliance
siderolabs/crypto@17107ae fix: add generic CSR generator and OpenSSL interop
siderolabs/crypto@53659fc refactor: split into files

Changes from siderolabs/discovery-client

3 commits

siderolabs/discovery-client@0bffa6f fix: allow TLS config to be passed as a function
siderolabs/discovery-client@09c6687 chore: fix project name in release.toml
siderolabs/discovery-client@71b0c6d fix: add FIPS-140-3 strict compliance

Changes from siderolabs/gen

5 commits

siderolabs/gen@044d921 feat: add xslices.Deduplicate
siderolabs/gen@dcb2b74 feat: add panicsafe package
siderolabs/gen@b36ee43 feat: make xyaml.CheckUnknownKeys public
siderolabs/gen@3e319e7 feat: implement xyaml.UnmarshalStrict
siderolabs/gen@7c0324f chore: future-proof HashTrieMap

Changes from siderolabs/go-api-signature

2 commits

siderolabs/go-api-signature@d22e33d feat: clarify fallback logic for fallback capable key provider
siderolabs/go-api-signature@dea3048 feat: allow configuring the provider with fallback location

Changes from siderolabs/go-circular

1 commit

siderolabs/go-circular@5b39ef8 fix: do not log error if chunk zero was never written

Changes from siderolabs/go-kubernetes

5 commits

siderolabs/go-kubernetes@40e5536 feat: update checks for Kubernetes 1.34
siderolabs/go-kubernetes@7887034 feat: add checks for Kubernetes 1.34 removals
siderolabs/go-kubernetes@657a74b feat: prepare for Kubernetes 1.34
siderolabs/go-kubernetes@9070be4 fix: remove DynamicResourceAllocation feature gate
siderolabs/go-kubernetes@8cb588b fix: k8s 1.32->1.33 upgrade check

Changes from siderolabs/go-pcidb

1 commit

siderolabs/go-pcidb@9baca16 feat: update PCI DB to the latest version

Changes from siderolabs/pkgs

68 commits

siderolabs/pkgs@2ac857a feat: update pcre2 to 10.46
siderolabs/pkgs@f31e192 fix: bump NVIDIA production to 570.172.08
siderolabs/pkgs@e68ff4a feat: update Linux to 6.12.43
siderolabs/pkgs@42cdb43 chore: update kernel config to support max SMP CPUs
siderolabs/pkgs@3bb9cc9 fix: backport CVE kernel patches to 6.12
siderolabs/pkgs@c87dc6c feat: enable Infiniband IRDMA support
siderolabs/pkgs@2598d53 fix: re-enable CPUSETS_V1 cgroups controller
siderolabs/pkgs@6a8bca7 feat: update backportable dependencies
siderolabs/pkgs@a150a75 feat: update Go to 1.24.6
siderolabs/pkgs@a94734c feat: update containerd to 2.1.4
siderolabs/pkgs@662c5a4 feat: enable F71808E watchdog driver
siderolabs/pkgs@48afc2a fix: enable ISCSI IBFT
siderolabs/pkgs@ddb7b5e feat: update Linux to 6.12.40
siderolabs/pkgs@5616981 feat: enable bootloader control on amd64
siderolabs/pkgs@4a840bc chore: allow more than one commit for a PR
siderolabs/pkgs@e2fbfb1 feat: update tools/toolchain to 1.11.0
siderolabs/pkgs@383bbb4 feat: update NVIDIA production to 570.158.01
siderolabs/pkgs@853cf3a feat: bump e2fsprogs, ipxe, kspp, tools
siderolabs/pkgs@a3f8281 feat: update Linux to 6.12.38
siderolabs/pkgs@8ed84c5 feat: refactor HW_RANDOM configuration
siderolabs/pkgs@108099f feat: enable AMD encrypted memory
siderolabs/pkgs@c97d25e fix: remove erroneous PURLs
siderolabs/pkgs@90f7c65 fix: bump bldr
siderolabs/pkgs@a24b40e feat: update Linux to 6.12.36 and firmware
siderolabs/pkgs@2537e61 docs: more SBOM metadata to cover whole Talos
siderolabs/pkgs@0f4cbbc feat: update dependencies
siderolabs/pkgs@9cec45c feat: add SBOM metadata for some packages
siderolabs/pkgs@03bb94c feat: update dependencies
siderolabs/pkgs@c613abd fix: iptables url
siderolabs/pkgs@fae59df fix: download and copy hailo8 firmware
siderolabs/pkgs@fadf1e2 feat: update containerd to 2.1.2
siderolabs/pkgs@a0b0da1 feat: enable io.latency cgroup controller
siderolabs/pkgs@0aaa07a feat: add hailort package
siderolabs/pkgs@8555e94 chore: use ftpmirror for GNU sources
siderolabs/pkgs@9fbe2b4 feat: update Go to 1.24.4
siderolabs/pkgs@79bfa9e feat: update NVIDIA drivers to 570.148.08
siderolabs/pkgs@c8b8bd8 feat: bump dependencies
siderolabs/pkgs@54bf03e feat: update Linux to 6.12.31
siderolabs/pkgs@93b3aaa feat: add patch for CephFS IMA performance regression
siderolabs/pkgs@ebd6627 feat: disable IMA support
siderolabs/pkgs@8aad53b feat: add CONFIG_NFT_CONNLIMIT to kernel
siderolabs/pkgs@7a299fa feat: update Linux to 6.12.30
siderolabs/pkgs@8c4603e feat: move more configs to modules on arm64
siderolabs/pkgs@7b1183b feat(kernel): enable IB user-space management and RDMA
siderolabs/pkgs@1b1430e fix: drop pcre2 binaries
siderolabs/pkgs@487610c fix: drop broken symlinks
siderolabs/pkgs@f31d518 fix: clean up some binaries
siderolabs/pkgs@0f74b9b feat: update containerd to v2.1.1
siderolabs/pkgs@89b4037 fix: tenstorrent pkg name
siderolabs/pkgs@a14b544 chore: drop qemu-tools vmdk support
siderolabs/pkgs@2563e47 feat: add tenstorrent package
siderolabs/pkgs@2a1c42f fix(renovate): flannel config
siderolabs/pkgs@bfa69a8 feat: add open-vmdk package
siderolabs/pkgs@9f1ba1f fix: bring back updated containerd gvisor patch
siderolabs/pkgs@1567cb6 feat: update Linux 6.12.28, firmware
siderolabs/pkgs@9bc66e6 feat: update containerd to 2.1.0
siderolabs/pkgs@c6b54e0 feat: enable zswap
siderolabs/pkgs@4cd7084 feat: update dependencies
siderolabs/pkgs@a3fcbf8 feat(kernel): enable panthor driver
siderolabs/pkgs@74d1665 feat: update ZFS to 2.3.2
siderolabs/pkgs@ddc866b feat: update Linux to 6.12.27
siderolabs/pkgs@a347857 fix: build containerd with Go 1.23
siderolabs/pkgs@74da85c fix: containerd build doesn't need seccomp
siderolabs/pkgs@4effa05 fix: downgrade libseccomp to 2.5.5
siderolabs/pkgs@9cea00b feat: update Linux to 6.12.25
siderolabs/pkgs@cb108a5 feat(kernel): enable bcache module
siderolabs/pkgs@d042432 fix: backport sandbox fix for Gvisor
siderolabs/pkgs@fa625dc feat: update Linux 6.12.24, containerd 2.0.5

Changes from siderolabs/siderolink

3 commits

siderolabs/siderolink@5f46f65 feat: handle panics in goroutines
siderolabs/siderolink@d09ff45 fix: race in wait value
siderolabs/siderolink@d2a79e0 fix: clean up device on failure

Changes from siderolabs/tools

12 commits

siderolabs/tools@8556c73 feat: update pcre2 to 10.46
siderolabs/tools@330f478 feat: update Go to 1.24.6
siderolabs/tools@1d451f3 feat: update toolchain to 1.11.0
siderolabs/tools@650b916 chore: bump toolchain, update names in SBOM
siderolabs/tools@594704b feat: bump dependencies
siderolabs/tools@4818702 docs: add SBOM metadata for packages copied to pkgs
siderolabs/tools@542a03c feat: update dependencies
siderolabs/tools@0554e87 chore: use ftpmirror for GNU sources
siderolabs/tools@1dfd14b feat: update Go to 1.24.4
siderolabs/tools@af3fd64 feat: update dependencies
siderolabs/tools@e35234b feat: update dependencies
siderolabs/tools@c96a4e6 chore: update toolchain to the latest version

Dependency Changes

cloud.google.com/go/compute/metadata v0.6.0 -> v0.7.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 -> v1.18.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 -> v1.10.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.1 -> v1.4.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 -> v1.4.0
github.com/aws/aws-sdk-go-v2/config v1.29.14 -> v1.29.17
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 -> v1.16.32
github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 -> v1.41.2
github.com/aws/smithy-go v1.22.3 -> v1.22.4
github.com/containerd/containerd/api v1.8.0 -> v1.9.0
github.com/containerd/containerd/v2 v2.0.5 -> v2.1.4
github.com/containernetworking/plugins v1.6.2 -> v1.7.1
github.com/cosi-project/runtime v0.10.2 -> v1.10.7
github.com/detailyang/go-fallocate 432fa640bd2e new
github.com/docker/cli v28.0.4 -> v28.3.3
github.com/docker/docker v28.0.4 -> v28.3.3
github.com/equinix-ms/go-vmw-guestrpc v0.1.1 new
github.com/foxboron/go-uefi 69fb7dba244f -> a3183a1bfc84
github.com/g0rbe/go-chattr v1.0.1 new
github.com/google/cadvisor v0.52.1 -> v0.53.0
github.com/google/cel-go v0.24.1 -> v0.26.0
github.com/google/go-containerregistry v0.20.3 -> v0.20.6
github.com/google/go-tpm v0.9.3 -> v0.9.5
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.1 -> v2.3.2
github.com/hetznercloud/hcloud-go/v2 v2.21.0 -> v2.22.0
github.com/jsimonetti/rtnetlink/v2 v2.0.3 -> v2.0.5
github.com/klauspost/cpuid/v2 v2.2.10 -> v2.3.0
github.com/linode/go-metadata v0.2.1 -> v0.2.2
github.com/miekg/dns v1.1.65 -> v1.1.67
github.com/pkg/xattr v0.4.10 -> v0.4.12
github.com/prometheus/procfs v0.16.0 -> v0.17.0
github.com/rivo/tview 949945f8d922 -> a4a78f1e05cb
github.com/safchain/ethtool v0.5.10 -> v0.6.1
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.33 -> v1.0.0-beta.34
github.com/siderolabs/crypto v0.5.1 -> v0.6.3
github.com/siderolabs/discovery-client v0.1.11 -> v0.1.13
github.com/siderolabs/gen v0.8.0 -> v0.8.5
github.com/siderolabs/go-api-signature v0.3.6 -> v0.3.7
github.com/siderolabs/go-blockdevice/v2 v2.0.16 -> v2.0.19
github.com/siderolabs/go-circular v0.2.2 -> v0.2.3
github.com/siderolabs/go-kubernetes v0.2.21 -> v0.2.26
github.com/siderolabs/go-pcidb v0.3.1 -> v0.3.2
github.com/siderolabs/pkgs v1.10.0-5-g48dba3e -> v1.11.0-15-g2ac857a
github.com/siderolabs/siderolink v0.3.13 -> v0.3.15
github.com/siderolabs/talos/pkg/machinery v1.10.0 -> v1.11.0
github.com/siderolabs/tools v1.10.0 -> v1.11.0-2-g8556c73
github.com/spf13/pflag v1.0.6 -> v1.0.7
github.com/ulikunitz/xz v0.5.12 -> v0.5.15
go.etcd.io/etcd/api/v3 v3.5.21 -> v3.6.4
go.etcd.io/etcd/client/pkg/v3 v3.5.21 -> v3.6.4
go.etcd.io/etcd/client/v3 v3.5.21 -> v3.6.4
go.etcd.io/etcd/etcdutl/v3 v3.5.21 -> v3.6.4
golang.org/x/net v0.39.0 -> v0.42.0
golang.org/x/oauth2 v0.29.0 -> v0.30.0
golang.org/x/sync v0.13.0 -> v0.16.0
golang.org/x/sys v0.32.0 -> v0.34.0
golang.org/x/term v0.31.0 -> v0.33.0
golang.org/x/text v0.24.0 -> v0.27.0
golang.org/x/time v0.11.0 -> v0.12.0
google.golang.org/grpc v1.71.1 -> v1.73.0
k8s.io/api v0.33.0 -> v0.34.0
k8s.io/apiextensions-apiserver v0.34.0 new
k8s.io/apimachinery v0.33.0 -> v0.34.0
k8s.io/apiserver v0.33.0 -> v0.34.0
k8s.io/client-go v0.33.0 -> v0.34.0
k8s.io/component-base v0.33.0 -> v0.34.0
k8s.io/cri-api v0.33.0 -> v0.34.0
k8s.io/kube-scheduler v0.33.0 -> v0.34.0
k8s.io/kubectl v0.33.0 -> v0.34.0
k8s.io/kubelet v0.33.0 -> v0.34.0
k8s.io/pod-security-admission v0.33.0 -> v0.34.0
k8s.io/utils 4c0f3b243397 new
sigs.k8s.io/hydrophone b92baf7e0b04 -> v0.7.0

Previous release can be found at v1.10.0

Images

ghcr.io/siderolabs/flannel:v0.27.2
registry.k8s.io/coredns/coredns:v1.12.2
gcr.io/etcd-development/etcd:v3.6.4
registry.k8s.io/kube-apiserver:v1.34.0
registry.k8s.io/kube-controller-manager:v1.34.0
registry.k8s.io/kube-scheduler:v1.34.0
registry.k8s.io/kube-proxy:v1.34.0
ghcr.io/siderolabs/kubelet:v1.34.0
ghcr.io/siderolabs/installer:v1.11.0
registry.k8s.io/pause:3.10