Unclaimed project
Are you a maintainer of talos ? Claim this project to take control of your public changelog and roadmap.
Claim this project Changelog
talos Talos Linux is a modern Linux distribution built for Kubernetes.
cloud-native containerd go grpc kubernetes kubernetes-distribution +3
Last updated about 1 month ago
© 2026 AnnounceHQ. All rights reserved.
Welcome to the v1.13.0-alpha.0 release of Talos!This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
External Volumes
Talos now supports virtiofs-based external volumes via the new
ExternalVolumeConfig
document.
These virtiofs external volumes are not supported when SELinux is running
in enforcing mode.
Talos Imager Enhancements
Talos imager now supports running rootless.
--privileged
-v /dev:/dev
Container Image Decompression Talos now ships with igzip (amd64) and pigz (arm64) to speed up container image decompression.
/proc/PID/mem Access Hardening A new kernel parameter proc_mem.force_override=never has been introduced by default to enhance system security
by preventing unwanted writes to protected process memory via /proc/PID/mem.
If the kernel parameter is removed, default behavior is restored, allowing access only if the process is traced.
Reproducible Disk Images Talos disk images are now reproducible. Building the same version of Talos multiple times will yield
identical disk images.
Note: VHD and VMDK (Azure and VMware) images are not currently reproducible due to limitations in the underlying image creation tools.
Users verifying reproducible images should use raw images, verify checksums, and convert them to VHD/VMDK as needed.
Component Updates Linux: 6.18.2
containerd: 2.2.1
etcd: 3.6.7
CoreDNS: 1.13.2
Kubernetes: 1.35.0
Flannel CNI plugin: v1.9.0-flannel1
LVM2: 2_03_38
runc: 1.4.0
systemd: 259
cryptsetup: 2.8.3
Talos is built with Go 1.25.5.
VM Hot-Add Support Talos now includes udev rules to support hot-adding of CPUs in virtualized environments.
Contributors
Andrey Smirnov
Mateusz Urbanek
Noel Georgi
Dmitrii Sharshakov
Laura Brehm
Bryan Lee
Edward Sammut Alessi
Birger Johan Nordølum
Christopher Puschmann
Jaakko Sirén
Jean-Francois Roy
Joakim Nohlgård
Justin Garrison
Lennard Klein
Michal Baumgartner
Orzelius
Serge van Ginderachter
Skye Soss
dataprolet
eseiker
pranav767
Changes 96 commits
siderolabs/talos@c76484e58 release(v1.13.0-alpha.0): prepare release
siderolabs/talos@f0d8a6851 test: skip the source bundle on exact tag
siderolabs/talos@c57701d65 fix: remove interactive installer
siderolabs/talos@43937c1cd feat: update Linux and systemd
siderolabs/talos@72a194df8 feat: add VM CPU hot-add rules
siderolabs/talos@f09ae1e0d fix: probe small images correctly
siderolabs/talos@8f2b33799 feat: imager support rootless builds
siderolabs/talos@c7525a97e feat: support creating filesystems from folder
siderolabs/talos@e2bffb5ce chore: refactor imager code so it's more clear
siderolabs/talos@0fb50dbd0 fix: invalid versions check in talos-bundle
siderolabs/talos@b5dd56032 test: upgrade versions in upgrade tests
siderolabs/talos@3dfa4d6e4 fix: make upgrade work with SELinux enforcing=1
siderolabs/talos@786c8e2ee feat: ship pigz/igzip in rootfs to speed up image decompression
siderolabs/talos@48d242918 feat: update containerd to 2.2.1
siderolabs/talos@536541afe fix: mount volume mount/unmount race
siderolabs/talos@39117d457 feat: update dependencies
siderolabs/talos@f0f420725 fix: bond setting change detection
siderolabs/talos@8d6a7a867 feat: update Kubernetes to 1.35.0
siderolabs/talos@845a0d09c feat: update etcd 3.6.7, CoreDNS 1.13.2
siderolabs/talos@b95912e04 feat: enforce proc_mem.force_override=never by default
siderolabs/talos@681f3e84c test: run virtiofs tests only when virtiofsd is running
siderolabs/talos@0592ff0cd fix: drop the Omni API URL check on IP address
siderolabs/talos@a4879a5fa feat: update Linux to 6.18.1
siderolabs/talos@43b43ff18 docs: split talosctl commands into groups
siderolabs/talos@6d17c18bf feat: enable Powercap and Intel RAPL
siderolabs/talos@884e76662 docs: fix the talosctl cluster create help output
siderolabs/talos@6dc31be4f fix: exclude new Virtual IPs configured with new config
siderolabs/talos@94905c73e feat(talosctl): support running qemu x86 on Mac
siderolabs/talos@f871ab241 fix: provide json support in nft binary
siderolabs/talos@694f45413 feat: external volumes
siderolabs/talos@39feb16d2 fix: update containerd 2.2.0 with cgroups patch
siderolabs/talos@82027eb9b fix: bond configuration with new settings
siderolabs/talos@121b13b8f fix: disable kexec on arm64
siderolabs/talos@7eaa725d0 fix: selection of boot entry
siderolabs/talos@949bdb90a feat: add Secure Boot to CloudStack platform config
siderolabs/talos@798143a88 fix: discard better klog message from Kubernetes client
siderolabs/talos@008cd0986 fix: disable kexec in talosctl cluster create on arm64
siderolabs/talos@bb62b29ed chore: prepare talos for 1.13
siderolabs/talos@c0935030a chore: fork reference docs for 1.13.x
siderolabs/talos@e387e48b3 fix: do not override DNS on MacOS
siderolabs/talos@1e7e87fb1 fix: rework NFT rules for KubeSpan
siderolabs/talos@51bcfb567 feat: rename image default and source bundle
siderolabs/talos@585abe944 feat: update Kubernetes to v1.35.0-rc.1
siderolabs/talos@f301e3e9b fix: update KubeSpan MSS clamping
siderolabs/talos@74c1df6f4 test: propagate MTU size to QEMU in talosctl cluster create
siderolabs/talos@d347ca1af fix: update CNI plugins to 1.9.0
siderolabs/talos@e3f8196b4 chore: update Grype and Syft
siderolabs/talos@e1b8ab323 docs: add misssing period
siderolabs/talos@cd04c3dde docs: update release notes
siderolabs/talos@fc8ae3249 docs: add omni join token example to create qemu command
siderolabs/talos@9fa00773c chore: update go-blockdevice
siderolabs/talos@ba13b6786 fix: correct condition to use UKI cmdline in GRUB
siderolabs/talos@d2ce3f47f docs: drop machine.network example
siderolabs/talos@cf087c1e0 test: bird2 extension
siderolabs/talos@13df94388 fix: adapt SELinuxSuite.TestNoPtrace to new strace version
siderolabs/talos@861787c38 fix: mark secureboot as supported for metal
siderolabs/talos@04e3e87ad fix: clean up kubelet mounts
siderolabs/talos@21057903a fix: clear provisioning data on SideroLink config change
siderolabs/talos@0f9f4c05f feat: update Kubernetes to 1.35.0-rc.0
siderolabs/talos@d4309d7b1 fix: add a timeout for DNS resolving for NTP
siderolabs/talos@dd6c1089c feat: update Linux to 6.18.0
siderolabs/talos@e9a30bf9a test: revert add direct connectivity CA rotation test
siderolabs/talos@cc95562bc fix: don't disable LACP by default
siderolabs/talos@c9fe4679b test: add platform acquire/not valid config unit-test
siderolabs/talos@5a03a7a20 chore: fix longhorn test
siderolabs/talos@a0cfc3527 feat: implement logs persistence
siderolabs/talos@51b732bea fix: selection of boot entry
siderolabs/talos@18f8ac369 feat: update Kubernetes to 1.35.0-beta.0
siderolabs/talos@92fa7c5e4 chore: update pkgs for NVIDIA 580.105.08
siderolabs/talos@f489299b6 chore: correct condition for running k8s integration tests
siderolabs/talos@ab149750d chore: update tools/pkgs to 1.13.0-alpha.0
siderolabs/talos@87ff9f860 test: fix the image-factory test to pass IF endpoint
siderolabs/talos@2ffe538e7 test: add direct connectivity CA rotation test
siderolabs/talos@70f6b80e0 chore(ci): skip multipath extension tests
siderolabs/talos@561cfb60c chore: update pkgs and tools version
siderolabs/talos@2f42202a7 fix: simplify OOM expression
siderolabs/talos@7b06ae8c2 test: fix flaky LinkSpec/Wireguard test
siderolabs/talos@e715f3871 feat: present kernel log as talosctl logs kernel
siderolabs/talos@e2ee39b8a fix: support specifying patch file without '@' symbol
siderolabs/talos@e202b1f9e fix: trim trailing dots from certificate SANs
siderolabs/talos@7f7079f9c fix: assign value of multicast setting properly
siderolabs/talos@eba96141e feat: update etcd to 3.6.6
siderolabs/talos@9945ceef3 docs: add API Server Cipher Suites changelog
siderolabs/talos@9ed488d09 feat: update TLS cipher suites for API server
siderolabs/talos@f1c04e4d6 feat: generate mirrors patch
siderolabs/talos@a89108995 fix: add CA subject to generated certificate
siderolabs/talos@35dd612a5 fix: add more resilient move
siderolabs/talos@83675838f feat: extend flags of cache-cert-gen
siderolabs/talos@80ab7a064 chore: remove spammy 'clean up unused volumes' logs
siderolabs/talos@74d35900a chore: disable k8s integration tests for 1GiB worker nodes
siderolabs/talos@4f6218674 feat: support TALOS_HOME env var
siderolabs/talos@0c59b3ea3 feat: add multicast to linkconfig
siderolabs/talos@6db06f4d5 feat: implement multicast setting
siderolabs/talos@eeded98f5 fix: add riscv64 talosctl to release artifacts
siderolabs/talos@a6bbae91b fix: fix typos across the project
siderolabs/talos@83f2bdb9c feat: support relative voume size
Changes from siderolabs/pkgs 33 commits
siderolabs/pkgs@972f44d feat: update dependencies
siderolabs/pkgs@f8eb5b0 feat: update Linux to 6.18.2
siderolabs/pkgs@3fb6291 feat: update systemd to 259
siderolabs/pkgs@59241bd fix: add SBOMs for pigz/igzip
siderolabs/pkgs@9377c78 feat: optimize decompression for containerd
siderolabs/pkgs@e8e61ce feat: update containerd to 2.2.1
siderolabs/pkgs@daa74ba feat: support xfs filesystem reproducibility
siderolabs/pkgs@1f66513 feat: update OpenZFS to 2.4.0
siderolabs/pkgs@b209af5 chore: rekres with latest changes
siderolabs/pkgs@2b806b9 feat: bump dependencies
siderolabs/pkgs@65242fd feat: enable CONFIG_MISC_RP1 in ARM64 config
siderolabs/pkgs@4daecd8 feat: update Linux to 6.18.1
siderolabs/pkgs@9868a66 feat: enable Powercap and Intel RAPL
siderolabs/pkgs@07883ee feat: build and package perf binary
siderolabs/pkgs@47abca0 fix: add json support to nftables binary
siderolabs/pkgs@b961ff8 feat: patch containerd 2.2.0 with cgroups fix patch
siderolabs/pkgs@b7dd7f6 feat: add mstflint module
siderolabs/pkgs@ae53351 feat: update ZFS to 2.4.0-rc5
siderolabs/pkgs@b8edf01 feat: update CNI plugins to v1.9.0
siderolabs/pkgs@a57c1b0 feat: enable amd sev-snp
siderolabs/pkgs@68562c1 feat: update Linux to 6.18
siderolabs/pkgs@6f4ff8c feat: enable Amlogic Meson PCIe controller driver
siderolabs/pkgs@c41127b feat: enable Intel GPIO/Pinctrl kernel modules
siderolabs/pkgs@4a31ff7 feat: update NVIDIA LTS to 580.105.08
siderolabs/pkgs@3e858d3 chore: fork pkgs for Talos 1.13
siderolabs/pkgs@dcc5aa1 feat: update runc to 1.3.4
siderolabs/pkgs@8b6ae5b fix: regenerate configs
siderolabs/pkgs@2992598 fix: add missing kernel config entries
siderolabs/pkgs@c8ea18a feat: rekres to alow multiple commits
siderolabs/pkgs@2ddef8b chore: update dependencies
siderolabs/pkgs@d1f28e0 chore: update dependencies
siderolabs/pkgs@ab253f5 feat: enable gpio-fan module
siderolabs/pkgs@0b10666 chore: use ubuntu mirrors
Changes from siderolabs/proto-codec 1 commit
siderolabs/proto-codec@bd9c491 chore: bump and update dependencies
Changes from siderolabs/tools 7 commits
siderolabs/tools@896f8b9 fix: add sbom for zlib-ng
siderolabs/tools@543a16f feat: replace zlib -> zlib-ng, add nasm
siderolabs/tools@b67c1a1 chore: rekres with latest changes
siderolabs/tools@5e087cb feat: bump dependencies
siderolabs/tools@da96a27 chore: rekres to fix reproducibility
siderolabs/tools@e283ec8 feat: update Go to 1.25.5
siderolabs/tools@c38ff0c chore: update to 1.13.0-alpha.0 toolchain
Dependency Changes
github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.6github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.16github.com/aws/aws-sdk-go-v2/service/kms v1.46.0 -> v1.49.4github.com/aws/smithy-go v1.23.2 -> v1.24.0github.com/containerd/cgroups/v3 v3.0.5 -> v3.1.0github.com/containerd/containerd/api v1.9.0 -> v1.10.0github.com/containerd/containerd/v2 v2.1.5 -> v2.2.0github.com/containerd/platforms v1.0.0-rc.1 -> v1.0.0-rc.2github.com/cosi-project/runtime v1.12.0 -> v1.13.0github.com/diskfs/go-diskfs fc569a00ea19 new github.com/docker/cli v29.0.0 -> v29.1.3github.com/gdamore/tcell/v2 v2.9.0 -> v2.13.4github.com/godbus/dbus/v5 v5.1.0 -> v5.2.0github.com/google/cadvisor v0.53.0 -> v0.54.1github.com/google/go-containerregistry v0.20.6 -> v0.20.7github.com/hetznercloud/hcloud-go/v2 v2.30.0 -> v2.32.0github.com/klauspost/compress v1.18.1 -> v1.18.2github.com/linode/go-metadata v0.2.2 -> v0.2.3github.com/mdlayher/ethtool v0.4.0 -> v0.5.0github.com/miekg/dns v1.1.68 -> v1.1.69github.com/moby/moby/client v0.1.0 -> v0.2.1github.com/siderolabs/go-blockdevice/v2 v2.0.20 -> v2.0.22github.com/siderolabs/pkgs v1.12.0-23-ge0b78b8 -> v1.13.0-alpha.0-24-g972f44dgithub.com/siderolabs/proto-codec v0.1.2 -> v0.1.3github.com/siderolabs/talos/pkg/machinery v1.12.0 -> v1.13.0-alpha.0github.com/siderolabs/tools v1.12.0-2-g7d57df0 -> v1.13.0-alpha.0-6-g896f8b9github.com/sirupsen/logrus v1.9.3 -> dd1b4c2e81afgo.etcd.io/etcd/api/v3 v3.6.6 -> v3.6.7go.etcd.io/etcd/client/pkg/v3 v3.6.6 -> v3.6.7go.etcd.io/etcd/client/v3 v3.6.6 -> v3.6.7go.etcd.io/etcd/etcdutl/v3 v3.6.6 -> v3.6.7go.uber.org/zap v1.27.0 -> v1.27.1golang.org/x/net v0.47.0 -> v0.48.0golang.org/x/oauth2 v0.33.0 -> v0.34.0golang.org/x/sync v0.18.0 -> v0.19.0golang.org/x/sys v0.38.0 -> v0.39.0golang.org/x/term v0.37.0 -> v0.38.0golang.org/x/text v0.31.0 -> v0.32.0google.golang.org/grpc v1.76.0 -> v1.77.0google.golang.org/protobuf v1.36.10 -> v1.36.11 Previous release can be found at v1.12.0
Images ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.2
registry.k8s.io/etcd:v3.6.7
registry.k8s.io/kube-apiserver:v1.35.0
registry.k8s.io/kube-controller-manager:v1.35.0
registry.k8s.io/kube-scheduler:v1.35.0
registry.k8s.io/kube-proxy:v1.35.0
ghcr.io/siderolabs/kubelet:v1.35.0
registry.k8s.io/pause:3.10.1
Go