headscale | v0.29.2

headscale v0.29.2 released on 01-07-2026


headscale v0.29.2 is out now. It makes map generation take read locks (RLock) so generation can run concurrently rather than serialising on the policy lock, preventing mass reconnect storms that produced repeated “unexpected EOF” retry loops, and it restores WebSocket GET upgrades for Tailscale JS/WASM clients while skipping nodes with invalid FQDNs during map delivery.

See the official upgrade guide (https://headscale.net/stable/setup/upgrade/) or the project’s GitHub release for full details, test coverage and related changelog notes.

What’s in this release

  • Map generation now takes an RLock for reads so it can run concurrently instead of serialising on the policy lock; this prevents reconnect storms (eg. from autogroup:self, via or relay policies) that led to repeated “unexpected EOF” retries.
  • The /ts2021 handler now accepts WebSocket GET upgrade requests instead of rejecting them with 405, restoring connectivity for Tailscale JS/WASM control clients; the fix is covered by integration tests including a real WASM client.
  • Nodes with invalid FQDNs (empty or exceeding hostname limits) are skipped during map generation rather than breaking map delivery; offending names are logged at startup with guidance, and state now rejects renames whose FQDN exceeds the hostname limit to avoid future map-breaking data.

Upgrade notes

  • Renames whose FQDN exceeds the hostname limit are now rejected — check node names and correct any that are too long before upgrading. Follow the upgrade guide: https://headscale.net/stable/setup/upgrade/.
  • If you encounter map-delivery errors after upgrading, inspect the startup logs for nodes flagged as map-breaking; the logs include guidance on how to fix offending names.

Share your experience or report any issues on the project’s GitHub so others can benefit from what you find during the upgrade.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes