Talos Linux | v1.12.7

Talos Linux v1.12.7 released on 24-04-2026


Talos Linux v1.12.7 is out now. It delivers updated core components and a set of security, TPM and networking fixes that matter to operators and cluster maintainers.

Get the release from the project GitHub (https://github.com/siderolabs/talos/releases/tag/v1.12.7): download the binaries and images and report any issues at https://github.com/siderolabs/talos/issues.

What’s in this release

  • Core component upgrades: Linux kernel 6.18.24, containerd 2.1.7, etcd 3.6.9 and Kubernetes v1.35.4; Talos artifacts built with Go 1.25.9.
  • Security and platform work: AppArmor profile files added and parser now installs required config files; support for disabling module signature verification; a new dis-vulncheck tool and several TPM/encryption fixes (unseal improvements for slow TPMs, PCR read panic fix, corrected logged encryption key slot).
  • Networking, boot and runtime fixes: route table propagation to resources and corrected on-link route source handling, improved boot entry detection and avoidance of flipping machine stage to “rebooting” during shutdown; kubelet kubeconfig watch and cache-sync timeout improvements.

Upgrade notes

  • No breaking changes are listed in the release notes; test the new binaries and images in your environment and report problems via the project’s GitHub issues page (https://github.com/siderolabs/talos/issues).
  • If a rollback is required the previous release is v1.12.6 (https://github.com/siderolabs/talos/releases/tag/v1.12.6).

Tell the team and other users about your experience — report bugs or share deployment notes on the GitHub issues page so the maintainers can follow up.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes