Talos Linux v1.13.0 released on 27-04-2026
Talos Linux v1.13.0 is out now. It brings a Clang-built kernel with ThinLTO and platform hardening, CDI enabled by default, improved container image and signature workflows, faster image decompression and reproducible raw disk images.
See the GitHub release and the Talos documentation for full release notes and downloads; report problems on the project’s GitHub issues page.
What’s in this release
- Kernel and platform: kernel built with Clang and ThinLTO (BTI on supported ARM), default dynamic preemption model on amd64 (preempt= kernel argument available) and proc_mem.force_override=never as the default to harden /proc/PID/mem access.
- Device and GPU workflows: Container Device Interface (CDI) enabled by default and extensions may place CDI specs under /run/cdi, enabling NVIDIA GPU workflows such as via the gpu-operator.
- Images and signatures: machine-wide ImageVerificationConfig for image signature verification, new node image management APIs with pull progress and talosctl image command updates, support for mirroring image signatures and cosign/sigstore, rootless imager operation, and igzip/pigz shipped to speed decompression; raw disk images are now reproducible (VHD/VMDK remain limited).
Upgrade notes
- Breaking protobuf change: resources EtcdConfigs, KubeletConfigs, ControllerManagerConfigs, SchedulerConfigs and APIServerConfigs changed from map<string,string> to map<string,message>; update any tooling or machine config generation that depends on the old format.
- If you need to roll back, previous release artifacts (for example v1.12.0) are available from the GitHub releases page; note that Install and Upgrade now route through the unified LifecycleService API and the legacy upgrade API is deprecated.
Share your experience or report issues on the project’s GitHub issues page — feedback from real users helps catch problems early.
