Talos Linux v1.13.0 released on 27-04-2026
Talos Linux v1.13.0 is out now. It delivers kernel and platform hardening (Clang-built kernel with ThinLTO, Linux 6.18.24 and tightened /proc/PID/mem defaults), alongside container and image workflow improvements such as CDI-by-default and node image APIs with pull progress.
See the full notes and download links on the project’s GitHub release page for complete details and artifacts.
What’s in this release
- Kernel and toolchain hardening: kernel built with LLVM/Clang and ThinLTO, Linux 6.18.24, dynamic kernel preemption support on amd64 via the preempt= kernel arg, proc_mem.force_override=never by default, plus kernel/module updates (dm-integrity, UHCI, HID multitouch).
- Container and image improvements: CDI enabled by default with /run/cdi for extension specs, machine-wide ImageVerificationConfig for image signature rules, new node image APIs (list/pull/import/remove) with pull progress, imager rootless builds and faster decompression via igzip (amd64) and pigz (arm64).
- New and updated APIs/config documents: EnvironmentConfig, ExternalVolumeConfig (virtiofs), KubeSpanConfig (with advertised-network filters), ProbeConfig, RoutingRuleConfig, VRFConfig, LinkAliasConfig pattern aliases and support for negative max volume sizes.
Upgrade notes
- BREAKING: protobuf format changed for resources EtcdConfigs, KubeletConfigs, ControllerManagerConfigs, SchedulerConfigs and APIServerConfigs from map<string,string> to map<string,message> — update integrations and protobuf consumers to the new message format before upgrading.
- Disk image reproducibility: raw Talos images are reproducible and verifiable; VHD/VMDK images are not currently reproducible due to tooling limits, so verify raw image checksums and convert to VHD/VMDK if required.
Let the project know how your upgrade went — report issues or share feedback on the GitHub repository so the maintainers and community can follow up.
