v0.9.0

[smira]

image-factory 0.9.0 (2025-11-26)

Welcome to the v0.9.0 release of image-factory!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/image-factory/issues.

Contributors

• Andrey Smirnov
• Noel Georgi
• Mateusz Urbanek
• Amarachi Iheanacho
• Dmitrii Sharshakov
• Orzelius
• Andrey Smirnov
• Oguz Kilcan
• Andrey Smirnov
• Laura Brehm
• Alexey Palazhchenko
• Justin Garrison
• Utku Ozdemir
• Dmitriy Matrenichev
• George Gaál
• Michael Smith
• Nicole Hubbard
• Serge Logvinov
• 459below
• Adrian L Lange
• Aleksandr Gamzin
• Alp Celik
• Andrew Longwill
• Andrew Rynhard
• Artem Chernyshev
• Chris Sanders
• Dmitry
• Febrian
• Florian Grignon
• Fred Heinecke
• Giau. Tran Minh
• Grzegorz Rozniecki
• Guillaume LEGRAIN
• Jorik Jonker
• Markus Freitag
• Max Makarov
• Mike Beaumont
• Misha Aksenov
• MrMrRubic
• Olivier Doucet
• Pranav
• Sammy ETUR
• Skyler Mäntysaari
• SuitDeer
• Tom
• aurh1l
• frozenprocess
• frozensprocess
• kassad
• leppeK
• samoreno
• theschles
• winnie

Changes

16 commits

• fa266e0 release(v0.9.0): prepare release
• 6799661 feat: show booter command in final wizard
• fb22bce feat: support selecting bootloader
• e881e4b feat: bump deps
• d1bec57 feat: implement schematic GET API
• f1dad9d feat: better test matrix
• bc4f959 fix: remove secureboot talosctl preset
• db5e4dc feat: add a prompt about using talosctl cluster create qemu
• 2c5037c chore: bump deps
• 1559666 feat: replace hardcoded artifact image constants with CLI-configurable values
• c27ee27 fix: return 400 when an invalid image name is requested
• 58125d4 feat: support proxying external installer registry
• d782950 feat: support serving TLS froom Image Factory
• 743fe7f feat: support disable cosign signature verification
• 3a20123 chore: rekres with parallel jobs
• 241963f chore(ci): use runner groups

Changes from siderolabs/crypto

41 commits

• 4154a77 feat: implement dynamic certificate reloader
• dae07fa chore: update to Go 1.25
• 62a079b fix: update TLS config, add tests for TLS interactions
• c2b4e26 fix: remove code duplication and fix Ed255119 CA generation
• 2a07632 fix: enforce FIPS-140-3 compliance
• 17107ae fix: add generic CSR generator and OpenSSL interop
• 53659fc refactor: split into files
• 0d45dee chore: bump deps
• 58b2f92 chore: use HTTP/2 ALPN by default
• c240482 feat: provide dynamic client CA matching
• 2f4f911 feat: add PEMEncodedCertificate wrapper
• 1c94bb3 chore: bump dependencies
• 8f77da3 feat: add a method to load PEM key from file
• c03ff58 feat: add a way to represent redacted x509 private keys
• c3225ee feat: allow CSR template subject field to be overridden
• 8570669 chore: rename to siderolabs/crypto
• e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
• 510b0d2 chore: add json tags
• 6fa2d93 fix: deepcopy nil fields as nil
• 9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
• 893bc66 fix: use SHA256 for ECDSA-P256
• deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate
• 39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
• cf75519 fix: function NewKeyPair should create certificate with proper subject
• 751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
• 562c3b6 feat: add support for public RSA key in RSAKey
• bda0e9c feat: enable more conversions between encoded and raw versions
• e0dd56a feat: add NotBefore option for x509 cert creation
• 12a4897 feat: add support for SPKI fingerprint generation and matching
• d0c3eef fix: implement NewKeyPair
• 196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
• 1ff6242 chore: initial version as imported from talos-systems/talos
• 835063e chore: initial commit

Changes from siderolabs/gen

1 commit

• 4c7388b chore: update Go modules, replace YAML library

Changes from siderolabs/go-debug

1 commit

• d51e25a chore: rekres, bump deps and go

Changes from siderolabs/pkgs

55 commits

• 22a9943 feat: update dependencies
• 1768ccf feat: enable VDPA settings
• 3913216 feat: enable USERFAULTFD in the kernel
• 4ae050a feat: update Go to 1.25.4
• 0abcf01 feat: update containerd to 2.1.5
• 70404aa feat: bump dependencies
• f70250f feat: add nvidia gdrcopy gdrdrv kernel module
• a7d7c1a feat: enable CONFIG_PCI_P2PDMA for GPUDirect RDMA
• da97c36 feat: update linux-firmware
• 6d58d7f feat: bump deps
• b535af8 feat: update dependencies
• a098092 feat: update Linux to 6.17.3, tt-kmd to 2.4.1
• 661e578 feat: add xe extension
• 8ddac2d feat: bump go
• 332303e fix: rollback libseccomp version
• f62ebca chore: update dependencies
• 56f8ae3 feat: update Linux to 6.17.1, NVIDIA LTS to 580.95.05
• 20b1849 fix: revert "feat" support adding extra trusted certificates in the kernel"
• 1e3d375 feat: bump go
• ddfd7af feat: bump dependencies
• 4dc7709 feat: update runc to 1.3.2
• 61d8b44 chore: fix renovate config for urcu & hailort
• 5bda512 feat: upgrade Linux to 6.17
• 202a8e6 feat: update Linux to 6.16.9
• 3a0900f feat: enable SRv6 LWTUNNEL and BPF support
• 628efc8 chore: update linuxfirmware and rekres
• 9d1fb02 feat: support adding extra trusted certificates in the kernel
• 7fe686d fix: build nftables with embedded gmp
• fede0a7 feat: add nft binary
• 0dae01a feat: update NVIDIA to 580.82.07
• 9ac2392 feat: enable Kernel config options for IPVS Maglev hashing scheduler support
• 3c5315c feat: update dependencies
• 122fa66 feat: update Linux to 6.16.6
• ab1e866 feat: update Go to 1.25.1
• 7d6ef1b feat: update runc to 1.3.1
• e067c20 feat: enable USB audio support
• c4faa38 feat: bump dependencies
• 453cdfc feat: enable ublk support
• 9824684 fix: enable memcg v1
• 2447e11 feat: update Linux to 6.16, GCC to 15
• 2cfb920 feat: update Linux to 6.15.11, update tools, rekres
• ab4e975 feat: update Linux to 6.12.43
• cd67e36 chore: update kernel config to support max SMP CPUs
• e3b2094 fix: fix build for new NVIDIA drivers
• fd5fdfd feat: update Nvidia LTS to 580.65.06 and production to 570.172.08
• 0edf426 fix: backport CVE kernel patches to 6.12
• 26d8fef feat: enable Infiniband IRDMA support
• 16b5fac fix: re-enable CPUSETS_V1 cgroups controller
• fd53886 feat: update backportable dependencies
• d5f7467 feat: update Go to 1.24.6
• 0bd019f feat: update containerd to 2.1.4
• 0ba8b5b feat: enable F71808E watchdog driver
• 895a86b fix: enable ISCSI IBFT
• a76a67c feat: update Linux to 6.12.40
• 8b0a561 feat: enable bootloader control on amd64

Changes from siderolabs/talos

291 commits

• 3d997d742 release(v1.12.0-beta.0): prepare release
• e62384ba3 fix: re-creating STATE after partition drop
• 6919d232a docs: update kernel args size
• 887b296dc test: randomize MAC addresses used in the unit-tests
• 6063fbf91 feat: update dependencies
• 542a67a06 feat: add riscv64 build of talosctl
• 68560b53a fix: split volume/disk locators
• 2c3d30e94 docs: fix image-cache-path flag description
• 93f2e87c2 feat: shorthand for generating secrets to stdout
• 5e1de0035 feat: implement time and resolvers multi-doc configuration
• 399240be3 feat: drop partitions on reset with system partitions wipe
• 5cca96655 feat: add new rockchip sbcs
• 00fe50d86 fix: uefi bootorder setting
• 3a881184b chore: improve error handling for system disk reset
• 859194e67 chore: extract system+user volume config transformers, test
• 308c6bc41 feat: add full disk volumes
• 82ac1119e feat: implement new registry configuration
• 106f45799 feat: update Linux kernel with userfaultfd/VDPA
• 721a1e0d7 chore: rename+improve client.ErrEventNotSupported
• 43f4e317f fix: race between VolumeConfigController and UserVolumeConfigController
• 66c01a706 chore: deprecate interactive installer mode
• 957770f65 feat(machined): add panic/force mode reboot
• 60be0daf8 feat: implement multi-doc Wireguard config
• cf014cb5d fix: only set default bootloader if none is set
• e9b016f80 fix: use strict platform match when pulling images
• fafab391b feat: update Kubernetes to 1.35.0-alpha.3
• 7bf3aaca9 feat: allow glibc aarch64 so files in extensions
• c8561ee2d feat: implement bridge multi-document config
• f4ad3077b feat: implement bond multi-doc configuration
• 75fe47582 fix: stop attaching to tearing down mount parents
• c93a9c6b4 fix: improve OOM controller stability and make test strict on false positives
• 021bbfefb feat: update Go 1.25.4, containerd 2.1.5
• e25db484f test: disable parallelism in Longhorn tests
• 54b93aff0 feat: update Linux 6.17.7, runc 1.3.3
• 2af69ff35 fix: provide minimal platform metadata always
• 92eeaa482 fix: update YAML library
• aa24da9aa fix: bump kubelet credendial provider config to v1
• 335f91761 feat: add short -c flag for --cluster
• 4c095281b fix: set a timeout for SideroLink provision API call
• 75e4c4a59 fix: log duplication on log senders
• e3cbc92c0 fix: add video kernel module to arm
• d69305a67 fix: userspace wireguard handling
• ee5fee7c8 fix: image-signer commands
• be028b67a feat: add support for multi-doc VLAN config
• f3df0f80b feat: add directory backed UserVolumes
• 0327e7790 feat: add support for dashboard custom console parameter
• fed948b8a release(v1.12.0-alpha.2): prepare release
• fb4bfe851 chore: fix LVM test
• f4ee0d112 chore: disable VIP operator test
• 288f63872 feat: bump deps
• b66482c52 feat: allow disabling injection of extra cmdline in cluster create
• 704b5f99e feat: update Kubernetes to 1.35.0-alpha.2
• 1dffa5d99 feat: implement virtual IP operator config
• 43b1d7537 fix: validate provisioner when destroying local clusters
• b494c54c8 fix: talos import on non-linux
• 61e95cb4b feat: support bootloader option for ISO
• d11072726 fix: provide offset for partitions in discovered volumes
• 39eeae963 feat: update dependencies
• 9890a9a31 test: fix OOM test
• c0772b8ed feat: add airgapped mode to QEMU backed talos
• ac60a9e27 fix: update test for PCI driver rebind/IOMMU
• 6c98f4cdb feat: implement new DHCP network configuration
• da92a756d fix: drop 'ro' falg from defaults
• 28fd2390c fix: imager build on arm64
• 4e12df8c5 test: integration test for OOM controller
• 7e498faba feat: use image signer
• eccb21dd3 feat: add presets to the 'cluster create qemu' command
• ec0a813fa feat: unify cmdline handling GRUB/systemd-boot
• 37e4c40c6 fix: skip module signature tests on docker provisioner only
• 8124efb42 fix: cache e2e
• 4adcda0f5 fix: reserve the apid and trustd ports from the ephemeral port range
• ced57b047 feat: support optionally disabling module sig verification
• 1e5c4ed64 fix: build talosctl image cache-serve non-linux
• dbdd2b237 feat: add static registry to talosctl
• 77d8cc7c5 chore: push latest tag only on main
• 59d9b1c75 feat: update dependencies
• bf6ad5171 feat: add back install script
• da451c5ba chore: drop documentation except for fresh reference
• 2f23fedeb fix: file leak in reading cgroups
• b412ffdbc docs: update README.md for docs link
• 8dc51bae7 feat: add drm_gpuvm and drm_gpusvm_helper modules
• 4ca58aeb8 fix: make Akamai platform usable
• 061f8e76f feat: bump pkgs
• a9fa852da feat: update uefi image to talos linux logo
• 04753ba69 feat: update go to 1.25.2
• 9a42b05bd feat: implement link aliasing
• d732bd0be chore(ci): run only nvidia tests for NVIDIA workflows
• 8d1468209 fix: stop populating apiserver cert SANs
• 02473244c fix: wait for mount status to be proper mode
• 825622d90 fix: resource proto definitions
• 2c6003e79 docs: add Project Calico installation in two mode
• 4fb4c8678 feat: add disk.EnableUUID to generated ova
• 33fb48f8f fix: add dashboard spinner
• 053fd0bd4 feat: update Linux to 6.17
• 34e107e1b docs: fix broken link
• dfbece56b docs: update the kubespan docs
• 8b041a72c docs: update scaleway.md
• 435dcbf82 fix: provide nocloud metadata with missing network config
• ec3bd878f refactor: remove the go-blockdevice v1 completely
• 33544bde9 fix: minor improvements to fs
• fd2eebf7f feat: create merge patch from diff of two machine configs
• eadbdda94 fix: uefi boot order setting
• cd9fb2743 fix: support secure HTTP proxy with gRPC dial
• adf87b4b9 feat: update Flannel to v0.27.4
• 5dfb7e1fe feat: serve etcd image from registry.k8s.io
• 5ca841804 fix: nftables flaky test
• a940e45a7 feat: generate list of images required to build talos
• 3472d6e79 fix: revert "chore: use new mount/v3 package in efivarfs"
• 42c0bdbf3 feat: add provisioner flag to images default command
• 6bc0b1bcf feat: drop and lock deprecated features
• 362a8e63b fix: change the compression format
• 6e58f58aa fix: mkdir artifacts path
• 3165a2b84 release(v1.12.0-alpha.1): prepare release
• e455c7ea9 chore: use testing/synctest in tests
• 7f048e962 feat: update dependencies
• fe36b3d32 fix: stop returning EINVAL on remount of detached mounts
• c6279e04c chore: use new mount/v3 package in efivarfs
• d5197effb feat: update etcd 3.6.5, CoreDNS 1.12.4
• 33714b715 feat: release cloud image using factory
• d10a2747e docs: deprecate JSON6902 patches and interactive installer
• 1e604cbf5 fix: don't set broadcast for /31 and /32 addresses
• 65a66097a refactor: split cluster create logic into smaller parts
• ab847310e fix: provide refreshing CA pool (resolvers)
• d63c3ed7d docs: update secureboot docs
• 493f7ed9d feat: support embedded config
• 251df70f6 feat: add a userspace OOM controller
• 7bae5b40b feat: implement link configuration
• 724857dec fix(ci): skip netbird extension for tests
• e06a08698 fix: default gateway as string
• 7ed07412e fix: uefi boot entry handling logic
• ea4ed165a refactor: efivarfs mock and tests
• 1fca111e2 feat: support setting wake-on-lan for Ethernet
• 94f78dbe7 docs: add a documentation for running Talos in KVM
• 46902f8fd docs: add TrueFullstaq to adopters
• a28e5cbd5 chore: update pkgs and tools
• 7cf403db8 docs: step-by-step scaleway documentation to get an image
• 687285fa2 docs: remove 'curl' in wget command
• 9db6dc06c feat: stop mounting state partition
• 53ce93aae test: try to clear connection refused more aggressively
• 51db5279c fix: bump trustd memory limit
• 25204dc8a fix(machined): change constants.MinimumGOAMD64Level using build tag
• 9cd2d794d feat: ship nft binary with Talos rootfs
• b1416c9fe feat: record last log the failed service
• 0b129f9ef feat: enforce more KSPP and hardening sysctls
• 11872643c chore: drop docs folder
• d30fdcd88 chore: pass in github token to imager
• b88f27d80 chore: make reset test code a bit better
• 1cde53d01 test: fix several issues with tests
• 16cd127a0 docs: add docs on updating image cache
• c3ae92b14 fix: build kernel checks only on linux
• 2120904ec feat: create detached tmpfs
• 6bbee6de5 docs: remove 'ceph-data' from volume examples/docs
• 07acb3bd2 fix: use correct order to determine SideroV1 keys directory path
• 2d57fa002 fix: trim zero bytes in the DHCP host & domain response
• 451cb5f78 docs: clarify disk partition confusion
• a2122ee5c feat: implement HostConfig multi-doc
• 69ab076b4 fix: re-create cgroups when restarting runners
• 297b5cc28 docs: add docs on node labels
• e168512dd fix: apply 'ro' flag to iso9660 filesystems
• 7f7acfbb9 docs: fix typo in doc
• d57882b18 feat: update Kubernetes to 1.34.1
• f85f82f32 test: fix flakiness in RawVolumes test
• 82569e319 feat: update Linux 6.16.6
• 2fd2ab4e4 fix: remove CoreDNS cpu limit
• ce9bc32a0 chore(ci): rekres to use new runner groups
• 8b64f68f6 test: improve test stability
• 272cb860d chore: drop the --input-dir flag from the cluster create command
• 1b6533675 docs: add note about ca-signed certs for secureboot
• d3f88f50c docs: document talos vip failover behavior
• 005fc8bd5 docs: add docs on syncing configs after a kube upgrade
• 4d876d9af feat: update Go to 1.25.1
• 2b556cd22 feat: implement multi-doc StaticHostConfig
• a7b776842 docs: replace Raspberry Pi 5 links with Talos builder
• a349b20ed docs: clarify that talos does not support intermediate ca
• 895133de9 feat: support configuring PCR states to bind disk encryption
• c1360103b docs: fix command for uploading image on Hetzner
• 43b5b9d89 fix: correctly handle status-code 204
• feeb0d312 feat: update runc to 1.3.1
• 421634a14 docs: add docs on multihoming
• 41af2d230 refactor: clean up internal cluster creation code
• 3000d9e43 fix: don't bootstrap talos cluster if there's no config present
• 79cb871d0 feat: use the id of the volume in the mapped luks2 name
• 6c322710d chore: refactor mount package
• ced7186e2 refactor: update COSI to 1.11.0
• de2e24fcd docs: clarify that install-cni image is deprecated
• bef8ef509 docs: add docs on cilium's compatibility with kubespan
• e5acb10fc feat: update pkgs
• c4c1daf0e docs: add info about br_netfilter
• 5c52ecac3 docs: clarify interactive dashboard resolution control
• 15ecb02a4 feat: update Linux kernel (memcg_v1, ublk)
• 53f18c2f6 fix: enable support for VMWare arm64
• 3bbe1c0da docs: add docs on grow flag
• b9fb09dcd release(v1.12.0-alpha.0): prepare release
• 6a389cad3 chore: update dependencies
• 9d98c2e89 feat: add a cgroup preset for PSI and --skip-cri-resolve
• 072f77b16 chore: prepare for future Talos 1.12-alpha.0 release
• 96f41ce88 docs: update qemu and docker docs
• a751cd6b7 docs: activate Talos v1.11 docs by default
• e8f1ec1c5 docs: fix broken create qemu command v1.11 docs
• 639f0dfdd feat: update Linux to 6.16.4
• 8aa7b3933 fix: bring back linux/armv7 build and update xz
• 9cae7ba6b feat: update CoreDNS to 1.12.3
• cfef3ad45 fix: drop linux/armv7 build
• 42ea2ac50 fix: update xz module (security)
• 4fcfd35b9 docs: fix module name example
• 50824599a chore: update some tools
• bcd297490 feat: allow Ed25119 in FIPS mode
• 5992138bb test: ignore one leaking goroutine
• d155326c1 docs: add sbc unofficial ports docs
• 285fa7d22 docs: add the deploy application docs
• 527791f09 feat: update Kubernetes to 1.34.0
• a1c0e237d feat: update Linux to 6.15.11, Go to 1.25
• 4d7fc25f8 docs: switch order of wipe disk command
• 7368a994d feat: add SOCKS5 proxy support to dynamic proxy dialer
• d63591069 chore: silence linter warnings
• 07eb4d7ec fix: set default ram unit to MiB instead of MB
• 6b732adc4 feat: update Linux to 6.12.43
• b6410914f feat: add human readable byte size cli flags
• ec70cef99 feat: update NVIDIA drivers and kernel
• 0879efa69 feat: update Kubernetes default to v1.34.0-rc.2
• f504639df feat: add a user-facing create qemu command
• 558e0b09a test: fix the Image Factory PXE boot test
• d73f0a2e5 docs: make readme badges consistent
• f1369af98 chore: use new filesystem api on STATE partition
• 366cedbe7 docs: link to kubernetes linux swap tuning
• 2f5a16f5e fix: make --with-uuid-hostnames functionality available to qemu provider
• 70612c1f9 refactor: split the PlatformConfigController
• 511748339 docs: add system extension tier documentation
• 009fb1540 test: don't run nvidia tests on integration/aws
• 99674ef20 docs: apply fixes for what is new
• 92db677b5 fix: image cache lockup on a missing volume
• 9c97ed886 fix: version contract parsing in encryption keys handling
• 1fc670a08 fix: dial with proxy
• 18447d0af feat: update Linux to 6.12.41
• f65f39b78 fix: provide mitigation CVE-1999-0524
• 8817cc60c fix: actually use SIDEROV1_KEYS_DIR env var if it's provided
• b08b20a10 feat: use key provider with fallback option for auth type SideroV1
• 7a52d7489 fix: kubernetes upgrade options for kubelet
• ea8289f55 feat: add a user facing docker command
• 54ad64765 chore: re-enable vulncheck
• 26bbddea9 fix: darwin build
• b5d5ef79e fix: set secs field in DHCPv4 packets
• c07911933 chore: refactor how tools are being installed
• 34f25815c docs: fork docs for v1.12
• b66b995d3 feat: update default Kubernetes to v1.34.0-rc.1
• b967c587d docs: fix clone URL to include .git
• b72c68398 docs: edit the insecure, etcd-metrics, inline and extramanifests
• e5b9c1fff docs: remov RAS Syndrome
• 701fe774b docs: fix cilium links and bump to 1.18.0
• d306713a1 feat: update Go to 1.24.6
• 721595a00 chore: add deadcode elimination linter
• dc4865915 refactor: stop using text/template in machined code paths
• 545be55ed feat: add a pause function to dashboard
• 06a6c0fe3 refactor: fix deadcode elimination with godbus
• 2dce8f8d4 refactor: replace containerd/containerd/v2 module for proper DCE
• 9b11d8608 chore: rekres to configure slack notify workflow for CI failures
• 5ce6a660f docs: augment the pod security docs
• ada51ff69 fix: unmarshal encryption STATE from META
• b9e9b2e07 docs: add what is new notes for 1.11
• 53055bdf4 docs: fix typo in kubevirt page
• 8d12db480 fix: one more attempt to fix volume mount race on restart
• 34d37a268 chore: rekres to use correct slack channel for slack-notify
• 326a00538 feat: implement talos.config.early command line arg
• a5f3000f2 feat: implement encryption locking to STATE
• c1e65a342 docs: remove talos API flags from mgmt commands
• 181d0bbf5 feat: bootedentry resource
• 7ad439ac3 fix: enforce minimum size on user volumes if not set explicitly
• 50e37aefd fix: live reload of TLS client config for discovery client
• 87efd75ef feat: update containerd to 2.1.4
• 724b9de6d feat: add F71808E watchdog driver
• 8af96f7af docs: add ETCD downgrade documentation
• 44edd205d docs: add remark about 'exclude-from-external-load-balancers' label
• 727101926 fix(ci): use a random suffix for ami names
• d621ce372 fix: grype scan
• d62e255c2 fix: issues with reading GPT
• 5d0883e14 feat: update PCI DB module to v0.3.2
• 3751c8ccf test: wait for service account test job longer
• a592eb9f9 feat: update Linux to 6.12.40
• 4c40e6d3f feat: update etcd to 3.6.4
• 2bc37bd2c docs: fix error in kernel module guide
• bfc57fb86 chore: tag aws snapshots created via ci with the image name
• 06ef7108a fix: issue with volume remount on service restart
• 03efbff18 docs: add SBOM documentation
• af8a2869d fix: do not download artifacts for cron Grype scan
• 5f442159b feat: unify disk encryption configuration
• 38e176e59 chore(ci): fix datasource versioning
• 85d6b9198 feat: update etcd to v3.5.22
• dd7bd2dab docs: rewrite the getting started and prod docs for v1.10 and v1.11
• 136a899aa chore: regenerate release step with signing fixes
• 450b30d5a chore(ci): add more nvidia test matrix
• 451c2c4c3 test: add talosctl:latest to the image cache

Dependency Changes

• github.com/klauspost/compress v1.18.0 -> v1.18.1
• github.com/minio/minio-go/v7 v7.0.95 -> v7.0.97
• github.com/siderolabs/crypto v0.6.4 new
• github.com/siderolabs/gen v0.8.5 -> v0.8.6
• github.com/siderolabs/go-blockdevice/v2 v2.0.19 -> v2.0.20
• github.com/siderolabs/go-debug v0.6.0 -> v0.6.1
• github.com/siderolabs/pkgs v1.11.0-18-g1a25681 -> v1.12.0
• github.com/siderolabs/talos v1.11.1 -> v1.12.0-beta.0
• github.com/siderolabs/talos/pkg/machinery v1.11.1 -> v1.12.0-beta.0
• github.com/sigstore/cosign/v3 v3.0.2 new
• github.com/sigstore/sigstore v1.9.5 -> 181c5d3339b3
• go.yaml.in/yaml/v4 v4.0.0-rc.3 new
• golang.org/x/net v0.44.0 -> v0.47.0
• golang.org/x/sync v0.17.0 -> v0.18.0
• golang.org/x/sys v0.36.0 -> v0.38.0
• golang.org/x/text v0.29.0 -> v0.31.0

Previous release can be found at v0.8.4

---

This discussion was created from the release v0.9.0.