Behind the Winter Update was months of coordination, iteration, and cross-team execution.

This post is a shoutout to the folks who made the week possible. Read more on our blog.

https://tailscale.com/blog/team-behind-winter-update/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Join us later today on Discord, as Avery and Travis recap the week's announcements, including Aperture, CI/CD workload connectivity updates, PAM, and more, plus an open AMA.

Kicks off at 4pm ET/1pm PT today! See you there! https://discord.gg/tailscale?event=1471578245492113530

#TailscaleWinterUpdate

Identity-based access is only half the story. You also need clear, queryable records of what actually happened.

Tailscale now adds identity-linked auditability across K8s, traffic, and SSH, without heavyweight PAM infrastructure.

https://tailscale.com/blog/auditable-infrastructure-access/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Workload identity federation is now GA in Tailscale.

CI, cloud, and Kubernetes workloads can authenticate using native OIDC identities instead of long-lived secrets, with API, Terraform, and tsnet support.

https://tailscale.com/blog/workload-identity-ga/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Tailscale Services is now generally available.

Publish internal resources as named, identity-aware services instead of wiring clients to machines or IPs. Now app-aware with tsnet, Kubernetes support, and better observability.

https://tailscale.com/blog/services-ga/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Log streaming now supports Google Cloud Storage (GCS).

Export audit/config logs and network flow logs (Enterprise) into your own GCS bucket for retention, investigation, and compliance, without breaking encryption.

https://tailscale.com/blog/gcs-log-streaming/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Fleet device posture is now GA in Tailscale. 🎉 You can now use Fleet device state in Tailscale access policies, so enforcement says aligned as device state changes.💻

#TailscaleWinterUpdate

https://tailscale.com/blog/fleet-device-posture-integration/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

Device risk changes faster than access policies.

We’ve launched a new device posture integration with Huntress, now GA🎉

Huntress endpoint security signals can now be used directly in Tailscale policies, so access updates automatically as device risk changes.

https://tailscale.com/blog/huntress-device-posture-integration/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Direct paths aren’t always possible in locked-down networks.

Peer Relays lets you run high-throughput relays on your own nodes, with static endpoints for restricted cloud environments and built-in observability. Now in GA 🎉

https://tailscale.com/blog/peer-relays-ga/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#TailscaleWinterUpdate

Winter Update Week is here ❄️

New Tailscale podcast episode with Alex + Avery, Kabir, and Harry covering what’s shipping this week and why it matters.

Watch ▶️ https://www.youtube.com/watch?v=jpFYggkU2C4

#TailscaleWinterUpdate