This month at Tailscale: Tailnet Lock, Control plane IP changes, and headless Windows runners

This month's updates from Tailscale include the general availability of Tailnet Lock, which enhances security by allowing users to control signing nodes and keys without relying on Tailscale, and simplifies the control-plane domains. Tailnet Lock operates on a Trust On First Use model, providing the option to share a disablement secret with Tailscale's support team for emergencies. Additionally, Tailscale has made changes to its control plane IP ranges, which might affect IP-based firewall rules, and fixed an issue with GitHub Actions on headless Windows runners by adding an --unattended argument. Client updates include an internal fix for Android TV, library updates in Docker and tsrecorder, and a Kubernetes operator fix for High Availability Ingress proxy startup issues.