diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d924f7c4..080e5e99b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,1059 @@
+## [Talos 1.13.0](https://github.com/siderolabs/talos/releases/tag/v1.13.0) (2026-04-27)
+
+Welcome to the v1.13.0 release of Talos!
+
+
+
+Please try out the release binaries and report any issues at
+https://github.com/siderolabs/talos/issues.
+
+### Clang built kernel and ThinLTO
+
+Talos now uses a kernel built using Clang compiler, and optimized using ThinLTO. This should bring a small performance improvement,
+alongside some hardening features, such as BTI on supported ARM systems.
+
+
+### Container Device Interface
+
+Talos now enables [CDI](https://github.com/cncf-tags/container-device-interface) by default and extension/extension services can bring in dynamic
+CDI spec files under `/run/cdi`.
+
+
+### talosctl debug
+
+Talos Linux now provides a way to run and attach to the privileged debug container with a user-provided container image.
+The debug container might be used for troubleshooting and debugging purposes.
+
+
+### Environment Configuration Document
+
+A new `EnvironmentConfig` document has been introduced to allow users to specify environment variables for Talos components.
+It replaces and deprecates the previous method of setting environment variables via the `.machine.env` field.
+
+Multiple values for the same environment variable will replace previous values, with the last one taking precedence.
+
+To remove an environment variable, remove it from the `EnvironmentConfig` document and restart the node.
+
+
+### External Volumes
+
+Talos now supports virtiofs-based external volumes via the new
+[ExternalVolumeConfig](https://www.talos.dev/v1.13/reference/configuration/block/externalvolumeconfig/)
+document.
+
+These virtiofs external volumes are not supported when SELinux is running
+in enforcing mode.
+
+
+### Extra Arguments accept slices in addition to strings
+
+Several Talos configuration fields that previously accepted single string values for extra arguments have been updated to accept slices of strings as well.
+This includes fields such as `.cluster.apiServer.extraArgs`.
+
+BREAKING: If you were relying on the resources EtcdConfigs, KubeletConfigs, ControllerManagerConfigs, SchedulerConfigs or APIServerConfigs, the protobuf format has changed from `map<string,string>` to `map<string,message>`.
+
+
+### Container Image Signature Verification
+
+Talos now supports machine-wide container image signature verification via the new `ImageVerificationConfig` machine config document.
+
+Any image which gets pulled on the node will be verified against the configured rules, and if no rule matches, it will be pulled without verification.
+
+
+### Talos Imager Enhancements
+
+Talos imager now supports running rootless. `--privileged` and `-v /dev:/dev` are no longer required.
+
+
+### Image APIs Updated
+
+Talos Linux provides new APIs to manage container images on the node: listing, pulling, importing and removing images.
+The new pull API provides pull progress notifications.
+
+The CLI commands `talosctl image pull`, `talosctl image list` and `talosctl image remove` have been updated to interact with the new APIs.
+
+
+### Talosctl images k8s-bundle subcommand accepts version parameter
+
+The `talosctl images k8s-bundle` command now accepts an optional argument to override Talos version.
+
+
+### Install and Upgrade API
+
+Talos now exposes install and upgrade operations via the `LifecycleService` API, enabling programmatic installs and upgrades through a single, consistent interface.
+The legacy upgrade API is deprecated; new integrations should migrate to `LifecycleService` for future compatibility.
+
+
+### Kubernetes server-side apply
+
+Talos now uses inventory backed server-side apply when applying bootstrap manifests (including `extraManifests` and `inlineManifests`).
+Purging of unneeded manifests is automatically performed.
+The switch and inventory backfill is automatic and no action is needed from the user.
+
+
+### Dynamic Linux Kernel Preemption Model
+
+Talos Linux now defaults to dynamic Linux kernel preemption model, the default value `none` matches
+previous version, but now with kernel argument `preempt=` the preemption model can be changed.
+
+See [Linux kernel documentation](https://docs.kernel.org/admin-guide/kernel-parameters.html) for more
+information on supported values.
+
+This change only applies to amd64 (x86_64) architecture.
+
+
+### KubeSpan Configuration
+
+A new `KubeSpanConfig` document has been introduced to configure KubeSpan settings.
+It replaces and deprecates the previous method of configuring KubeSpan via the `.machine.network.kubespan` field.
+
+The old configuration field will continue to work for backward compatibility.
+
+
+### KubeSpan Advertised Network Filters
+
+KubeSpan now supports filtering of advertised networks using the `excludeAdvertisedNetworks` field in the `KubeSpanConfig` document.
+This allows users to specify a list of CIDRs to exclude from the advertised networks. Please note that routing must be symmetric for any
+pair of peers, so if one peer excludes a certain network, the other peer must also exclude it. In other words, for any given pair of peers,
+and any pair of their addresses, the traffic should either go through KubeSpan or not, but not one way or the other.
+
+
+### LinkAliasConfig Pattern-Based Multi-Alias
+
+`LinkAliasConfig` now supports pattern-based alias names using `%d` format verb (e.g. `net%d`).
+
+When the alias name contains a `%d` format verb, the selector is allowed to match multiple links.
+Each matched link receives a sequential alias (e.g. `net0`, `net1`, ...) based on hardware address order
+of the links. Links already aliased by a previous config are automatically skipped.
+
+This enables creating stable aliases from any N links using a single config document,
+useful for `BondConfig` and `BridgeConfig` member interfaces on varying hardware.
+
+
+### Negative Max Volume Size
+
+Negative max size represents the amount of space to be left free on the device, rather than the size the volume should consume.
+For example:
+    * a max size of "-10GiB" means the volume can grow to the available space minus 10GiB.
+    * a max size of "-25%" means the volume can grow to the available space minus 25%.
+
+
+### Flannel CNI with Network Policy Support
+
+Talos Linux now supports optionally deploying Flannel CNI with [network policy support](https://kubernetes.io/docs/concepts/services-networking/network-policies/) enabled.
+The network policy implementation is [kube-network-policies](https://github.com/kubernetes-sigs/kube-network-policies/).
+
+To enable Flannel CNI with network policy support, use the following machine configuration patch:
+
+```yaml
+cluster:
+  network:
+    cni:
+      name: flannel
+      flannel:
+        kubeNetworkPoliciesEnabled: true
+```
+
+(If the cluster is already running, sync the bootstrap manifests after applying the patch to deploy the new CNI configuration.)
+
+
+### NVIDIA GPU Support
+
+Talos switched to using CDI and now supports configuring NVIDIA GPU via the gpu-operator helm chart.
+See the documentation on [upgrade notes](https://docs.siderolabs.com/talos/v1.13/configure-your-talos-cluster/lifecycle-management/upgrading-talos#after-upgrade-to)
+for more details on how to configure NVIDIA GPU support in Talos.
+
+
+### Container Image Decompression
+
+Talos now ships with `igzip` (amd64) and `pigz` (arm64) to speed up container image decompression.
+
+
+### ProbeConfig
+
+The TCPProbeConfig configuration document allows to configure TCP probes for network reachability checks.
+This allows to define a custom connectivity condition.
+
+
+### /proc/PID/mem Access Hardening
+
+A new kernel parameter `proc_mem.force_override=never` has been introduced by default to enhance system security
+by preventing unwanted writes to protected process memory via `/proc/PID/mem`.
+If the kernel parameter is removed, default behavior is restored, allowing access only if the process is traced.
+
+
+### Reproducible Disk Images
+
+Talos disk images are now reproducible. Building the same version of Talos multiple times will yield
+identical disk images.
+
+Note: VHD and VMDK (Azure and VMware) images are not currently reproducible due to limitations in the underlying image creation tools.
+Users verifying reproducible images should use raw images, verify checksums, and convert them to VHD/VMDK as needed.
+
+
+### ResolverConfig
+
+The nameservers configuration in machine configuration now overwrites any previous layers (defaults, platform, etc.) when specified.
+Previously a smart merge was performed to keep IPv4/IPv6 nameservers from lower layers if the machine configuration specified only one type.
+
+
+### Routing Rules Support
+
+Talos now supports routing rules via the new `RoutingRuleConfig` machine config document.
+
+
+### `talosctl images talos-bundle` can ignore reaching to the registry
+
+The `talosctl images talos-bundle` command now accepts optional `--overlays` and `--extensions` flags.
+If those are set to `false`, the command will not attempt to reach out to the container registry to fetch the latest versions and digests of the overlays and extensions.
+
+
+### Lifecycle Upgrade in talosctl
+
+`talosctl` upgrades now route through `LifecycleService`, aligning CLI behavior with the new install/upgrade API and unifying the upgrade path.
+This change is transparent to users but standardizes the backend used for upgrades.
+
+
+### Component Updates
+
+Linux: 6.18.24
+containerd: 2.2.3
+etcd: 3.6.9
+CoreDNS: 1.14.2
+Kubernetes: 1.36.0
+CNI: 1.9.1
+Flannel CNI plugin: v1.9.1-flannel1
+Flannel: 0.28.4
+LVM2: 2_03_38
+runc: 1.4.2
+systemd: 259.5
+cryptsetup: 2.8.3
+Tenstorrent: 2.7.0
+iptables: 1.8.12
+musl: 1.2.6
+
+Talos is built with Go 1.26.2.
+
+
+### VM Hot-Add Support
+
+Talos now includes udev rules to support hot-adding of CPUs in virtualized environments.
+
+
+### VRF Support
+
+Talos now supports VRF (Virtual Routing and Forwarding) via the new `VRFConfig` machine config document.
+
+
+### Contributors
+
+* Andrey Smirnov
+* Mateusz Urbanek
+* Noel Georgi
+* Orzelius
+* Mickaël Canévet
+* Dmitrii Sharshakov
+* Laura Brehm
+* Utku Ozdemir
+* Edward Sammut Alessi
+* Artem Chernyshev
+* Fritz Schaal
+* Max Makarov
+* Nico Berlee
+* Zadkiel AHARONIAN
+* Andreas Freund
+* Bryan Lee
+* Justin Garrison
+* Pranav Patil
+* Spencer Smith
+* Alexis La Goutte
+* Andras BALI
+* Andreas Lüdeke
+* Andrei Kvapil
+* Ansgar Dahlen
+* Benoît Knecht
+* Birger Johan Nordølum
+* Camillo Rossi
+* Christopher Puschmann
+* Daniil Kivenko
+* David Orman
+* Dharsan Baskar
+* Dmitrii Sharshakov
+* Dominik Pitz
+* Florian Ströger
+* Gregor Gruener
+* Hector Monsalve
+* Jaakko Sirén
+* Jan Paul
+* Jean-Francois Roy
+* Joakim Nohlgård
+* Jonas Lammler
+* Kai Zhang
+* Kevin Tijssen
+* Lennard Klein
+* Matthew Sanabria
+* Michal Baumgartner
+* Olav Thoresen
+* Serge van Ginderachter
+* Skye Soss
+* Stanley Chan
+* Sébastien Masset
+* Tim Jones
+* arita
+* dataprolet
+* drew
+* eseiker
+* greenpsi
+* lmacka
+* pranav767
+* pythoner6
+
+### Changes
+<details><summary>366 commits</summary>
+<p>
+
+* [`5e2fc260a`](https://github.com/siderolabs/talos/commit/5e2fc260a8c189e1ab77553dfa7c96b12db4a7db) fix: revert add extraArgs from service-account-issuer
+* [`17448fcd2`](https://github.com/siderolabs/talos/commit/17448fcd29d5b09f99225767d9c678e05f278d69) fix: revert use append instead of prepend in service-account-issuer
+* [`4b9fe000f`](https://github.com/siderolabs/talos/commit/4b9fe000f491766618edacd5719d5c415a04b38f) feat: add quirk for talosctl factory downloads
+* [`f62c33113`](https://github.com/siderolabs/talos/commit/f62c331130fc8a6bf3c2ee17c85b209811cc8956) refactor: make all controller unit-test follow modern patterns
+* [`cd317d533`](https://github.com/siderolabs/talos/commit/cd317d53306d09074d2cc222219e520c18f8057d) feat: support auth for Image Factory in cluster create
+* [`92ca9e16f`](https://github.com/siderolabs/talos/commit/92ca9e16f95c58fc8a1e4afca6dbe8d3c42b67ba) feat: update Kubernetes to v1.36.0
+* [`e9afea74d`](https://github.com/siderolabs/talos/commit/e9afea74d6fe57b4d611d24c75f42a196a7d690c) test: fix OOM test flake
+* [`d34a61c8d`](https://github.com/siderolabs/talos/commit/d34a61c8d1fd837477c0a8d42b02ce48dde9f971) fix(talosctl): ensure uncordon runs after reboot/upgrade errors
+* [`f9531d352`](https://github.com/siderolabs/talos/commit/f9531d35291c42bcfa594fbec283cfc48e540c3e) test: fix a flake in the manifest sync test
+* [`9f04f2c4e`](https://github.com/siderolabs/talos/commit/9f04f2c4ef3a8ace0c07c50fa633da40dda83835) fix: watch kubelet's kubeconfig and time out for cache sync
+* [`f3bab2baf`](https://github.com/siderolabs/talos/commit/f3bab2baf2172c40190270d96c73ec5dc42b9833) chore(ci): nvidia update helm values
+* [`d4d018b54`](https://github.com/siderolabs/talos/commit/d4d018b546fd6a6e48585ff88f610d20076cdc7a) fix: propagate route table down to the resource
+* [`ffa0bcf61`](https://github.com/siderolabs/talos/commit/ffa0bcf61a6f5cb388a7ecaadabb974b6570b385) chore(ci): bump gpu operator version
+* [`8035e6e49`](https://github.com/siderolabs/talos/commit/8035e6e49b4b5b5ac1f7f2526df48cd272f04d40) fix: do not flip machine stage to rebooting during shutdown
+* [`10606bdfe`](https://github.com/siderolabs/talos/commit/10606bdfe897bc4279fa5e6d1d038fefa0fefab4) fix: boot entry detection
+* [`23393a5ea`](https://github.com/siderolabs/talos/commit/23393a5ea3a4644f1a2c1f18c17c4a69b58c7f92) fix: zfs extensions test
+* [`a922d1540`](https://github.com/siderolabs/talos/commit/a922d1540cf462f7fccb5e97e7ff1d7d9456334f) fix: return failed precondition on upgrade when not installed
+* [`252799a00`](https://github.com/siderolabs/talos/commit/252799a00bdb7a0cdb7f05226593841999a8c45b) fix: reduce memory dashboard usage
+* [`8180cb11c`](https://github.com/siderolabs/talos/commit/8180cb11c946844169595236bc40332985a7421d) fix: wrong slot of encryption key was logged
+* [`b6bcd47e6`](https://github.com/siderolabs/talos/commit/b6bcd47e6c87df15e8b08f8e27ecc2ae7c53ecd3) feat: update Flannel to 0.28.4
+* [`370c035ab`](https://github.com/siderolabs/talos/commit/370c035ab6e5995987e27d3308daae07a683a8fb) fix: audit trustd code for security
+* [`3e1c6fd84`](https://github.com/siderolabs/talos/commit/3e1c6fd84ba907fdf255cbc0706251e36cb73816) chore: bump container registry library
+* [`dacd73313`](https://github.com/siderolabs/talos/commit/dacd733137d5b564b38adf62e44915ff19636de8) chore: update sign images to support image name suffix
+* [`1a519a410`](https://github.com/siderolabs/talos/commit/1a519a4108f01b0c9981c53ef8de8192963b26ed) test: allow more tests to run in FIPS strict mode
+* [`cb969aa9f`](https://github.com/siderolabs/talos/commit/cb969aa9f8d641056bb7ee360023eb5ec88fb91c) feat: update Linux to 6.18.24
+* [`1f949d9a5`](https://github.com/siderolabs/talos/commit/1f949d9a555389a9e9cf3bdf038efccd7c89c997) release(v1.13.0-rc.0): prepare release
+* [`929ab7165`](https://github.com/siderolabs/talos/commit/929ab7165302f3c3652bf9b87d0ef3cdf383f836) fix(machined): clear stale bond ARP/NS targets on decode
+* [`730937eee`](https://github.com/siderolabs/talos/commit/730937eee9892982666e308eb6fa9459c5bb17d4) chore: bump tools
+* [`0f9d4b5b9`](https://github.com/siderolabs/talos/commit/0f9d4b5b930122bf3972254b7d4f421d6cfd69a2) feat: update Kubernetes 1.36.0-rc.1
+* [`41e6866fd`](https://github.com/siderolabs/talos/commit/41e6866fd58fa8162e3dc8c1a99d0d6eb71fd87f) fix: encode extra args fields in resources with new id
+* [`5feeab90d`](https://github.com/siderolabs/talos/commit/5feeab90d9e1eadf2475d19bea9282ce72753900) chore(ci): nvidia try UKI boot
+* [`cd88cbd0c`](https://github.com/siderolabs/talos/commit/cd88cbd0cde1ed0c519204e6262f87441b927541) chore: bump tools
+* [`53609713f`](https://github.com/siderolabs/talos/commit/53609713f379e1c5954839a4570298423c9bbff9) fix: upgrade API in maintenance mode (legacy)
+* [`2de7fb60d`](https://github.com/siderolabs/talos/commit/2de7fb60d530e060a5915496c5da97f73d7273b0) refactor: allow overriding out image name suffix
+* [`384b189a5`](https://github.com/siderolabs/talos/commit/384b189a56fa89f3b756a2670ccaef34209e718d) feat: update Kubernetes to 1.36.0-rc.0
+* [`9b8c1891b`](https://github.com/siderolabs/talos/commit/9b8c1891bbd3cd410b459bb408243fdfdb08c358) fix: panic in reading PCR values
+* [`67a34a6eb`](https://github.com/siderolabs/talos/commit/67a34a6eb3967536261da8703df32bb06972d0c3) feat(ci): add nvidia arm64 matrix
+* [`cd73b4a82`](https://github.com/siderolabs/talos/commit/cd73b4a822cb4f9b941a2df27ef1d02306eb8108) feat: bump go to 1.26.2
+* [`77406ec31`](https://github.com/siderolabs/talos/commit/77406ec31a09d2288925010317dd19a7bb3c45f9) fix: validate hostDNS forwarding requires hostDNS to be enabled
+* [`7d7776dca`](https://github.com/siderolabs/talos/commit/7d7776dcaa9315b653c4efd3ba55e26278d46d45) fix: handle boot failure
+* [`6dc97e8aa`](https://github.com/siderolabs/talos/commit/6dc97e8aa73e25c5ab3aead307e07c6715d50d5a) fix(talosctl): always use default GRPC dial options
+* [`db2c007ee`](https://github.com/siderolabs/talos/commit/db2c007ee794547e85b527bfe68838bc0e10e0ac) fix: create correct blackhole routes for IPv4
+* [`6f8462849`](https://github.com/siderolabs/talos/commit/6f84628494a32feb206fcaab29ac623dde3c1e58) refactor: propagate NAME properly, allow to set on build
+* [`6a0ec46b5`](https://github.com/siderolabs/talos/commit/6a0ec46b5b33ec2a9fb1689388687626e95e1622) feat: add dis-vulncheck tool
+* [`4c79bd815`](https://github.com/siderolabs/talos/commit/4c79bd815558b179428276993aefe0296d2ccc43) chore: bump some tool dependencies
+* [`cd8d70fb9`](https://github.com/siderolabs/talos/commit/cd8d70fb9d7a1ffdf70aee971d00fb8c63c1f8ed) fix: set the minimum TLS version to 1.3
+* [`fe5b849ec`](https://github.com/siderolabs/talos/commit/fe5b849ec5b7ee7d4e6d5c00b5a877fb374190d0) refactor: remove manual shell completion and replace with cobra completion
+* [`fef5ef49e`](https://github.com/siderolabs/talos/commit/fef5ef49ebf0f8177430b4191d53123ed2ce4f3c) feat: allow more nvidia and nvme files from extensions
+* [`33b89cff7`](https://github.com/siderolabs/talos/commit/33b89cff72ca486de1296b9edf7453998a16cb6f) feat: allow glibc ld files in etc
+* [`9be7bc025`](https://github.com/siderolabs/talos/commit/9be7bc0250605fec19a60ab6dd2b19dcec786f38) fix: don't set xattrs while decompressing extensions
+* [`9cc735588`](https://github.com/siderolabs/talos/commit/9cc735588b57b568b83d6fc290b1861f6b84c264) feat: add client-side Kubernetes node drain to reboot and upgrade commands
+* [`128c2c287`](https://github.com/siderolabs/talos/commit/128c2c28775cf452742595d2b510837f57b206a4) feat: update Flannel to v0.28.2
+* [`02d84f582`](https://github.com/siderolabs/talos/commit/02d84f58242bb1866983def0997c996a5d8a0918) fix: handle ISOs with zeroes in volume labels
+* [`70c356bfd`](https://github.com/siderolabs/talos/commit/70c356bfdaedc4eaabb383560da02daab23374c9) feat: add flag to force fallback to legacy upgrade
+* [`8499579f4`](https://github.com/siderolabs/talos/commit/8499579f4a1fcfd12233691e962d97bde723fff7) fix: add os:meta:writer role to the dashboard
+* [`dc59a7e94`](https://github.com/siderolabs/talos/commit/dc59a7e947066006d681daba76dd51baad8afac8) fix: drop talosctl install
+* [`f7be2c598`](https://github.com/siderolabs/talos/commit/f7be2c598415909d10708cf7dafb77f738b8f068) feat: add resource view to talosctl dashboard
+* [`a47b76618`](https://github.com/siderolabs/talos/commit/a47b7661870d3102a5d29bcba7b4f9985d557b9f) fix: unseal with "slow" TPM
+* [`3c79b432a`](https://github.com/siderolabs/talos/commit/3c79b432a9bf20107f789b42819941885aec30c6) fix: drop unused type from ExternalVolume schema
+* [`38d391e9d`](https://github.com/siderolabs/talos/commit/38d391e9dc0201be526cbcffec3350cb07e6956d) fix: always grow disks
+* [`f0c5cb517`](https://github.com/siderolabs/talos/commit/f0c5cb517fdaf3a0488b0c0ddcc21435db343c34) fix: add metal-agent mode to runtime capabilities
+* [`213ecf2a5`](https://github.com/siderolabs/talos/commit/213ecf2a5bc819ef0f46047cf579c01baf199855) release(v1.13.0-beta.1): prepare release
+* [`abc0ddf11`](https://github.com/siderolabs/talos/commit/abc0ddf11e35748cf11089908d793b8dd0509e61) feat: bump musl to 1.2.6
+* [`fcdfeab2b`](https://github.com/siderolabs/talos/commit/fcdfeab2ba62ec7c2b76fd7aef70db34c470b7ef) fix: incorrect route source for on-link routes
+* [`a8f2a0af7`](https://github.com/siderolabs/talos/commit/a8f2a0af70ce767d3b96e448cdcaa7cc8f85a15f) feat: update NVIDIA production drivers to 595.58.03
+* [`ccf1e0c27`](https://github.com/siderolabs/talos/commit/ccf1e0c274812f7835dd9dfcb127b1edfbfc8829) test: fix the PKI mismatch test flake
+* [`7a9467306`](https://github.com/siderolabs/talos/commit/7a94673068aed21fc88239661b01a283894de583) test: fix cron failures for provision-1 & provision-2
+* [`797815209`](https://github.com/siderolabs/talos/commit/7978152094daabf93c0dc426eabb721894ca1c40) fix: allow blockdevice wipe in maintenance mode
+* [`efc76f0bf`](https://github.com/siderolabs/talos/commit/efc76f0bfeecaa2a17d92517409ee4e473bd50d4) test: fix the flakes in tests with trusted roots
+* [`7fa16b497`](https://github.com/siderolabs/talos/commit/7fa16b49787849939a6ead51a5a4c69dc84fcd29) test: bump memory for Flannel netpolicy tests
+* [`576c26948`](https://github.com/siderolabs/talos/commit/576c269484628e0c1535007a22ed535728458a5c) feat: add --platform=all support to image cache-create
+* [`ceec42f2a`](https://github.com/siderolabs/talos/commit/ceec42f2a52295b4e6879814400890e856711329) feat: update Linux to 6.18.19, CNI to 1.9.1
+* [`902c78a17`](https://github.com/siderolabs/talos/commit/902c78a17ecc3df3575bb144ed89b6abc68df591) test: improve maintenance API provision tests
+* [`a4b0cbc49`](https://github.com/siderolabs/talos/commit/a4b0cbc491918b72af25cb59c4d16a2da717fa9b) feat: validate luks headers for tampering
+* [`281584b88`](https://github.com/siderolabs/talos/commit/281584b88c776a9c6e91a468a08e25e16ddadc52) chore: update go-kubernetes library
+* [`b86360790`](https://github.com/siderolabs/talos/commit/b863607905e05813aa0b00b7d3742465d2905a7a) fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin
+* [`d82fada75`](https://github.com/siderolabs/talos/commit/d82fada75b1f4c7a01fc05920f5c16e0cd94fcde) fix: unset rlimits for extension services
+* [`76931f409`](https://github.com/siderolabs/talos/commit/76931f4092d97f610e69345dca79441a6c66855d) feat: enforce PID check on connections to services over file sockets
+* [`df4e0e7f5`](https://github.com/siderolabs/talos/commit/df4e0e7f58b219c9e95ad44ffb4fbf4f01e48fd5) feat: update etcd to 3.6.9
+* [`08ba425e6`](https://github.com/siderolabs/talos/commit/08ba425e6c28ebc1e8ee821c653294b568a172bb) feat: update Kubernetes to 1.36.0-beta.0
+* [`1cb2a8b30`](https://github.com/siderolabs/talos/commit/1cb2a8b30233250daefdfbbe775749a9f3e266c2) fix: update diff library to v1.0.1
+* [`5e171a3de`](https://github.com/siderolabs/talos/commit/5e171a3de1681cb388c16d14438ac36ad76f8a09) test: fix the apid test against AWS/GCP
+* [`f98e76f8d`](https://github.com/siderolabs/talos/commit/f98e76f8d838d7c7ce0e9d3e8c4f1602e8919ca6) fix: panics in diff algorithms
+* [`a544aea84`](https://github.com/siderolabs/talos/commit/a544aea844333cb37d1935fb2dacc64f961f4f0e) release(v1.13.0-beta.0): prepare release
+* [`f36f6ef54`](https://github.com/siderolabs/talos/commit/f36f6ef54d9a31e47a5f27daf3efc350dc6a1e56) chore: update pkgs and tools
+* [`b7d70cf62`](https://github.com/siderolabs/talos/commit/b7d70cf625832f7d1a5620713b01531cbacd1229) feat: unify maintenance and regular APIs
+* [`13d6b4a03`](https://github.com/siderolabs/talos/commit/13d6b4a03cda775a77c8efb1eeda6c2e62204ecc) fix: trim down cosign dependencies
+* [`5c39a8581`](https://github.com/siderolabs/talos/commit/5c39a85814e4e8823fbbeef4915d908e89233bca) fix: drop aws & azure KMS APIs from the machined build
+* [`3d059754c`](https://github.com/siderolabs/talos/commit/3d059754c2e859d2f8ac3ed25d88c8874a253d0e) fix: accept image cache volume encryption config
+* [`d2661d253`](https://github.com/siderolabs/talos/commit/d2661d25317e986d9d14db5cf0c7dba1fed6f40a) fix: apparmor parser config files
+* [`13ef0cfc9`](https://github.com/siderolabs/talos/commit/13ef0cfc9b7a1cee0d6c33f89eb13d9cb1a98b0e) fix: unmount pseudo-late recursively
+* [`e9d45671a`](https://github.com/siderolabs/talos/commit/e9d45671a808a1de00d86e357412ec406528eceb) fix: panic in hardware.SystemInfoController
+* [`a728bbd89`](https://github.com/siderolabs/talos/commit/a728bbd897c57414a7aed8c5aa6c5030c1d69bae) fix: validate missing apiVersion in config document decoder
+* [`c8a674afa`](https://github.com/siderolabs/talos/commit/c8a674afa6909df82624fc2f45d94bd4de512c87) fix: pull in a fix for dmesg timestamps
+* [`e7e21fe8e`](https://github.com/siderolabs/talos/commit/e7e21fe8eead1926cf3abb5939a8a2ec3e3b24f0) feat: bump dependencies
+* [`6bb5cf57a`](https://github.com/siderolabs/talos/commit/6bb5cf57a28c77ea5e821542c04fba45c5337634) feat: implement routing rules support
+* [`a0b9d6e77`](https://github.com/siderolabs/talos/commit/a0b9d6e7778018fa22942b1cf0b9a42d3cfee735) feat: bump kernel with uhci_hcd driver
+* [`1f0d2da39`](https://github.com/siderolabs/talos/commit/1f0d2da3966477416791b84ad15bc83c8c57bce1) feat: update containerd to 2.2.2
+* [`cff0f5782`](https://github.com/siderolabs/talos/commit/cff0f57825501a32f8dff82393a6dfecc4c04fd9) fix(machined): support USERDATA legacy fallback in OpenNebula driver
+* [`5d3a326c8`](https://github.com/siderolabs/talos/commit/5d3a326c80753f0c8ccb9373ca031393e0ce953f) feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula
+* [`3bec5cc7b`](https://github.com/siderolabs/talos/commit/3bec5cc7ba43324f6d66dc2a63bd2a380ce09dbf) feat(machined): inherit IP6_METHOD from METHOD in OpenNebula driver
+* [`4f4ec9806`](https://github.com/siderolabs/talos/commit/4f4ec980608cf399d926d7bf473214887ebed24e) fix(machined): align OpenNebula hostname precedence with reference
+* [`4d0244ddf`](https://github.com/siderolabs/talos/commit/4d0244ddf76258ab84ad380fb923202426b59e78) feat(machined): add IPv6 alias address support for OpenNebula (ETH*_ALIAS*_IP6)
+* [`5bb896230`](https://github.com/siderolabs/talos/commit/5bb896230e1766fb3906bb328061dbd79b7455c9) feat(machined): support ETH*_IP6_METHOD (static/dhcp/auto/disable) for OpenNebula
+* [`469db18d3`](https://github.com/siderolabs/talos/commit/469db18d3936ed38cb1b6839ce235ac7ada306e6) refactor(machined): extract per-interface IPv4 helper in OpenNebula driver
+* [`ae61f5a5e`](https://github.com/siderolabs/talos/commit/ae61f5a5e5a96bc30b4968bbbfd9f4563470cca8) fix(machined): use ParseFQDN for hostname parsing in OpenNebula
+* [`7adbbd2f8`](https://github.com/siderolabs/talos/commit/7adbbd2f84db61654387311a636d63e5643657db) feat(machined): support per-interface route metric for OpenNebula (ETH*_METRIC)
+* [`196658c41`](https://github.com/siderolabs/talos/commit/196658c41cdd4ddd91eab3d27503cde553c14a52) feat(machined): add network alias support for OpenNebula (ETH*_ALIAS*)
+* [`e96766e81`](https://github.com/siderolabs/talos/commit/e96766e810c867ac2cb5538ed98678f9b6cd4cdc) feat(machined): merge global and per-interface DNS for OpenNebula
+* [`23c99a3cb`](https://github.com/siderolabs/talos/commit/23c99a3cb44b0d9c7aa9592700a8a9f3e2b097f7) feat(machined): add static routes support via ETH*_ROUTES for OpenNebula
+* [`ad3c59aad`](https://github.com/siderolabs/talos/commit/ad3c59aadadeb8773d7c95fba977767988393dd0) fix: prevent stale discovered volumes reads
+* [`fc9749b9e`](https://github.com/siderolabs/talos/commit/fc9749b9ebfc188819c081dab0b9ebb1ba0bfa42) feat: pull in kernel with preemptible kernel
+* [`c14179e78`](https://github.com/siderolabs/talos/commit/c14179e78db82d3e737b3a96ff95449408473dc9) chore(ci): update nvidia test to use gpu-operator
+* [`da70cedfd`](https://github.com/siderolabs/talos/commit/da70cedfd2fa8e94331998c11b89f3625dc155c2) refactor: drop apid file socket
+* [`ee53a18c8`](https://github.com/siderolabs/talos/commit/ee53a18c8b5f2f89a300ef39daa9928a080b6288) fix: stop pulling wrong platform for images
+* [`17335107b`](https://github.com/siderolabs/talos/commit/17335107be1e66f2c1a9c5ecdad6dceafe927719) fix: use non-sensitive resource for health check precondition
+* [`2fb6f6a16`](https://github.com/siderolabs/talos/commit/2fb6f6a16d6f3c40d692ae8f56e43d85900bfb80) feat: add symlinks needed by gpu-operator
+* [`f2bae55b8`](https://github.com/siderolabs/talos/commit/f2bae55b84901d8006132e29e00012f14f9d561f) feat: enable container device interface
+* [`451b13c1b`](https://github.com/siderolabs/talos/commit/451b13c1b85eb8fbbdb1eb1b56d38eed5dd8fc83) feat: update Linux to 6.18.16
+* [`a02d578fa`](https://github.com/siderolabs/talos/commit/a02d578faade7ba1cf6190bb9007c8b270d5fab7) feat: add support for mirroring image signatures
+* [`57599fb87`](https://github.com/siderolabs/talos/commit/57599fb87766206d248aafeb6112f190b15a2b52) fix: skip some readiness checks when the CNI is disabled
+* [`e6d8669fb`](https://github.com/siderolabs/talos/commit/e6d8669fb7f821cee21f84fb2085fd3cf39ed320) feat: update Go to 1.26.1
+* [`7f2eb4856`](https://github.com/siderolabs/talos/commit/7f2eb48561329b82ecf0e7ab8ea4d1a22ac1184c) feat: add image verification endpoint
+* [`1e4cd20d2`](https://github.com/siderolabs/talos/commit/1e4cd20d23bd32f9a8aa7299b12642822c11a15e) feat: add talosctl install command and upgrade via LifecycleService
+* [`275fa351c`](https://github.com/siderolabs/talos/commit/275fa351c95b6217fe36016233cfb525c8c347f2) test: add integration tests for LifecycleService upgrade path
+* [`15a5ec998`](https://github.com/siderolabs/talos/commit/15a5ec998578de7a7aaafa8d6a761a5760622006) feat: implement new install/upgrade API
+* [`720a2148a`](https://github.com/siderolabs/talos/commit/720a2148ab023d19f3653625d785d3568f983035) fix: correctly calculate end ranges for nftables sets
+* [`95287d2db`](https://github.com/siderolabs/talos/commit/95287d2dbeb0ee07980a830622ff1df877d8adac) fix: environment suite failures
+* [`10f49ca91`](https://github.com/siderolabs/talos/commit/10f49ca91a6184563f895332e9bddd2732c28c94) feat: add trusted roots generation to stdpatches
+* [`55b872185`](https://github.com/siderolabs/talos/commit/55b872185285d890934235d07abe6b8335aa8da1) fix: use correct dhcp option for unicast dhcp renewal
+* [`58e006461`](https://github.com/siderolabs/talos/commit/58e006461d30ec97e92e86fb4d41c498fd780508) feat: update Kubernetes to 1.36.0-alpha.2
+* [`ebcfafd4e`](https://github.com/siderolabs/talos/commit/ebcfafd4e28025f14ad0fdfae541b0420d012273) feat: update Linux to 6.18.15
+* [`0ab84c2a1`](https://github.com/siderolabs/talos/commit/0ab84c2a159f6ed1b7855131be88dd780b3bfc84) fix: ignore image digest when doing upgrade-k8s
+* [`d417d68e0`](https://github.com/siderolabs/talos/commit/d417d68e0dca26b7518dcc3660a5aa139dde2f5a) feat: bring in new ssa logic
+* [`0bb6413ff`](https://github.com/siderolabs/talos/commit/0bb6413ff7eb3cdf2865449a5b0b03e594977601) fix: do not fail on RO virtiofs
+* [`bf2cd0a85`](https://github.com/siderolabs/talos/commit/bf2cd0a85011956cd49d9c20751cca868cc57b56) feat: update Linux to 6.18.14
+* [`ad29417ae`](https://github.com/siderolabs/talos/commit/ad29417ae33b0708ad266e9bd7e1da52557de649) fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag
+* [`b551cb9b8`](https://github.com/siderolabs/talos/commit/b551cb9b861f9e96f9b7c123a235d7b020c4b963) feat: allow dashboard mouse support
+* [`bfb98a9ca`](https://github.com/siderolabs/talos/commit/bfb98a9ca3539636e2bf9c8756c446e083cad04e) feat: bump kube-network-policy to v1.0.0
+* [`000c18d53`](https://github.com/siderolabs/talos/commit/000c18d5383cfef53f7a679179dfc695201b8500) feat: implement blackhole route config
+* [`cc636f1dd`](https://github.com/siderolabs/talos/commit/cc636f1dd1f12362d51cbbf448cf9f49f6edf66e) fix: image cache test fails with 'no space left on device'
+* [`f0c51b280`](https://github.com/siderolabs/talos/commit/f0c51b2805de8e73824a32eb64e7e2d9aae0acec) feat: implement correct config patching for extraArgs fields
+* [`1da2b63ab`](https://github.com/siderolabs/talos/commit/1da2b63ab573ba6d0e9ae3a490bf634d26190537) feat: multi-doc support for configuring vrfs
+* [`c1d0a3360`](https://github.com/siderolabs/talos/commit/c1d0a336079532934e0660028abdbe9278b0363e) fix: patch with delete for LinkConfigs
+* [`59311a792`](https://github.com/siderolabs/talos/commit/59311a7924b908aaa2761e82e03f6fa473a4c3ee) release(v1.13.0-alpha.2): prepare release
+* [`009f0d6ca`](https://github.com/siderolabs/talos/commit/009f0d6ca0cf13e5778a7c46587ac0dc9d30d5e9) chore: update pkgs
+* [`ba56b0295`](https://github.com/siderolabs/talos/commit/ba56b02954fb275f8ff2ed20e38b51a75c3a8371) feat: include hid-multitouch.ko kernel module in rootfs
+* [`ae29a0dcc`](https://github.com/siderolabs/talos/commit/ae29a0dcce527b90553b25230abbb5a8d4bd504c) feat: update Linux to 6.18.13
+* [`7cf1de279`](https://github.com/siderolabs/talos/commit/7cf1de2794a1d4838efca378aff433fad5e1823c) fix: bring in new version of go-cmd and go-blockdevice
+* [`c8800b41e`](https://github.com/siderolabs/talos/commit/c8800b41e511ce6bb4dda3e28b69c4d091177435) fix: update path handling on talosctl cgroups
+* [`0a7b6eb2c`](https://github.com/siderolabs/talos/commit/0a7b6eb2c98979aa8a604f677c4dd1d54f1285e5) chore: test extensions
+* [`8b1c974a2`](https://github.com/siderolabs/talos/commit/8b1c974a2a733c870f371ccb7a86ccc616dbc7ea) refactor: drop termui-widgets library
+* [`5baa0028e`](https://github.com/siderolabs/talos/commit/5baa0028e65765fc0fd1179f72377bf2a2085deb) fix: add owning inventory annotation to talos manifests
+* [`d3e793d14`](https://github.com/siderolabs/talos/commit/d3e793d14117891103ca4df8507124b18913a56c) fix: stop Kubernetes client from dynamically reloading the certs
+* [`6a5a0e3bd`](https://github.com/siderolabs/talos/commit/6a5a0e3bd4197a4fadfcfe094876e46d4b878a0a) feat: support pattern link aliases
+* [`9758bd4fe`](https://github.com/siderolabs/talos/commit/9758bd4fe0e28803acf11f3b9c9da744883aa9dc) feat: update Go to 1.26
+* [`e00aed0f6`](https://github.com/siderolabs/talos/commit/e00aed0f6694bb3c8e14a0ef413ef0e62ae02981) feat: update Kubernetes v1.36.0-alpha.1
+* [`f20445ad0`](https://github.com/siderolabs/talos/commit/f20445ad0981175d6444340325af5fc747993559) chore: improve logging of disk encryption handling
+* [`f018fbe7b`](https://github.com/siderolabs/talos/commit/f018fbe7ba145ff86ebe0d4d09b323b9715ef1a9) fix: handle raw encryption keys with `\n` properly
+* [`e5b0eb017`](https://github.com/siderolabs/talos/commit/e5b0eb017ff989e812d6444f668bf17723bb7ec4) fix: hold user volumes root mountpoint
+* [`8a0e79774`](https://github.com/siderolabs/talos/commit/8a0e79774409ce7605f9cd21d769f47e5db656db) refactor: split locate and provision
+* [`a59db0e92`](https://github.com/siderolabs/talos/commit/a59db0e92213296c4c9599fb0d230908caabdf30) fix: improve OpenStack bare metal network configuration reliability
+* [`659009ad8`](https://github.com/siderolabs/talos/commit/659009ad875c0625ac24094dc44020b015ab8b50) fix: remove stale endpoints
+* [`dab0d4783`](https://github.com/siderolabs/talos/commit/dab0d478378dfc6c2862c38633ca4494a41e7ecd) fix: allow static hosts in `/etc/hosts` without hostname
+* [`45f214154`](https://github.com/siderolabs/talos/commit/45f214154cea364d86bfbba81a5ad4f272a4c8fd) feat: update go-kubernetes to use new Myers diff
+* [`35ad0448c`](https://github.com/siderolabs/talos/commit/35ad0448c9ae93cd642d80ebb7d95b768ba0ab9b) fix: switch to better Myers algorithm implementation
+* [`0048464be`](https://github.com/siderolabs/talos/commit/0048464be854d94fb607e38daa83e00767fe8cbc) feat: update etcd to v3.6.8
+* [`5df10f260`](https://github.com/siderolabs/talos/commit/5df10f2604b537504f76b14e028f88a946aacbd7) fix: use mcopy instead of diskfs to populate VFAT
+* [`ce53ffa90`](https://github.com/siderolabs/talos/commit/ce53ffa900a438f6669460a2ce9af874c1f87708) fix: disks flag parsing and handling in create qemu command
+* [`3bd3dd7ca`](https://github.com/siderolabs/talos/commit/3bd3dd7ca92401312079e37584bfbf7942eab93a) fix: memory overuse in imager VFAT
+* [`f118ee47e`](https://github.com/siderolabs/talos/commit/f118ee47eaba662dc161d37fae5ae8f2b3de9819) fix: read multi-doc machine config with newer talosctl
+* [`70c6c2154`](https://github.com/siderolabs/talos/commit/70c6c2154e87d4a6748aebdfa2c50cbc97a0dd89) feat: add filter for KubeSpan advertised networks
+* [`daf18abf4`](https://github.com/siderolabs/talos/commit/daf18abf419b21a6e70dcca0b5b83d33cfee6188) fix: fix talosctl debug in enforcing mode
+* [`33b5b2565`](https://github.com/siderolabs/talos/commit/33b5b25652360a114d0b2cea412bf018cbf84df3) fix: ignore volumes in wave calculation without provisioning
+* [`a16392559`](https://github.com/siderolabs/talos/commit/a16392559a488993c3e26810df57da3cae5c24c5) feat: add explicit service account support to Talos client
+* [`4d531884e`](https://github.com/siderolabs/talos/commit/4d531884e9c28d480f24b61a83f140df0ffbe4b3) chore: update dependencies
+* [`406b8c83c`](https://github.com/siderolabs/talos/commit/406b8c83c9b33b1917b9dd16aa1efeb2df189f0f) feat: update doc links to docs.siderolabs.com
+* [`87615f551`](https://github.com/siderolabs/talos/commit/87615f551183cd322dafebf368a347d928a14442) feat: implement network policies with Flannel CNI
+* [`6995bc1b1`](https://github.com/siderolabs/talos/commit/6995bc1b1ea54e1a8fd6426fef11293f35106ac7) chore: update homebrew formula on release
+* [`7942d5a98`](https://github.com/siderolabs/talos/commit/7942d5a98c1d689a94e78219be09a0fc69d07b08) fix: image gc controller config
+* [`52e8727d0`](https://github.com/siderolabs/talos/commit/52e8727d0112967a62a3d9ae6bf26d713db242e1) feat: add IPv6 GRE support
+* [`9690dbad0`](https://github.com/siderolabs/talos/commit/9690dbad02cfc8682d697679b655e753039c5254) chore: bump tools (including linter)
+* [`2628eb2ec`](https://github.com/siderolabs/talos/commit/2628eb2ece05d7f817fc42e12b979d3f8ca9710c) fix: typo with rpi_5 profile name
+* [`d5ebcd7ca`](https://github.com/siderolabs/talos/commit/d5ebcd7cae1a20c8000e2f4d5a02c81e4dbe5186) fix: stop building talosctl debug on Windows
+* [`8b85c7c63`](https://github.com/siderolabs/talos/commit/8b85c7c637cc08d35bbf6968abebb8c4cdfb82ad) chore: update deps
+* [`d905035b5`](https://github.com/siderolabs/talos/commit/d905035b5e5c7787a5171ba2e0127c89755e8774) fix: swap volume configuration for min/max size
+* [`d43a01ccb`](https://github.com/siderolabs/talos/commit/d43a01ccbdd318080b54e52d2f2fbec93042c458) feat: implement `talosctl debug`
+* [`34a31c979`](https://github.com/siderolabs/talos/commit/34a31c9797d5a7e1700c3d945a21367b81c79385) feat: add mount options support for existing volumes
+* [`1bf95eed1`](https://github.com/siderolabs/talos/commit/1bf95eed185152c38397cd3b43b6ff9d421678c5) feat: improve dashboard uptime display
+* [`055add7ae`](https://github.com/siderolabs/talos/commit/055add7aeb158b6f4e09ef06966de7622d1b3940) release(v1.13.0-alpha.1): prepare release
+* [`900516e68`](https://github.com/siderolabs/talos/commit/900516e68950e4b94696f6a9b481cefee44b3360) chore: update image signer
+* [`938de566e`](https://github.com/siderolabs/talos/commit/938de566eca30af3cc4355a94931186f19b682f2) feat: bump kernel
+* [`388cec727`](https://github.com/siderolabs/talos/commit/388cec72796d0ecd0c7103efcaab9066e9b62509) feat(overlays): add new overlays
+* [`9f2dd6312`](https://github.com/siderolabs/talos/commit/9f2dd6312f9d49e4d03347c98b100119f94cf807) refactor: api tests
+* [`a90783146`](https://github.com/siderolabs/talos/commit/a90783146fc2d475055bfce0f8b5120969f74dc7) feat: add a helper module to generate standard patches
+* [`1fec5b23d`](https://github.com/siderolabs/talos/commit/1fec5b23d0c10e53863a7c0f89f862708a7f4069) fix: implement merger for PercentageSize
+* [`8b245b8f2`](https://github.com/siderolabs/talos/commit/8b245b8f269b6c8cb463f2cf537d2ed2ab6924ec) feat: implement new image service APIs
+* [`d90c775b8`](https://github.com/siderolabs/talos/commit/d90c775b8441705003de3427b2e6831dcbfb449f) chore: rename internal `talosctl debug air-gapped`
+* [`2165280d0`](https://github.com/siderolabs/talos/commit/2165280d0eedf59899ad44e2f3289d81b3dab466) refactor: change the way one2many proxying is picked
+* [`b1b703dbe`](https://github.com/siderolabs/talos/commit/b1b703dbe2b25785ded0c77f23d674d9b9934975) chore: move sync logging code to go-kubernetes package
+* [`e48c6d7ab`](https://github.com/siderolabs/talos/commit/e48c6d7ab9c8a2e28ebe2115ac09f1557bbcca33) fix: allow to expose a port multiple times in Docker
+* [`410d8cb57`](https://github.com/siderolabs/talos/commit/410d8cb5727ccf054c9097f33bc916d87076a599) fix: undo CRLF on Windows (talosctl edit)
+* [`859d3f03c`](https://github.com/siderolabs/talos/commit/859d3f03c444d98b94a06adac3648562e3b1228b) feat: add RPi5 to the list of supported SBCs
+* [`0bd48bbc6`](https://github.com/siderolabs/talos/commit/0bd48bbc6f365770167ee753be563eb4179fcadb) fix(talosctl): pass --k8s-endpoint flag to rotate-ca kubernetes rotation
+* [`b9e27ebe7`](https://github.com/siderolabs/talos/commit/b9e27ebe72c4302c416fd8efb007c3966004ddd6) feat: update Linux kernel with dm-integrity
+* [`6aa9b0677`](https://github.com/siderolabs/talos/commit/6aa9b0677ed7ca4955fead474e36a533b3250ad9) fix: skip empty documents on config decoding
+* [`494492489`](https://github.com/siderolabs/talos/commit/494492489b29b615a8a874c0648690ed3b9adb58) fix: always set advertised peer URLs
+* [`782cc507d`](https://github.com/siderolabs/talos/commit/782cc507dc33c87caa5ff985eea5f4439c3e1012) fix: open the filesystem as read-only
+* [`28e61a740`](https://github.com/siderolabs/talos/commit/28e61a740a906fadfea098f38a9c9f4e8c32773e) fix: set GRUB prefix correctly on arm64
+* [`a4f1c5239`](https://github.com/siderolabs/talos/commit/a4f1c5239ef7227856640c230e0d0364d9eedbd2) feat: update GRUB to 2.14
+* [`562920701`](https://github.com/siderolabs/talos/commit/562920701e2999cbb6687e55de96719aba4064fd) fix: use node podCIDRs for kubespan advertiseKubernetesNetworks
+* [`39460365c`](https://github.com/siderolabs/talos/commit/39460365c1726095e20cf3cc7c079c234b8022d6) feat: implement layering for ProbeSpec
+* [`b5c760f70`](https://github.com/siderolabs/talos/commit/b5c760f7076570bc04be02af0ea493f95d8338d0) feat: add ProbeConfig for network connectivity probes
+* [`4b274f761`](https://github.com/siderolabs/talos/commit/4b274f76159495cc6c2977ec3bbade71e35aade8) feat: support aws cert manager in imager
+* [`417209512`](https://github.com/siderolabs/talos/commit/41720951251102f1c174e501a3103e55720a1d8b) fix: fallback to /proc/meminfo for memory modules
+* [`7f1147bed`](https://github.com/siderolabs/talos/commit/7f1147bed495a06d336f5be1da6073921b5e52dc) fix: add warnings to 802.3ad bond
+* [`ddd6b186e`](https://github.com/siderolabs/talos/commit/ddd6b186eb8f527324736576182dafbce3423da5) refactor: generate GRUB images
+* [`c7aa266ea`](https://github.com/siderolabs/talos/commit/c7aa266ea5c9d3fbd465dc651f2ebfec622612e7) fix: overwrite resolver config with machine config
+* [`cf70f05fa`](https://github.com/siderolabs/talos/commit/cf70f05fa40312c30d8345c2fb15ce8eda86a7a7) fix: oracle platform file format
+* [`8c7b8f5b7`](https://github.com/siderolabs/talos/commit/8c7b8f5b7d6dec144f7985a7c8a8a582c38f3154) feat: add support for negative max size
+* [`77bc3d21f`](https://github.com/siderolabs/talos/commit/77bc3d21fa40e188af4b5dd93e1cda289e858d56) fix: marshal of FailOverMac property
+* [`38e280c93`](https://github.com/siderolabs/talos/commit/38e280c9319ef1ecb1455b3cc8b8d0d1d7426ccd) fix: make OOM expression a bit less sensitive
+* [`3d1301640`](https://github.com/siderolabs/talos/commit/3d1301640d44d58303160400e4954c36f53341f9) fix: wipe the first/last 1MiB in addition to wiping by signatures
+* [`1aa6528ad`](https://github.com/siderolabs/talos/commit/1aa6528adcddfb6a5ed66cc26cac1a0fcdb37516) fix: make OOM controller more precise by considering separate cgroup PSI
+* [`f7072c050`](https://github.com/siderolabs/talos/commit/f7072c050e607de16781a65eb97ab2a1828b05fb) fix: check if the device is not mounted when wiping
+* [`743c3b94b`](https://github.com/siderolabs/talos/commit/743c3b94b958e4abcbf70d4064f2ae0e0bbb0712) fix: use correct containerd import path
+* [`f2dd08594`](https://github.com/siderolabs/talos/commit/f2dd08594e8e474c7b3891dc46c64f27c724dbc0) feat: report image pull progress in the console
+* [`72fe98a06`](https://github.com/siderolabs/talos/commit/72fe98a06f31536454f201d703f8ae6a071235b5) fix: boot with GRUB
+* [`d4ed13d93`](https://github.com/siderolabs/talos/commit/d4ed13d9394b087e8877eba25950f344894803a1) fix: add talos version to Hetzner Cloud client user agent
+* [`150c41c30`](https://github.com/siderolabs/talos/commit/150c41c30ed3f066f10bd2bdc2afa9b2c5a97597) feat: update Linux to 6.18.5
+* [`01a367891`](https://github.com/siderolabs/talos/commit/01a3678913de0fa4d309a361428c117d24ce0d1e) fix: use append instead of prepend in service-account-issuer
+* [`d1954278a`](https://github.com/siderolabs/talos/commit/d1954278a1ba3470b2e5ccae90762078c18d69e9) feat: add extraArgs from service-account-issuer
+* [`91b88f7f9`](https://github.com/siderolabs/talos/commit/91b88f7f994cccad15cbec1aa8019bd19b84ae91) feat: support multiple values for extraArgs
+* [`96e604874`](https://github.com/siderolabs/talos/commit/96e604874b17e7aa8b62bfb25737f349e539bc5a) fix: add hostname to endpoints
+* [`7033275a7`](https://github.com/siderolabs/talos/commit/7033275a7a22d51e83c9e760ba37d2ad6ab22f28) refactor: move BootloaderKind into machinery
+* [`71adaf0ea`](https://github.com/siderolabs/talos/commit/71adaf0ea5b558c8a16e2acfdec3671611455985) fix: sort mirrors and tls configs when generating the machine config
+* [`34f09a300`](https://github.com/siderolabs/talos/commit/34f09a3004fe1b77c16dd33b04adca95fb6876a5) feat: add VLAN support to OpenStack platform
+* [`5127ef7c2`](https://github.com/siderolabs/talos/commit/5127ef7c28b360f9c7c033f77c58cef729e5278d) fix: wipe disk by signatures
+* [`415bfaedb`](https://github.com/siderolabs/talos/commit/415bfaedb6ae8d42b5927fdc5b7cfe8aa781a791) fix: panic in configpatcher when the whole section is missing
+* [`e5aca71cd`](https://github.com/siderolabs/talos/commit/e5aca71cd0557557e50c39d82eda2c938f627d62) fix: fix healthcheck timeout
+* [`634b71e2d`](https://github.com/siderolabs/talos/commit/634b71e2d028bf13d838acad8809c95384b6eed9) docs: move talosctl pcap example to Example Block
+* [`818492731`](https://github.com/siderolabs/talos/commit/8184927316c5de7d9b04f21474a60cc791c3d26d) feat: implement KubeSpan multi-document configuration
+* [`4d0604b9d`](https://github.com/siderolabs/talos/commit/4d0604b9d93851f444a00dbd84fcac76d21d35c2) chore: remove unrelated machineconfig
+* [`e36863470`](https://github.com/siderolabs/talos/commit/e36863470b14496c3d84417e63fef45e6060603b) feat: add it87 hwmon module
+* [`308c75090`](https://github.com/siderolabs/talos/commit/308c75090774d2510c2ec08e63e179a5c0fa6987) fix: resolve SideroLink Wireguard endpoint on reconnect
+* [`e4ef494de`](https://github.com/siderolabs/talos/commit/e4ef494decdf97664c4803aa3861015fce49760e) fix: drop the persist config flag from gen config
+* [`c3176adcf`](https://github.com/siderolabs/talos/commit/c3176adcf981811a326c971c81c4b591f54e116a) feat: add EnvironmentConfig document
+* [`c839b3880`](https://github.com/siderolabs/talos/commit/c839b38809b3a0029061d43477555ec31e283aa5) feat: expose more SSA options in the upgrade-k8s command
+* [`b8ff9677e`](https://github.com/siderolabs/talos/commit/b8ff9677e4f9a64908ae00bb1d80aa2442a00a60) fix: handle correctly incomplete RegistryTLSConfig
+* [`99f2ddada`](https://github.com/siderolabs/talos/commit/99f2ddada895011036af1435dd10bac3be0a9171) fix: bond config via platform
+* [`2449ffea4`](https://github.com/siderolabs/talos/commit/2449ffea45304459ea8895b535b6f070a9249172) fix: allow HostnameConfig to be used with incomplete machine config
+* [`35fc52087`](https://github.com/siderolabs/talos/commit/35fc5208728dbc3e0b139aff4c06f25208445637) fix: lock down etcd listen address to IPv4 localhost
+* [`27253d731`](https://github.com/siderolabs/talos/commit/27253d7317a473cbbc0f5c0eee634173bdd2eda7) feat: use new xfs config file
+* [`c9d84ae21`](https://github.com/siderolabs/talos/commit/c9d84ae21e203529a6952c165ff04d602a2a6ad6) fix: generate OCI-compliant image config
+* [`7a4b2b33a`](https://github.com/siderolabs/talos/commit/7a4b2b33abe8a3011f37f0a8f4848dd846d0396f) fix: update VIP config example
+* [`080efcbda`](https://github.com/siderolabs/talos/commit/080efcbda2c4334f9d8c70804a5a37f0cdb2df2d) feat: add k8s-version parameter to k8s-bundle
+* [`b764f5f72`](https://github.com/siderolabs/talos/commit/b764f5f724bf8af3acaac74942ea91a86e593322) fix: skip sync test when kube-proxy is disabled
+* [`70e67787d`](https://github.com/siderolabs/talos/commit/70e67787d6d34d93a34871b2d25d64f6a7575d76) feat: imager: populate filesystems with root owned files
+* [`7416dca59`](https://github.com/siderolabs/talos/commit/7416dca59378dc282e42ea30107cf40326cc593c) fix: print talosctl images to release notes
+* [`dc2009e47`](https://github.com/siderolabs/talos/commit/dc2009e4779684a6a4252d4dfd2aa02d1b60c2da) chore: use context when creating filesystems
+* [`85f7be6e3`](https://github.com/siderolabs/talos/commit/85f7be6e3f14bf160cf32bccf7418b31968d474f) chore: update slack links
+* [`154952175`](https://github.com/siderolabs/talos/commit/154952175ab73ac65722732b146a0ee1c56b2f4d) fix: disable swap for system services
+* [`d98b415af`](https://github.com/siderolabs/talos/commit/d98b415afea7b1820153151c0273df24a101742e) fix: drop more non-overlay SBC stuff
+* [`226cd6bc1`](https://github.com/siderolabs/talos/commit/226cd6bc1d70662cb7f7736ac6fad117170a36fb) fix: do not allocate for the actual disk image file
+* [`53f5bf8d2`](https://github.com/siderolabs/talos/commit/53f5bf8d2c97e91bee06bcb5948170015486ea77) fix: overlay installers
+* [`10d0cfd93`](https://github.com/siderolabs/talos/commit/10d0cfd93a083fb8b71b7c0297df52feb55e044b) fix: overlay install in image mode
+* [`77086694d`](https://github.com/siderolabs/talos/commit/77086694d18b69802e542156fc12cd7cf066efc2) fix: partition data population
+* [`4d5657b1a`](https://github.com/siderolabs/talos/commit/4d5657b1a34c939b63b2cc3ee11ed45ad1bf23c3) fix: drop SBC board code
+* [`c4f3f6d3e`](https://github.com/siderolabs/talos/commit/c4f3f6d3e59b58016ba8546c5bd3e8e465fbbf52) feat: implement kubernetes server-side apply
+* [`f12fd2b0a`](https://github.com/siderolabs/talos/commit/f12fd2b0a9fdf8f53ec5714d3ad18b695973e0b0) test: bump Image Factory tests
+* [`c76484e58`](https://github.com/siderolabs/talos/commit/c76484e5879a7e48197e442cf22044d3d0363846) release(v1.13.0-alpha.0): prepare release
+* [`f0d8a6851`](https://github.com/siderolabs/talos/commit/f0d8a685173354e5fd148786872062a342c4282a) test: skip the source bundle on exact tag
+* [`c57701d65`](https://github.com/siderolabs/talos/commit/c57701d6590388e7d6418af67e8237c7d60ccf54) fix: remove interactive installer
+* [`43937c1cd`](https://github.com/siderolabs/talos/commit/43937c1cd42758a15026261fe8f0e06daaebdcbd) feat: update Linux and systemd
+* [`72a194df8`](https://github.com/siderolabs/talos/commit/72a194df88f2800cee3372241fbad419b07f7bbf) feat: add VM CPU hot-add rules
+* [`f09ae1e0d`](https://github.com/siderolabs/talos/commit/f09ae1e0d2e1b7842d504b594b71a325af7733e5) fix: probe small images correctly
+* [`8f2b33799`](https://github.com/siderolabs/talos/commit/8f2b337994fdeff76a0ae9e1730b4b9f596ff1bb) feat: imager support rootless builds
+* [`c7525a97e`](https://github.com/siderolabs/talos/commit/c7525a97ef8615e903be183d7938b6d2a3b89464) feat: support creating filesystems from folder
+* [`e2bffb5ce`](https://github.com/siderolabs/talos/commit/e2bffb5cebaaf28f9dfff24f41ecbb2809fc60e5) chore: refactor imager code so it's more clear
+* [`0fb50dbd0`](https://github.com/siderolabs/talos/commit/0fb50dbd0a5b7b80187e50d501cec4b3fe434dc2) fix: invalid versions check in talos-bundle
+* [`b5dd56032`](https://github.com/siderolabs/talos/commit/b5dd5603207a46d8eed240173f06aeffd6a9c0e7) test: upgrade versions in upgrade tests
+* [`3dfa4d6e4`](https://github.com/siderolabs/talos/commit/3dfa4d6e40dcae2db47e89443568be3ae48b3ae1) fix: make upgrade work with SELinux enforcing=1
+* [`786c8e2ee`](https://github.com/siderolabs/talos/commit/786c8e2ee757c2d7b30d5bded954e584af3a058e) feat: ship pigz/igzip in rootfs to speed up image decompression
+* [`48d242918`](https://github.com/siderolabs/talos/commit/48d242918bc97e6a01434bee6fcdcfa735fd1f5a) feat: update containerd to 2.2.1
+* [`536541afe`](https://github.com/siderolabs/talos/commit/536541afe497d5f61cfcd0c01cf580ab5b3be164) fix: mount volume mount/unmount race
+* [`39117d457`](https://github.com/siderolabs/talos/commit/39117d45766b139ed6a0c1290f757e4b26d31d92) feat: update dependencies
+* [`f0f420725`](https://github.com/siderolabs/talos/commit/f0f420725c6a4f628cdc1b80d59713c375beb9b7) fix: bond setting change detection
+* [`8d6a7a867`](https://github.com/siderolabs/talos/commit/8d6a7a8677a5d1d61432fa94ca030351fd9852f2) feat: update Kubernetes to 1.35.0
+* [`845a0d09c`](https://github.com/siderolabs/talos/commit/845a0d09cd770a15db762ddda4d3d27f58656cfe) feat: update etcd 3.6.7, CoreDNS 1.13.2
+* [`b95912e04`](https://github.com/siderolabs/talos/commit/b95912e04907b78bd06987c6d3948f8f1804d844) feat: enforce `proc_mem.force_override=never` by default
+* [`681f3e84c`](https://github.com/siderolabs/talos/commit/681f3e84c85677f49ddbcd4a47e325d4a85af692) test: run virtiofs tests only when virtiofsd is running
+* [`0592ff0cd`](https://github.com/siderolabs/talos/commit/0592ff0cdbf54475dc91bfb7c9b9c3047bbe13da) fix: drop the Omni API URL check on IP address
+* [`a4879a5fa`](https://github.com/siderolabs/talos/commit/a4879a5fa2ded9b7b52ff7506b5493ae12939bba) feat: update Linux to 6.18.1
+* [`43b43ff18`](https://github.com/siderolabs/talos/commit/43b43ff189b7e5f37eaa75f4926c26ee21ffa5cb) docs: split talosctl commands into groups
+* [`6d17c18bf`](https://github.com/siderolabs/talos/commit/6d17c18bf908d3cd69ff920d0cff67b653a385f3) feat: enable Powercap and Intel RAPL
+* [`884e76662`](https://github.com/siderolabs/talos/commit/884e76662af34448d9904372f1256f59ce161f99) docs: fix the talosctl cluster create help output
+* [`6dc31be4f`](https://github.com/siderolabs/talos/commit/6dc31be4f982f62ba4aeb1b3b4e65ce022447eb4) fix: exclude new Virtual IPs configured with new config
+* [`94905c73e`](https://github.com/siderolabs/talos/commit/94905c73e93fd7dac38d911dc4264e4d0fe0081d) feat(talosctl): support running qemu x86 on Mac
+* [`f871ab241`](https://github.com/siderolabs/talos/commit/f871ab241c0f034401fbf61e32e7201cced49441) fix: provide json support in `nft` binary
+* [`694f45413`](https://github.com/siderolabs/talos/commit/694f45413fec8cc4f58a79e76034bd4bcec2bbdf) feat: external volumes
+* [`39feb16d2`](https://github.com/siderolabs/talos/commit/39feb16d2ed3bcb65d66483c0729bcec29f7b93e) fix: update containerd 2.2.0 with cgroups patch
+* [`82027eb9b`](https://github.com/siderolabs/talos/commit/82027eb9b30aa128099b27f638098d78857ecb4b) fix: bond configuration with new settings
+* [`121b13b8f`](https://github.com/siderolabs/talos/commit/121b13b8f8d6e5a487971f727c6e028c7ffa20f3) fix: disable kexec on arm64
+* [`7eaa725d0`](https://github.com/siderolabs/talos/commit/7eaa725d0dba18392279f5b43d167aaf18f43b99) fix: selection of boot entry
+* [`949bdb90a`](https://github.com/siderolabs/talos/commit/949bdb90ab2fd711c47583d96bd29a1ca90bbf41) feat: add Secure Boot to CloudStack platform config
+* [`798143a88`](https://github.com/siderolabs/talos/commit/798143a886e4055e764a9ad17cefe8ad4db0572e) fix: discard better klog message from Kubernetes client
+* [`008cd0986`](https://github.com/siderolabs/talos/commit/008cd0986cbbbd5527d91c01b951e311ba014b97) fix: disable kexec in talosctl cluster create on arm64
+* [`bb62b29ed`](https://github.com/siderolabs/talos/commit/bb62b29edb2fb704846ceeed2019f0ebaced30be) chore: prepare talos for 1.13
+* [`c0935030a`](https://github.com/siderolabs/talos/commit/c0935030ac3d966149591a3aaa8e430da768d678) chore: fork reference docs for 1.13.x
+* [`e387e48b3`](https://github.com/siderolabs/talos/commit/e387e48b30b3a3b991f1f611099f48fddefa851b) fix: do not override DNS on MacOS
+* [`1e7e87fb1`](https://github.com/siderolabs/talos/commit/1e7e87fb192521937b581ecd94a0aa0c861f2a5f) fix: rework NFT rules for KubeSpan
+* [`51bcfb567`](https://github.com/siderolabs/talos/commit/51bcfb567915d2b27e4b5321e080220bc618086b) feat: rename image default and source bundle
+* [`585abe944`](https://github.com/siderolabs/talos/commit/585abe94431f06b3ebf4b6a64ad1b5918708f866) feat: update Kubernetes to v1.35.0-rc.1
+* [`f301e3e9b`](https://github.com/siderolabs/talos/commit/f301e3e9ba47d5f46f1990a9bd21fd4e671c38f3) fix: update KubeSpan MSS clamping
+* [`74c1df6f4`](https://github.com/siderolabs/talos/commit/74c1df6f4b2ac8d989d1e42d6c7c0016411638ee) test: propagate MTU size to QEMU in `talosctl cluster create`
+* [`d347ca1af`](https://github.com/siderolabs/talos/commit/d347ca1af162c8d948899d58fc3f76dd0a94f138) fix: update CNI plugins to 1.9.0
+* [`e3f8196b4`](https://github.com/siderolabs/talos/commit/e3f8196b4c767ca68df9f6c85ed25c7e12fb4d87) chore: update Grype and Syft
+* [`e1b8ab323`](https://github.com/siderolabs/talos/commit/e1b8ab3236e956bc4b37e227423aea0f97612a5c) docs: add misssing period
+* [`cd04c3dde`](https://github.com/siderolabs/talos/commit/cd04c3dde70f604603fd7996c62adf5a17cfbd41) docs: update release notes
+* [`fc8ae3249`](https://github.com/siderolabs/talos/commit/fc8ae3249fac82cbdb5521ca8797a8451bdaa9fd) docs: add omni join token example to create qemu command
+* [`9fa00773c`](https://github.com/siderolabs/talos/commit/9fa00773caf2d092d953ff58d04cf94803039b94) chore: update go-blockdevice
+* [`ba13b6786`](https://github.com/siderolabs/talos/commit/ba13b678654e2896e1a99b1af8b51a9239b0a559) fix: correct condition to use UKI cmdline in GRUB
+* [`d2ce3f47f`](https://github.com/siderolabs/talos/commit/d2ce3f47f8515231f27983abaaf269a059e2e90d) docs: drop machine.network example
+* [`cf087c1e0`](https://github.com/siderolabs/talos/commit/cf087c1e01bc1226049a57186f48b2e6b5739c5c) test: bird2 extension
+* [`13df94388`](https://github.com/siderolabs/talos/commit/13df943884a59bd1d42721ba42bcb36349d40624) fix: adapt SELinuxSuite.TestNoPtrace to new strace version
+* [`861787c38`](https://github.com/siderolabs/talos/commit/861787c380bff3ba2fa29f49837bc173a2719578) fix: mark secureboot as supported for metal
+* [`04e3e87ad`](https://github.com/siderolabs/talos/commit/04e3e87adcbd24ee0d82dce4cc27121d34d316f4) fix: clean up kubelet mounts
+* [`21057903a`](https://github.com/siderolabs/talos/commit/21057903a2ca01d88cc5f97c084567d1981f73c5) fix: clear provisioning data on SideroLink config change
+* [`0f9f4c05f`](https://github.com/siderolabs/talos/commit/0f9f4c05ffad9413e1f1533c68eae38dc91c9716) feat: update Kubernetes to 1.35.0-rc.0
+* [`d4309d7b1`](https://github.com/siderolabs/talos/commit/d4309d7b1aec9d2852173fd704b09dfabe2cf217) fix: add a timeout for DNS resolving for NTP
+* [`dd6c1089c`](https://github.com/siderolabs/talos/commit/dd6c1089c8f30d815c80ab10544a0fef27ddd14c) feat: update Linux to 6.18.0
+* [`e9a30bf9a`](https://github.com/siderolabs/talos/commit/e9a30bf9a8ee55ab9ae5d9c9a18362434b0202ad) test: revert add direct connectivity CA rotation test
+* [`cc95562bc`](https://github.com/siderolabs/talos/commit/cc95562bc830496986a395cdde352d48d4a1d146) fix: don't disable LACP by default
+* [`c9fe4679b`](https://github.com/siderolabs/talos/commit/c9fe4679bf9c1dcdf175b95a02f1eaacab4ff085) test: add platform acquire/not valid config unit-test
+* [`5a03a7a20`](https://github.com/siderolabs/talos/commit/5a03a7a20acffa8eedf40524f8d070e37e41f24e) chore: fix longhorn test
+* [`a0cfc3527`](https://github.com/siderolabs/talos/commit/a0cfc3527481c4784edf87c3d7823b10a21d1e4d) feat: implement logs persistence
+* [`51b732bea`](https://github.com/siderolabs/talos/commit/51b732beabc9948e58f9aa4d81b79afb9bd61243) fix: selection of boot entry
+* [`18f8ac369`](https://github.com/siderolabs/talos/commit/18f8ac369ba52f2640508134d3983f006f698129) feat: update Kubernetes to 1.35.0-beta.0
+* [`92fa7c5e4`](https://github.com/siderolabs/talos/commit/92fa7c5e43da96a492003a2c9184cf818fbbb9f0) chore: update pkgs for NVIDIA 580.105.08
+* [`f489299b6`](https://github.com/siderolabs/talos/commit/f489299b603a2aff0f292fa941ae8925fdda3492) chore: correct condition for running k8s integration tests
+* [`ab149750d`](https://github.com/siderolabs/talos/commit/ab149750d475ef059debfc3730e9e0a32ad6e601) chore: update tools/pkgs to 1.13.0-alpha.0
+* [`87ff9f860`](https://github.com/siderolabs/talos/commit/87ff9f8606e04fe99e23261418a762372647b077) test: fix the image-factory test to pass IF endpoint
+* [`2ffe538e7`](https://github.com/siderolabs/talos/commit/2ffe538e7307f0ac3dbac2eba4b36ea98162ec78) test: add direct connectivity CA rotation test
+* [`70f6b80e0`](https://github.com/siderolabs/talos/commit/70f6b80e03acd507580211724cc51b7867bf8a76) chore(ci): skip multipath extension tests
+* [`561cfb60c`](https://github.com/siderolabs/talos/commit/561cfb60c313a9bdc70ed2ff2729549bc8c50fcb) chore: update pkgs and tools version
+* [`2f42202a7`](https://github.com/siderolabs/talos/commit/2f42202a7ccee0e33e43b2081929b5510db5d713) fix: simplify OOM expression
+* [`7b06ae8c2`](https://github.com/siderolabs/talos/commit/7b06ae8c2cf1069cb77cddee0986afc5af837bcc) test: fix flaky LinkSpec/Wireguard test
+* [`e715f3871`](https://github.com/siderolabs/talos/commit/e715f387137fa566a4824c051b624e013a93c49f) feat: present kernel log as `talosctl logs kernel`
+* [`e2ee39b8a`](https://github.com/siderolabs/talos/commit/e2ee39b8ac54ada49dd0a7ffaab4b0ae5d684792) fix: support specifying patch file without '@' symbol
+* [`e202b1f9e`](https://github.com/siderolabs/talos/commit/e202b1f9e82823aa5b31625024bce65bcc53b29f) fix: trim trailing dots from certificate SANs
+* [`7f7079f9c`](https://github.com/siderolabs/talos/commit/7f7079f9c0fbb30ce781aa1223d7df1a175a6206) fix: assign value of multicast setting properly
+* [`eba96141e`](https://github.com/siderolabs/talos/commit/eba96141e0afc147af9a8f1969e207501232b1de) feat: update etcd to 3.6.6
+* [`9945ceef3`](https://github.com/siderolabs/talos/commit/9945ceef37b13bc6e93637dcf395a8c9019e60ed) docs: add API Server Cipher Suites changelog
+* [`9ed488d09`](https://github.com/siderolabs/talos/commit/9ed488d09648c09a9a5c1ed6a5cd245b84cd415d) feat: update TLS cipher suites for API server
+* [`f1c04e4d6`](https://github.com/siderolabs/talos/commit/f1c04e4d6af14243a328d22bf810f27b13d83898) feat: generate mirrors patch
+* [`a89108995`](https://github.com/siderolabs/talos/commit/a89108995ff13fbbef0bf5cbf429cede5ff81078) fix: add CA subject to generated certificate
+* [`35dd612a5`](https://github.com/siderolabs/talos/commit/35dd612a5e59d8781e147fc36eb14f3e8bc66811) fix: add more resilient move
+* [`83675838f`](https://github.com/siderolabs/talos/commit/83675838f3655b44cbd850fd82b4d17acfb00c33) feat: extend flags of cache-cert-gen
+* [`80ab7a064`](https://github.com/siderolabs/talos/commit/80ab7a0643fc8057283a8ba3eb912d0ee453c143) chore: remove spammy 'clean up unused volumes' logs
+* [`74d35900a`](https://github.com/siderolabs/talos/commit/74d35900af0f6451426b70eec3b6db4b72eb993c) chore: disable k8s integration tests for 1GiB worker nodes
+* [`4f6218674`](https://github.com/siderolabs/talos/commit/4f621867407ec8f568f67833172ebaf2ff400346) feat: support TALOS_HOME env var
+* [`0c59b3ea3`](https://github.com/siderolabs/talos/commit/0c59b3ea3f6bc49cef409a1456b4ffa3bf1d28df) feat: add multicast to linkconfig
+* [`6db06f4d5`](https://github.com/siderolabs/talos/commit/6db06f4d5d51abd9e80ead6e4417f0f68856c569) feat: implement multicast setting
+* [`eeded98f5`](https://github.com/siderolabs/talos/commit/eeded98f527a230c65cb041a29fefc5f693d9879) fix: add riscv64 talosctl to release artifacts
+* [`a6bbae91b`](https://github.com/siderolabs/talos/commit/a6bbae91bad56328851fa91e01c17b8af7340b3c) fix: fix typos across the project
+* [`83f2bdb9c`](https://github.com/siderolabs/talos/commit/83f2bdb9ce6c9466716a6ac9c94dc2222e569ee8) feat: support relative voume size
+</p>
+</details>
+
+### Changes since v1.13.0-rc.0
+<details><summary>25 commits</summary>
+<p>
+
+* [`5e2fc260a`](https://github.com/siderolabs/talos/commit/5e2fc260a8c189e1ab77553dfa7c96b12db4a7db) fix: revert add extraArgs from service-account-issuer
+* [`17448fcd2`](https://github.com/siderolabs/talos/commit/17448fcd29d5b09f99225767d9c678e05f278d69) fix: revert use append instead of prepend in service-account-issuer
+* [`4b9fe000f`](https://github.com/siderolabs/talos/commit/4b9fe000f491766618edacd5719d5c415a04b38f) feat: add quirk for talosctl factory downloads
+* [`f62c33113`](https://github.com/siderolabs/talos/commit/f62c331130fc8a6bf3c2ee17c85b209811cc8956) refactor: make all controller unit-test follow modern patterns
+* [`cd317d533`](https://github.com/siderolabs/talos/commit/cd317d53306d09074d2cc222219e520c18f8057d) feat: support auth for Image Factory in cluster create
+* [`92ca9e16f`](https://github.com/siderolabs/talos/commit/92ca9e16f95c58fc8a1e4afca6dbe8d3c42b67ba) feat: update Kubernetes to v1.36.0
+* [`e9afea74d`](https://github.com/siderolabs/talos/commit/e9afea74d6fe57b4d611d24c75f42a196a7d690c) test: fix OOM test flake
+* [`d34a61c8d`](https://github.com/siderolabs/talos/commit/d34a61c8d1fd837477c0a8d42b02ce48dde9f971) fix(talosctl): ensure uncordon runs after reboot/upgrade errors
+* [`f9531d352`](https://github.com/siderolabs/talos/commit/f9531d35291c42bcfa594fbec283cfc48e540c3e) test: fix a flake in the manifest sync test
+* [`9f04f2c4e`](https://github.com/siderolabs/talos/commit/9f04f2c4ef3a8ace0c07c50fa633da40dda83835) fix: watch kubelet's kubeconfig and time out for cache sync
+* [`f3bab2baf`](https://github.com/siderolabs/talos/commit/f3bab2baf2172c40190270d96c73ec5dc42b9833) chore(ci): nvidia update helm values
+* [`d4d018b54`](https://github.com/siderolabs/talos/commit/d4d018b546fd6a6e48585ff88f610d20076cdc7a) fix: propagate route table down to the resource
+* [`ffa0bcf61`](https://github.com/siderolabs/talos/commit/ffa0bcf61a6f5cb388a7ecaadabb974b6570b385) chore(ci): bump gpu operator version
+* [`8035e6e49`](https://github.com/siderolabs/talos/commit/8035e6e49b4b5b5ac1f7f2526df48cd272f04d40) fix: do not flip machine stage to rebooting during shutdown
+* [`10606bdfe`](https://github.com/siderolabs/talos/commit/10606bdfe897bc4279fa5e6d1d038fefa0fefab4) fix: boot entry detection
+* [`23393a5ea`](https://github.com/siderolabs/talos/commit/23393a5ea3a4644f1a2c1f18c17c4a69b58c7f92) fix: zfs extensions test
+* [`a922d1540`](https://github.com/siderolabs/talos/commit/a922d1540cf462f7fccb5e97e7ff1d7d9456334f) fix: return failed precondition on upgrade when not installed
+* [`252799a00`](https://github.com/siderolabs/talos/commit/252799a00bdb7a0cdb7f05226593841999a8c45b) fix: reduce memory dashboard usage
+* [`8180cb11c`](https://github.com/siderolabs/talos/commit/8180cb11c946844169595236bc40332985a7421d) fix: wrong slot of encryption key was logged
+* [`b6bcd47e6`](https://github.com/siderolabs/talos/commit/b6bcd47e6c87df15e8b08f8e27ecc2ae7c53ecd3) feat: update Flannel to 0.28.4
+* [`370c035ab`](https://github.com/siderolabs/talos/commit/370c035ab6e5995987e27d3308daae07a683a8fb) fix: audit trustd code for security
+* [`3e1c6fd84`](https://github.com/siderolabs/talos/commit/3e1c6fd84ba907fdf255cbc0706251e36cb73816) chore: bump container registry library
+* [`dacd73313`](https://github.com/siderolabs/talos/commit/dacd733137d5b564b38adf62e44915ff19636de8) chore: update sign images to support image name suffix
+* [`1a519a410`](https://github.com/siderolabs/talos/commit/1a519a4108f01b0c9981c53ef8de8192963b26ed) test: allow more tests to run in FIPS strict mode
+* [`cb969aa9f`](https://github.com/siderolabs/talos/commit/cb969aa9f8d641056bb7ee360023eb5ec88fb91c) feat: update Linux to 6.18.24
+</p>
+</details>
+
+### Changes from siderolabs/crypto
+<details><summary>1 commit</summary>
+<p>
+
+* [`6d82f0c`](https://github.com/siderolabs/crypto/commit/6d82f0cf90e9e9b41c5d1cec7d011361ef4649aa) fix: bump minimum TLS version to v1.3
+</p>
+</details>
+
+### Changes from siderolabs/discovery-api
+<details><summary>2 commits</summary>
+<p>
+
+* [`9c06846`](https://github.com/siderolabs/discovery-api/commit/9c06846e6f9f4f5765d5e431f8e25dc44a7ff337) feat: change the way excluded addresses are specified
+* [`f71a14a`](https://github.com/siderolabs/discovery-api/commit/f71a14a251c1e267d7a3701342563965947cc76f) feat: add advertised filters to discovery data
+</p>
+</details>
+
+### Changes from siderolabs/discovery-client
+<details><summary>2 commits</summary>
+<p>
+
+* [`854400f`](https://github.com/siderolabs/discovery-client/commit/854400f23398f74660606d138383e7d9cfbe3b8b) feat: bump discovery API to v0.1.8
+* [`0a4c6fd`](https://github.com/siderolabs/discovery-client/commit/0a4c6fd36e01eb2395d8fd15cfe5f5cc8d5ae328) chore: update dependencies and rekres
+</p>
+</details>
+
+### Changes from siderolabs/go-cmd
+<details><summary>2 commits</summary>
+<p>
+
+* [`5f31ba9`](https://github.com/siderolabs/go-cmd/commit/5f31ba92aa18c3f9a5c39b9f65b6beb9c55c6fac) chore: rekres and update
+* [`fff5698`](https://github.com/siderolabs/go-cmd/commit/fff56983373a4e3e37120fa159444e04a4ef580a) feat: allow capturing full output to stdout, modernize API
+</p>
+</details>
+
+### Changes from siderolabs/go-debug
+<details><summary>1 commit</summary>
+<p>
+
+* [`47fce68`](https://github.com/siderolabs/go-debug/commit/47fce68bb9d064757e11a7a3a81ed1a0b9d7124d) feat: support Go 1.26, rekres
+</p>
+</details>
+
+### Changes from siderolabs/go-kmsg
+<details><summary>3 commits</summary>
+<p>
+
+* [`b53b36d`](https://github.com/siderolabs/go-kmsg/commit/b53b36d2537180631f4e39c8054920535b26f49b) chore: rekres and update
+* [`6f7d20b`](https://github.com/siderolabs/go-kmsg/commit/6f7d20b8223a117e3365198e8a20d254aff3241c) feat: calculate boot time correctly if the time jumps
+* [`47655ee`](https://github.com/siderolabs/go-kmsg/commit/47655eefbc8d31532c066f6d9b50a5490e5a6ad1) feat: support PRINTK_CALLER kmsg logs
+</p>
+</details>
+
+### Changes from siderolabs/go-kubernetes
+<details><summary>17 commits</summary>
+<p>
+
+* [`503792d`](https://github.com/siderolabs/go-kubernetes/commit/503792def8b9637db48b579acc020172afdb9aca) chore: add retry to main kubernetes operations
+* [`6a00c4f`](https://github.com/siderolabs/go-kubernetes/commit/6a00c4f881af8d60161c7327786ce275a49bfb56) feat: handle CR defined alongside their CRD in the same apply
+* [`4ff2602`](https://github.com/siderolabs/go-kubernetes/commit/4ff2602c71028a003377f8014a911361ab2f059f) feat: update deprecations to Kuberntes 1.36.0-beta.0
+* [`691a26b`](https://github.com/siderolabs/go-kubernetes/commit/691a26b3942715c406336c9e86637973b03f8ba2) feat: add StateProvider for per-node COSI state in upgrade checks
+* [`92163c3`](https://github.com/siderolabs/go-kubernetes/commit/92163c3b39f1ff3d397d4a76bf4ea249f78931b1) fix: set a the context logger
+* [`8364add`](https://github.com/siderolabs/go-kubernetes/commit/8364adde88787b50a6f27cd3afc3e450fd792e3d) chore: small improcements to ssa package
+* [`a95f3bf`](https://github.com/siderolabs/go-kubernetes/commit/a95f3bfbf574cd58f7d62a3e4f70def7431e686e) chore: add helper functions for CLI applications
+* [`f2c063b`](https://github.com/siderolabs/go-kubernetes/commit/f2c063b901463b9e306a2cb521c70f2940a18d27) test: add integration tests for ssa logic
+* [`9de92cf`](https://github.com/siderolabs/go-kubernetes/commit/9de92cf34056909e8f27adfc7ae7abfb2387739b) refactor: drop k8s.io/utils
+* [`8e6f068`](https://github.com/siderolabs/go-kubernetes/commit/8e6f06812ff7b3404822bbd670e397769e8d698a) fix: bring back legacy sync
+* [`de675a0`](https://github.com/siderolabs/go-kubernetes/commit/de675a0027700d5a455ca7e3b1caa9679f47a0e7) fix: stop using custom dialer for Kubernetes client
+* [`e7a89c3`](https://github.com/siderolabs/go-kubernetes/commit/e7a89c34ab93052f84a8d387adbb69782bdb28bc) refactor: use fluxcd/ssa instead of kubernetes cli-utils for ssa
+* [`0a235c0`](https://github.com/siderolabs/go-kubernetes/commit/0a235c069d7d1cbf18a83cf73e23fed3e861a60b) feat: add early support for Kubernetes 1.36
+* [`3bea212`](https://github.com/siderolabs/go-kubernetes/commit/3bea21294056bf7cd894c9fe257eae423e8e2a28) fix: use new Myers diff algorithm
+* [`604c56b`](https://github.com/siderolabs/go-kubernetes/commit/604c56b7251e8ec03b644b47c69ee08d6f25780b) chore: extract common code to the go-kubernetes package
+* [`ec0e3ae`](https://github.com/siderolabs/go-kubernetes/commit/ec0e3aefdeb332f4a44e669c9f7eb877b5f50963) chore: expose more ssa options
+* [`ad2fccd`](https://github.com/siderolabs/go-kubernetes/commit/ad2fccd09d137231f5a8187643782e0e1c661c44) feat: add SSA and pruning support
+</p>
+</details>
+
+### Changes from siderolabs/go-pcidb
+<details><summary>1 commit</summary>
+<p>
+
+* [`415c30c`](https://github.com/siderolabs/go-pcidb/commit/415c30c33a54231b4461c7d26e3a8704f6afabbd) feat: update PCIDB to the latest as of March 2026
+</p>
+</details>
+
+### Changes from siderolabs/go-talos-support
+<details><summary>3 commits</summary>
+<p>
+
+* [`387b869`](https://github.com/siderolabs/go-talos-support/commit/387b8695b02ceba6e74b0be84cc4ac9a9d6036e2) fix: marshal Talos resources as YAML
+* [`6ec24a7`](https://github.com/siderolabs/go-talos-support/commit/6ec24a737729cc705ec7fc9c40e142ea2e127f32) feat: add per-node Talos client provider for support bundle collection
+* [`5e0155f`](https://github.com/siderolabs/go-talos-support/commit/5e0155fbc72db1490d21b07063dd2b35dfe48360) fix: add trailing new line when writing to logger
+</p>
+</details>
+
+### Changes from siderolabs/kms-client
+<details><summary>3 commits</summary>
+<p>
+
+* [`296bf9a`](https://github.com/siderolabs/kms-client/commit/296bf9a1085bd1a8dd06ba81b6969dddf196133c) feat: add logging to the KMS server
+* [`2d6b082`](https://github.com/siderolabs/kms-client/commit/2d6b08285a1506bcc3c866227790f2435c3f0f9c) feat: add TLS support for KMS server
+* [`4233ecd`](https://github.com/siderolabs/kms-client/commit/4233ecd1e8062da6c1131501fa6f2c80a3be686e) chore: bump deps, rekres
+</p>
+</details>
+
+### Changes from siderolabs/pkgs
+<details><summary>103 commits</summary>
+<p>
+
+* [`f3829f7`](https://github.com/siderolabs/pkgs/commit/f3829f74e42d79098656d9e60786caf30aa659ce) feat: bump kernel to 6.18.24
+* [`3f77148`](https://github.com/siderolabs/pkgs/commit/3f771488f905bc49c8545b3084245a3ef19c5d7a) feat: update Linux to 6.18.23
+* [`9243d0d`](https://github.com/siderolabs/pkgs/commit/9243d0d37c3e189a25f38a1b744db742e5286932) feat: update tools/toolchain to 1.13.0
+* [`b121566`](https://github.com/siderolabs/pkgs/commit/b1215665e2cff66ed18413f259bafbbd05dcab80) fix: support disabling module signature verification
+* [`a02d120`](https://github.com/siderolabs/pkgs/commit/a02d120a56b86fa3845955ba0f00de62f9b1f73d) feat: update containerd to 2.2.3
+* [`a65a3e3`](https://github.com/siderolabs/pkgs/commit/a65a3e32206e22d3cf574d328b79cb7883f996b8) feat: enable CONFIG_UHID and CONFIG_INPUT_JOYDEV as modules
+* [`89776b8`](https://github.com/siderolabs/pkgs/commit/89776b8d18173fb21b2bd5c534c87b2f18042649) feat: update runc to 1.4.2
+* [`9ab4f1b`](https://github.com/siderolabs/pkgs/commit/9ab4f1b49b6af721dec6b36792f4749fa24bef33) feat: update backportable dependencies
+* [`7c122c4`](https://github.com/siderolabs/pkgs/commit/7c122c4b9a873b376255f2871fd727f4c181a375) feat: update Go to 1.26.2 and small deps updates
+* [`ddd56d2`](https://github.com/siderolabs/pkgs/commit/ddd56d25754878b199c0920ca8c800c20c9dadc0) feat: disable dynamic SCS
+* [`5d027c4`](https://github.com/siderolabs/pkgs/commit/5d027c4ba872aa5aa18d7af47558164e03c340fc) feat: update Linux to 6.18.21
+* [`46c12db`](https://github.com/siderolabs/pkgs/commit/46c12db72db1cddf07900a91f102dbc177c7b51d) fix: libarchive install prefix
+* [`142b074`](https://github.com/siderolabs/pkgs/commit/142b074fabc50ebf8d0db7a6a836ccbe3cb809fc) feat: update for musl 1.2.6
+* [`4ef2ff4`](https://github.com/siderolabs/pkgs/commit/4ef2ff419cd70451e8a4ab0d7ed82f500f4584d5) feat: update NVIDIA production to 595.58.03
+* [`1d3bbca`](https://github.com/siderolabs/pkgs/commit/1d3bbca7ab7aafb65f4249fd0eae1449437dd7ea) feat: update Linux to 6.18.19
+* [`0982fac`](https://github.com/siderolabs/pkgs/commit/0982fac3e4d4307a6e2cd8d53436007aee3e164e) feat: update containerd patch verifier role
+* [`6d3cd66`](https://github.com/siderolabs/pkgs/commit/6d3cd668373f4483174d035a0426d62631f529bc) feat: enable CHECKPOINT_RESTORE option
+* [`83f5bcd`](https://github.com/siderolabs/pkgs/commit/83f5bcd9e3d02efc350356cbedb1c84acd00ca6e) chore: update toolchain and tools
+* [`4f784de`](https://github.com/siderolabs/pkgs/commit/4f784de3801022a00691a4aac516b1f9a0b4d451) fix: install apparmor parser require config files
+* [`559b1be`](https://github.com/siderolabs/pkgs/commit/559b1bee1299d621308d844128eede7875ed75e8) feat: enable AMD GPU peer-to-peer DMA
+* [`77194e4`](https://github.com/siderolabs/pkgs/commit/77194e453b6e53392cbef215d0e78f2f75ebccb0) fix: disable CONFIG_RT_GROUP_SCHED
+* [`02ee1e3`](https://github.com/siderolabs/pkgs/commit/02ee1e3a7bdc0a04ab44a40f938253c780eccd44) feat: backportable deps update
+* [`21af1c3`](https://github.com/siderolabs/pkgs/commit/21af1c372f5a45be6ac18adac89935dc6311e07e) feat: bump deps
+* [`6935f6f`](https://github.com/siderolabs/pkgs/commit/6935f6f2f5eca79706a9a3403178980cdc7faf7d) feat(kernel): enable CONFIG_USB_UHCI_HCD on amd64
+* [`2c89e9f`](https://github.com/siderolabs/pkgs/commit/2c89e9fbfc5b09e161426b9584712e8c382b3bce) feat: update containerd to 2.2.2
+* [`866939b`](https://github.com/siderolabs/pkgs/commit/866939b2e9d663446d0a86cba3d522146ae141ba) feat: update tools with LLVM 22.1
+* [`13d00e0`](https://github.com/siderolabs/pkgs/commit/13d00e0b85949826e100f9397a750f762b606adf) feat: enable dynamic preemption support
+* [`7d0cc32`](https://github.com/siderolabs/pkgs/commit/7d0cc32570c5a0b873e2fba70aa8d403bd5d5cd0) feat: update Linux 6.18.16, NVIDIA, ZFS
+* [`ef3a7c8`](https://github.com/siderolabs/pkgs/commit/ef3a7c83b6f8c6106de6ebbc48eedecabf7187f4) feat: update Go to 1.26.1
+* [`8148601`](https://github.com/siderolabs/pkgs/commit/8148601ca6a24f3bb39d0ce45e0e8754dc2c3bd4) feat: add containerd patch to verify images
+* [`b7c7ab2`](https://github.com/siderolabs/pkgs/commit/b7c7ab22a9f9ce01f665086ef9d50eefa6d90cd1) feat: update Linux to 6.18.15
+* [`830fbac`](https://github.com/siderolabs/pkgs/commit/830fbacedf58be78ce84a0347a9346aab8d68613) feat: enable CONFIG_USB_IPHETH kernel module
+* [`adc1714`](https://github.com/siderolabs/pkgs/commit/adc1714e9b79cb6aff298384ed37473f2a81a77e) feat: update Linux to 6.18.14
+* [`3c982f8`](https://github.com/siderolabs/pkgs/commit/3c982f8df278cf76a7fd421711eaf23bdbf3e948) chore: update deps
+* [`d065c59`](https://github.com/siderolabs/pkgs/commit/d065c5993c5994bc855c2894b5d8ab671c98ee28) feat: update Linux firmware to 20260221
+* [`773ea3a`](https://github.com/siderolabs/pkgs/commit/773ea3a035cf01d01228cb95993dec17df77dd2c) feat: update Linux to 6.18.13
+* [`6ca02b3`](https://github.com/siderolabs/pkgs/commit/6ca02b3129118749b2da47c5cfd6f25c377c0360) fix: make udev rules read only
+* [`520141c`](https://github.com/siderolabs/pkgs/commit/520141cd49b156e3db33496f187360acc85c3e1f) feat: enable kernel irq time accounting
+* [`8f6df51`](https://github.com/siderolabs/pkgs/commit/8f6df518459513a107786b7020df3d9546d64e27) feat: enable CONFIG_HID_MULTITOUCH
+* [`6934b50`](https://github.com/siderolabs/pkgs/commit/6934b5057f6996997420d43fbe620729c8cf22d5) feat: add patch for Cilium BPF verifier rejection by the kernel
+* [`5760aa7`](https://github.com/siderolabs/pkgs/commit/5760aa774e043d121921304863d335db7e9e9adf) feat: enable MLX5 Scalable Functions and TC offload in kernel
+* [`c0c8bc5`](https://github.com/siderolabs/pkgs/commit/c0c8bc56eb19aa4b4246c1813ab284b329ee9ffe) feat: enable CONFIG_DRM_ACCEL and IVPU on amd64
+* [`b9cc39d`](https://github.com/siderolabs/pkgs/commit/b9cc39dcbbfb79141a644e614fb5e62da3fd93aa) feat: build kernel with Clang and ThinLTO, update Go to 1.26
+* [`3327386`](https://github.com/siderolabs/pkgs/commit/33273866b175bd09a1d1bbfd47a41798537cb1b0) chore: drop mellanox-ofed
+* [`9013985`](https://github.com/siderolabs/pkgs/commit/9013985d859828105d9e3cd60c08e44fc4e11d07) feat: update dependencies
+* [`17196f5`](https://github.com/siderolabs/pkgs/commit/17196f595e7347e1f233cf5c9a1f16d90ce4e04d) feat: update NVIDIA LTS to 580.126.16
+* [`8f53ad2`](https://github.com/siderolabs/pkgs/commit/8f53ad27bc7f70f4475cf71cabf7f86b1e20d794) feat: update Linux to 6.18.9
+* [`eff5ba0`](https://github.com/siderolabs/pkgs/commit/eff5ba0d0e720ca4e1e2ed58c0719490b7f6826b) feat: enable ip6_gre
+* [`605ac0d`](https://github.com/siderolabs/pkgs/commit/605ac0d9cbb88be263618a553bbb1be785af2e97) chore: update deps
+* [`7670ff4`](https://github.com/siderolabs/pkgs/commit/7670ff45458bd39f5ca6076ba4eb65f0b68cf2e4) feat: enable NFT_BRIDGE config
+* [`dc737a6`](https://github.com/siderolabs/pkgs/commit/dc737a68c470c9498ec11bde09196809355d2463) chore: update kernel
+* [`9b118b3`](https://github.com/siderolabs/pkgs/commit/9b118b3d0fe7f0df06a069065b86ab307fef3375) chore: update deps
+* [`a63c227`](https://github.com/siderolabs/pkgs/commit/a63c2276eea0013463487cebf95ee35a37c5d9f6) feat: update OpenSSL to v3.6.1
+* [`da7ab57`](https://github.com/siderolabs/pkgs/commit/da7ab5776bd1a6c551bfc6fe5919114721da0e1f) feat: add px-fuse pkg
+* [`553e0fb`](https://github.com/siderolabs/pkgs/commit/553e0fb70f076a8bc53e283253b30ff819e627ff) feat: enable dm-integrity
+* [`15a3cdf`](https://github.com/siderolabs/pkgs/commit/15a3cdf54884d5169895a1ff46682373688ac5e2) feat: update Linux to 6.18.6
+* [`b518a19`](https://github.com/siderolabs/pkgs/commit/b518a196de93dd33e70faaff2342f67acb7dc49b) feat: update dependencies
+* [`1b4fbf5`](https://github.com/siderolabs/pkgs/commit/1b4fbf56b270d5669116fa0d8f91a3b9495e0d97) feat: update GRUB to 2.14
+* [`30bc671`](https://github.com/siderolabs/pkgs/commit/30bc671d4be566ebf60b820edd54000616262e79) fix: enable pinctrl for Raspberry Pi 5
+* [`375983f`](https://github.com/siderolabs/pkgs/commit/375983f4685484a8be5796f815629a9a0d8bd146) feat: update Go to 1.25.6
+* [`d445c80`](https://github.com/siderolabs/pkgs/commit/d445c8076b7dd18b04f48e0a7e5cc2e50b3064d0) feat: update Linux to 6.18.5
+* [`6994400`](https://github.com/siderolabs/pkgs/commit/69944002f9ee681220dcb23031c23ee327e6c1f2) feat: update NVIDIA LTS and production driver versions
+* [`05c3d85`](https://github.com/siderolabs/pkgs/commit/05c3d856b7de6eb64af718d7266a5adf15e1224b) feat: update Linux firmware to 20260110
+* [`c61b466`](https://github.com/siderolabs/pkgs/commit/c61b466e130015b44962e7ef3bc1e9bec935b1df) feat: enable IT87 hwmon module
+* [`ae2572e`](https://github.com/siderolabs/pkgs/commit/ae2572e894a3d8d951418d447ec02f6cc65c8e72) feat: enable IPV6_MROUTE
+* [`d6b503e`](https://github.com/siderolabs/pkgs/commit/d6b503e0fe75d52f83d656a3460cb3614b352e51) feat: add RK3588 NPU Support
+* [`df4b4c8`](https://github.com/siderolabs/pkgs/commit/df4b4c885d4aabf702ce03bcb341f5b5f3641d76) feat: bump deps
+* [`a220898`](https://github.com/siderolabs/pkgs/commit/a2208985bd756ef6366497c5f9768e814b3f7583) feat: add libarchive
+* [`c2371b5`](https://github.com/siderolabs/pkgs/commit/c2371b5582836e27b3e80c4404c4ff5fbed90291) feat: enable ZRAM support
+* [`ab4d169`](https://github.com/siderolabs/pkgs/commit/ab4d169ad93203ba56b0677a10e78eb3e623762e) feat: add a patch to force uid when populating from a directory
+* [`972f44d`](https://github.com/siderolabs/pkgs/commit/972f44d5dae53809ef337544c52c835373439d34) feat: update dependencies
+* [`f8eb5b0`](https://github.com/siderolabs/pkgs/commit/f8eb5b02aaebaf76c59e71f57f4a689dc727e769) feat: update Linux to 6.18.2
+* [`3fb6291`](https://github.com/siderolabs/pkgs/commit/3fb629109a7e5f9650d0e641ff5076a29c319448) feat: update systemd to 259
+* [`59241bd`](https://github.com/siderolabs/pkgs/commit/59241bd58eeb07a18af1c9fc8fffff6365ecca0d) fix: add SBOMs for pigz/igzip
+* [`9377c78`](https://github.com/siderolabs/pkgs/commit/9377c786d112b4181f1e373f6e513130f11b7801) feat: optimize decompression for containerd
+* [`e8e61ce`](https://github.com/siderolabs/pkgs/commit/e8e61cedbbd687ed958db992e05b5d59e4a8ea60) feat: update containerd to 2.2.1
+* [`daa74ba`](https://github.com/siderolabs/pkgs/commit/daa74bab83f91bbc4b6c42625d2953299d5fe20a) feat: support xfs filesystem reproducibility
+* [`1f66513`](https://github.com/siderolabs/pkgs/commit/1f665130fbda76478c261dd54e3843c15027c9cd) feat: update OpenZFS to 2.4.0
+* [`b209af5`](https://github.com/siderolabs/pkgs/commit/b209af5baf1a67472ef431e5a8b7d48022392a1e) chore: rekres with latest changes
+* [`2b806b9`](https://github.com/siderolabs/pkgs/commit/2b806b9b2a7e05b97c2a7e8572e3a8edbd3721d3) feat: bump dependencies
+* [`65242fd`](https://github.com/siderolabs/pkgs/commit/65242fd0fef5c9c923aacce23d1655bad0d1b3e3) feat: enable CONFIG_MISC_RP1 in ARM64 config
+* [`4daecd8`](https://github.com/siderolabs/pkgs/commit/4daecd8e7b8d87110a9e552a60a5394014294e08) feat: update Linux to 6.18.1
+* [`9868a66`](https://github.com/siderolabs/pkgs/commit/9868a66e3c000f505c97ff68e61abac9c9e8e4c9) feat: enable Powercap and Intel RAPL
+* [`07883ee`](https://github.com/siderolabs/pkgs/commit/07883eee3729d4d3adaaebcd825452934c3baebb) feat: build and package perf binary
+* [`47abca0`](https://github.com/siderolabs/pkgs/commit/47abca0852b9555d88eba61661c65a7f93ec3590) fix: add json support to nftables binary
+* [`b961ff8`](https://github.com/siderolabs/pkgs/commit/b961ff898fc9eae68d7f3cea2ca22ff4d0b9c99d) feat: patch containerd 2.2.0 with cgroups fix patch
+* [`b7dd7f6`](https://github.com/siderolabs/pkgs/commit/b7dd7f6c809f670f058b78fd3b84f4cb977771cb) feat: add mstflint module
+* [`ae53351`](https://github.com/siderolabs/pkgs/commit/ae5335198e009da7b06bc0f0d6f42b0947650fc0) feat: update ZFS to 2.4.0-rc5
+* [`b8edf01`](https://github.com/siderolabs/pkgs/commit/b8edf0168171ffc5b87fcd962e37d5c2cd25b687) feat: update CNI plugins to v1.9.0
+* [`a57c1b0`](https://github.com/siderolabs/pkgs/commit/a57c1b0c9d143559a87b64fe9570eec39c14a771) feat: enable amd sev-snp
+* [`68562c1`](https://github.com/siderolabs/pkgs/commit/68562c1b4cdba656287021a1694440b2a7e4d24d) feat: update Linux to 6.18
+* [`6f4ff8c`](https://github.com/siderolabs/pkgs/commit/6f4ff8cc9f57452707588c05e5ca4e80c56548d2) feat: enable Amlogic Meson PCIe controller driver
+* [`c41127b`](https://github.com/siderolabs/pkgs/commit/c41127b94d22b9a5cb6b93f49b546f2ff477410c) feat: enable Intel GPIO/Pinctrl kernel modules
+* [`4a31ff7`](https://github.com/siderolabs/pkgs/commit/4a31ff7dd5c9266b68abded53a7399cb8102f4e3) feat: update NVIDIA LTS to 580.105.08
+* [`3e858d3`](https://github.com/siderolabs/pkgs/commit/3e858d3fa5b2719d8d83397fb89c2ffc91f86615) chore: fork pkgs for Talos 1.13
+* [`dcc5aa1`](https://github.com/siderolabs/pkgs/commit/dcc5aa1e71d6b2e9374d41029a2e6de22dbc61ce) feat: update runc to 1.3.4
+* [`8b6ae5b`](https://github.com/siderolabs/pkgs/commit/8b6ae5b7fc22c3bb2df4bbe31190ff90b0986e6f) fix: regenerate configs
+* [`2992598`](https://github.com/siderolabs/pkgs/commit/29925980896df1978a020505b2b061ffdbd240c7) fix: add missing kernel config entries
+* [`c8ea18a`](https://github.com/siderolabs/pkgs/commit/c8ea18a0873f5b31c54d567ef97d8d05634eb506) feat: rekres to alow multiple commits
+* [`2ddef8b`](https://github.com/siderolabs/pkgs/commit/2ddef8b65755610fc6dbb3f1fb976a6bc572478f) chore: update dependencies
+* [`d1f28e0`](https://github.com/siderolabs/pkgs/commit/d1f28e058972174af9ac819783a69f5f6596b37d) chore: update dependencies
+* [`ab253f5`](https://github.com/siderolabs/pkgs/commit/ab253f521d95b30710e258ebb54adbb7b8de8970) feat: enable gpio-fan module
+* [`0b10666`](https://github.com/siderolabs/pkgs/commit/0b1066635d9dd255bf0ad936e21099fd4bd03f1e) chore: use ubuntu mirrors
+</p>
+</details>
+
+### Changes from siderolabs/proto-codec
+<details><summary>1 commit</summary>
+<p>
+
+* [`bd9c491`](https://github.com/siderolabs/proto-codec/commit/bd9c491b9e84d7274728ce7e3bde14009f5224bd) chore: bump and update dependencies
+</p>
+</details>
+
+### Changes from siderolabs/tools
+<details><summary>25 commits</summary>
+<p>
+
+* [`a092a07`](https://github.com/siderolabs/tools/commit/a092a07da9ba803e74c5dd2aedb4e4b51b66f594) chore: update toolchain to 1.13.0
+* [`c192d81`](https://github.com/siderolabs/tools/commit/c192d81c5a387453dcbdb80c72e12331342e376a) feat: bump OpenSSL to 3.6.2
+* [`85db03f`](https://github.com/siderolabs/tools/commit/85db03f1ec19c96ac65eba652e261ff516b13f6a) feat: update util-linux to 2.41.4
+* [`136f1de`](https://github.com/siderolabs/tools/commit/136f1dea22e16508568e08d9fb94e7da2f8276df) feat: update musl to 1.2.6
+* [`6d7a2e4`](https://github.com/siderolabs/tools/commit/6d7a2e42f0608dec3a791c0b37cd6c0781295776) chore: update toolchain
+* [`5c753fc`](https://github.com/siderolabs/tools/commit/5c753fc00c75d742638ab870b31acc86eab4e9ab) feat: bump deps
+* [`4075c05`](https://github.com/siderolabs/tools/commit/4075c05e401f2abb049bdd97ff7a16dadd4eebff) feat: update LLVM to 22
+* [`f175a91`](https://github.com/siderolabs/tools/commit/f175a918f8371b02cf486dba533bb981439aec57) feat: update Go to 1.26.1 and other bumps
+* [`9de9770`](https://github.com/siderolabs/tools/commit/9de9770aeffac63ebe0cbd9e02ebe8f77b4a9635) feat: update to Go 1.26
+* [`bd4ae8f`](https://github.com/siderolabs/tools/commit/bd4ae8f69c218c05e143a1a04c5710505b8559f2) feat: add LLVM+Clang+LLD toolchain
+* [`90bd70c`](https://github.com/siderolabs/tools/commit/90bd70c94cf434ff45dcd71d1f3d9435b8243093) feat: update dependencies
+* [`decb988`](https://github.com/siderolabs/tools/commit/decb9887929e8d3b3879d56a984244cfe8ae0213) chore: update deps
+* [`ca26e1c`](https://github.com/siderolabs/tools/commit/ca26e1c38cd0a76eb981db4dad2e6caccb0bbe4d) chore: update deps
+* [`0281af0`](https://github.com/siderolabs/tools/commit/0281af0545e17c409fb32d8db61a7d9b0ad8b1c2) feat: update OpenSSL to 3.6.1
+* [`721ad07`](https://github.com/siderolabs/tools/commit/721ad073f18b41407882727a3f0061e594f6c955) feat: update dependencies
+* [`2b3f514`](https://github.com/siderolabs/tools/commit/2b3f514d42a343d98c79a487e80bd4f225a41b70) fix: reproducible build for nasm
+* [`98c699e`](https://github.com/siderolabs/tools/commit/98c699eb624d0846455f08db77cc14e446cb6db9) feat: update Go to 1.25.6
+* [`cd5eb66`](https://github.com/siderolabs/tools/commit/cd5eb66bb0de4fb468a860e176267c3420b4a3a1) chore: run rekres and update dependencies
+* [`896f8b9`](https://github.com/siderolabs/tools/commit/896f8b9c1f88cd190d11b8ef3baa2c36e73d6dfe) fix: add sbom for zlib-ng
+* [`543a16f`](https://github.com/siderolabs/tools/commit/543a16fedf7170d8b015ea1391817328205e629a) feat: replace zlib -> zlib-ng, add nasm
+* [`b67c1a1`](https://github.com/siderolabs/tools/commit/b67c1a168b302539d2082a5513c4a0130c30e4df) chore: rekres with latest changes
+* [`5e087cb`](https://github.com/siderolabs/tools/commit/5e087cbcd158db1ce4f447145bd76a24d07159a1) feat: bump dependencies
+* [`da96a27`](https://github.com/siderolabs/tools/commit/da96a2771801627b4715f7a13199aa6846f87732) chore: rekres to fix reproducibility
+* [`e283ec8`](https://github.com/siderolabs/tools/commit/e283ec8d3831bb19b26938afb10f4955ea563ce2) feat: update Go to 1.25.5
+* [`c38ff0c`](https://github.com/siderolabs/tools/commit/c38ff0c03be69e5cc3795d9dc055896604a3041c) chore: update to 1.13.0-alpha.0 toolchain
+</p>
+</details>
+
+### Dependency Changes
+
+* **github.com/Azure/azure-sdk-for-go/sdk/azcore**   v1.20.0 -> v1.21.0
+* **github.com/aws/aws-sdk-go-v2/config**            v1.31.20 -> v1.32.12
+* **github.com/aws/aws-sdk-go-v2/feature/ec2/imds**  v1.18.13 -> v1.18.20
+* **github.com/aws/aws-sdk-go-v2/service/acm**       v1.37.22 **_new_**
+* **github.com/aws/aws-sdk-go-v2/service/kms**       v1.46.0 -> v1.50.3
+* **github.com/aws/smithy-go**                       v1.23.2 -> v1.24.2
+* **github.com/containerd/cgroups/v3**               v3.0.5 -> v3.1.3
+* **github.com/containerd/containerd/api**           v1.9.0 -> v1.10.0
+* **github.com/containerd/containerd/v2**            v2.1.5 -> v2.2.2
+* **github.com/containerd/platforms**                v1.0.0-rc.1 -> v1.0.0-rc.2
+* **github.com/containernetworking/plugins**         v1.9.0 -> v1.9.1
+* **github.com/cosi-project/runtime**                v1.12.0 -> v1.14.1
+* **github.com/docker/cli**                          v29.0.0 -> v29.4.0
+* **github.com/gdamore/tcell/v2**                    v2.9.0 -> v2.13.8
+* **github.com/godbus/dbus/v5**                      v5.1.0 -> v5.2.2
+* **github.com/google/cadvisor**                     v0.53.0 -> v0.56.2
+* **github.com/google/cel-go**                       v0.26.1 -> v0.28.0
+* **github.com/google/go-containerregistry**         v0.20.6 -> v0.21.5
+* **github.com/google/go-tpm**                       v0.9.7 -> v0.9.8
+* **github.com/hetznercloud/hcloud-go/v2**           v2.30.0 -> v2.36.0
+* **github.com/insomniacslk/dhcp**                   175e84fbb167 -> 5adc3eb26f91
+* **github.com/jsimonetti/rtnetlink/v2**             v2.1.0 -> 310581b9c6ac
+* **github.com/klauspost/compress**                  v1.18.1 -> v1.18.5
+* **github.com/linode/go-metadata**                  v0.2.2 -> v0.2.4
+* **github.com/mdlayher/ethtool**                    v0.4.0 -> v0.5.1
+* **github.com/mdlayher/netlink**                    v1.8.0 -> v1.9.0
+* **github.com/miekg/dns**                           v1.1.68 -> v1.1.72
+* **github.com/moby/moby/api**                       v1.52.0 -> v1.54.1
+* **github.com/moby/moby/client**                    v0.1.0 -> v0.4.0
+* **github.com/navidys/tvxwidgets**                  v0.13.0 **_new_**
+* **github.com/opencontainers/runtime-spec**         v1.2.1 -> v1.3.0
+* **github.com/pin/tftp/v3**                         v3.1.0 -> v3.2.0
+* **github.com/prometheus/procfs**                   v0.19.2 -> v0.20.1
+* **github.com/scaleway/scaleway-sdk-go**            v1.0.0-beta.35 -> v1.0.0-beta.36
+* **github.com/siderolabs/crypto**                   v0.6.4 -> v0.6.5
+* **github.com/siderolabs/discovery-api**            v0.1.6 -> v0.1.8
+* **github.com/siderolabs/discovery-client**         v0.1.13 -> v0.1.15
+* **github.com/siderolabs/go-blockdevice/v2**        v2.0.20 -> v2.0.28
+* **github.com/siderolabs/go-cmd**                   v0.1.3 -> v0.2.0
+* **github.com/siderolabs/go-debug**                 v0.6.1 -> v0.6.2
+* **github.com/siderolabs/go-kmsg**                  v0.1.4 -> v0.1.5
+* **github.com/siderolabs/go-kubernetes**            v0.2.28 -> v0.2.36
+* **github.com/siderolabs/go-pcidb**                 v0.3.2 -> v0.3.3
+* **github.com/siderolabs/go-talos-support**         v0.1.4 -> v0.2.1
+* **github.com/siderolabs/kms-client**               v0.1.0 -> v0.2.0
+* **github.com/siderolabs/pkgs**                     v1.12.0-23-ge0b78b8 -> v1.13.0
+* **github.com/siderolabs/proto-codec**              v0.1.2 -> v0.1.3
+* **github.com/siderolabs/talos/pkg/machinery**      v1.12.0 -> v1.13.0-rc.0
+* **github.com/siderolabs/tools**                    v1.12.0-2-g7d57df0 -> v1.13.0
+* **github.com/sigstore/cosign/v3**                  v3.0.5 **_new_**
+* **github.com/sigstore/sigstore**                   v1.10.5 **_new_**
+* **github.com/sigstore/sigstore-go**                v1.1.4 **_new_**
+* **github.com/sirupsen/logrus**                     v1.9.3 -> v1.9.4
+* **github.com/spf13/cobra**                         v1.10.1 -> v1.10.2
+* **github.com/theupdateframework/go-tuf/v2**        v2.4.1 **_new_**
+* **github.com/u-root/u-root**                       v0.15.0 -> v0.16.0
+* **go.etcd.io/etcd/api/v3**                         v3.6.6 -> v3.6.9
+* **go.etcd.io/etcd/client/pkg/v3**                  v3.6.6 -> v3.6.9
+* **go.etcd.io/etcd/client/v3**                      v3.6.6 -> v3.6.9
+* **go.etcd.io/etcd/etcdutl/v3**                     v3.6.6 -> v3.6.9
+* **go.uber.org/zap**                                v1.27.0 -> v1.27.1
+* **go.yaml.in/yaml/v4**                             v4.0.0-rc.3 -> v4.0.0-rc.4
+* **golang.org/x/net**                               v0.47.0 -> v0.53.0
+* **golang.org/x/oauth2**                            v0.33.0 -> v0.36.0
+* **golang.org/x/sync**                              v0.18.0 -> v0.20.0
+* **golang.org/x/sys**                               v0.38.0 -> v0.43.0
+* **golang.org/x/term**                              v0.37.0 -> v0.42.0
+* **golang.org/x/text**                              v0.31.0 -> v0.36.0
+* **golang.org/x/time**                              v0.14.0 -> v0.15.0
+* **google.golang.org/grpc**                         v1.76.0 -> v1.79.3
+* **google.golang.org/protobuf**                     v1.36.10 -> f2248ac996af
+* **k8s.io/api**                                     v0.35.0 -> v0.35.3
+* **k8s.io/apiextensions-apiserver**                 v0.35.0 -> v0.35.3
+* **k8s.io/apiserver**                               v0.35.0 -> v0.35.3
+* **k8s.io/client-go**                               v0.35.0 -> v0.35.3
+* **k8s.io/component-base**                          v0.35.0 -> v0.35.3
+* **k8s.io/klog/v2**                                 v2.130.1 -> v2.140.0
+* **k8s.io/kube-scheduler**                          v0.35.0 -> v0.35.3
+* **k8s.io/kubectl**                                 v0.35.0 -> v0.35.3
+* **k8s.io/kubelet**                                 v0.35.0 -> v0.35.3
+* **k8s.io/pod-security-admission**                  v0.35.0 -> v0.35.3
+
+Previous release can be found at [v1.12.0](https://github.com/siderolabs/talos/releases/tag/v1.12.0)
+
 ## [Talos 1.13.0-rc.0](https://github.com/siderolabs/talos/releases/tag/v1.13.0-rc.0) (2026-04-16)
 
 Welcome to the v1.13.0-rc.0 release of Talos!  
diff --git a/go.mod b/go.mod
index fb7b729c2..d5d69f82f 100644
--- a/go.mod
+++ b/go.mod
@@ -158,7 +158,7 @@ require (
 	github.com/siderolabs/net v0.4.0
 	github.com/siderolabs/proto-codec v0.1.3
 	github.com/siderolabs/siderolink v0.3.15
-	github.com/siderolabs/talos/pkg/machinery v1.13.0-rc.0
+	github.com/siderolabs/talos/pkg/machinery v1.13.0
 	github.com/sigstore/cosign/v3 v3.0.5
 	github.com/sigstore/sigstore v1.10.5
 	github.com/sigstore/sigstore-go v1.1.4
diff --git a/hack/release.toml b/hack/release.toml
index 7c7e31013..406e17925 100644
--- a/hack/release.toml
+++ b/hack/release.toml
@@ -9,7 +9,7 @@ ignore_deps = ["github.com/coredns/coredns"]
 # previous release
 previous = "v1.12.0"
 
-pre_release = true
+pre_release = false
 
 preface = """
 """
diff --git a/pkg/machinery/gendata/data/tag b/pkg/machinery/gendata/data/tag
index 3fd69823b..e58d236a7 100644
--- a/pkg/machinery/gendata/data/tag
+++ b/pkg/machinery/gendata/data/tag
@@ -1 +1 @@
-v1.13.0-rc.0
\ No newline at end of file
+v1.13.0
\ No newline at end of file
diff --git a/pkg/machinery/version/os-release b/pkg/machinery/version/os-release
index fbfe36a49..ac0273861 100644
--- a/pkg/machinery/version/os-release
+++ b/pkg/machinery/version/os-release
@@ -1,7 +1,7 @@
 NAME="Talos"
 ID=talos
-VERSION_ID=v1.13.0-rc.0
-PRETTY_NAME="Talos (v1.13.0-rc.0)"
+VERSION_ID=v1.13.0
+PRETTY_NAME="Talos (v1.13.0)"
 HOME_URL="https://www.talos.dev/"
 BUG_REPORT_URL="https://github.com/siderolabs/talos/issues"
 VENDOR_NAME="Sidero Labs"
diff --git a/website/content/v1.13/reference/cli.md b/website/content/v1.13/reference/cli.md
index 686a8390c..497f4fd2b 100644
--- a/website/content/v1.13/reference/cli.md
+++ b/website/content/v1.13/reference/cli.md
@@ -134,7 +134,7 @@ talosctl cluster create dev [flags]
       --bad-rtc                                  launch VM with bad RTC state
       --cidr string                              CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24")
       --cni-bin-path strings                     search path for CNI binaries (default [/home/user/.talos/cni/bin])
-      --cni-bundle-url string                    URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.13.0-rc.0/talosctl-cni-bundle-${ARCH}.tar.gz")
+      --cni-bundle-url string                    URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.13.0/talosctl-cni-bundle-${ARCH}.tar.gz")
       --cni-cache-dir string                     CNI cache directory path (default "/home/user/.talos/cni/cache")
       --cni-conf-dir string                      CNI config directory path (default "/home/user/.talos/cni/conf.d")
       --config-injection-method string           a method to inject machine config: default is HTTP server, 'metal-iso' to mount an ISO
@@ -349,7 +349,7 @@ talosctl cluster create dev [flags]
       --bad-rtc                                  launch VM with bad RTC state
       --cidr string                              CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24")
       --cni-bin-path strings                     search path for CNI binaries (default [/home/user/.talos/cni/bin])
-      --cni-bundle-url string                    URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.13.0-rc.0/talosctl-cni-bundle-${ARCH}.tar.gz")
+      --cni-bundle-url string                    URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.13.0/talosctl-cni-bundle-${ARCH}.tar.gz")
       --cni-cache-dir string                     CNI cache directory path (default "/home/user/.talos/cni/cache")
       --cni-conf-dir string                      CNI config directory path (default "/home/user/.talos/cni/conf.d")
       --config-injection-method string           a method to inject machine config: default is HTTP server, 'metal-iso' to mount an ISO
@@ -3454,7 +3454,7 @@ talosctl upgrade [flags]
       --drain-timeout duration     timeout for draining the Kubernetes node (default 5m0s)
   -e, --endpoints strings          override default endpoints in Talos configuration
   -h, --help                       help for upgrade
-  -i, --image string               the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.13.0-rc.0")
+  -i, --image string               the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.13.0")
       --legacy                     force use of legacy upgrade method
       --namespace string           namespace to use: "system" (etcd and kubelet images), "cri" for all Kubernetes workloads, "inmem" for in-memory containerd instance (default "system")
   -n, --nodes strings              target the specified nodes