CVE-2026-53359 (“Januscape”) is a KVM guest-to-host escape affecting all current Talos kernels. Cozystack clusters that run VMs or tenant Kubernetes should disable nested virtualization now.
Cozystack v1.4.0 brings a schema-driven dashboard, persistent worker-node storage for tenant Kubernetes, cloud-style resource presets, declarative backups for managed applications, HAMi-based fractional GPU sharing, a one-switch PROXY-protocol and hairpin-NAT fix, and operational improvements for upgrades, scheduling, and observability.
/cozystack:wizard is a new guided installer that orchestrates a full Cozystack deployment end-to-end across Talos, Ubuntu, and existing clusters — handling cert-SAN traps on NAT’d clouds, ZFS provisioning, LINSTOR registration races, and more.