Tails didn't patch a non-root exploit that could leak the users real IP by bypassing the firewall without them knowing it for 3 years. I do not understand why Tails is recommended over Whonix (specifically Qubes-Whonix, thus with a trusted TCB).

> The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction

https://gitlab.tails.boum.org/tails/tails/-/issues/15635