teleport 14.3.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

release notes

## Description
This release of Teleport contains multiple security fixes, improvements and bug fixes.
Security fixes

Teleport Proxy now restricts SFTP for normal users as described under Advisory GHSA-c9v7-wmwj-vf6x #36139
Fixed an issue that would allow for SSRF via Teleport's reverse tunnel subsystem. Documented under the advisory

GHSA-hw4x-mcx5-9q36 #36131
On macOS, Teleport filters the environment to prevent code execution via DYLD_ variables. Documented under GHSA-vfxf-76hv-v4w4 #36135
A fix was applied to Access Lists to prevent possible privilege escalation of list owners.  Documented under  GHSA-76cc-p55w-63g3

Other Fixes & Improvements

Added the ability to promote an access request to an access list in Teleport Connect
Fixed an issue that would prevent websocket upgrades from completing. #36088
Enhanced the audit events related to Teleport's SAML IdP #36087
Added support for STS session tags in the database configuration for granular DynamoDB access. #36064
Added support for the IAM join method in ca-west-1. #36049
Improved the formatting of access list notifications in tsh. #36046
Fixed downgrade logic of KubernetesResources to Role v6 #36009
Fixed potential panic during early phases of SSH service lifetime #35923
Added a tsh latency command to monitor ssh connection latency in realtime #35916
Support GitHub joining from Enterprise accounts with include_enterprise_slug enabled. #35900
Added vpc-id as a label to auto-discovered RDS databases #35890
Improved teleport agent performance when handling a large number of TCP forwarding requests. #35887
Bump golang.org/x/crypto to v0.17.0, which addresses the Terrapin vulnerability (CVE-2023-48795) #35879
Include the lock expiration time in lock.create audit events #35874
Add custom attribute mapping to the  saml_idp_service_provider spec. #35873
Fixed PIV not being available on Windows tsh binaries #35866
Restored direct dial SSH server compatibility with certain SSH tools such as ssh-keyscan (#35647) #35859
Prevent users from deleting their last passwordless device #35855
the teleport-kube-agent chart now supports passing extra arguments to the updater. #35831
New access lists with an unspecified NextAuditDate now pick a new date instead of being rejected #35830
Changed the minimal supported macOS version of Teleport Connect to 10.15 (Catalina) #35819
Add non-AD desktops to Enroll New Resource #35797
Fixed a bug in teleport-kube-agent chart when using both appResources and the discovery role. #35783
Fixed session upload audit events sometimes containing an incorrect URL for the session recording. #35777
Prevent tsh from re-authenticating if the MFA ceremony fails during tsh ssh #35750
Prevent attempts to join a nonexistent SSH session from hanging forever #35743
Improved Windows hosts registration with a new static_hosts configuration field #35742
Fixed the sorting of name and description columns for user groups when creating an access request #35729

Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes, security-patch-alts=v14.2.4

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.