Release 14.3.23

[camscale]

Note: Release 14.3.22 was abandoned due to build issues.

• Updated Go toolchain to 1.22.6. #45196
• Teleport Connect now sets TERM_PROGRAM: Teleport_Connect and TERM_PROGRAM_VERSION: <app_version> environment variables in the integrated terminal. #45065
• Fixed race condition between session recording uploads and session recording upload cleanup. #44980
• Prevent Kubernetes per-Resource RBAC from blocking access to namespaces when denying access to a single resource kind in every namespace. #44976
• Improved stability of very large teleport clusters during temporary backend disruption/degradation. #44696
• Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44630
• Use the registered port of the target host when tsh puttyconfig is invoked without --port. #44574
• Fixed Teleport Connect binaries not being signed correctly. #44473
• Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44467
• Fixed a low-probability panic in audit event upload logic. #44423
• Prevented DoSing the cluster during a mass failed join event by agents. #44416
• Added audit events for AWS and Azure integration resource actions. #44405
• Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44273
• Fixed a kube-agent-updater bug affecting resolutions of private images. #44193
• Prevented redirects to arbitrary URLs when launching an app. #44190
• The teleport-cluster chart can now use existing ingresses instead of creating its own. #44148
• Ensured that tsh login outputs accurate status information for the new session. #44145
• Fixes "device trust mode x requires Teleport Enterprise" errors on tctl. #44136
• Honor proxy templates in tsh ssh. #44031
• Fix eBPF error occurring during startup on Linux RHEL 9. #44025
• Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43984
• Lowered latency of detecting Kubernetes cluster becoming online. #43969
• Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43960
• Fixed teleport-kube-agent Helm chart to correctly propagate extraLabels to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43933
• Added audit events for discovery config actions. #43795
• Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43651
• Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43633
• Wait for user MFA input when reissuing expired certificates for a kube proxy. #43614
• Display errors in the web UI console for SSH sessions. #43492
• Updated go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43476
• Fixed an issue preventing accurate inventory reporting of the updater after it is removed. #43452
• Remaining alert TTL is now displayed with tctl alerts ls. #43434
• Fixed headless auth for SSO users, including when local auth is disabled. #43363
• Fixed an issue with incorrect yum/zypper updater packages being installed. #4686
• Fixed inaccurately notifying user that access list reviews are due in the web UI. #4523
• The Teleport updater will no longer default to using the global version channel, avoiding incompatible updates. #4475