@russjones russjones released this Jan 17, 2019 · 47 commits to master since this release

Assets 2

3.1.4

Teleport 3.1.4 contains one new feature and two bug fixes.

New Feature

  • Added support for GSuite as a SSO provider. #2455

Bug fixes

  • Fixed issue where Kubernetes groups were not being passed to remote clusters. #2484
  • Fixed issue where the client was pulling incorrect CA for trusted clusters. #2487

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@alex-kovoy alex-kovoy released this Jan 12, 2019 · 47 commits to master since this release

Assets 2

Teleport 3.1.3 contains three security fixes

Bug Fixes

  • Updated xterm.js to mitigate a RCE in xterm.js.
  • Mitigate potential timing attacks during bearer token authentication. #2482
  • Fixed x509: certificate signed by unknown authority error when connecting to DynamoDB within Gravitational publish Docker image. #2473

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@russjones russjones released this Jan 11, 2019 · 169 commits to master since this release

Assets 2

Teleport 3.0.4 contains two security fixes

Bug Fixes

  • Updated xterm.js to mitigate a RCE in xterm.js.
  • Mitigate potential timing attacks during bearer token authentication. #2482

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@russjones russjones released this Jan 11, 2019 · 382 commits to master since this release

Assets 2

Teleport 2.7.8 contains two security fixes

Bug Fixes

  • Updated xterm.js to mitigate a RCE in xterm.js.
  • Mitigate potential timing attacks during bearer token authentication. #2482

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Jan 10, 2019
Release 3.2.0-alpha.2.
Jan 5, 2019
Release 2.4.10.

@russjones russjones released this Jan 10, 2019 · 47 commits to master since this release

Assets 2

Teleport 3.1.2 contains a security fix. We strongly encourage anyone running Teleport 3.1.1 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@russjones russjones released this Jan 10, 2019 · 169 commits to master since this release

Assets 2

Teleport 3.0.3 contains a security fix. We strongly encourage anyone running Teleport 3.0.2 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@russjones russjones released this Jan 10, 2019 · 382 commits to master since this release

Assets 2

Teleport 2.7.7 contains a security fix. We strongly encourage anyone running Teleport 2.7.6 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Also upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

@russjones russjones released this Jan 10, 2019 · 382 commits to master since this release

Assets 2

Teleport 2.6.10 contains a security fix. We strongly encourage anyone running Teleport 2.6.9 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Also upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.