Skip to content

Releases: gravitational/teleport

Teleport 15.4.10

29 Jul 03:45
@camscale camscale
v15.4.10
962676a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.10

Description

  • Improved stability of very large teleport clusters during temporary backend disruption/degradation. #44695
  • Resolved compatibility issue with Paramiko and Machine ID's SSH multiplexer SSH agent. #44672
  • Fixed a fatal error in tbot when unable to lookup the user from a given UID in containerized environments for checking ACL configuration. #44646
  • Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44629
  • Use the registered port of the target host when tsh puttyconfig is invoked without --port. #44573
  • Added more icons for guessing application icon by name or by label teleport.icon in the web UI. #44568
  • Removed deprecated S3 bucket option when creating or editing AWS OIDC integration in the web UI. #44487
  • Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44466
  • Added application-tunnel service to Machine ID for establishing a long-lived tunnel to a HTTP or TCP application for Machine to Machine access. #44446
  • Fixed a low-probability panic in audit event upload logic. #44424
  • Fixed Teleport Connect binaries not being signed correctly. #44420
  • Prevented DoSing the cluster during a mass failed join event by agents. #44415
  • Added audit events for AWS and Azure integration resource actions. #44404
  • Fixed automatic updates with previous versions of the teleport.yaml config. #44378
  • Added support for Rocky and AlmaLinux when enrolling a new server from the UI. #44331
  • Fixed Teleport access plugin tarballs containing a build directory, which was accidentally added upon v15.4.5 release. #44301
  • Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44274
  • The clipboard sharing tooltip for desktop sessions now indicates why clipboard sharing is disabled. #44238
  • Fixed a kube-agent-updater bug affecting resolutions of private images. #44192
  • Prevented redirects to arbitrary URLs when launching an app. #44189
  • Added audit event field describing if the "MFA for admin actions" requirement changed. #44185
  • The teleport-cluster chart can now use existing ingresses instead of creating its own. #44147
  • Ensured that tsh login outputs accurate status information for the new session. #44144
  • Fixed "device trust mode x requires Teleport Enterprise" errors on tctl. #44134
  • Added a --skip-idle-time flag to tsh play. #44095
  • Added the tbot install systemd command for installing tbot as a service on Linux systems. #44082
  • Added ability to list access list members in json format in tctl cli tool. #44072
  • Made tbot compilable on Windows. #44070
  • For slack integration, Access List reminders are batched into 1 message and provides link out to the web UI. #44035
  • Fixed denying access despite access being configured for Notification Routing Rules in the web UI. #44028
  • Fixed eBPF error occurring during startup on Linux RHEL 9. #44024
  • Lowered latency of detecting Kubernetes cluster becoming online. #43971
  • Enabled Access Monitoring Rules routing with Mattermost plugin. #43600

Enterprise:

  • Fixed an Access List permission bug where an access list owner, who is also a member, was not able to add/rm access list member.
  • Fixed an issue with incorrect yum/zypper updater packages being installed.
  • Fixed empty condition from unquoted string with yaml editor for Notification Routing Rules in the Web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.1.0

16 Jul 02:03
@camscale camscale
v16.1.0
fd6032e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.1.0

Description

New logo

We're excited to announce an update to the Teleport logo. This refresh aligns
with our evolving brand and will be reflected across the product, our marketing
site (goteleport.com), branded content, swag, and more.

The new logo will appear in the web UI starting with this release and on the
marketing website starting from July 17th, 2024.

Database Access session replay

Database Access users will be able to watch PostgreSQL query replays in the web
UI or with tsh.

Other improvements and fixes

  • Fixed "staircase" text output for non-interactive Kube exec sessions in Web UI. #44249
  • Fixed a leak in the admin process spawned by starting VNet through tsh vnet or Teleport Connect. #44225
  • Fixed a kube-agent-updater bug affecting resolutions of private images. #44191
  • The show_resources option is no longer required for statically configured proxy ui settings. #44181
  • The teleport-cluster chart can now use existing ingresses instead of creating its own. #44146
  • Ensure that tsh login outputs accurate status information for the new session. #44143
  • Fixes "device trust mode x requires Teleport Enterprise" errors on tctl. #44133
  • Added the tbot install systemd command for installing tbot as a service on Linux systems. #44083
  • Added ability to list access list members in json format in tctl. #44071
  • Update grpc to v1.64.1 (patches GO-2024-2978). #44067
  • Batch access review reminders into 1 message and provide link out to the web UI. #44034
  • Fixed denying access despite access being configured for Notification Routing Rules in the web UI. #44029
  • Honor proxy templates in tsh ssh. #44026
  • Fixed eBPF error occurring during startup on Linux RHEL 9. #44023
  • Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43968
  • Lower latency of detecting Kubernetes cluster becoming online. #43967
  • Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43962
  • Make tbot compilable on Windows. #43959
  • Add a new event to the database session recording with query/command result information. #43955
  • Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43938
  • extraLabels configured in teleport-kube-agent chart values are now correctly propagated to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43932
  • Add support for Teams to Opsgenie plugin alert creation. #43916
  • Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43876
  • SAML IdP service provider resource can now be updated from the Web UI. #4651
  • Fixed empty condition from unquoted string with YAML editor for Notification Routing Rules in the Web UI. #4636
  • Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service. #4568
  • Fixed inaccurately notifying user that access list reviews are due in the web UI. #4521

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.9

11 Jul 12:19
@camscale camscale
v15.4.9
aea5781
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.9

Description

  • Honor proxy templates in tsh ssh. #44027
  • Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43975
  • Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43961
  • Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43939
  • Correctly propagate extraLabels configured in teleport-kube-agent chart values to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43931
  • Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43883
  • Omit control plane services from the inventory list output for Cloud-Hosted instances. #43778
  • Fixed session recordings getting overwritten or not uploaded. #42164

Enterprise:

  • Fixed inaccurately notifying user that access list reviews are due in the web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.0.4

04 Jul 07:01
@camscale camscale
v16.0.4
c733a8b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.0.4

Description

  • Omit control plane services from the inventory list output for Cloud-Hosted instances. #43779
  • Updated Go toolchain to v1.22.5. #43768
  • Reduced CPU usage in auth servers experiencing very high concurrent request load. #43755
  • Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure disable_exec_plugin. #43655
  • Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43653
  • Added support for dialling leaf clusters to the tbot SSH multiplexer. #43634
  • Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43631
  • Wait for user MFA input when reissuing expired certificates for a kube proxy. #43612
  • Improved error diagnostics when using Machine ID's SSH multiplexer. #43586

Enterprise:

  • Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.7

04 Jul 07:17
@camscale camscale
v15.4.7
2611484
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.7

Description

  • Added audit events for discovery config actions. #43794
  • Updated Go toolchain to v1.22.5. #43769
  • Reduced CPU usage in auth servers experiencing very high concurrent request load. #43760
  • Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure disable_exec_plugin. #43656
  • Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43652
  • Added support for dialling leaf clusters to the tbot SSH multiplexer. #43635
  • Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43632
  • Wait for user MFA input when reissuing expired certificates for a kube proxy. #43613
  • Improved error diagnostics when using Machine ID's SSH multiplexer. #43587

Enterprise:

  • Increased Access Monitoring refresh interval to 24h.
  • Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.0.3

01 Jul 03:21
@tcsc tcsc
v16.0.3
6938c60
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.0.3

Description

This release of Teleport contains a fix for a medium-level security issue impacting Teleport Enterprise, as well as various other updates and improvements

Security Fixes

[Medium] Fixes issue where a SCIM client could potentially overwrite Teleport system Roles using specially crafted groups. This issue impacts Teleport Enterprise deployments using the Okta integration with SCIM support enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

Other updates and improvements

  • Update go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43474
  • Fixed Discover setup access error when updating user. #43560
  • Added audit event field describing if the "MFA for admin actions" requirement changed. #43541
  • Fixed remote port forwarding validation error. #43516
  • Added support to trust system CAs for self-hosted databases. #43493
  • Added error display in the Web UI for SSH and Kubernetes sessions. #43485
  • Fixed accurate inventory reporting of the updater after it is removed. #43454
  • tctl alerts ls now displays remaining alert ttl. #43436
  • Fixed input search for Teleport Connect's access request listing. #43429
  • Added Debug setting for event-handler. #43408
  • Fixed Headless auth for sso users, including when local auth is disabled. #43361
  • Added configuration for custom CAs in the event-handler helm chart. #43340
  • Updated VNet panel in Teleport Connect to list custom DNS zones and DNS zones from leaf clusters. #43312
  • Fixed an issue with Database Access Controls preventing users from making additional database connections. #43303
  • Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. #43290
  • Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". #43287
  • Fix a bug where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43283
  • Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43257
  • Patched timing variability in curve25519-dalek. #43246
  • Fixed setting request reason for automatic ssh access requests. #43178
  • Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43161
  • Added tctl desktop bootstrap for bootstrapping AD environments to work with Desktop Access. #43150

Enterprise only changes and improvements

  • The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below:

--
labels: security-patch=yes

Assets 2
Loading

Teleport 15.4.6

01 Jul 03:21
@tcsc tcsc
v15.4.6
5ed51dd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.6

Description

This release of Teleport contains a fix for a medium-level security issue impacting Teleport Enterprise, as well as various other updates and improvements

Security Fixes

[Medium] Fixes issue where a SCIM client could potentially overwrite. Teleport system Roles using specially crafted groups. This issue impacts Teleport Enterprise deployments using the Okta integration with SCIM support enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

Other updates and improvements

  • Fixed Discover setup access error when updating user. #43561
  • Updated Go toolchain to 1.22. #43550
  • Fixed remote port forwarding validation error. #43517
  • Added support to trust system CAs for self-hosted databases. #43500
  • Added error display in the Web UI for SSH and Kubernetes sessions. #43491
  • Update go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43475
  • Fixed accurate inventory reporting of the updater after it is removed.. #43453
  • tctl alerts ls now displays remaining alert ttl. #43435
  • Fixed input search for Teleport Connect's access request listing. #43430
  • Added Debug setting for event-handler. #43409
  • Fixed Headless auth for sso users, including when local auth is disabled. #43362
  • Added configuration for custom CAs in the event-handler helm chart. #43341
  • Fixed an issue with Database Access Controls preventing users from making additional database connections depending on their permissions. #43302
  • Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". #43288

Enterprise only updates and improvements

  • The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

--
labels: security-patch=yes

Assets 2
Loading

Teleport 15.4.5

27 Jun 05:50
@tcsc tcsc
v15.4.5
65581c4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.5

Description

  • Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43256
  • Patched timing variability in curve25519-dalek. #43249
  • Updated tctl to ignore a configuration file if the auth_service section is disabled, and prefer loading credentials from a given identity file or tsh profile instead. #43203
  • Fixed setting request reason for automatic ssh access requests. #43180
  • Updated teleport to skip jamf_service validation when the Jamf service is not enabled. #43169
  • Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43162
  • Made tsh and Teleport Connect return early during login if ping to proxy service was not successful. #43086
  • Added ability to edit user traits from the Web UI. #43068
  • Enforce limits when reading events from Firestore to prevent OOM events. #42967
  • Fixed updating groups for Teleport-created host users. #42884
  • Added support for crown_jewel resource. #42866
  • Added ability to edit user traits from the Web UI. #43068
  • Fixed gRPC disconnection on certificate expiry even though DisconnectCertExpiry was false. #43291
  • Fixed issue where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43284

Enterprise-only changes

  • Fixed sync error in Okta SCIM integration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 14.3.21

27 Jun 05:43
@tcsc tcsc
v14.3.21
548d240
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 14.3.21

Description

  • Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. #43292
  • Fixed bug where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43285
  • Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43258
  • Updated teleport to skip jamf_service validation when the Jamf is not enabled. #43170
  • Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43163
  • Made tsh and Teleport Connect return early during login if ping to proxy service was not successful. #43087
  • Added ability to edit user traits from the Web UI. #43070
  • Enforce limits when reading events from Firestore to prevent OOM events. #42968
  • Fixed an issue Oracle access failed through trusted cluster. #42929
  • Fixes errors caused by dynamoevents query StartKey not being within the [From, To] window. #42914
  • Fixed updating groups for Teleport-created host users. #42883
  • Update azidentity to v1.6.0 (patches CVE-2024-35255). #42860
  • Remote rate limits on endpoints used extensively to connect to the cluster. #42836
  • Improved the performance of the Athena audit log and S3 session storage backends. #42796
  • Prevented a panic in the Proxy when accessing an offline application. #42787
  • Improve backoff of session recording uploads by teleport agents. #42775
  • Reduced backend writes incurred by tracking status of non-recorded sessions. #42695
  • Fixed listing available DB users in Teleport Connect for databases from leaf clusters obtained through access requests. #42681
  • Fixed not being able to logout from the web UI when session invalidation errors. #42654
  • Updated OpenSSL to 3.0.14. #42643
  • Teleport Connect binaries for Windows are now signed. #42473
  • Updated Go to 1.21.11. #42416
  • Fix web UI notification dropdown menu height from growing too long from many notifications. #42338
  • Disabled session recordings for non-interactive sessions when enhanced recording is disabled. #42321
  • Fixed issue where removing an app could make teleport app agents incorrectly report as unhealthy for a short time. #42269
  • Fixed a panic in the DynamoDB audit log backend when the cursor fell outside of the [From,To] interval. #42266
  • The teleport configure command now supports a --node-name flag for overriding the node's hostname. #42249
  • Fixed an issue where mix-and-match of join tokens could interfere with some services appearing correctly in heartbeats. #42188
  • Improved temporary disk space usage for session recording processing. #42175
  • Fixed a regression where Kubernetes Exec audit events were not properly populated and lacked error details. #42146
  • Fix Azure join method when using Resource Groups in the allow section. #42140
  • Fixed resource leak in session recording cleanup. #42069
  • Reduced memory and cpu usage after control plane restarts in clusters with a high number of roles. #42064
  • Fixed the field allowed_https_hostnames in the Teleport Operator resources: SAML, OIDC, and GitHub Connector. #42056
  • Enhanced error messaging for clients using kubectl exec v1.30+ to include warnings about a breaking change in Kubernetes. #41989

Enterprise-Only changes:

  • Improved memory usage when reconciling Access Lists members to prevent Out of Memory events when reconciling a large number of Access Lists members.
  • Prevented Access Monitoring reports from crashing when large datasets are returned.
  • Ensured graceful restart of teleport.service after an upgrade.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Assets 2
Loading

Teleport 16.0.1

18 Jun 03:15
@camscale camscale
v16.0.1
9c7b506
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.0.1

Description

  • tctl now ignores any configuration file if the auth_service section is disabled, and prefer loading credentials from a given identity file or tsh profile instead. #43115
  • Skip jamf_service validation when the service is not enabled. #43095
  • Fix v16.0.0 amd64 Teleport plugin images using arm64 binaries. #43084
  • Add ability to edit user traits from the Web UI. #43067
  • Enforce limits when reading events from Firestore for large time windows to prevent OOM events. #42966
  • Allow all authenticated users to read the cluster vnet_config. #42957
  • Improve search and predicate/label based dialing performance in large clusters under very high load. #42943

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading