The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Published by r0mant almost 3 years ago
This release of Teleport contains multiple security fixes discovered as a part of a routine security audit.
Teleport MySQL proxy engine did not handle internal MySQL protocol command that allows to reauthenticate the active connection.
This could allow an attacker with a valid client certificate for a particular database user to reauthenticate as a different MySQL user created using require x509
clause.
When proxying a websocket connection, Teleport did not check for a successful connection upgrade response from the target application.
In scenarios where Teleport proxy is located behind a load balancer, this could result in the load balancer reusing the cached authenticated connection for future unauthenticated requests.
Teleport did not check the old password if the cluster had "optional" second factor and user had no registered MFA devices.
This could allow an attacker with access to user's authenticated browser session to change their password.
Users should backup the Teleport cluster, then follow the standard Teleport upgrade procedure:
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
For Teleport Enterprise customers, 6.2.22 is identical to 6.2.20.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 3 years ago
This release of Teleport contains multiple improvements, bug fixes and a security fix.
tsh
that MFA is not supported on Windows. #9198
tsh login
to fail. #8980
+
sign. #8396
--cert-file
, --key-file
and --public-addr
to teleport configure
command. #9049
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 3 years ago
This release of Teleport contains a security fix.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 3 years ago
This release of Teleport contains a security fix.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
This release of Teleport contains a fix.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
This release of Teleport contains a fix.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by xacrimon almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Teleport 8.0 is a major release of Teleport that contains new features, improvements, and bug fixes.
Teleport 8.0 includes a preview of the Windows Desktop Access feature, allowing users passwordless login to Windows Desktops via any modern web browser.
Teleport users can connect to Active Directory enrolled Windows hosts running Windows 10, Windows Server 2012 R2 and newer Windows versions.
To try this feature yourself, check out our Getting Started Guide.
Review the Desktop Access design in:
In TLS routing mode all client connections are wrapped in TLS and multiplexed on a single Teleport proxy port.
TLS routing can be enabled by including the following auth service configuration:
auth_service:
proxy_listener_mode: multiplex
...
and setting proxy configuration version to v2
to prevent legacy listeners from being created:
version: v2
proxy_service:
...
Teleport application access extends AWS console support to CLI . Users are able to log into their AWS console using tsh app login
and use tsh aws
commands to interact with AWS APIs.
See more info in the documentation.
With dynamic registration users are able to manage applications and databases without needing to update static YAML configuration or restart application or database agents.
See dynamic registration guides for apps
and databases.
With RDS auto discovery Teleport database agents can automatically discover RDS instances and Aurora clusters in an AWS account.
See updated RDS guide for more information.
WebAuthn support enables Teleport users to use modern second factor options, including Apple FaceID and TouchID.
In addition, the Teleport Web UI includes new second factor management tools, enabling users to configure and update their second factor devices via their web browser.
Lastly, our UI becomes more secure by requiring an additional second factor confirmation for certain privileged actions (editing roles for second factor confirmation, for example).
tctl top
to show network utilization for resource propagation. #8338 #8603 #8491
kubeconfig
. #7840
CentOS 6 support will be deprecated in Teleport 8 and removed in Teleport 9.
Teleport 8 will continue to receive security patches for about 9 months after which it will be EOL. Users are encouraged to upgrade to CentOS 7 in that time frame.
New run time dependencies have been added to Teleport 8 due to the inclusion of Rust in the build chain. Teleport 8 requires libgcc_s.so
and libm.so
be installed on systems running Teleport.
Users of distroless container images are encouraged to use the gcr.io/distroless/cc-debian11 image to run Teleport.
FROM gcr.io/distroless/cc-debian11
Alpine users are recommended to install the libgcc
package in addition to any glibc compatibility layer they have already been using.
apk --update --no-cache add libgcc
With the GODEBUG=x509ignoreCN=0
flag removed in Go 1.17, Database Access users will no longer be able to connect to databases that include their hostname in the CommonName
field of the presented certificate. Users are recommended to update their database certificates to include hostname in the Subject Alternative Name
extension instead.
Subscribe to Github issue #7636 which will add ability to control level of TLS verification as a workaround.
New clusters will no longer have the default admin
role, it has been replaced with 3 smaller scoped roles: access
, auditor
, and editor
.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by fspmarshall almost 3 years ago
This release of teleport contains performance improvements, fixes, and a feature.
routing_strategy
configuration. #8567
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by fspmarshall almost 3 years ago
This release of teleport contains a bug fix.
routing_strategy
config option.Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by fspmarshall almost 3 years ago
This release of teleport contains performance improvements and a feature.
Improved cache and label-based operations performance. #8670
Added support for custom routing_strategy
configuration. #8567
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones almost 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains a feature and a fix.
kubectl exec
to fail. #8601
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains a feature and a fix.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains features and fixes.
tctl top
. #8338
--insecure
flag. #7835
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.