teleport

Description

This release of Teleport contains multiple improvements and bug fixes.

• Auto-discovery
  • Added ability to specify discovery group for discovery services. #24716
• CLI
  • Improved tsh performance on some Windows systems. #24573
  • Improved teleport configure error/warning reporting. #24676
  • Added --raw flag to teleport version command. #24772
• Configuration
  • Prevent proxies from trying to join cluster over reverse tunnel. #24668
• Server Access
  • Fixed issue with excessive audit logging when copying files over SFTP. #24831
  • Fixed issue with tsh scp not recognizing wildcard patterns. #24831
  • Fixed issue with tsh scp failing when max sessions is set to 1. #24831
  • Improved error reporting from tsh scp when file copying is disabled. #24831
• Kubernetes Access
  • Fixed issue with tctl auth sign not respecting kube_public_addr. #24516
  • Fixed memory leak when using port forwarding. #24763
  • Reduced log spam when using port forwarding. #24658
• Database Access
  • Updated teleport db configure to support more AWS databases. #24494
• Performance & Scalability
  • Reduced thundering herd effect in large clusters. #24719
• Web UI
  • Fixed issue with downloading files from leaf clusters when per-session MFA is enabled. #24768

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple bug fixes.

• CLI
  • Fixed potential panic in tsh ssh. #24490
• Performance & Scalability
  • Improved tsh ssh latency. #24371
• Kubernetes Access
  • Fixed issue with moderator joining session on a cluster they don't have access to. #23993
• Security
  • Added IP pinning support to SSO users. #24541

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Server Access
  • Restored MajorVersion template variable for EC2 install scripts. #24434
  • Added --mlock flag to headless tsh mode to allow memory locking. #24410
  • Fixed issue with EC2 install script silently failing on errors. #24034
• Database Access
  • Reduced log spam when AWS database engine name is not recognized. #24413
• Machine ID
  • Improved post-renewal message by logging correct identity. #24246
• Kubernetes Access
  • Fixed issue with incorrect status being returned on exec commands. #24155
• Proxy Peering
  • Improved agent reconnect speed with proxy peering. #24141
• Helm Charts
  • Fixed issue with securityContext and nodeSelector not being propagated to job hooks. #24134
  • Fixed issue with TLS routing being disabled after v12 upgrade when proxyListenerMode is empty. #24426

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains 2 security fixes as well as multiple improvements and bug fixes.

[High] OS authorization bypass in SSH tunneling

When establishing an SSH port forwarding connection, Teleport did not
sufficiently validate the specified OS principal.

This could allow an attacker in possession of valid cluster credentials to
establish a TCP tunnel to a node using a non-existent Linux user.

The connection attempt would show up in the audit log as a "port" audit event
(code T3003I) and include a Teleport username in the "user" field.

[High] Teleport authorization bypass in Kubernetes Access

When authorizing a Kubernetes Access request, Teleport did not adequately
validate the target Kubernetes cluster.

This could allow an attacker in possession of valid Kubernetes agent credentials
or a join token to trick Teleport into forwarding requests to a different
Kubernetes cluster.

Every Kubernetes request would show up in the audit log as a "kube.request"
audit event (code T3009I) and include the Kubernetes cluster metadata.

Other improvements and fixes

• Application Access
  • Reduced log noise. #23366
  • Fixed app access requests being redirected to leaf's public address in some cases. #23221
• AMIs
  • Added support for configuring TLS routing mode in AMIs. #23677
• CLI
  • Updated tsh status to not display internal logins. #23412
  • Display year in tctl commands output. #23372
  • Fixed issue with tsh reporting errors about missing webauthn.dll on Windows. #23162
  • Added app_server support to tctl resource commands. #23137
  • Added --cluster flag to tsh kube sessions command. #23826
• Database Access
  • Fixed issue with query audit events always having success: false status. #23275
• Desktop Access
  • Updated setup script to be idempotent. #23175
• Kubernetes Access
  • Fixed issue with tsh kube credentials loading incorrect profile. #23718
  • Fixed issue with tsh kube credentials failing on remote clusters. #23353
• Machine ID
  • Added ability to specify memory backend using CLI parameters. #23497
• Moderated Sessions
  • Fixed issue with joining moderated sessions via Web UI. #24019
  • Fixed issue with join button sometimes not appearing for moderated session in Web UI. #24028
• Proxy Peering
  • Fixed proxy peering issues when running behind a load balancer. #23507
• Reverse Tunnels
  • Fixed issue when joining leaf cluster over tunnel port with enabled proxy protocol. #23486
  • Fixed issue with joining agents over reverse tunnel port. #23333
• Performance & scalability
  • Improved tsh ls -R performance in large clusters. #23597
  • Improved performance when setting environment for user session. #23833
  • Reduced cache retry thundering herd effect in large clusters. #23947
• Tooling
  • Updated Go to 1.20.3. #24064
  • Updated Rust to 1.68.0. #23102
• Web UI
  • Fixed intermittent "client connection is closing" errors in web UI after logging in. #23735
  • Added MFA support when copying files. #23196
  • Fixed "ambiguous node" error when downloading files. #23153

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains 2 security fixes as well as multiple improvements and bug fixes.

[High] OS authorization bypass in SSH tunneling

When establishing an SSH port forwarding connection, Teleport did not
sufficiently validate the specified OS principal.

This could allow an attacker in possession of valid cluster credentials to
establish a TCP tunnel to a node using a non-existent Linux user.

The connection attempt would show up in the audit log as a "port" audit event
(code T3003I) and include a Teleport username in the "user" field.

[High] Teleport authorization bypass in Kubernetes Access

When authorizing a Kubernetes Access request, Teleport did not adequately
validate the target Kubernetes cluster.

This could allow an attacker in possession of valid Kubernetes agent credentials
or a join token to trick Teleport into forwarding requests to a different
Kubernetes cluster.

Every Kubernetes request would show up in the audit log as a "kube.request"
audit event (code T3009I) and include the Kubernetes cluster metadata.

[Medium] Moderated sessions leave behavior

Fixed issue with moderated session being terminated after a short delay instead
of being immediately paused when moderator leaves.

#21972

Other improvements and fixes

• AMIs
  • Added support for configuring TLS routing mode in AMIs. #23676
• Application Access
  • Fixed app access requests being redirected to leaf's public address in some cases. #23222
  • Reduced log noise. #23367
• Access Management
  • Added per-session MFA support to connection testers. #22922
• Performance & scalability
  • Improved idle connection handling. #22916
  • Removed unnecessary resource updates. #22573
  • Fixed proxy peering issues when running behind a load balancer. #23508
  • Improved tsh ls -R performance in large clusters. #23606
  • Improved performance when setting environment for user session. #23832
• Database Access
  • Fixed tsh db config returning incorrect port in TLS routing mode. #22891
  • Fixed issue with query audit events always having success: false status. #23276
  • Fixed issue with Redis protocol not handling nil response #22230
• Server Access
  • Fixed issue with OS group check leading to session failures in some cases. #22803
  • Fixed issue with PuTTY winadj channel requests not being correctly handled. #22421
  • Improved handling of child processes upon session termination. #22231
• Desktop Access
  • Fixed panics on systems using large numbers of file descriptors. #22800
  • Fixed incorrect login options for Windows desktops. #22344
  • Updated setup script to be idempotent. #23174
• Kubernetes Access
  • Improved label validation for Kubernetes service. #22780
  • Fixed issue with Kubernetes impersonation header overwrite for leaf clusters. #22247
  • Fixed issue with tsh kube credentials failing on remote clusters. #23352
  • Fixed issue with tsh kube credentials loading incorrect profile. #23717
• Auto-discovery
  • Fixed issue with open-source package being installed for enterprise clusters. #22768
• Trusted Clusters
  • Added ability to update role map without having to recreate the trusted cluster resource. #23645
• Tooling
  • Updated Go to 1.19.7. #22729
  • Updated Rust to 1.68.0. #23103
• CLI
  • Fixed issue with tsh not respecting HTTPS_PROXY in some cases. #22490
  • Added flag to tsh to only display the binary version. #22169
  • Added app_server support to tctl resource commands. #23138
  • Display year in tctl commands output. #23373
  • Added --cluster flag to tsh kube sessions command. #23827
• Resource Joining
  • Fixed issue when joining leaf cluster over tunnel port with enabled proxy protocol. #23485
  • Added support for IAM joining in ap-southeast-4 region. #22488
• FIPS
  • Fixed startup issue in FIPS mode when local_auth isn't explicitly set. #22242
• Web UI
  • Fixed intermittent "client connection is closing" errors in web UI after logging in. #23736

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains several new features and improvements.

• Server Access
  • Added support for headless SSO to tsh ls, tsh ssh and tsh scp. #23360
• Database Access
  • Added support for connecting to Oracle databases. #23892
• Moderated Sessions
  • Fixed issue with joining moderated sessions via Web UI. #24018
• Helm Charts
  • Added support for imagePullSecrets to teleport-cluster chart. #24017
• Security
  • Added IP pinning support to Kubernetes and Database Access. #23418
• Tooling
  • Upgraded Go to 1.20.3. #24062

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

12.1.5 (03/30/23)

This release of Teleport contains 2 security fixes as well as multiple improvements and bug fixes.

[High] OS authorization bypass in SSH tunneling

When establishing an SSH port forwarding connection, Teleport did not
sufficiently validate the specified OS principal.

This could allow an attacker in possession of valid cluster credentials to
establish a TCP tunnel to a node using a non-existent Linux user.

The connection attempt would show up in the audit log as a "port" audit event
(code T3003I) and include Teleport username in the "user" field.

[High] Teleport authorization bypass in Kubernetes Access

When authorizing a Kubernetes Access request, Teleport did not adequately
validate the target Kubernetes cluster.

This could allow an attacker in possession of valid Kubernetes agent credentials
or a join token to trick Teleport into forwarding requests to a different
Kubernetes cluster.

Every Kubernetes request would show up in the audit log as a "kube.request"
audit event (code T3009I) and include the Kubernetes cluster metadata.

Other improvements and fixes

• AMIs
  • Added support for configuring TLS routing mode in AMIs. #23678
• Application Access
  • Added support for application access behind ALB. #23054
  • Fixed app access requests being redirected to leaf's public address in some cases. #23220
  • Reduced log noise. #23365
  • Added ability to specify command in AWS tsh proxy. #23835
• Bootstrap
  • Added provision tokens support. #23474
• CLI
  • Added app_server support to tctl resource commands. #23136
  • Display year in tctl commands output. #23371
  • Fixed issue with tsh reporting errors about missing webauthn.dll on Windows. #23161
  • Updated tsh status to not display internal logins. #23411
  • Added --cluster flag to tsh kube sessions command. #23825
  • Fixed issue with invalid TLS mode when creating database resources. #23808
• Database Access
  • Added support for canceling in-progress PostgreSQL requests in database access. #23467
  • Fixed issue with query audit events always having success: false status. #23274
• Desktop Access
  • Updated setup script to be idempotent. #23176
• Helm Charts
  • Added ability to set resource limits and requests for pre-deployment jobs. #23126
• Infrastructure
  • Introduced distroless Teleport container images. #22814
• Kubernetes Access
  • Fixed issue with tsh kube credentials failing on remote clusters. #23354
  • Fixed issue with tsh kube credentials loading incorrect profile. #23716
• Machine ID
  • Added ability to specify memory backend using CLI parameters. #23495
  • Added support for Azure delegated joining. #23391
  • Added support for Gitlab delegated joining. #23191
  • Added support for trusted clusters. #23390
  • Added FIPS support. #23850
• Proxy Peering
  • Fixed proxy peering issues when running behind a load balancer. #23506
• Reverse Tunnels
  • Fixed issue when joining leaf cluster over tunnel port with enabled proxy protocol. #23487
  • Fixed issue with joining agents over reverse tunnel port. #23332
• Performance & scalability
  • Improved tsh ls -R performance in large clusters. #23596
  • Improved performance when setting session environment variables. #23834
• Server Access
  • Fixed issue with successful SFTP transfers returning non-zero code. #23729
• SSO
  • Fixed issue with Github Enterprise SSO not working with custom URLs. #23568
• Teleport Connect
  • Added support for config customization. #23197
  • Fixed unresponsive terminal on Windows Server 2019. #22996
• Tooling
  • Updated Electron to 22.3.2. #23048
  • Updated Go to 1.20.2. #22997
  • Updated Rust to 1.68.0. #23101
• Web UI
  • Added MFA support when copying files. #23195
  • Fixed "ambiguous node" error when downloading files. #23152
  • Fixed intermittent "client connection is closing" errors in web UI after logging in. #23733

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

This package allows passwordless login to Windows desktops that are not joined to an Active Directory domain.

This preview release requires a Teleport Enterprise Auth Server running v12.0.0 or later.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed unresponsive Teleport Connect terminal issue on Windows Server 2019. #22995
• Fixed issue with Access Management wizard failing connection tests when per-session MFA is enabled. #22944, #22921
• Fixed panic in Kubernetes service when using moderated session. #22929
• Fixed issue with tsh db config returning incorrect PostgreSQL port in TLS routing mode. #22890
• Updated Go to v1.20.2. #23065
• Improved idle connections handling to prevent connection leaks. #22912, #22894

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with Access Management's connection tester not working with per-session MFA. #22918, #22943
• Fixed Kubernetes access panic when using moderated sessions. #22930
• Fixed tsh db config reporting incorrect port in TLS routing mode. #22889
• Fixed issue with Teleport always performing OS group check even without auto user provisioning enabled. #22805
• Fixed issue with desktop access crashing on systems that consume many file descriptors. #22798
• Fixed issue with teleport start --bootstrap command failing on unexpected resource. #22721
• Fixed issue with install script not refreshing repository metadata before installing new version. #22585
• Added ability to export database CA in DER format via tctl auth export. #22896
• Reduced log spam from proxy multiplexer. #22802
• Updated EC2 auto-discovery install script to use enterprise binaries for enterprise clusters. #22769
• Upgraded Go to v1.19.7. #22725
• Improved idle connections handling. #22908, #22893
• Improved Kubernetes service labels validation upon startup. #22777
• Improved tsh login error reporting when proxy is not available. #22763

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with SSH sessions failing to initialize on some systems. #22804
• Fixed issue with Kubernetes service accepting invalid labels. #22778
• Fixed issue with EC2 auto-discovery install script always installing OSS package. #22770
• Fixed panic in desktop access on systems that consume many file descriptors. #22799
• Improved tsh login error message when failing to connect to proxy. #22764

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with tsh scp overriding file permissions without -p flag. #22610
• Fixed issue with tsh not respecting HTTPS_PROXY in some cases. #22491
• Fixed issue with PuTTY's winadj channel messages not being handled correctly. #22419
• Downgraded Go to v1.19.7 to resolve memory leak issues. #22719
• Added ability to acknowledge alert of any severity with tctl alert ack. #22583
• Added support for IAM joining for ap-southeast-4 region. #22487
• Added --trace-profile flag to tsh allowing to generate runtime trace profiles #22407
• Improved performance when fetching remote clusters using tctl or API. #22574
• Improved cluster connect performance in Teleport Connect. #22319

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Added ability for Teleport to function as SAML IdP (Enterprise edition only).
• Downgraded Go to v1.19.6 to resolve memory leak issues. #22691
• Fixed issue with tsh scp overriding copied file permissions without -p flag. #22609
• Improved performance of fetching remote clusters. #22575

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with tsh not respecting HTTPS_PROXY in some cases. #22492
• Fixed issue with config validation in Helm charts scratch mode. #22423
• Added IAM joining support for Azure VMs. #22204
• Added auto-discovery support for Azure VMs. #22521
• Added support for ap-southeast-4 AWS region for IAM joining. #22486
• Added ability to specify web terminal scrollback length in proxy config. #22422
• Added support for PuTTY's winadj channel requests. #22420
• Added --trace-profile flag to tsh that allows generating runtime trace profiles. #22406
• Added enhanced session recording support for arm64 architectures. #22550
• Updated tctl alert ack to allow acknowledging alerts of any severity. #22582
• Updated Windows desktop access to display only applicable logins. #22333
• Improved Kubernetes access performance when using kubectl. #22508
• Improved Teleport Connect performance when connecting to large clusters. #22316
• Improved performance and scalability in large clusters. #21495

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

This release of Teleport contains a security fix as well as multiple improvements and bug fixes.

Security fix

• Fixed issue with session being terminated after a short delay instead of immediately paused after moderator leaves. #21973

Other improvements and bug fixes

• Fixed issue with kubectl exec commands failing on leaf clusters. #22245
• Fixed issue with local_auth: false setting being ignored unless authentication type is set. #22241
• Fixed command info hang in Redis database access. #22229
• Fixed issue with orphaned child processes after session ends. #22224
• Fixed issue with internal logins periodically appearing in Teleport Connect. #22188
• Fixed issue with remote cluster connection status sometimes not being updated properly. #22089
• Fixed heartbeat failures from database service. #22084
• Fixed issue with missing --request-id= flag in UI for Kubernetes login instructions. #21443
• Fixed access denied issues when using full role ARN when connecting to databases. #21254
• Added --client flag to tsh version command flag to show client-only version. #22168
• Added Kubernetes join method. #21907
• Added extra Prometheus metrics for tracking active connections. #21772
• Added ability to select all matching resources when creating a resource access request. #22349
• Updated tsh to print log timestamps in debug mode by default. #21995
• Updated Go toolchain to 1.20.1. #21934
• Improved error reporting from kubectl commands. #21919

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains multiple security fixes, improvements and bug fixes.

Security fixes

• Fixed issue with malicious SQL Server packet being able to cause proxy crash. #21638
• Fixed issue with session terminated after a short delay instead of being immediately paused when moderator leaves. #21974

Other improvements and bug fixes

• Fixed issue with orphaned child processes after session ends. #22222
• Fixed issue with not being able to see any pods with an active access request. #22196
• Fixed issue with remote cluster state not always being correctly updated. #22088
• Fixed heartbeat errors from database service. #22087
• Fixed issue with applications temporarily disappearing during app service restart. #21807
• Fixed issue with some Helm values being accidentally shared between auth and proxy configs. #21768
• Fixed issues with desktop access flow in Access Management interface. #21756
• Fixed "access denied" errors in Teleport Connect on Windows. #21720
• Fixed issue with database GUI client connections requiring random taps when per-session MFA is enabled. #21661
• Fixed issue with moderated sessions not working on leaf clusters. #21612
• Fixed issue with missing --request-id flag in UI for Kubernetes login instructions. #21445
• Fixed issue connecting to AWS resources when using full IAM role ARNs. #21251
• Fixed issue with local_auth: false setting being ignored without explicitly setting authentication_type. #22215
• Added tctl resource commands for Device Trust. #22157
• Added support for assuming roles in tsh proxy aws. #21990
• Added early feedback for successful security key taps in tsh. #21780
• Added device lock support. #21751
• Added suppport for security contexts in teleport-kube-agent Helm chart. #21535
• Updated tsh version command to display client version only via --client flag. #22167
• Updated install script to use enterprise packages for enterprise clusters. #22109
• Updated install script to use deb/rpm repositories. #22108
• Updated proxy init container in Helm charts to use security context. #22064
• Updated tsh to include timestamps with debug logs. #21996
• Updated AWS access to fetch credentials with TTL matching user's certificate TTL. #21994
• Updated Go toolchain to 1.20.1. #21931
• Updated tsh kube login --all to not require cluster name. #21765
• Updated teleport db configure create command to support more use-cases. #21690
• Improved performance in large clusters with etcd backend. #21905, #21496

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains two security fixes as well as multiple improvements and bug fixes.

Arbitrary length data reading in go-mssqldb

• Fixed issue with malicious MS SQL server causing potential DoS with malformed client packet. go-mssqldb#7, #21650

OpenSSH update

• Updated OpenSSL to 1.1.1t. #21427

Other improvements and fixes

• Fixed issue with apps temporarily disappearing during app service restart. #21810
• Fixed desktop access discovert flow in Access Manager interface. #21759
• Fixed issue with Teleport Connect getting "access denied" errors on Windows. #21722
• Fixed issue with moderated sessions not working on leaf clusters. #21610
• Fixed issue with SSH session playbacks having scrollbars in web player. #21479
• Fixed usage of --as flag for kubectl exec/portforward. #21149
• Fixed issue with restarts triggering update events for builtin roles. #21143
• Fixed issue with desktop sessions being written to disk with disabled recording. #21101
• Fixed issue with SSO auth not working for application access apps. #21048
• Fixed usage of Oracle MySQL client on Windows. #20600
• Fixed issue with remote cluster connection status not being always updated. #22091
• Fixed tctl auth sign --format kubernetes not working against remote auth servers. #20572
• Fixed tsh db connect with MariaDB when proxy is in separate port mode. #20410
• Fixed wildcard matching in EC2 auto discovery. #20389
• Added PodMonitor support in Helm charts. #20565
• Added dnsConfig support in teleport-kube-agent chart. #20555
• Added nodeSelector field to teleport-kube-agent chart. #20443
• Added support for multiple transformations in role templates. #20295
• Updated Go to 1.19.6 #21935
• Updated Rust to 1.67.0. #20956
• Updated tsh db connect to explicitly require --db-user for ElasticSearch. (#20695) #20923
• Updated desktop access to display client_idle_timeout_message. #20616
• Updated tsh to provide early security key tap feedback. #21782
• Updated tsh to respect --auth and --mfa-mode before defaulting to passwordless. #20475
• Updated Helm charts to reload proxy certs automatically. #20520
• Updated macOS tarballs to be signed. #20306
• Improved database access availability during database service restarts. #21637
• Improved performance of listing resources across multiple clusters. #21585
• Improved etcd backend efficiency for large clusters. #21497
• Improved handling of closed LDAP connections in desktop access. #21193
• Improved error message when trying to rename resource. #21177
• Improved stability for slow Kubernetes access clients. #20518

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains a low severity security fix and multiple improvements and bug fixes.

(Low) Arbitrary length data reading in go-mssqldb

• Fixed issue with malicious MS SQL server causing potential DoS with malformed client packet. go-mssqldb#7, #21639

Other improvements and fixes

• Fixed issue with readyz endpoint not recovering from degraded state. #21827
• Fixed issue with applications temporarily disappearing during app service restart. #21808
• Fixed desktop access discovery errors in access management UI. #21757
• Fixed "handshake failed" and "access denied" Teleport Connect errors on Windows. #21721
• Fixed issue with access management UI not accepting valid port numbers. #21652
• Fixed database connection issues during database service restarts. #21636
• Fixed Kubernetes connection issues during Kubernetes service restarts. #21616
• Fixed issue with application access going into redirect loop sometimes. #21614
• Fixed issue with moderated sessions not working on leaf clusters. #21611
• Fixed issue with invalid role namespaces leading to cluster lockouts. #21574
• Fixed issue with Teleport Connect sometimes not recognizing logged in user. #21531
• Added acknowledgment message for successful security key taps. #21781
• Updated Go toolchain to 1.20. #21681
• Improved performance of listing resources across clusters. #21583
• Removed short timeouts from resource join links in access management UI. #21488
• Improved error message when trying to rename resource. #21178
• Improved stability in large clusters with etcd backend. #21904

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Description

This release of Teleport contains a security fix as well as multiple improvements and bug fixes.

OpenSSL update

• Updated OpenSSL to 1.1.1t. #21425

Other fixes and improvements

• Fixed issue with Access Manager interface not accepting valid port numbers. #21651
• Fixed issue with some application access requests failing after proxy restart. #21615
• Fixed issue with invalid role template namespaces leading to cluster lockouts. #21573
• Fixed issue with Teleport Connect failing to recognize logged in user sometimes. #21467
• Fixed issue with the back button not working in Web UI navigation. #21236
• Fixed issue with Web UI SSH player having scrollbars. #20868
• Added support for tsh request search --kind=pod command. #21456
• Updated tsh db configure create to require flag for dynamic resources matching. #21395
• Improved reconnect stability after database service restart. #21635
• Improved reconnect stability after Kubernetes service restart.#21617
• Improved tsh ls -R performance. #21577
• Improved tsh scp error message when no remote path is specified. #21373
• Improved error message when trying to rename resource. #21179
• Reduced CPU usage when using enhanced session recording. #21437

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes