teleport

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.

Audit log escape for non-interactive commands

Fixed multiple issues with SSH commands escaping audit logs in certain scenarios.

#16813
#16905

Other fixes and improvements

• Fixed issue with RDS auto-discovery of a secondary cluster of a global Aurora database. #16710
• Added Kubernetes Access support to Teleport Connect. webapps#1201
• Added Elasticsearch support to Database Access. #16873
• Added information about available security releases to tsh status. #16850
• Improved error handling when registering MFA devices. #16765
• Updated default AWS install script to use v2 metadata API. #16664
• Updated tsh db connect hint to not display --db-user and --db-name flags unless needed. #16747

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

labels: security-patch=yes

Description

This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.

Audit log escape for non-interactive commands

Fixed issue with allowing more than one exec or shell command per SSH channel which could result in some commands escaping the audit log in some cases.

#16821

Other improvements and fixes

• Fixed potential memory leak that could occur if SSH channel is rejected. #11875
• Fixed panic when calling tctl commands with --auth-server flag. #16263
• Fixed issue with a dot being appended to token generated with tctl tokens add. #16420
• Fixed issue with RDS auto-discovery skipping secondary cluster of a global Aurora database. #16713
• Fixed issue with dialing nodes by labels not working in some scenarios. #16345
• Updated tsh db connect hint to now show --db-user and --db-name flags unless needed. #16749
• Updated IAM joining to use FIPS STS endpoints in FIPS mode. #16378
• Improved memory usage in large clusters. #16376

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

labels: security-patch=yes

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with connecting to SQL Server in leaf cluster through the local proxy. #16615
• Fixed issue with some IDEs (e.g. PyCharm) failing to connect to remote nodes. #16722
• Fixed issue with etcd backend not loading all certificates from the configured CA bundle. #16599
• Fixed issue with incorrect timestamp in session.end events. #16672
• Added allow_unverified_email setting to OIDC connectors allowing to opt-out of email verification. #16143
• Updated tsh db connect hint to not mention --db-user and --db-name flags unless needed. #16709
• Improved memory usage in large clusters. #16375

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with connecting to servers with some GUI clients e.g. PyCharm. #16662
• Fixed issue with connecting to SQL Server in a leaf cluster through the local proxy. #16616
• Fixed regression issue introduced in 10.2.3 with enterprise specific web UI pages returning errors. webapps#1212
• Added support for simplified Active Directory configuration in Desktop Access. #16623

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Known issues: Due to a regression enterprise features are not available via the web UI in this release. Please upgrade to 10.2.6 or newer.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with tsh login sometimes hanging when using U2F devices. #16657
• Fixed issue with large etcd backend size growth in clusters handling thousands of concurrent sessions. #16659
• Fixed issue with etcd backend only using a single certificate from the configured CA bundle. #16598
• Fixed issue with tsh db env returning errors when TLS routing is enabled. #16468
• Fixed issue with intermittent failures when connecting to leaf cluster nodes. #16685
• Fixed issue with missing timestamp in session.end events. #16566
• Added minReadySeconds setting to teleport-cluster Helm chart. #16675
• Added support for automatic EC2 instance discovery and enrollment. #16006, #16588
• Added allow_unverified_email parameter to OIDC connectors allowing to opt out of email verification. #16142
• Added support for TLS routing for Database Access when Teleport is deployed behind an ALB. #16415
• Added support for providing custom CAs to teleport-cluster Helm chart. #16325

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with tsh on Windows failing to lock known_hosts file. #16441
• Fixed issue with tsh producing auditd errors on certain kernels. #16448
• Fixed issue with upgraded clusters not being able to test connection in the new node joining wizard. #16399
• Fixed issue with some Kubernetes clients failing when trying to use exec API through Kubernetes Access. #16282
• Fixed issue with tsh ssh returning "access denied" when connecting to nodes by labels in some cases. #16324
• Updated Helm charts to support Kubernetes v1.25. #16343
• Updated IAM joining to use FIPS STS endpoints when running in FIPS mode. #16374
• Added tctl alerts create command to allow administrators to set custom alerts. #16290
• Added EC2 joining support for Windows Desktop Service. #16438

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with long redirect URLs causing SAML logins to fail. #15868
• Fixed issue with unsupported AWS tags breaking EC2 tag import functionality. #16016
• Fixed issue with known_hosts file becoming corrupted under concurrent tsh usage. #16212, #16444
• Fixed potential panic in tctl commands. #16260
• Fixed issue with LetsEncrypt certificates sometimes not renewing properly in Terraform deployments. #16245
• Fixed issue with a dot being appended to the token generated with tctl tokens add. #16239
• Fixed issue with tsh aws s3 failing on paths with special characters. #15821
• Fixed issue with inability to register webauthn devices when local auth is disabled. #15775
• Fixed issue with session state not being updated correctly in some cases. #16097
• Fixed issue with missing nodes in clusters with a lot of node churn. #16104
• Fixed issue with tsh ssh returning "access denied" when dialing nodes by labels in some cases. #16344
• Fixed issue with incorrect Firestore backend pagination handling. #13757
• Updated IAM joining to use FIPS STS endpoints when running in FIPS mode. #16377
• Added SessionRecordingAccess audit event emitted every time session events are queried or streamed. #15758
• Added support for AWS Console Access in US GovCloud regions. #16069
• Added lock target to lock.create audit events. #15982
• Added support for RDP licensing negotiation in Desktop Access. gravitational/rdp-rs#17
• Added SFTP audit events and updated audit log descriptions to use node names instead of IPs for some events. #16329
• Added support for IAM joining in AWS China regions. #15916
• Added support for EC2 joining for Windows Desktop Service. #16439
• Improved handling of unsupported Google application credentials to avoid potential panics. #16041
• Improved cluster network utilization. #15839
• Improved reliability in clusters with many missing reverse tunnels. #15803

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains a security fix as well as multiple bug fixes.

Upgraded Go to 1.18.6

Teleport build infrastructure has been upgraded to include security fixes from the latest Go 1.18.6 release.

See Go security announcement for details.

Other fixes

• Fixed issue with invalid TeleportHostname tag name breaking automatic AWS labels import. #16015
• Fixed issue with corrupted known_hosts file when using tsh concurrently. #16203
• Fixed potential panic in tctl commands. #16255
• Fixed issue with a dot being appended to the token value generated with tctl auth sign. #16238
• Fixed issue with executing SSH commands on multiple nodes when per-session MFA is enabled. #16148
• Updated the new "Add server" wizard to gracefully treat lack of permissions. webapps#1187
• Added SFTP events to audit log. webapps#1188

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed potential panic when using unsupported Google application credentials format. #16040
• Fixed issue with tsh aws s3 failing on paths with special characters. #15820
• Fixed issue with sessions not being completed in some cases. #16098
• Fixed issue with DynamoDB backend not returning all items in clusters with a lot of node churn. #16105
• Added support for IAM joining in AWS China regions. #15918
• Added SessionRecordingAccess event emitted every time session's events are queried or session's events are streamed. #14302
• Added support for AWS Console Access in AWS GovCloud regions. #16070
• Added teleport install systemd command that generates Teleport systemd unit file. #15272
• Added lock target to lock.create events. #16004
• Improved network utilization in large clusters. #15840
• Improved stability in clusters with missing reverse tunnels. #15804

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains a security fix as well as bug fixes and stability improvements.

RCE in SSH agent install script

Token value provided via HTTP request to download the node join script wasn't
properly validated. This could allow an attacker to generate a node join script
with malicious code included.

#15876

Other fixes

• Fixed issue with some kubectl commands getting "malformed HTTP response" during concurrent access. #15468
• Fixed get-kubeconfig.sh script to work with Kubernetes 1.24+. #15618
• Fixed issue with resource listings not returning accurate results when there are denied resources. #14547
• Fixed issue with DynamoDB backend not returning all data in clusters with a lot of node churn. #16106
• Improved stability of remote cluster connections after proxy restart. #13798
• Improved stability of agent reconnects after proxy restart. #14508
• Improved internal cache efficiency for large clusters. #14307
• Improved network utilization in large clusters. #15841
• Improved stability in clusters with missing reverse tunnels. #15805

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with tsh reporting "no suitable devices found" when using Yubikeys. #16011
• Fixed potential panic when using unsupported Google application credentials file. #16042
• Fixed issue with database connections getting terminated due to idle timeout when running long queries. #16017
• Fixed issue with tsh ssh and tsh aws commands failing with "unknown flag" errors. #16094
• Fixed issue with empty Github connector fields being always marshaled. #16012
• Fixed issue with SSH sessions not properly terminating in some cases. #16065
• Introduced a new web UI guided wizard for joining SSH nodes. #16169, #16087
• Added support for Azure PostgreSQL and MySQL databases auto-discovery. #15988, #15990, #15989, #15991, #15992
• Added support for directory sharing to Desktop Access. #16054
• Added new Teleport version notifications to tsh login and tsh status. #16180
• Added support for sending session events to Linux Audit System (auditd). #16140
• Added --browser=none support to tctl sso test command that prints the URL in the console. #16086
• Added retries to biometric key authentication when using unregistered fingerprint. #15947
• Added support for IAM joining in AWS China regions. #15915
• Added support for AWS Console Access in AWS GovCloud regions. #16067
• Added the lock target to lock.create audit events. #15981
• Updated tctl bots add to display correct proxy address. #16089
• Updated Access Requests to include appropriate --request-id flag to generated tsh login command. #15962
• Increased maximum backend range limit to account for clusters with a lot of node churn. #16103

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed log spam issues related to EC2 tags import. #15179
• Fixed issue with tctl auth sign not including SNI in generated kubeconfig in TLS routing mode. #15632
• Fixed issue with inability to set wildcard labels in Teleport Operator resources. #15600
• Fixed issue with nodes not being displayed when user does not have valid principals. #15797
• Fixed issue with JWT headers not being passed through on websocket requests in App Access. #15738
• Fixed issue with tsh aws s3 failing on paths with special characters. #15819
• Fixed issue with get-kubeconfig.sh script not working with Kubernets 1.24+. #15617
• Fixed issue with tsh mfa rm not deleting Touch ID credentials. #15675
• Fixed issue with inability to add webauthn devices in Web UI when local auth is disabled. #15776
• Fixed issue with SAML login failing in some scenarios. #15886
• Fixed issue with Firestore backend pagination. #13756
• Fixed issue with unescaped path parameter causing failure on initial direct access to proxied application. #15908
• Fixed issue with Github connector's deprecated teams_to_logins field always being marshaled. #15933
• Added ability for reverse tunnel agents to join over reverse tunnel port without exposing web UI. #13598
• Added ssh_file_copy role option allowing to disable scp and SFTP file copying. #15853
• Added ability to disable local auth in teleport-cluster Helm chart. #15595
• Added support for tsh alias subcommands. #14919
• Added support for AWS China and GovCloud regions to Database Access. #15583
• Added support for IdP initiated SAML logins. #15733
• Updated tsh db env/config commands to not show erroneous information in unsupported scenarios. #15734
• Improved connection reliability in proxy peering mode. #15313
• Improved error messaging in joined Kubernetes sessions. #15492
• Improved network utilization on proxies. #15838

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with log spam related to EC2 label import when not running on AWS. #15179
• Fixed issue with tctl auth sign not including TLS server name in kubeconfig. #15631
• Fixed issue with --no-enable-escape-sequences not being honored in tsh. #14457
• Fixed issue with node name not showing up in recordings list in proxy recording mode. #14995
• Fixed issue with improper shutdown of Desktop Access connections. #15074
• Fixed issue with teleport configure failing it output directory does not exist. #15386
• Fixed issue with string "true" causing issues in email_verified OIDC claim. #14918
• Fixed issue with kubectl exec failing during concurrent Kubernetes Access. #15465
• Fixed issue with get-kubeconfig.sh script not working for Kubernetes 1.24+. #15620
• Fixed issue with second_factor setting unmarshal in some cases. #15202
• Fixed issue with Desktop Access always using LDAP DNS resolver. #15256
• Improved error handling for Kubernetes session joining. #15493
• Added support for variable playback speed for Desktop Access session recordings. #15327
• Added teleport install systemd command. #15271

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with kubectl exec sometimes failing during concurrent Kubernetes Access. #15467
• Fixed issue with get-kubeconfig.sh script not working for Kubernetes 1.24+.
• Fixed issue with the token not being sanitized in the node join script. #14952
• Fixed issue with timestamp not being set on session.upload events. #14561
• Fixed issue with Teleport components not becoming ready when Desktop Access is enabled. #14859
• Fixed potential panic during concurrent streaming of the same session. #15376
• Fixed issue with tsh ssh provided username not being respected in all cases. #14850
• Added SFTP subsystem support. #14586
• Improved port-forwarding error handling. #14915, #14999
• Improved parsing logic for second_factor config option. #15203
• Improved internal cache efficiency in Auth and Proxy servers. #15447

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with --allow-passwordless flag being ignored for tsh mfa add. #15137
• Fixed issues with MFA registration via web UI. #14984
• Fixed issue with LetsEncrypt state not being properly synced when Auth Servers are in an ASG. #15214
• Fixed issue with node names not being populated in audit log in proxy session recording mode. #14992
• Fixed issue with --no-enable-escape-sequences flag not being respected by tsh. #14456
• Fixed issue with non-existent target directory when using teleport configure. #15352
• Fixed issue with unknown audit log events when using TCP app access. #15406
• Fixed issue with cluster name missing on session.upload events. #15239
• Fixed issue with automatic node join script expecting teleport binary to be present in PATH. #15473
• Fixed issue with Desktop Access always trying to use LDAP servers for DNS requests. #15255
• Fixed potential panic in Auth Server during concurrent streams of the same session. #15360
• Fixed issue with kubectl getting "malformed HTTP response" error during simultaneous use. #15464
• Added ability to control session recording mode in teleport-cluster Helm chart. #15003
• Added ability to control DynamoDB auto-scaling in teleport-cluster Helm chart. #15122
• Added passwordless support to Teleport Connect. #15265
• Added proxy protocol support to the SSH proxy endpoint. #15086
• Added teleport install systemd command that installs Teleport as a systemd service. #15270
• Added tracing to SSH sessions. #15228
• Added tsh recordings ls command that displays available session recordings. #15429
• Added variable playback speed to Desktop Access session recordings. #15326
• Added support for login traits to Machine ID bots. #15470
• Improved error handling when using Yubikeys. #15395
• Updated tctl users update commmand to allow setting additional user traits. #15108
• Updated Machine ID generated certificate names to be compatible with default OpenSSH configuration. #15297
• Updated AWS CLI access to capture AWS requests in the audit log. #15207

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with Teleport determining whether it's running on an EC2 instance. #14867
• Fixed "public IP not among valid principals" error from tsh proxy ssh. #15011
• Fixed issue with corrupted web UI transfers. #15045
• Fixed "chan_shutdown_read: not a socket" issue when using ssh-add commands with Windows OpenSSH client. #15050
• Fixed issues with explicitly provided username not always being respected in tsh ssh. #14939
• Added SFTP subsystem support. #14197
• Improved error messages during tsh login. #15027

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

Teleport 10.1 is a minor release that brings the following new features:

• Machine ID support for Kubernetes Access (Preview). #14550
• Machine ID support for Application Access (Preview). #14723
• Machine ID support for CA rotation. #14431
• Kubernetes Operator (Preview). #14860
• Plain TCP applications support for Application Access (Preview). #14896

In addition, this release of Teleport contains a security fix, as well as multiple improvements and bug fixes.

Security fix:

• Fixed issue with token not being validated when generating a join script. #14944

Other improvements and bug fixes:

• Fixed "no suitable devices found" libfido2 error. #14795
• Fixed "access denied" error when joining a session. #14770
• Fixed issue with tsh status not respecting TELEPORT_HOME environment variable. #14335
• Fixed issue with Ctrl-C hanging for paused sessions. #14511
• Fixed "access denied" error when creating tokens in web UI. #14624
• Fixed issue with resource access request being lost when assuming a role access request. #14711
• Fixed issue with tbot not exiting correctly in one-shot mode. #14683
• Fixed issue with time not being correctly set on session.upload events. #14559
• Fixed issue with Teleport components not becoming ready when desktop access is enabled. #14839
• Fixed issue with ssh-add commands triggering "chan_read_shutdown" error in stdout when using OpenSSH client on Windows. #15049
• Fixed issue with corrupted web UI file transfers. #15044
• Improved error message for failed SSO authorization. #14595
• Improved error when starting database service with invalid configuration. #14515
• Updated tsh proxy ssh to automatically re-log user in. #14814
• Added TouchID credential picker. #14643
• Added ability to set public addresses in teleport-cluster Helm chart. #14768
• Added support for application and database dynamic registration in Helm charts. #14881
• Added ability to override AWS database name via teleport.dev/database-name tag. #14799
• Added extra flags to teleport db configure command. #14654
• Added tsh request drop command. #14843
• Added ability to call tsh proxy db without calling tsh db login first. #14798
• Added Prometheus metrics for S3 requests. #14664
• Added Prometheus metrics for DynamoDB requests. #14757
• Added support for exporting traces to a file. #14746

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

labels: security-patch=yes

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed issue with incorrect time being set on session.upload events. #14560
• Fixed issue with Teleport components not becoming ready when desktop access is enabled. #14858
• Fixed issue with token not being validated when generating a join script. #14946
• Added ability to override AWS database name via teleport.dev/database_name tag. #14826
• Added ability to call tsh proxy db without calling tsh db login first. #14801
• Added additional Prometheus metrics for DynamoDB. #14761
• Added support for external IDs in AWS Console access. #14895

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Description

This release of Teleport contains multiple improvements and bug fixes.

• Fixed X11 forwarding issues on Windows and Mac. #14438
• Fixed issues with CAs not being propagated during CA rotation. #14045
• Fixed agent reconnect issues after proxy restart. #14509
• Fixed issue with PostgreSQL listener not starting when proxy is started in non-TLS mode. #14330
• Fixed issue with connection through a jump host when root cluster is offline. #13929
• Fixed issue with redirect URL not being preserved after application access login. #14205
• Fixed --cluster flag for tsh db ls command. #14396
• Fixed issue with resource listing pagination when there are denied resources. #14544
• Added ability to set AWS database name via teleport.dev/database_name tag. #14827
• Added ability to call tsh proxy db without tsh db login. #14838
• Added support for external IDs in AWS Console Access. #14897
• Improved tsh db ls performance for users with many roles. #14288
• Improved internal cache efficiency. #14305

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.