teleport

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains a feature.

Description

• Added event/network emission metrics to tctl top. #8338

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains bug fixes and multiple features.

Description

• Added support for Hardware Security Modules (HSMs). #7981
• Added tsh ssh support for Windows. #8306 #8221 #8295
• Fixed regressions in graceful restart behavior of Teleport. #8083
• Fixed an issue with forwarding requests to EventSource apps via application access. #8385

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains bug fixes, improvements, and multiple features.

Description

• Fixed performance and stability issues for DynamoDB clusters. #8279
• Fixed issue that could cause Teleport to panic when disconnecting expired certificates. #8288
• Fixed issue that could cause Teleport to fail to start if unable to connect to Kubernetes cluster. #7523
• Fixed issue that prevented the Web UI from loading in Safari. #7929
• Improved performance for Google Firestore users. #8181 #8241
• Added support for profile specific kubeconfig file. #7840
• Added support to Terraform Plugin to load loading identity from environment variables instead of disk. #8061 teleport-plugins#299

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple improvements.

Description

• Fixed performance and stability issues for large DynamoDB clusters. #8279

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple bug fixes.

Description

• Fixed an issue with teleport configure generating empty hostname for web proxy address. #8245
• Fixed an issue with interactive sessions always exiting with code 0. #8252
• Fixed an issue with AWS console access silently filtering out IAM roles with paths. #8225
• Fixed an issue with fsGroup not being set in teleport-kube-agent chart when using persistent storage. #8085
• Fixed an issue with Kubernetes service not respecting public_addr setting. #8258

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains two bug fixes.

Description

• Fixed an issue with teleport configure generating empty hostname for web proxy address. #8246
• Fixed an issue with Kubernetes service not respecting public_addr setting. #8257

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple bug fixes and security fixes.

• Fixed an issue with starting Teleport with --bootstrap flag. #8128
• Added support for non-blocking access requests via --request-nowait flag. #7979
• Added support for a profile specific kubeconfig file. #8048

Security fixes

As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.

Details

Below are the issues found, their impact, and the components of Teleport they affect.

Server Access

An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:

• Using tsh with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.

• Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, Applications, or Database servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.

Database Access

When connecting to a Postgres database, an attacker could craft a database name or a username in a way that would have allowed them control over the resulting connection string.

An attacker could have probed connections to other reachable database servers and alter connection parameters such as disable TLS or connect to a database authenticated by a password.

All

During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.

Actions

For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh and Teleport agents (including trusted cluster proxies) that use reverse tunnels.

Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.

Breaking changes

You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.

Download

Download one of the following releases to mitigate the issue:

• Teleport 7.1.1
• Teleport 6.2.12
• Teleport 5.2.4
• Teleport 4.4.11

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple security fixes.

Description

As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.

Details

Below are the issues found, their impact, and the components of Teleport they affect.

Server Access

An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:

• Using tsh with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.

• Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, Applications, or Database servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.

Database Access

When connecting to a Postgres database, an attacker could craft a database name or a username in a way that would have allowed them control over the resulting connection string.

An attacker could have probed connections to other reachable database servers and alter connection parameters such as disable TLS or connect to a database authenticated by a password.

All

During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.

Actions

For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh and Teleport agents (including trusted cluster proxies) that use reverse tunnels.

Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.

Breaking changes

You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.

Download

Download one of the following releases to mitigate the issue:

• Teleport 7.1.1
• Teleport 6.2.12
• Teleport 5.2.4
• Teleport 4.4.11

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple security fixes.

Description

As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.

Details

Below are the issues found, their impact, and the components of Teleport they affect.

Server Access

An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:

• Using tsh with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.

• Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, or Applications servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.

All

During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.

Actions

For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh and Teleport agents (including trusted cluster proxies) that use reverse tunnels.

Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.

Breaking changes

You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.

Download

Download one of the following releases to mitigate the issue:

• Teleport 7.1.1
• Teleport 6.2.12
• Teleport 5.2.4
• Teleport 4.4.11

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains multiple security fixes.

Description

As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.

Details

Below are the issues found, their impact, and the components of Teleport they affect.

Server Access

An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:

• Using tsh with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.

• Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.

All

During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.

Actions

For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh and Teleport agents (including trusted cluster proxies) that use reverse tunnels.

Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.

Breaking changes

You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.

Download

Download one of the following releases to mitigate the issue:

• Teleport 7.1.1
• Teleport 6.2.12
• Teleport 5.2.4
• Teleport 4.4.11

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains two bug fixes.

Description

• Fixed performance issues with DynamoDB. #7995
• Fixed an issue with app descriptions not being displayed in the Web UI. #7993

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains an improvement and new feature.

Description

• Added support for user and session locking. RFD#9
• Fixed DynamoDB performance issues. #7992
• Fixed issue in build pipeline that was generating empty CentOS 6 archives. #8033

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains an improvement and new feature.

Description

• Fixed an issue that could cause DynamoDB users to no login to Teleport.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains an improvement and new feature.

Description

• Fixed performance issues for larger clusters. #7800 #7631 #7414
• Fixed issues in the Web UI for pagination. #7638 #7734

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.