The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Bot releases are hidden (Show)
Published by russjones about 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by russjones about 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by russjones about 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by webvictim about 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by webvictim about 4 years ago
This release of Teleport contains a security fix and a bug fix.
A vulnerability was discovered in the github.com/russellhaering/goxmldsig
library which is used by Teleport to validate the
signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.
The goxmldsig
library has been updated upstream and Teleport 4.3.7 includes the fix. Any Enterprise SSO users using Okta,
Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.3.7 and restart Teleport.
If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.
HTTP_PROXY
or HTTPS_PROXY
environment variables. #4271
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim about 4 years ago
This release of Teleport contains a security fix.
A vulnerability was discovered in the github.com/russellhaering/goxmldsig
library which is used by Teleport to validate the
signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.
The goxmldsig
library has been updated upstream and Teleport 4.2.12 includes the fix. Any Enterprise SSO users using Okta,
Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.2.12 and restart Teleport.
If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim about 4 years ago
This release of Teleport contains a security fix.
A vulnerability was discovered in the github.com/russellhaering/goxmldsig
library which is used by Teleport to validate the
signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.
The goxmldsig
library has been updated upstream and Teleport 4.1.11 includes the fix. Any Enterprise SSO users using Okta,
Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.1.11 and restart Teleport.
If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim about 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by webvictim about 4 years ago
This release of Teleport contains multiple bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 4 years ago
This release of Teleport contains multiple bug fixes.
This release also includes the following bug fixes from 4.3.4.
pam_loginuid.so
and pam_selinux.so
. #4133
tsh
to panic when using a PEM file. #4189
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 4 years ago
This release of Teleport contains multiple bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 4 years ago
This is a major Teleport release with a focus on new features, functionality, and bug fixes. It’s a substantial release and users can review 4.3 closed issues on Github for details of all items. We would love your feedback - please pick a time slot for a remote UX feedback session if you’re interested.
Teleport 4.3 includes a completely redesigned Web UI. The new Web UI expands the management functionality of a Teleport cluster and the user experience of using Teleport to make it easier and simpler to use. Teleport's new terminal provides a quick jumping-off point to access nodes and nodes on other clusters via the web.
Teleport's Web UI now exposes Teleport’s Audit log, letting auditors and administrators view Teleport access events, SSH events, recording session, and enhanced session recording all in one view.
Teleport 4.3 introduces four new plugins that work out of the box with Approval Workflow. These plugins allow you to automatically support role escalation with commonly used third party services. The built-in plugins are listed below.
kube_users)
support to Kubernetes Proxy. #3369
kubeconfig
. #3655
--browser
flag to tsh
. #3737
teleport configure
output to be more useful out of the box. #3429
tsh
and gpg-agent
integration. #3169
Always follow the recommended upgrade procedure to upgrade to this version.
If you’re upgrading an existing version of Teleport, you may want to consider rotating CA to SHA-256 or SHA-512 for RSA SSH certificate signatures. The previous default was SHA-1, which is now considered to be weak against brute-force attacks. SHA-1 certificate signatures are also no longer accepted by OpenSSH versions 8.2 and above. All new Teleport clusters will default to SHA-512 based signatures. To upgrade an existing cluster, set the following in your teleport.yaml
:
teleport:
ca_signature_algo: "rsa-sha2-512"
Rotate the cluster CA, following these docs.
Due to the number of changes included in the redesigned Web UI, some URLs and functionality have shifted. Refer to the following ticket for more details. #3580
The minimum set of Kubernetes permissions that need to be granted to Teleport proxies has been updated. If you use the Kubernetes integration, please make sure that the ClusterRole used by the proxy has sufficient permissions.
The etcd backend now correctly uses the “prefix” config value when storing data. Upgrading from 4.2 to 4.3 will migrate the data as needed at startup. Make sure you follow our Teleport upgrade guidance.
Note: If you use an etcd backend with a non-default prefix and need to downgrade from 4.3 to 4.2, you should backup Teleport data and restore it into the downgraded cluster.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 4 years ago
This release of Teleport contains multiple bug fixes.
tsh
that would cause connections to the Auth Server to fail on large clusters. #3872
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim over 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by russjones over 4 years ago
This release of Teleport contains multiple bug fixes.
tsh login <clusterName>
not working correctly with Kubernetes clusters. #3693
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 4 years ago
This release of Teleport contains multiple bug fixes.
tsh login
would be required to login to a leaf cluster. #3639
tsh ls
to return stale results. #3536
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by russjones over 4 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download
Published by russjones over 4 years ago
This release of Teleport contains multiple bug fixes.
^C
would not terminate tsh
. #3456
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 4 years ago
As part of a routine security audit of Teleport, a security vulnerability was discovered that affects all recent releases of Teleport. We strongly suggest upgrading to the latest patched release to mitigate this vulnerability.
Due to a flaw in how the Teleport Web UI handled host certificate validation, host certificate validation was disabled for clusters where connections were terminated at the node. This means that an attacker could impersonate a Teleport node without detection when connecting through the Web UI.
Clusters where sessions were terminated at the proxy (recording proxy mode) are not affected.
Command line programs like tsh
(or ssh
) are not affected by this vulnerability.
To mitigate this issue, upgrade and restart all Teleport proxy processes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.