teleport

Teleport 2.7.8 contains two security fixes

Bug Fixes

• Updated xterm.js to mitigate a RCE in xterm.js.
• Mitigate potential timing attacks during bearer token authentication. #2482

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Teleport 3.1.2 contains a security fix. We strongly encourage anyone running Teleport 3.1.1 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Teleport 3.0.3 contains a security fix. We strongly encourage anyone running Teleport 3.0.2 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Teleport 2.7.7 contains a security fix. We strongly encourage anyone running Teleport 2.7.6 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Also upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Teleport 2.6.10 contains a security fix. We strongly encourage anyone running Teleport 2.6.9 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Also upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Teleport 3.1.1 contains a security fix. We strongly encourage anyone running Teleport 3.1.0 to upgrade.

Bug Fixes

• Upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go. For customers using the RHEL5.x compatible release of Teleport, we've backported this fix to Go 1.9.7, before releasing RHEL 5.x compatible binaries.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

Teleport 3.0.2 contains a security fix. We strongly encourage anyone running Teleport 3.0.1 to upgrade.

Bug Fixes

• Upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

This is a major Teleport release with a focus on backwards compatibility, stability, and bug fixes. Some of the changes:

• Added support for regular expressions in RBAC label keys and values. #2161
• Added support for configurable server side keep-alives. #2334
• Added support for some -o to improve OpenSSH interoperability. #2330
• Added i386 binaries as well as binaries built with older version of Go to support legacy systems. #2277
• Added SOCKS5 support to tsh. #1693
• Improved UX and security for nodes joining a cluster. #2294
• Improved Kubernetes UX. #2291 #2258 #2304
• Fixed bug that did not allow copy and paste of texts over 128 in the Web UI. #2313
• Fixes issues with scp when using the Web UI. #2300

For the full list of changes, see #26.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

This release of Teleport contains a bug fix.

Bug Fixes

• Fix regression that marked ADFS claims as invalid. #2293

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This release of Teleport contains a bug fix.

Bug Fixes

• Fix regression that marked ADFS claims as invalid. #2293

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

This is a major Teleport release which introduces support for Kubernetes clusters. In addition to this new feature this release includes several usability and performance improvements listed below.

Kubernetes Support

• tsh login can retreive and install certificates for both Kubernetes and SSH at the same time.
• Full audit log support for kubectl commands, including recording of the sessions if kubectl exec command was interactive.
• Unified (AKA "single pane of glass") RBAC for both SSH and Kubernetes permissions.

For more information about Kubernetes support, take a look at the Kubernetes and SSH Integration Guide

Improvements

• Teleport administrators can now fine-tune the enabled ciphersuites #1999
• Improved user experience linking trusted clusters together #1971
• All Teleport components (proxy, auth and nodes) now support public_addr setting which allows them to be hosted behind NAT/Load Balancers. #1793
• We have documented the previously undocumented monitoring endpoints #2103
• The etcd back-end has been updated to implement 3.3+ protocol. See the upgrading notes below.
• Listing nodes via tsh ls or the web UI no longer shows nodes that the currently logged in user has no access to. #1954
• It is now possible to build tsh client on Windows. Note: only tsh login command is implemented. #1996.
• -i flag to tsh login is now guarantees to be non-interactive. #2221

Bugfixes

• Removed the bogus error message "access denied to perform action create on user" #2132
• scp implementation in "recording proxy" mode did not work correctly. #2176
• Removed the limit of 8 trusted clusters with SSO. #2192
• tsh ls now works correctly when executed on a remote/trusted cluster #2204

The lists of improvements and bug fixes above mention only the significant changes, please take a look at the complete list on Github for more.

Upgrading to 3.0

Follow the recommended upgrade procedure to upgrade to this version.

WARNING: if you are using Teleport with the etcd back-end, make sure your
etcd version is 3.3 or newer prior to upgrading to Teleport 3.0.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

This release of Teleport focuses on bugfixes.

Bugfixes

This release of Teleport focuses on bugfixes.

• Fixed issue that causes auth server to fill up disk with /tmp/multipart- files #2250

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

NOT READY FOR PRODUCTION Use at your own risk!

Warning

Pre-releases are not production ready, use at your own risk!

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download

This release of Teleport focuses on bugfixes.

Bug Fixes

• Fixed issues with client_idle_timeout. #2166
• Added support for scalar and list values for node_labels in roles. #2136
• Improved font support on Ubuntu.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.