The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Bot releases are hidden (Show)
Published by camscale 11 months ago
tsh db connect <mongodb>
does not give reason on connection errors. #34910
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by fheinecke 11 months ago
tctl auth sign --tar
#34822
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by camscale 11 months ago
LD_PRELOAD
and SFTP
Teleport implements SFTP using a subcommand. Prior to this release it was
possible to inject environment variables into the execution of this
subcommand, via shell init scripts or via the SSH environment request.
This is addressed by preventing LD_PRELOAD
and other dangerous environment
variables from being forwarded during re-exec.
If the Teleport auth or proxy services are configured to accept PROXY
protocol headers, a malicious actor can use this to spoof their IP address.
This is addressed by requiring that the first bytes of any SSH connection are
the SSH protocol prefix, denying a malicious actor the opportunity to send their
own proxy headers.
.tsh/environment
values from overriding prior set values. #34624
bash
instead of sh
#34150
tsh aws ecs execute-command
would always fail #33831
tsh
#33725
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by fheinecke 11 months ago
Teleport will be able to automatically create SSO connector and sync users when configuring Okta integration.
The Teleport web UI will provide a guided flow for joining your computer to the Teleport cluster using Teleport Connect.
Teleport plugins will support dynamic credential reloading, allowing them to take advantage of short-lived (and frequently rotated) credentials generated by Machine ID.
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by camscale 11 months ago
tsh --piv-slot
custom PIV slot setting for Hardware Key Support. #34592
.tsh/environment
values from overriding prior set values. #34626
cluster_networking_config
and cluster_auth_preference
via --bootstrap
. #34445
tsh logout
with broken key directory. #34435
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by camscale 11 months ago
.tsh/environment
values from overriding prior set values. #34625
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by tcsc 11 months ago
This release contains two security fixes, plus numerous other fixes and improvements.
LD_PRELOAD
and SFTP
Teleport implements SFTP using a subcommand. Prior to this release it was
possible to inject environment variables into the execution of this
subcommand, via shell init scripts or via the SSH environment request.
This is addressed by preventing LD_PRELOAD
and other dangerous environment
variables from being forwarded during re-exec.
If the Teleport auth or proxy services are configured to accept PROXY
protocol headers, a malicious actor can use this to spoof their IP address.
This is addressed by requiring that the first bytes of any SSH connection are
the SSH protocol prefix, denying a malicious actor the opportunity to send their
own proxy headers.
bash
instead of sh
#34143
host:port
to tsh puttyconfig
#33884
tsh aws ecs execute-command
would always fail #33832
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by tcsc 11 months ago
This release contains two security fixes, plus numerous other fixes and improvements.
LD_PRELOAD
and SFTP
Teleport implements SFTP using a subcommand. Prior to this release it was
possible to inject environment variables into the execution of this
subcommand, via shell init scripts or via the SSH environment request.
This is addressed by preventing LD_PRELOAD
and other dangerous environment
variables from being forwarded during re-exec.
If the Teleport auth or proxy services are configured to accept PROXY
protocol headers, a malicious actor can use this to spoof their IP address.
This is addressed by requiring that the first bytes of any SSH connection are
the SSH protocol prefix, denying a malicious actor the opportunity to send their
own proxy headers.
bash
instead of sh
#34144
teleport_auth_type
config parameter to the AWS Terraform examples #34124
host:port
to tsh puttyconfig
#33883
--set-context-name
to tsh proxy kube
tsh aws ecs execute-command
would always fail #33833
tsh
#33633
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by fheinecke 12 months ago
tsh
to accept --proxy
values with https://
prefixes #33647
Enhanced PuTTY/WinSCP Support
tsh
on Windows now supports the tsh puttyconfig
command, which can easily configure saved sessions inside the well-known PuTTY and WinSCP clients to connect to Teleport SSH services.
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by fheinecke 12 months ago
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by camscale about 1 year ago
google.golang.org/grpc
to v1.57.1. #33487
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by camscale about 1 year ago
google.golang.org/grpc
to v1.57.1. #33487
tsh
or running tsh status
. #33468
tsh
connection issue when Proxy is in separate mode and Web port is TLS-terminated by a load balancer. #32531 #33406
extensions/v1beta1
group/version. #33402
@teleport-access-approver
role to v6
to support downgrades to Teleport 13. #33354
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by camscale about 1 year ago
tsh
or running tsh status
. #33469
google.golang.org/grpc
to v1.57.1. #33488
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by tcsc about 1 year ago
This release of Teleport contains one security fix, and various other updates.
RecursiveChown
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown
arbitrary files on the system.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
tsh puttyconfig
now uses Validity
format for WinSCP compatibility #32856
tsh device enroll --current-device
#32756
etcd
backend will now start if some nodes are unreachable #32779
kubectl exec
#32768
tsh proxy kube
#33172
tsh kube credentials
when root cluster roles don't allow Kube access #33210
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by tcsc about 1 year ago
This release of Teleport contains one security fix, and various other updates
RecursiveChown
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown
arbitrary files on the system.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
tsh device enroll --current-device
#32757
etcd
backend will now start if some nodes are unreachable #32778
tsh kube credentials
when root cluster roles don't allow Kube access #33211
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by tcsc about 1 year ago
This release of Teleport contains a security fix.
RecursiveChown
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown
arbitrary files on the system.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
None
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by tcsc about 1 year ago
This release of Teleport contains one security fix and various other updates
RecursiveChown
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown
arbitrary files on the system.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
tsh kube credentials
when root cluster roles don't allow Kube access #33227
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by fheinecke about 1 year ago
create_host_user_mode
issue with TeleportRole in the Teleport Operator CRDs #32557
teleport-kube-agent
Helm chart would created the same ServiceAccount
multiple times #32338
IneligibleStatus
fields for access list members and owners #32278
SIGINT
/SIGTERM
#32189
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by fheinecke about 1 year ago
create_host_user_mode
issue with TeleportRole in the Teleport Operator CRDs #32556
teleport-kube-agent
Helm chart would created the same ServiceAccount
multiple times #32337
IneligibleStatus
fields for access list members and owners (#31857) #32279
Download the current and previous releases of Teleport at https://goteleport.com/download.
Published by fheinecke about 1 year ago
Download the current and previous releases of Teleport at https://goteleport.com/download.