Description

• Updated Go to 1.20.7 #29906
• Reduced logging level for individual Postgres messages. #29846
• Added tctl support for deleting proxy resources #29833
• Fix Kubernetes Legacy Proxy heartbeats #29737
• Fixed auth locking issue #29709
• Fixed issue where proxy_service.public_addr was not included in self-signed certs #29598
• Speed up Auth initialization #29572

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

New backends

Teleport 13.3 includes a new Postgres backend that supports both
cluster state and the audit log. Additionally, Azure users can now
leverage Azure blob storage for session recordings.

• Added backwards compatibility for listing Apps of an older version leaf cluster #29816
• Added classification code and emit event on execution #29811
• Added max duration option to access request #29754
• Refactored Teleport Assist token counting #29753
• Added support for displaying onboarding questionnaire for existing users (#29378) #29713
• Added flag to write tarred tctl auth sign output to stdout #29666
• Added Azure support to Helm charts #29734
• Fixed Kubernetes Legacy Proxy heartbeats #29738
• Added Postgres backend and Azure session storage #29705
• Fixed auth locking issue #29706
• Fixed an issue where MachineID sometimes did not work behind L7 LB #29700
• Fixed issue where incorrect session recording mode was using during session start and end events #29689
• Fixed issue with custom OS checking in device trust authentication #29629
• Added GCP VM auto-discovery (#28562) #29612

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Removed alerts suggesting upgrade. #29631
• Reduced memory use when migrating events to Athena. #29604
• Updated etcd backend load distribution to be more even. #29586
• Updated Kubernetes operator CRDs. #29554
• Updated tctl request create to support --resource flag. #29538
• Existing tokens can no longer be updated with "create token" access. #29391
• Web UI now includes SAML Apps in the Applications list. #29371
• DynamoDB backend tables are now created with PayPerRequest mode. #29351
• Fixed enhanced recording of missing session.command events when PAM enabled. #29030 #29578
• Fixed GCP joining for Machine ID. #29563
• Fixed Opsgenie plugin to use v2 API paths. #29553
• Fixed a panic in the S3 uploader. #29470
• Fixed Database RBAC to take dynamic labels into account. #29373
• Fixed memory leak in statistics reporter. #29330
• Made --type flag required on tctl auth crl command. #29591
• Added --silent flag to teleport node configure command. #29587
• Added tsh flags --labels and --query for database resource selection. #29163
• Added the --opensearch-discovery flag to specify AWS regions. #28147
• Added support for Amazon Linux 2023 in installer script and UI #29654

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Fixed enhanced recording of missing session.command events when PAM enabled. #29030 #29582
• Fixed a panic in the S3 uploader. #29468
• Fixed Database RBAC to take dynamic labels into account. #29382
• Fixed memory leak in statistics reporter. #29332
• Fixed issue with viewing audit log when using Firestore backend. #29116
• Added ability to disable proxy protocol in Kubernetes Access. #29276
• Updated Kubernetes operator CRDs. #29438 #29556
• Updated Go to 1.20.6. #29075
• Improved tsh play error handling. #29080
• Provided warning when tsh ignores the --user flag due to SSO. #29223
• Allow spaces in data_dir path. #29101
• Cleaned up session uploader logging to suppress S3 permission errors. #29142

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Fixed enhanced recording of missing session.command events when PAM enabled. #29030 #29580
• Fixed a panic in the S3 uploader. #29469
• Fixed Database RBAC to take dynamic labels into account. #29374
• Fixed memory leak in statistics reporter. #29331
• Fixed issue with viewing audit log when using Firestore backend. #29115
• Added ability to disable proxy protocol in Kubernetes Access. #29275
• Updated etc backend load distribution to be more even. #29585
• Updated Kubernetes operator CRDs. #29438 #29555
• Updated Go to 1.20.6. #29074
• Improved tsh play error handling. #29079
• Improved database and Kubernetes cluster name validation. #29036
• Provided warning when tsh ignores the --user flag due to SSO. #29222
• Allow login and port to be specified when using tsh config to generate openssh configs. #29112
• Allow spaces in data_dir path. #29100
• Cleaned up session uploader logging to suppress S3 permission errors. #29085

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Fixed TLS routing bug #29312
• Provided warning when tsh ignores the --user flag due to SSO #29221
• Addressed vulnerability in Kubernetes Access proxy protocol support #29274
• Restored default API endpoint for PagerDuty plugin #29295

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Assist
  • Reduced node polling interval to allow Assist detect new nodes faster. #29153
  • Fixed issue with some Assist command executions not being captured in audit log. #29137
  • Added various Assist UI tweaks and improvements. #29067, #28911
• Audit Log
  • Suppressed unnecessary resource access request events. #29063
• Cloud
  • Added ability to manage cluster networking config for Cloud tenants. #28992
• CLI
  • Improved tsh play error handling. #29077
  • Updated tsh request search to deduplicate resources. #28889
• Database Access
  • Updated teleport discovery bootstrap to support setting up database service permissions. #29002
• Helm Charts
  • Added ingress support to teleport-cluster chart. #29084
• Stability & Reliability
  • Fixed issue with viewing audit log when using Firestore backend. #29114
  • Cleaned up session uploader logging to suppress S3 permission errors. #29078
  • Improved database and Kubernetes cluster name validation. #29035
• Hosted Plugins
  • Added hosted PagerDuty plugin for Teleport Cloud users. #28986
• Internal
  • Updated Go to 1.20.6. #29073

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Application Access
  • Fixed issue with application's original URL query not being preserved after auth redirect. #28220
• Audit Log
  • Fixed issue with Kubernetes audit events reporting incorrect users/groups in some cases. #28339
• Database Access
  • Updated tsh db connect to prefer sqlcmd when connecting to SQL Server. #28942
  • Updated tsh db connect to prefer mongosh when connecting to MongoDB. #28669
• Desktop Access
  • Improved handling of LDAP errors. #29008
• CLI
  • Updated tctl alerts ack command to make --reason flag optional. #28953
  • Updated tctl alert ls command to always show alert ID. #28904
  • Updated tsh request search command to deduplicate resources. #28902
• Installation
  • Fixed issue with installing RPM packages on FIPS-enabled RHEL 8 systems. #28797
  • Fixed issue with unbound variable in auto-discovery installer script. #28410
• Scalability & Reliability
  • Updated Firestore backend to better handle situations when same collection is used for cluster data and audit events. #28739
  • Fixed issue with bad database objects leading to cache initialization failures. #28641
  • Fixed issue with client idle timeout not recognizing user activity. #28227
• Internal
  • Updated OpenSSL to version 3.0. #28439
• Web UI
  • Added message of the day support to web UI. #27933, #28935

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Application Access
  • Fixed issue with original URL query not being preserved after authentication redirect. #28219
• Server Access
  • Added ability to keep automatically created Linux users. #28433
  • Fixed issue Teleport sessions terminating ungracefully on process group SIGQUIT. #29019
  • Fixed issue with SSH_* environment variables not being respected in headless mode. #28921
  • Fixed unbound variable issue in auto-discovery installation script. #28409
  • Updated headless tsh login to not automatically add agent keys. #28235
• Kubernetes Access
  • Fixed issue with recreating a bot that was previously partially removed. #28544, #29014
  • Updated kubernetes_resources deny rules to be greedy and not require label match. #28286
• Database Access
  • Updated tsh db connect to prefer sqlcmd client when connecting to SQL Server. #28943
  • Updated tsh db connect to prefer mongosh client when connecting to MongoDB. #28670
• Desktop Access
  • Improved LDAP connection errors handling. #28976
• Installation
  • Fixed issue with RPM packages failing to install on FIPS-enabled RHEL 8 systems. #28795
• Authentication
  • Updated cluster auth preferences to support setting default session TTL. #28185
• CLI
  • Fixed issue with tsh login not displaying cluster alerts. #28982
  • Added ability to provide GitHub API endpoint URL to tctl sso configure github command. #28969
  • Updated tctl alerts ack to make --reason flag optional. #28954
  • Updated tctl alerts ls to always show alert ID. #28905
  • Updated tsh request search to deduplicate resources. #28900
• Azure
  • Fixed Azure joining for identities across resource groups. #28962
• Stability & Reliability
  • Improved Firestore backend handling for cases when same collection is used for backend data and audit events. #28738
  • Fixed issue with invalid database objects preventing cache initialization. #28640
  • Fixed issue with client idle timeout not always being respected. #28224
• Tooling
  • Updated OpenSSL to 3.0. #28437
• Web UI
  • Fixed issue with newlines not being displayed properly in message of the day. #28936
  • Added Machine ID guides to the Enroll Integration page in the web UI. #28887

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Kubernetes Operator
  • Fixed regression issue with Kube operator crashing on first startup. #29013
• Installation
  • Fixed issue with the install script not working on non-systemd systems. #28987
  • Fixed issue with RPM packages failing to install on FIPS-enabled RHEL 8 systems. #28794
• CLI
  • Fixed issue with tsh login not displaying cluster alerts. #28983
  • Added ability to provide GitHub API endpoint URL to tctl sso configure github command. #28968
  • Updated tctl alerts ack to make --reason flag optional. #28955
  • Updated tctl alerts ls to always show alert ID. #28906
• Desktop Access
  • Improved LDAP connection errors handling. #28974
• Access Controls
  • Fixed issue with locking servers via web UI. #28963
• Azure
  • Fixed Azure joining for identities across resource groups. #28961
• Teleport Assist
  • Updated Assist bot to produce more consistent responses. #28959
• Database Access
  • Updated default SQL Server database client to sqlcmd. #28944
• Web UI
  • Fixed issue with newlines not being displayed properly in message of the day. #28937
  • Added Machine ID guides to the Enroll Integration page in the web UI. #28888
• Server Access
  • Fixed issue with SSH_* environment variables not being respected in headless mode. #28922
• Access Plugins
  • Added PagerDuty hosted plugin for Teleport Cloud. #28883
• Audit
  • Added ID token attributes to GCP bot.join audit event. #28882
• Automatic Upgrades
  • Updated tctl inventory ls command to show agent auto-upgrade status on Teleport Cloud. #28847
• Kubernetes Access
  • Added support for specifying assume_role_arn for Kube cluster matchers in auto-discovery. #28832
• Machine ID
  • Added GCP delegated joining support. #28762
• GCP
  • Fixed issue with GCP joining not working with GKE workload identity. #28759
• Stability & Reliability
  • Improved Firestore backend handling for cases when same collection is used for backend data and audit events. #28737
• Okta
  • Updated Okta group access requests to automatically include list of the group's applications. #28603

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Teleport Assist
  • Improved accuracy of node selection based on the user query. #28116
  • Introduced reasoning feedback during the chat loop. #27075
  • Added command execution progress feedback and settings UI. #28480
• Server Access
  • Added option to preserve automatically created host users instead of deleting them. #28432
  • Fixed issue with tsh join when per-session MFA is enabled. #28456
• Database Access
  • Updated tsh db connect to prefer mongosh client. #28668
  • Fixed issue with database agents not respecting graceful shutdown. #28369
• Device Trust
  • Added Jamf integrations for inventory management. teleport.e#1763
• Kubernetes Operator
  • Added Okta import rules support. #28377
  • Fixed issue with recreating a bot that was previously partially removed. #28543
• Teleport Connect
  • Added light theme. #28277
• RBAC
  • Added support for RBAC label expressions. #27641
• TLS Routing
  • Added IP pinning support for TLS routing behind ALB mode. #28466
• Stability & Reliability
  • Fixed issue with invalid database resources preventing cache initialization. #28638
• Web UI
  • Added light & dark themes to YAML editor. #28517
  • Added light & dark themes to web terminal. #28408

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Teleport Cloud
  • Added Opsgenie hosted plugin. #28098
  • Fixed issue with the install script sometimes failing to install Teleport during Cloud upgrades. #28208
• Kubernetes Operator
  • Added support for label expressions to Kubernetes operator. #28156
• Web UI
  • Ensured message of the day is displayed in the web UI.
    #27922
  • Ensured that the Web UI does not make calls to Stripe for self-hosted
    customers.
    teleport.e#1724
  • Remove Stripe from the CSP for self-hosted deployments
    #28308
• Server Access
  • Ensured that keys are not added to the agent during headless login
    #28236
• Kubernetes Access
  • Fixed a bug that could prevent some kubernetes_resource deny rules from
    being enforced
    #28285
  • Ensure that kubernetes_users are properly recorded in the audit log when
    using tsh kubectl --as
    #28323
• Application Access
  • Ensure that the URL's original query string is preserved even when
    reauthentication is necessary
    #28218
• Database Access
  • Support a new assume_role_arn setting, allowing you to assume a particular
    AWS role when accessing a database
    #28210
• Stability & Reliability
  • Fixed a bug causing the client idle timeout to be enforced prematurely
    #28202
  • Improved routing of connections between agents and Auth Servers when proxy
    peering is enabled
    #28316
  • Add a max_session_ttl option to Teleport's cluster_auth_preference
    #28130

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Web UI
  • Fixed issue with message of the day not being displayed in web UI in enterprise releases. #28242
  • Ensured that the Web UI does not make calls to Stripe for self-hosted customers. teleport.e#1723

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Web UI
  • Ensured message of the day is displayed by web UI. #27923

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Teleport Assist
  • Introduced new Assist web UI. #27791
  • Improved OpenAI error handling. #27935
• Access
  • Added reviewer and requester preset roles. #28076
• Teleport Connect
  • Fixed issue with overlapping placeholder and keyboard shortcut in the search bar. #28048
  • Updated resource filter ordering in the search bar. #28034
• Helm Charts
  • Updated teleport-cluster chart to use local auth server address in auth pod to prevent extra connections. #27980
  • Added support for hostAlias in teleport-kube-agent chart. #27880
• Server Access
  • Fixed issue with tsh prompting for a password when joining invalid sessions. #27974
  • Fixed issue with SSH_SESSION_WEBPROXY_ADDR not being set for some sessions. #27865
• Device Trust
  • Updated tsh to prompt user for privilege elevation during TPM enrollment. #27959
• Web UI
  • Added "Add SAML application" wizard to access management UI. #27949
• Database Access
  • Added support for OpenSearch auto-discovery. #27942
• IP Pinning
  • Fixed issue with SSO logins via web UI not working when IP pinning is enabled. #27896
• Stability & Reliability
  • Improved shutdown stability. #27887
• Desktop Access
  • Fixed issue with "Run as different user" window freezing. #27874
• CLI
  • Added --skip-confirm flag to tsh headless approve command. #27864
• Tooling
  • Updated Go to 1.20.5. #27860
• Metrics
  • Improved backend_read_seconds metric accuracy. #27857
• TLS Routing
  • Fixed issue with ALPN handshake test not respecting HTTPS_PROXY. #27810
• Okta
  • Updated Okta access requests to display app/group names instead of IDs. #27803

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Web UI
  • Added "Add SAML application" wizard to access management UI. #27958
• Helm Charts
  • Updated teleport-cluster chart to use local auth server address in auth pod to prevent extra connections. #27979
• Server Access
  • Fixed tsh join prompting for password when trying to join non-existent session. #27973
  • Fixed issue with SSH_SESSION_WEBPROXY_ADDR not being set for some sessions. #27866
• Stability & Reliability
  • Improved shutdown stability. #27888
• Desktop Access
  • Fixed issue with "Run as different user" window freezing. #27875
• CLI
  • Added --skip-confirm flag to tsh headless approve command. #27863
• Tooling
  • Updated Go to 1.20.5. #27861
• Metrics
  • Improved accuracy of backend_read_seconds metric. #27858

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Desktop Access
  • Fixed issue with "Run as different user" window freezing. #27876
• Tooling
  • Updated Go to 1.20.5. #27862
• Metrics
  • Improved backend_read_seconds metric accuracy. #27859
• Machine ID
  • Fixed secure write support detection on some systems. #27783
• Stability & Reliability
  • Improved shutdown stability. #27892
  • Reduced thundering herd effect on proxy graceful shutdown. #27789

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Access
  • Fixed "listing app servers for Okta access calculation" regression issue in tsh login. #27839
• Performance & Scalability
  • Reduced reverse tunnels thundering herd effect on proxy restarts. #27786, #27699
• Machine ID
  • Improved secure write support detection on some systems. #27784
• Database Access
  • Added support for AWS IAM auth for MongoDB Atlas. #27494
  • Hardened MongoDB protocol. #27741
• Kubernetes Access
  • Fixed issue with tsh kube login requiring the use of local proxy in non TLS routing mode. #27732
• Teleport Connect
  • Fixed issue with role assumption not working correctly. #27723
• RBAC
  • Added support for RBAC label expressions. #27641
  • Updated locking to support any service types. #27442
• Helm Charts
  • Added conditional RBAC/ServiceAccount to teleport-kube-agent post-delete hook. #27637
• Audit Log
  • Added login rules to Github login event. #27607
• Web UI
  • Fixed issue with not being able to "login" with auth type set to SSO but no connectors set yet. #27589
  • Fixed "nonpositive parameter limit" error when adding RDS database in some cases. #27415
• Server Access
  • Updated proxy templates to prioritize cluster value provided in the template. #27581
  • Fixed issue with incorrect proxy port being used in SSH config in some cases. #27545
  • Fixed issue with using tsh from a tsh ssh session. #27507
  • Fixed issue with incorrect SSH_SESSION_WEBPROXY_ADDR in Web UI SSH sessions. #27420
• Automatic Upgrades
  • Fixed the default Cloud upgrade server in teleport-kube-agent Helm chart. #27572
• AMIs
  • Added support for hardened AMIs. #27454
• Machine ID
  • Added Prometheus endpoint to tbot. #27432
• Application Access
  • Added support for --cluster flag to tsh app login. #27197

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• CLI
  • Fix issue with Access Requests in headless mode. #27136
  • tctl get all now fetches lock objects #27295
  • tsh now only falls back to using SSH_TELEPORT_* environment in headless mode. #27508
• MachineID
  • Adds Prometheus endpoint for better statistics gathering. #27433
• Mongo DB
  • Hardened MongoDB protocol implementation #27742
• Okta
  • Fixes "non-positive limit" error. #27831
• SAML IdP
  • Fixes subsequent login failure issue. #27212
• Teleport Connect
  • Fixes issue when assuming roles #27724
• Web UI
  • Refresh features in Web UI #26785

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Description

• Server Access
  • Fixed issue with proxy port not being included in SSH config generated by tsh config. #27547
• Access
  • Added support for locking any Teleport service with tctl lock command. #27444
• Machine ID
  • Added Prometheus endpoint to tbot. #27434
• SAML IdP
  • Fixed issue with SAML IdP advertising incorrect port in some cases. #27378
• SSO
  • Fixed regression issue with Github SSO failing. #27324
• Tooling
  • Updated OpenSSL to 1.1.1u. #27114
• Performance & Scalability
  • Improved tsh login latency. #27112
• Desktop Access
  • Increased LDAP dial timeout from 5 to 15 seconds. #27047
• CLI
  • Added support for bash and zsh autocompletion. #26997

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.