Skip to content

Teleport 16.4.3

Compare
Choose a tag to compare
@doggydogworld doggydogworld released this 16 Oct 16:54
· 2789 commits to master since this release
d506b62

Description

  • Extended Teleport Discovery Service to support resource discovery across all projects accessible by the service account. #47568
  • Fixed a bug that could allow users to list active sessions even when prohibited by RBAC. #47564
  • The tctl tokens ls command redacts secret join tokens by default. To include the token values, provide the new --with-secrets flag. #47545
  • Added missing field-level documentation to the terraform provider reference. #47469
  • Fixed a bug where tsh logout failed to parse flags passed with spaces. #47460
  • Fixed the resource-based labels handler crashing without restarting. #47452
  • Install teleport FIPS binary in FIPS environments during Server Auto Discover. #47437
  • Fix possibly missing rules when using large amount of Access Monitoring Rules. #47430
  • Added ability to list/get AccessMonitoringRule resources with tctl. #47401
  • Include JWK header in JWTs issued by Teleport Application Access. #47393
  • Teleport Workload ID now supports issuing JWT SVIDs via the Workload API. #47389
  • Added kubeconfig context name to the output table of tsh proxy kube command for enhanced clarity. #47383
  • Improve error messaging when connections to offline agents are attempted. #47361
  • Allow specifying the instance type of AWS HA Terraform bastion instance. #47338
  • Added a config option to Teleport Connect to control how it interacts with the local SSH agent (sshAgent.addKeysToAgent). #47324
  • Teleport Workload ID issued JWT SVIDs are now compatible with OIDC federation with a number of platforms. #47317
  • The "ha-autoscale-cluster" terraform module now support default AWS resource tags and ASG instance refresh on configuration or launch template changes. #47299
  • Fixed error in Workload ID in cases where the process ID cannot be resolved. #47274
  • Teleport Connect for Linux now requires glibc 2.31 or later. #47262
  • Fixed a bug where security group rules that refer to another security group by ID were not displayed in web UI enrollment wizards when viewing security group rules. #47246
  • Improve the msteams access plugin debug logging. #47158
  • Fix missing tsh MFA prompt in certain OTP+WebAuthn scenarios. #47154
  • Updates self-hosted db discover flow to generate 2190h TTL certs, not 12h. #47125
  • Fixes an issue preventing access requests from displaying user friendly resource names. #47112
  • Fixed a bug where only one IP CIDR block security group rule for a port range was displayed in the web UI RDS enrollment wizard when viewing a security group. #47077
  • The tsh play command now supports a text output format. #47073
  • Updated Go to 1.22.8. #47050
  • Fixed the "source path is empty" error when attempting to upload a file in Teleport Connect. #47011
  • Added static host users to Terraform provider. #46974
  • Enforce a global device_trust.mode=required on OSS processes paired with an Enterprise Auth. #46947
  • Added a new config option in Teleport Connect to control SSH agent forwarding (ssh.forwardAgent); starting in Teleport Connect v17, this option will be disabled by default. #46895
  • Correctly display available allowed logins of leaf AWS Console Apps on tsh app login. #46806
  • Allow all audit events to be trimmed if necessary. #46499

Enterprise:

  • Fixed possible panic when processing Okta assignments.
  • Fixed bug where an unknown device aborts device web authentication.
  • Add the Datadog Incident Management Plugin as a hosted plugin.
  • Permit bootstrapping enterprise clusters with state from an open source cluster.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.