Skip to content

Releases: gravitational/teleport

Teleport 16.4.11

11 Dec 23:39
@camscale camscale
v16.4.11
ce79021
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.11

Description

  • Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). #50079
  • Fix tsh ssh -Y when jumping between multiple servers. #50032
  • Fixed an issue preventing default shell assignment for host users. #50003
  • Reduce Auth memory consumption when agents join using the azure join method. #49999
  • Our OSS OS packages (rpm, deb, etc) now have up-to-date metadata. #49963
  • Tsh correctly respects the --no-allow-passwordless flag. #49934
  • The web session authorization dialog in Teleport Connect is now a dedicated tab, which properly shows a re-login dialog when the local session is expired. #49932
  • Prevent a panic if the Auth Service does not provide a license expiry. #49877

Enterprise:

  • Improved "IP mismatch" audit entries for device trust web.
  • Fixed assigning suggested reviewers in the edge case when the user already has access to the requested resources.
  • Users can now see a list of their enrolled devices on their Account page.
  • Jamf Service sync audit events are attributed to "Jamf Service".
  • Added license updater service.
  • Fixed a bug where Access Lists imported from Microsoft Entra ID fail to be created if their display names include special characters.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.24

12 Dec 00:05
@camscale camscale
v15.4.24
23330db
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.24

Description

  • Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). #50080
  • Fix tsh ssh -Y when jumping between multiple servers. #50034
  • Reduce Auth memory consumption when agents join using the azure join method. #50000
  • Tsh correctly respects the --no-allow-passwordless flag. #49935
  • Client tools {tctl,tsh} auto-updates controlled by cluster configuration. #48648

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.4

06 Dec 02:54
@camscale camscale
v17.0.4
627fdd5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.4

Description

  • Fixed a bug introduced in 17.0.3 breaking in-cluster joining on some Kubernetes clusters. #49841
  • SSH or Kubernetes information included for audit log list for start session events. #49832
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49768
  • Updated Go to 1.23.4. #49758
  • Fixed re-rendering bug when filtering Unified Resources. #49744

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.23

06 Dec 03:35
@camscale camscale
v15.4.23
5f57fde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.23

Description

  • Fixed a bug breaking in-cluster joining on some Kubernetes clusters. #49843
  • SSH or Kubernetes information is now included for audit log list for start session events. #49834
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49770
  • Updated Go to 1.22.10. #49760
  • Added ability to configure resource labels in teleport-cluster's operator sub-chart. #49649
  • Fixed proxy peering listener not using the exact address specified in peer_listen_addr. #49591
  • Kubernetes in-cluster joining now also accepts tokens whose audience is the Teleport cluster name (before it only allowed the default Kubernetes audience). Kubernetes JWKS joining is unchanged and still requires tokens with the cluster name in the audience. #49558
  • Restore interactive PAM authentication functionality when use_pam_auth is applied. #49520
  • Increase CockroachDB setup timeout from 5 to 30 seconds. This mitigates the Auth Service not being able to configure TTL on slow CockroachDB event backends. #49471
  • Fixed a potential panic in login rule and SAML IdP expression parser. #49432
  • Support for long-running kube exec/port-forward, respect client_idle_timeout config. #49430
  • Fixed a permissions error with Postgres database user auto-provisioning that occurs when the database admin is not a superuser and the database is upgraded to Postgres v16 or higher. #49391
  • Fixed missing user participants in session recordings listing for non-interactive Kubernetes recordings. #49345
  • Fixed an issue where teleport park processes could be leaked causing runaway resource usage. #49262
  • The tsh puttyconfig command now disables GSSAPI auth settings to avoid a "Not Responding" condition in PuTTY. #49191
  • Allow Azure VMs to join from a different subscription than their managed identity. #49158
  • Fixed an issue loading the license file when Teleport is started without a configuration file. #49148
  • Fixed a bug in the teleport-cluster Helm chart that can cause token mount to fail when using ArgoCD. #49070
  • Fixed an issue resulting in excess cpu usage and connection resets when teleport-event-handler is under moderate to high load. #49035
  • Fixed OpenSSH remote port forwarding not working for localhost. #49021
  • Allow to override Teleport license secret name when using teleport-cluster Helm chart. #48980
  • Fixed users not being able to connect to SQL server instances with PKINIT integration when the cluster is configured with different CAs for database access. #48925
  • Ensure that agentless server information is provided in all audit events. #48835
  • Fixed an issue preventing migration of unmanaged users to Teleport host users when including teleport-keep in a role's host_groups. #48456
  • Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it. #47953

Enterprise:

  • Jamf Service sync audit events are attributed to "Jamf Service".

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.4.10

06 Dec 01:15
@camscale camscale
v16.4.10
7bf1e95
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.10

Description

  • Fixed a bug introduced in v16.4.9 breaking in-cluster joining on some Kubernetes clusters. #49842
  • SSH or Kubernetes information included for audit log list for start session events. #49833
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49769
  • Updated Go to 1.22.10. #49759
  • Added support for hardware keys in Teleport Connect. #49701
  • Client tools {tctl,tsh} auto-updates controlled by cluster configuration. #48645

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.3

04 Dec 01:11
@doggydogworld doggydogworld
v17.0.3
1bcff22
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.3

Description

  • Restore ability to disable multi-factor authentication for local users. #49692
  • Bumping one of our dependencies to a more secure version to address CVE-2024-53259. #49662
  • Add ability to configure resource labels in teleport-cluster's operator sub-chart. #49647
  • Fixed proxy peering listener not using the exact address specified in peer_listen_addr. #49589
  • Teleport Connect now shows whether it is being used on a trusted device or if enrollment is required for full access. #49577
  • Kubernetes in-cluster joining now also accepts tokens whose audience is the Teleport cluster name (before it only allowed the default Kubernetes audience). Kubernetes JWKS joining is unchanged and still requires tokens with the cluster name in the audience. #49556
  • Session recording playback in the web UI is now searchable. #49506
  • Fixed an incorrect warning indicating that tsh v17.0.2 was incompatible with cluster v17.0.1, despite full compatibility. #49491
  • Increase CockroachDB setup timeout from 5 to 30 seconds. This mitigates the Auth Service not being able to configure TTL on slow CockroachDB event backends. #49469
  • Fixed a potential panic in login rule and SAML IdP expression parser. #49429
  • Support for long-running kube exec/port-forward, respect client_idle_timeout config. #49421
  • Fixed a permissions error with Postgres database user auto-provisioning that occurs when the database admin is not a superuser and the database is upgraded to Postgres v16 or higher. #49390

Enterprise:

  • Jamf Service sync audit events are attributed to "Jamf Service".
  • Users can now see a list of their enrolled devices on their Account page.
  • Add support for Entra ID groups being members of other groups using Nested Access Lists.
  • Added support for requiring reason for Access Requests (with a new role.spec.allow.request.reason.mode setting).

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.4.9

03 Dec 20:54
@doggydogworld doggydogworld
v16.4.9
7cd07ee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.9

Description

  • Add ability to configure resource labels in teleport-cluster's operator sub-chart. #49648
  • Fixed proxy peering listener not using the exact address specified in peer_listen_addr. #49590
  • Teleport Connect now shows whether it is being used on a trusted device or if enrollment is required for full access. #49578
  • Kubernetes in-cluster joining now also accepts tokens whose audience is the Teleport cluster name (before it only allowed the default Kubernetes audience). Kubernetes JWKS joining is unchanged and still requires tokens with the cluster name in the audience. #49557
  • Restore interactive PAM authentication functionality when use_pam_auth is applied. #49519
  • Session recording playback in the web UI is now searchable. #49507
  • Increase CockroachDB setup timeout from 5 to 30 seconds. This mitigates the Auth Service not being able to configure TTL on slow CockroachDB event backends. #49470
  • Fixed a potential panic in login rule and SAML IdP expression parser. #49431
  • Support for long-running kube exec/port-forward, respect client_idle_timeout config. #49423
  • Fixed a permissions error with Postgres database user auto-provisioning that occurs when the database admin is not a superuser and the database is upgraded to Postgres v16 or higher. #49389
  • Teleport Connect now refreshes the resources view after dropping an Access Request. #49348
  • Fixed missing user participants in session recordings listing for non-interactive Kubernetes recordings. #49344
  • Support delegated joining for Bitbucket Pipelines in Machine ID. #49337
  • Fix a bug in the Teleport Operator chart that causes the operator to not be able to watch secrets during secret injection. #49326
  • You can now search text within ssh sessions in the Web UI and Teleport Connect. #49270
  • Fixed an issue where teleport park processes could be leaked causing runaway resource usage. #49261
  • Update tsh scp to respect proxy templates when resolving the remote host. #49227
  • The tsh puttyconfig command now disables GSSAPI auth settings to avoid a "Not Responding" condition in PuTTY. #49190
  • Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it. #47952

Enterprise:

  • Jamf Service sync audit events are attributed to "Jamf Service".
  • Fixed a bug where Access Lists imported from Microsoft Entra ID fail to be created if their display names include special characters.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 14.3.34

02 Dec 18:36
@doggydogworld doggydogworld
v14.3.34
a12edb9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 14.3.34

Description

  • Fixed a bug in the teleport-cluster Helm chart that can cause token mount to fail when using ArgoCD. #49071
  • Allow overriding Teleport license secret name when using teleport-cluster Helm chart. #48981
  • Fixed a bug in Kubernetes session recordings where both root and leaf cluster recorded the same Kubernetes session. Recordings of leaf resources are only available in leaf clusters. #48740
  • Updated Go to 1.22.9. #48583
  • The teleport-cluster Helm chart now uses the configured serviceAccount.name from chart values for its pre-deploy configuration check Jobs. #48577
  • Fixed a Teleport Kubernetes Operator bug that happened for OIDCConnector resources with non-nil max_age. #48378
  • Updated host user creation to prevent local password expiration policies from affecting Teleport managed users. #48161
  • Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it. #47954
  • Updated tsh ssh to support the -- delimiter similar to openssh. It is now possible to execute a command via tsh ssh user@host -- echo test or tsh ssh -- host uptime. #47495

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.2

25 Nov 21:06
@r0mant r0mant
v17.0.2
a5c84e4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.2

Description

  • Fixed missing user participants in session recordings listing for non-interactive Kubernetes recordings. #49343
  • Support delegated joining for Bitbucket Pipelines in Machine ID. #49335
  • Fix a bug in the Teleport Operator chart that causes the operator to not be able to watch secrets during secret injection. #49327
  • You can now search text within SSH sessions in the Web UI and Teleport Connect. #49269
  • Teleport Connect now refreshes the resources view after dropping an access request. #49264
  • Fixed an issue where teleport park processes could be leaked causing runaway resource usage. #49260
  • Fixed VNet not being able to connect to the daemon. #49199
  • The tsh puttyconfig command now disables GSSAPI auth settings to avoid a "Not Responding" condition in PuTTY. #49189
  • Allow Azure VMs to join from a different subscription than their managed identity. #49156
  • Fix an issue loading the license file when Teleport is started without a configuration file. #49150
  • Added support for directly configuring JWKS for GitHub joining for circumstances where the GHES is not reachable by the Teleport Auth Service. #49049
  • Fixed a bug where Access Lists imported from Microsoft Entra ID fail to be created if their display names include special characters. #5551

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.4.8

20 Nov 16:53
@r0mant r0mant
v16.4.8
54d391f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.8
  • Allow Azure VMs to join from a different subscription than their managed identity. #49157
  • Fix an issue loading the license file when Teleport is started without a configuration file. #49149
  • Fixed a bug in the teleport-cluster Helm chart that can cause token mount to fail when using ArgoCD. #49069
  • Fixed app access regression to apps on leaf clusters. #49056
  • Added support for directly configuring JWKS for GitHub joining for circumstances where the GHES is not reachable by the Teleport Auth Service. #49052
  • Fixed issue resulting in excess CPU usage and connection resets when teleport-event-handler is under moderate to high load. #49036
  • Fixed OpenSSH remote port forwarding not working for localhost. #49020
  • Fixed tsh app login prompting for user login when multiple AWS roles are present. #48997
  • Fixed incorrect cluster name when querying for Kubernetes namespaces on a leaf cluster for Connect UI. #48990
  • Allow to override Teleport license secret name when using teleport-cluster Helm chart. #48979
  • Added periodic health checks between proxies in proxy peering. #48929
  • Fixed users not being able to connect to SQL server instances with PKINIT integration when the cluster is configured with different CAs for database access. #48924
  • Fix a bug in the Teleport Operator chart that causes the operator to not be able to list secrets during secret injection. #48901
  • The access graph poll interval is now configurable with the discovery_service.poll_interval field, whereas before it was fixed to a 15 minute interval. #48861
  • The web terminal now supports SIXEL and IIP image protocols. #48842
  • Ensure that agentless server information is provided in all audit events. #48833
  • Fixed missing access request metadata in app.session.start audit events. #48804
  • Fixed missing GetDatabaseFunc error when tsh connects MongoDB databases in cluster with a separate MongoDB port. #48129
  • Ensure that Teleport can re-establish broken LDAP connections. #48008
  • Improved handling of scoped token when setting up Okta integration. #5503
  • Fixed access request deletion reconciliation race condition in Okta integration HA setup. #5385
  • Extend support for group claim setting in Entra ID integration. #5493
Assets 2
Loading