Teleport 16.1.0

Description

New logo

We're excited to announce an update to the Teleport logo. This refresh aligns
with our evolving brand and will be reflected across the product, our marketing
site (goteleport.com), branded content, swag, and more.

The new logo will appear in the web UI starting with this release and on the
marketing website starting from July 17th, 2024.

Database Access session replay

Database Access users will be able to watch PostgreSQL query replays in the web
UI or with tsh.

Other improvements and fixes

• Fixed "staircase" text output for non-interactive Kube exec sessions in Web UI. #44249
• Fixed a leak in the admin process spawned by starting VNet through tsh vnet or Teleport Connect. #44225
• Fixed a kube-agent-updater bug affecting resolutions of private images. #44191
• The show_resources option is no longer required for statically configured proxy ui settings. #44181
• The teleport-cluster chart can now use existing ingresses instead of creating its own. #44146
• Ensure that tsh login outputs accurate status information for the new session. #44143
• Fixes "device trust mode x requires Teleport Enterprise" errors on tctl. #44133
• Added the tbot install systemd command for installing tbot as a service on Linux systems. #44083
• Added ability to list access list members in json format in tctl. #44071
• Update grpc to v1.64.1 (patches GO-2024-2978). #44067
• Batch access review reminders into 1 message and provide link out to the web UI. #44034
• Fixed denying access despite access being configured for Notification Routing Rules in the web UI. #44029
• Honor proxy templates in tsh ssh. #44026
• Fixed eBPF error occurring during startup on Linux RHEL 9. #44023
• Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43968
• Lower latency of detecting Kubernetes cluster becoming online. #43967
• Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43962
• Make tbot compilable on Windows. #43959
• Add a new event to the database session recording with query/command result information. #43955
• Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43938
• extraLabels configured in teleport-kube-agent chart values are now correctly propagated to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43932
• Add support for Teams to Opsgenie plugin alert creation. #43916
• Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43876
• SAML IdP service provider resource can now be updated from the Web UI. #4651
• Fixed empty condition from unquoted string with YAML editor for Notification Routing Rules in the Web UI. #4636
• Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service. #4568
• Fixed inaccurately notifying user that access list reviews are due in the web UI. #4521

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 15.4.9

Description

• Honor proxy templates in tsh ssh. #44027
• Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43975
• Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43961
• Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43939
• Correctly propagate extraLabels configured in teleport-kube-agent chart values to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43931
• Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43883
• Omit control plane services from the inventory list output for Cloud-Hosted instances. #43778
• Fixed session recordings getting overwritten or not uploaded. #42164

Enterprise:

• Fixed inaccurately notifying user that access list reviews are due in the web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 16.0.4

Description

• Omit control plane services from the inventory list output for Cloud-Hosted instances. #43779
• Updated Go toolchain to v1.22.5. #43768
• Reduced CPU usage in auth servers experiencing very high concurrent request load. #43755
• Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure disable_exec_plugin. #43655
• Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43653
• Added support for dialling leaf clusters to the tbot SSH multiplexer. #43634
• Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43631
• Wait for user MFA input when reissuing expired certificates for a kube proxy. #43612
• Improved error diagnostics when using Machine ID's SSH multiplexer. #43586

Enterprise:

• Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 15.4.7

Description

• Added audit events for discovery config actions. #43794
• Updated Go toolchain to v1.22.5. #43769
• Reduced CPU usage in auth servers experiencing very high concurrent request load. #43760
• Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure disable_exec_plugin. #43656
• Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43652
• Added support for dialling leaf clusters to the tbot SSH multiplexer. #43635
• Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43632
• Wait for user MFA input when reissuing expired certificates for a kube proxy. #43613
• Improved error diagnostics when using Machine ID's SSH multiplexer. #43587

Enterprise:

• Increased Access Monitoring refresh interval to 24h.
• Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 16.0.3

Description

This release of Teleport contains a fix for a medium-level security issue impacting Teleport Enterprise, as well as various other updates and improvements

Security Fixes

[Medium] Fixes issue where a SCIM client could potentially overwrite Teleport system Roles using specially crafted groups. This issue impacts Teleport Enterprise deployments using the Okta integration with SCIM support enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

Other updates and improvements

• Update go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43474
• Fixed Discover setup access error when updating user. #43560
• Added audit event field describing if the "MFA for admin actions" requirement changed. #43541
• Fixed remote port forwarding validation error. #43516
• Added support to trust system CAs for self-hosted databases. #43493
• Added error display in the Web UI for SSH and Kubernetes sessions. #43485
• Fixed accurate inventory reporting of the updater after it is removed. #43454
• tctl alerts ls now displays remaining alert ttl. #43436
• Fixed input search for Teleport Connect's access request listing. #43429
• Added Debug setting for event-handler. #43408
• Fixed Headless auth for sso users, including when local auth is disabled. #43361
• Added configuration for custom CAs in the event-handler helm chart. #43340
• Updated VNet panel in Teleport Connect to list custom DNS zones and DNS zones from leaf clusters. #43312
• Fixed an issue with Database Access Controls preventing users from making additional database connections. #43303
• Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. #43290
• Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". #43287
• Fix a bug where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43283
• Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43257
• Patched timing variability in curve25519-dalek. #43246
• Fixed setting request reason for automatic ssh access requests. #43178
• Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43161
• Added tctl desktop bootstrap for bootstrapping AD environments to work with Desktop Access. #43150

Enterprise only changes and improvements

• The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below:

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

--
labels: security-patch=yes

Teleport 15.4.6

Description

This release of Teleport contains a fix for a medium-level security issue impacting Teleport Enterprise, as well as various other updates and improvements

Security Fixes

[Medium] Fixes issue where a SCIM client could potentially overwrite. Teleport system Roles using specially crafted groups. This issue impacts Teleport Enterprise deployments using the Okta integration with SCIM support enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

Other updates and improvements

• Fixed Discover setup access error when updating user. #43561
• Updated Go toolchain to 1.22. #43550
• Fixed remote port forwarding validation error. #43517
• Added support to trust system CAs for self-hosted databases. #43500
• Added error display in the Web UI for SSH and Kubernetes sessions. #43491
• Update go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43475
• Fixed accurate inventory reporting of the updater after it is removed.. #43453
• tctl alerts ls now displays remaining alert ttl. #43435
• Fixed input search for Teleport Connect's access request listing. #43430
• Added Debug setting for event-handler. #43409
• Fixed Headless auth for sso users, including when local auth is disabled. #43362
• Added configuration for custom CAs in the event-handler helm chart. #43341
• Fixed an issue with Database Access Controls preventing users from making additional database connections depending on their permissions. #43302
• Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". #43288

Enterprise only updates and improvements

• The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

--
labels: security-patch=yes

Teleport 15.4.5

Description

• Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43256
• Patched timing variability in curve25519-dalek. #43249
• Updated tctl to ignore a configuration file if the auth_service section is disabled, and prefer loading credentials from a given identity file or tsh profile instead. #43203
• Fixed setting request reason for automatic ssh access requests. #43180
• Updated teleport to skip jamf_service validation when the Jamf service is not enabled. #43169
• Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43162
• Made tsh and Teleport Connect return early during login if ping to proxy service was not successful. #43086
• Added ability to edit user traits from the Web UI. #43068
• Enforce limits when reading events from Firestore to prevent OOM events. #42967
• Fixed updating groups for Teleport-created host users. #42884
• Added support for crown_jewel resource. #42866
• Added ability to edit user traits from the Web UI. #43068
• Fixed gRPC disconnection on certificate expiry even though DisconnectCertExpiry was false. #43291
• Fixed issue where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43284

Enterprise-only changes

• Fixed sync error in Okta SCIM integration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 14.3.21

Description

• Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. #43292
• Fixed bug where a Teleport instance running only Jamf or Discovery service would never have a healthy /readyz endpoint. #43285
• Added a missing [Install] section to the teleport-acm systemd unit file as used by Teleport AMIs. #43258
• Updated teleport to skip jamf_service validation when the Jamf is not enabled. #43170
• Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. #43163
• Made tsh and Teleport Connect return early during login if ping to proxy service was not successful. #43087
• Added ability to edit user traits from the Web UI. #43070
• Enforce limits when reading events from Firestore to prevent OOM events. #42968
• Fixed an issue Oracle access failed through trusted cluster. #42929
• Fixes errors caused by dynamoevents query StartKey not being within the [From, To] window. #42914
• Fixed updating groups for Teleport-created host users. #42883
• Update azidentity to v1.6.0 (patches CVE-2024-35255). #42860
• Remote rate limits on endpoints used extensively to connect to the cluster. #42836
• Improved the performance of the Athena audit log and S3 session storage backends. #42796
• Prevented a panic in the Proxy when accessing an offline application. #42787
• Improve backoff of session recording uploads by teleport agents. #42775
• Reduced backend writes incurred by tracking status of non-recorded sessions. #42695
• Fixed listing available DB users in Teleport Connect for databases from leaf clusters obtained through access requests. #42681
• Fixed not being able to logout from the web UI when session invalidation errors. #42654
• Updated OpenSSL to 3.0.14. #42643
• Teleport Connect binaries for Windows are now signed. #42473
• Updated Go to 1.21.11. #42416
• Fix web UI notification dropdown menu height from growing too long from many notifications. #42338
• Disabled session recordings for non-interactive sessions when enhanced recording is disabled. #42321
• Fixed issue where removing an app could make teleport app agents incorrectly report as unhealthy for a short time. #42269
• Fixed a panic in the DynamoDB audit log backend when the cursor fell outside of the [From,To] interval. #42266
• The teleport configure command now supports a --node-name flag for overriding the node's hostname. #42249
• Fixed an issue where mix-and-match of join tokens could interfere with some services appearing correctly in heartbeats. #42188
• Improved temporary disk space usage for session recording processing. #42175
• Fixed a regression where Kubernetes Exec audit events were not properly populated and lacked error details. #42146
• Fix Azure join method when using Resource Groups in the allow section. #42140
• Fixed resource leak in session recording cleanup. #42069
• Reduced memory and cpu usage after control plane restarts in clusters with a high number of roles. #42064
• Fixed the field allowed_https_hostnames in the Teleport Operator resources: SAML, OIDC, and GitHub Connector. #42056
• Enhanced error messaging for clients using kubectl exec v1.30+ to include warnings about a breaking change in Kubernetes. #41989

Enterprise-Only changes:

• Improved memory usage when reconciling Access Lists members to prevent Out of Memory events when reconciling a large number of Access Lists members.
• Prevented Access Monitoring reports from crashing when large datasets are returned.
• Ensured graceful restart of teleport.service after an upgrade.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Teleport 16.0.1

Description

• tctl now ignores any configuration file if the auth_service section is disabled, and prefer loading credentials from a given identity file or tsh profile instead. #43115
• Skip jamf_service validation when the service is not enabled. #43095
• Fix v16.0.0 amd64 Teleport plugin images using arm64 binaries. #43084
• Add ability to edit user traits from the Web UI. #43067
• Enforce limits when reading events from Firestore for large time windows to prevent OOM events. #42966
• Allow all authenticated users to read the cluster vnet_config. #42957
• Improve search and predicate/label based dialing performance in large clusters under very high load. #42943

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

Teleport 16.0.0

Description

Teleport 16 brings the following new features and improvements:

• Teleport VNet
• Device Trust for the Web UI
• Increased support for per-session MFA
• Web UI notification system
• Access requests from the resources view
• tctl for Windows
• Teleport plugins improvements

Description

Teleport VNet

Teleport 16 introduces Teleport VNet, a new feature that provides a virtual IP subnet and DNS server which automatically proxies TCP connections to Teleport apps over mutually authenticated tunnels.

This allows scripts and software applications to connect to any Teleport-protected application as if they were connected to a VPN, without the need to manage local tunnels.

Teleport VNet is powered by the Teleport Connect client and is available for macOS. Support for other operating systems will come in a future release.

Device Trust for the Web UI

Teleport Device Trust can now be enforced for browser-based workflows like remote desktop and web application access. The Teleport Connect client must be installed in order to satisfy device locality checks.

Increased support for per-session MFA

Teleport 16 now supports per-session MFA checks when accessing both web and TCP applications via all supported clients (Web UI, tsh, and Teleport Connect).

Additionally, Teleport Connect now includes support for per-session MFA when accessing database resources.

Web UI notification system

Teleport’s Web UI includes a new notifications system that notifies users of items requiring attention (for example, access requests needing review).

Access requests from the resources view

The resources view in the web UI now shows both resources you currently have access to and resources you can request access to. This allows users to request access to resources without navigating to a separate page.

Cluster administrators who prefer the previous behavior of hiding requestable resources from the main view can set show_resources: accessible_only in their UI config:

For dynamic configuration, run tctl edit ui_config:

kind: ui_config
version: v1
metadata:
  name: ui-config
spec:
  show_resources: accessible_only

Alternatively, self-hosted Teleport users can update the ui section of their proxy configuration:

proxy_service:
  enabled: yes
  ui:
    show_resources: accessible_only

tctl for Windows

Teleport 16 includes Windows builds of the tctl administrative tool, allowing Windows users to administer their cluster without the need for a macOS or Linux workstation.

Additionally, there are no longer enterprise-specific versions of tctl. All Teleport clients (tsh, tctl, and Teleport Connect) are available in a single distribution that works on both Enterprise and Community Edition clusters.

Teleport plugins improvements

Teleport 16 includes major improvements to the plugins. All plugins now have:

• amd64 and arm64 binaries available
• amd64 and arm64 multi-arch images
• Major and minor version rolling tags (ie
  public.ecr.aws/gravitational/teleport-plugin-email:16)
• Image signatures for all images
• Additional debug images with all of the above features

In addition, we now support plugins for each supported major version, starting with v15. This means that if we fix a bug or security issue in a v16 plugin version, we will also apply and release the change for the v15 plugin version.

Other

The Jamf plugin now authenticates with Jamf API credentials instead of username and password.

🚨 Breaking changes and deprecations 🚨

Community Edition license

Starting with this release, Teleport Community Edition restricts commercial usage.

https://goteleport.com/blog/teleport-community-license/

License file validation on startup

Teleport 16 introduces license file validation on startup. This only applies to customers running Teleport Enterprise Self-Hosted. No action is required for customers running Teleport Enterprise Cloud or Teleport Community Edition.

If, after updating to Teleport 16, you receive an error message regarding an outdated license file, follow our step-by-step guide to update your license file.

Multi-factor authentication is now required for local users

Support for disabling second factor authentication has been removed. Teleport will refuse to start until the second_factor setting is set to on, webauthn or otp.

This change only affects self-hosted Teleport users, as Teleport Cloud has always required second factor authentication.

⚠️ Important: To avoid locking users out, we recommend the following steps:

1. Ensure that all cluster administrators have second factor devices registered in Teleport so that they will be able to reset any other users.
2. Announce to the user base that all users must register an MFA device. Consider creating a cluster alert with tctl alerts create to help spread the word.
3. While you are still on Teleport 15, set second_factor: on. This will help identify any users who have not registered MFA devices and allow you to quickly revert to second_factor: optional if necessary.
4. Upgrade to Teleport 16.

Any users who do not register MFA devices prior to the Teleport 16 upgrade will be unable to log in and must be reset by an administrator (tctl users reset).

Incompatible clients are rejected

In accordance with our component compatibility
guidelines, Teleport 16 will start rejecting connections from clients and agents running incompatible (ie too old) versions.

If Teleport detects connection attempts from outdated clients, it will show an alert to cluster administrators in both the web UI and tsh.

To disable this behavior and run in an unsupported configuration that allows incompatible agents to connect to your cluster, start your auth server with the TELEPORT_UNSTABLE_ALLOW_OLD_CLIENTS=yes environment variable.

Opsgenie plugin annotations

Prior to Teleport 16, when using an Opsgenie plugin, the teleport.dev/schedules role annotation was used to specify both schedules for access request notifications as well as schedules to check for the request auto-approval.

Starting with Teleport 16, the annotations were split to provide behavior consistent with other access request plugins: a role must now contain the teleport.dev/notify-services to receive notifications on Opsgenie and the teleport.dev/schedules to check for auto-approval.

Detailed setup instructions are available in the documentation.

New required permissions for DynamoDB

Teleport clusters using the DynamoDB backend on AWS now require the dynamodb:ConditionCheckItem permissions. For a full list of required permissions, see the IAM policy example.

Updated keyboard shortcuts in Teleport connect

On Windows and Linux, some of Teleport Connect’s keyboard shortcuts conflicted with the default bash or nano shortcuts (Ctrl+E, Ctrl+K, etc). On those platforms, the default shortcuts have been changed to a combination of Ctrl+Shift+*.

On macOS, the default shortcut to open a new terminal has been changed to Ctrl+Shift+`.

See the configuration guide for a list of updated keyboard shortcuts.

Machine ID and OpenSSH client config changes

Users with custom ssh_config should modify their ProxyCommand to use the new, more performant tbot ssh-proxy command. See the v16 upgrade guide for more details.

Removal of Active Directory configuration flow

The Active Directory installation and configuration wizard has been removed. Users who don’t already have Active Directory should leverage Teleport’s local user support, and users with existing Active Directory environments should follow the manual setup guide.

Teleport Assist is removed

All Teleport Assist functionality and OpenAI integration has been removed from Teleport. auth_service.assist and proxy_service.assistoptions have been removed from the configuration. Teleport will not start if these options are present.

During the migration from v15 to v16, the options mentioned above should be removed from the configuration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler ([Linux amd64]...