Pre release 2.6.0-alpha.0

WARNING: Pre-releases are not production ready. Use at your own risk.

Add early support for DynamoDB-backed event storage and S3 session recordings.

Teleport 2.5.1

This release of Teleport fixes a regression in Teleport binaries.

Bug Fixes

• Binaries for macOS have been rebuilt to resolve "certificate signed by a unknown authority" issue.

Teleport 2.4.5

This release of Teleport fixes a regression in Teleport binaries.

Bug Fixes

• Binaries for macOS have been rebuilt to resolve "certificate signed by a unknown authority" issue.

Teleport 2.5.0

This is a major release of Teleport. Its goal is to make cloud-native deployments easier. Numerous AWS users have contributed feedback to this release, which includes:

New Features

• Auth servers in highly available (HA) configuration can share the same /var/lib/teleport data directory when it's hosted on NFS (or AWS EFS). #1351
• There is now an AWS reference deployment in examples/aws directory. It uses Terraform and demonstrates how to deploy large Teleport clusters on AWS using best practices like auto-scaling groups, security groups, secrets management, load balancers, etc.
• The Teleport daemon now implements built-in connection draining which allows zero-downtime upgrades See documentation.
• Dynamic join tokens for new nodes can now be explicitly set via tctl node add --token. This allows Teleport admins to use an external mechanism for generating cluster invitation tokens. #1615
• Teleport now correctly manages certificates for accessing proxies behind a load balancer with the same domain name. The new configuration parameter public_addr must be used for this. #1174

Improvements

• Switching to a new TLS-based auth server API improves performance of large clusters. #1528
• Session recordings are now compressed by default using gzip. This reduces storage requirements by up to 80% in our real-world tests. #1579
• More user-friendly authentication errors in Teleport audit log helps Teleport admins troubleshoot configuration errors when integrating with SAML/OIDC providers. #1554 #1553 #1599
• tsh client will now report if a server's API is no longer compatible.

Bug Fixes

• tsh logout will now correctly log out from all active Teleport sessions. This is useful for users who're connected to multiple Teleport clusters at the same time. #1541
• When parsing YAML, Teleport now supports -- list item separator to create multiple resources with a single tctl create command. #1663
• Fixed a panic in the Web UI backend #1558

Behavior Changes

Certain components of Teleport behave differently in version 2.5. It is important to note that these changes are not breaking Teleport functionality. They improve Teleport behavior on large clusters deployed on highly dynamic cloud environments such as AWS. This includes:

• Session list in the Web UI is now limited to 1,000 sessions.
• The audit log and recorded session storage has been moved from /var/lib/teleport/log to /var/lib/teleport/log/<auth-server-id>. This is related to #1351 described above.
• When connecting a trusted cluster users can no longer pick an arbitrary name for them. Their own (local) names will be used, i.e. the cluster_name setting now defines how the cluster is seen from the outside. #1543

Teleport 2.4.4

This release of Teleport focuses on bugfixes.

Bug Fixes

• Resolved tsh logout regression. #1541
• Binaries for supported platforms all built with Go 1.9.2.

Teleport 2.4.3

This release of Teleport focuses on bugfixes.

Bug Fixes

• Resolved "access denied" regression in Trusted Clusters. #1733
• Resolved toggling regression in Trusted Clusters. #1751
• Key written with wrong username to ~/.tsh. #1749

v2.5.0-rc.2

WARNING Use at your own risk. Pre-releases are not production ready.

• incorporate fixes from 2.4.2 release

Teleport 2.4.2

This release of Teleport focuses on bugfixes.

Bug Fixes

• Wait for copy to complete before propagating exit-status. #1646
• Don't discard initial bytes in HTTP CONNECT tunnel. #1659
• Pass caching key generator to services and use cache in recording proxy. #1639
• Only display "Change Password" in UI for local users. #1669
• Update Singup URL. #1643
• Improved Teleport version reporting. #1538
• Fixed regressions in terminal size handling and Trusted Clusters introduced in 2.4.1. #1674 #1692

Release candidate 2.5.0-rc.1

WARNING Pre-releases are not production ready. Use at your own risk.

• Improve and tweak signal handling
• Fixes in migrations for trusted clusters
• Improve memory usage for gzip writers

Pre-release 2.5.0-beta.2

WARNING Beta releases are not production ready. Use at your own risk.

• Add ability to live reload Teleport binaries without downtime