Skip to content

Releases: gravitational/teleport

Teleport 14.3.23

09 Aug 04:45
@camscale camscale
v14.3.23
69e5efb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 14.3.23

Description

  • Updated Go toolchain to 1.22.6. #45196
  • Teleport Connect now sets TERM_PROGRAM: Teleport_Connect and TERM_PROGRAM_VERSION: <app_version> environment variables in the integrated terminal. #45065
  • Fixed race condition between session recording uploads and session recording upload cleanup. #44980
  • Prevent Kubernetes per-Resource RBAC from blocking access to namespaces when denying access to a single resource kind in every namespace. #44976
  • Improved stability of very large teleport clusters during temporary backend disruption/degradation. #44696
  • Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44630
  • Use the registered port of the target host when tsh puttyconfig is invoked without --port. #44574
  • Fixed Teleport Connect binaries not being signed correctly. #44473
  • Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44467
  • Fixed a low-probability panic in audit event upload logic. #44423
  • Prevented DoSing the cluster during a mass failed join event by agents. #44416
  • Added audit events for AWS and Azure integration resource actions. #44405
  • Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44273
  • Fixed a kube-agent-updater bug affecting resolutions of private images. #44193
  • Prevented redirects to arbitrary URLs when launching an app. #44190
  • The teleport-cluster chart can now use existing ingresses instead of creating its own. #44148
  • Ensured that tsh login outputs accurate status information for the new session. #44145
  • Fixes "device trust mode x requires Teleport Enterprise" errors on tctl. #44136
  • Honor proxy templates in tsh ssh. #44031
  • Fix eBPF error occurring during startup on Linux RHEL 9. #44025
  • Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43984
  • Lowered latency of detecting Kubernetes cluster becoming online. #43969
  • Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43960
  • Fixed teleport-kube-agent Helm chart to correctly propagate extraLabels to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43933
  • Added audit events for discovery config actions. #43795
  • Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43651
  • Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43633
  • Wait for user MFA input when reissuing expired certificates for a kube proxy. #43614
  • Display errors in the web UI console for SSH sessions. #43492
  • Updated go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43476
  • Fixed an issue preventing accurate inventory reporting of the updater after it is removed. #43452
  • Remaining alert TTL is now displayed with tctl alerts ls. #43434
  • Fixed headless auth for SSO users, including when local auth is disabled. #43363
  • Fixed an issue with incorrect yum/zypper updater packages being installed. #4686
  • Fixed inaccurately notifying user that access list reviews are due in the web UI. #4523
  • The Teleport updater will no longer default to using the global version channel, avoiding incompatible updates. #4475

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Assets 2
Loading

Teleport 15.4.12

09 Aug 01:24
@r0mant r0mant
v15.4.12
42356d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.12

Description

  • Improved copy and paste behavior in the terminal in Teleport Connect. On Windows and Linux, Ctrl+Shift+C/V now copies and pastes text (these shortcuts can be changed with keymap.terminalCopy/keymap.terminalPaste). A mouse right click (terminal.rightClick) can copy/paste text too (enabled by default on Windows). #45266
  • Updated Go toolchain to 1.22.6. #45195
  • Improved tsh ssh performance for concurrent execs. #45163
  • Fixed regression that denied access to launch some applications. #45150
  • Bot resources now honour their metadata.expires field. #45133
  • Teleport Connect now sets TERM_PROGRAM: Teleport_Connect and TERM_PROGRAM_VERSION: &lt;app_version&gt; environment variables in the integrated terminal. #45064
  • Fix a panic in the Microsoft teams plugin when it receives an error. #45012
  • Adds SPIFFE compatible federation bundle endpoint to the Proxy API, allowing other workload identity platforms to federate with the Teleport cluster. #44999
  • Added warning on tbot startup when the requested certificate TTL exceeds the maximum allowed value. #44988
  • Fixed race condition between session recording uploads and session recording upload cleanup. #44979
  • Prevent Kubernetes per-Resource RBAC from blocking access to namespaces when denying access to a single resource kind in every namespace. #44975
  • Fix tbot FIPS builds failing to start due to missing boringcrypto. #44908
  • Added support for Kubernetes Workload Attestation into Teleport Workload Identity to allow the authentication of pods running within Kubernetes without secrets. #44884
  • Machine ID can now be configured to use Kubernetes Secret destinations from the command line using the kubernetes-secret schema. #44804
  • Prevent discovery service from overwriting Teleport dynamic resources that have the same name as discovered resources. #44786
  • Teleport Connect now uses ConPTY for better terminal resizing and accurate color rendering on Windows, with an option to disable it in the app config. #44743
  • Fixed event-handler Helm charts using the wrong command when starting the event-handler container. #44698
  • Enabled Mattermost plugin for notification routing ruled. #4773

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.1.4

07 Aug 23:12
@fheinecke fheinecke
v16.1.4
acdd343
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.1.4

Description

  • Improved tsh ssh performance for concurrent execs. #45162
  • Fixed issue with loading cluster features when agents are upgraded prior to auth. #45226
  • Updated Go to 1.22.6. #45194

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.1.3

07 Aug 01:18
@camscale camscale
v16.1.3
b7b8675
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.1.3

Description

  • Fixed an issue where tsh aws may display extra text in addition to the original command output. #45168
  • Fixed regression that denied access to launch some Apps. #45149
  • Bot resources now honor their metadata.expires field. #45130
  • Teleport Connect now sets TERM_PROGRAM: Teleport_Connect and TERM_PROGRAM_VERSION: <app_version> environment variables in the integrated terminal. #45063
  • Fixed a panic in the Microsoft Teams plugin when it receives an error. #45011
  • Added a background item for VNet in Teleport Connect; VNet now prompts for a password only during the first launch. #44994
  • Added warning on tbot startup when the requested certificate TTL exceeds the maximum allowed value. #44989
  • Fixed a race condition between session recording uploads and session recording upload cleanup. #44978
  • Prevented Kubernetes per-Resource RBAC from blocking access to namespaces when denying access to a single resource kind in every namespace. #44974
  • SSO login flows can now authorize web sessions with Device Trust. #44906
  • Added support for Kubernetes Workload Attestation into Teleport Workload Identity to allow the authentication of pods running within Kubernetes without secrets. #44883

Enterprise:

  • Fixed a redirection issue with the SAML IdP authentication middleware which prevented users from signing into the service provider when an SAML authentication request was made with an HTTP-POST binding protocol, and user's didn't already have an active session with Teleport.
  • SAML applications can now be deleted from the Web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.1.1

31 Jul 20:35
@r0mant r0mant
v16.1.1
806b00e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.1.1

Description

  • Added option to allow client redirects from IPs in specified CIDR ranges in SSO client logins. #44846
  • Machine ID can now be configured to use Kubernetes Secret destinations from the command line using the kubernetes-secret schema. #44801
  • Prevent discovery service from overwriting Teleport dynamic resources that have the same name as discovered resources. #44785
  • Reduced the probability that the event-handler deadlocks when encountering errors processing session recordings. #44771
  • Improved event-handler diagnostics by providing a way to capture profiles dynamically via SIGUSR1. #44758
  • Teleport Connect now uses ConPTY for better terminal resizing and accurate color rendering on Windows, with an option to disable it in the app config. #44742
  • Fixed event-handler Helm charts using the wrong command when starting the event-handler container. #44697
  • Improved stability of very large Teleport clusters during temporary backend disruption/degradation. #44694
  • Resolved compatibility issue with Paramiko and Machine ID's SSH multiplexer SSH agent. #44673
  • Teleport no longer creates invalid SAML Connectors when calling tctl get saml/<connector-name> | tctl create -f without the --with-secrets flag. #44666
  • Fixed a fatal error in tbot when unable to lookup the user from a given UID in containerized environments for checking ACL configuration. #44645
  • Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44628
  • Added Server auto-discovery support for Rocky and AlmaLinux distros. #44612
  • Use the registered port of the target host when tsh puttyconfig is invoked without --port. #44572
  • Added more icons for guessing application icon by name or by label teleport.icon in the web UI. #44566
  • Remove deprecated S3 bucket option when creating or editing AWS OIDC integration in the web UI. #44485
  • Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44465
  • Added application-tunnel service to Machine ID for establishing a long-lived tunnel to a HTTP or TCP application for Machine to Machine access. #44443
  • Fixed a regression that caused Teleport Connect to fail to start on Intel Macs. #44435
  • Improved auto-discovery resiliency by recreating Teleport configuration when the node fails to join the cluster. #44432
  • Fixed a low-probability panic in audit event upload logic. #44425
  • Fixed Teleport Connect binaries not being signed correctly. #44419
  • Prevented DoSing the cluster during a mass failed join event by agents. #44414
  • The availability filter is now a toggle to show (or hide) requestable resources. #44413
  • Moved PostgreSQL auto provisioning users procedures to pg_temp schema. #44409
  • Added audit events for AWS and Azure integration resource actions. #44403
  • Fixed automatic updates with previous versions of the teleport.yaml config. #44379
  • Added support for Rocky and AlmaLinux when enrolling a new server from the UI. #44332
  • Fixed PostgreSQL session playback not rendering queries line breaks correctly. #44315
  • Fixed Teleport access plugin tarballs containing a build directory, which was accidentally added upon v16.0.0 release. #44300
  • Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44275
  • The clipboard sharing tooltip for desktop sessions now indicates why clipboard sharing is disabled. #44237
  • Prevented redirects to arbitrary URLs when launching an app. #44188
  • Added a --skip-idle-time flag to tsh play. #44013
  • Added audit events for discovery config actions. #43793
  • Enabled Access Monitoring Rules routing with Mattermost plugin. #43601
  • SAML application can now be deleted from the Web UI. #4778
  • Fixed an Access List permission bug where an access list owner, who is also a member, was not able to add/remove access list member. #4744
  • Fixed a bug in Web UI where clicking SAML GCP Workforce Identity Federation discover tile would throw an error, preventing from using the guided enrollment feature. #4720
  • Fixed an issue with incorrect yum/zypper updater packages being installed. #4684

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.11

30 Jul 04:22
@camscale camscale
v15.4.11
39d5221
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.11

Description

  • Fixed an issue that could cause auth servers to panic when their backend connectivity was interrupted. #44787
  • Reduced the probability that the event-handler deadlocks when encountering errors processing session recordings. #44772
  • Improved event-handler diagnostics by providing a way to capture profiles dynamically via SIGUSR1. #44759
  • Added support for Teams to Opsgenie plugin alert creation. #44330

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.10

29 Jul 03:45
@camscale camscale
v15.4.10
962676a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.10

Description

  • Improved stability of very large teleport clusters during temporary backend disruption/degradation. #44695
  • Resolved compatibility issue with Paramiko and Machine ID's SSH multiplexer SSH agent. #44672
  • Fixed a fatal error in tbot when unable to lookup the user from a given UID in containerized environments for checking ACL configuration. #44646
  • Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44629
  • Use the registered port of the target host when tsh puttyconfig is invoked without --port. #44573
  • Added more icons for guessing application icon by name or by label teleport.icon in the web UI. #44568
  • Removed deprecated S3 bucket option when creating or editing AWS OIDC integration in the web UI. #44487
  • Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44466
  • Added application-tunnel service to Machine ID for establishing a long-lived tunnel to a HTTP or TCP application for Machine to Machine access. #44446
  • Fixed a low-probability panic in audit event upload logic. #44424
  • Fixed Teleport Connect binaries not being signed correctly. #44420
  • Prevented DoSing the cluster during a mass failed join event by agents. #44415
  • Added audit events for AWS and Azure integration resource actions. #44404
  • Fixed automatic updates with previous versions of the teleport.yaml config. #44378
  • Added support for Rocky and AlmaLinux when enrolling a new server from the UI. #44331
  • Fixed Teleport access plugin tarballs containing a build directory, which was accidentally added upon v15.4.5 release. #44301
  • Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44274
  • The clipboard sharing tooltip for desktop sessions now indicates why clipboard sharing is disabled. #44238
  • Fixed a kube-agent-updater bug affecting resolutions of private images. #44192
  • Prevented redirects to arbitrary URLs when launching an app. #44189
  • Added audit event field describing if the "MFA for admin actions" requirement changed. #44185
  • The teleport-cluster chart can now use existing ingresses instead of creating its own. #44147
  • Ensured that tsh login outputs accurate status information for the new session. #44144
  • Fixed "device trust mode x requires Teleport Enterprise" errors on tctl. #44134
  • Added a --skip-idle-time flag to tsh play. #44095
  • Added the tbot install systemd command for installing tbot as a service on Linux systems. #44082
  • Added ability to list access list members in json format in tctl cli tool. #44072
  • Made tbot compilable on Windows. #44070
  • For slack integration, Access List reminders are batched into 1 message and provides link out to the web UI. #44035
  • Fixed denying access despite access being configured for Notification Routing Rules in the web UI. #44028
  • Fixed eBPF error occurring during startup on Linux RHEL 9. #44024
  • Lowered latency of detecting Kubernetes cluster becoming online. #43971
  • Enabled Access Monitoring Rules routing with Mattermost plugin. #43600

Enterprise:

  • Fixed an Access List permission bug where an access list owner, who is also a member, was not able to add/rm access list member.
  • Fixed an issue with incorrect yum/zypper updater packages being installed.
  • Fixed empty condition from unquoted string with yaml editor for Notification Routing Rules in the Web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.1.0

16 Jul 02:03
@camscale camscale
v16.1.0
fd6032e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.1.0

Description

New logo

We're excited to announce an update to the Teleport logo. This refresh aligns
with our evolving brand and will be reflected across the product, our marketing
site (goteleport.com), branded content, swag, and more.

The new logo will appear in the web UI starting with this release and on the
marketing website starting from July 17th, 2024.

Database Access session replay

Database Access users will be able to watch PostgreSQL query replays in the web
UI or with tsh.

Other improvements and fixes

  • Fixed "staircase" text output for non-interactive Kube exec sessions in Web UI. #44249
  • Fixed a leak in the admin process spawned by starting VNet through tsh vnet or Teleport Connect. #44225
  • Fixed a kube-agent-updater bug affecting resolutions of private images. #44191
  • The show_resources option is no longer required for statically configured proxy ui settings. #44181
  • The teleport-cluster chart can now use existing ingresses instead of creating its own. #44146
  • Ensure that tsh login outputs accurate status information for the new session. #44143
  • Fixes "device trust mode x requires Teleport Enterprise" errors on tctl. #44133
  • Added the tbot install systemd command for installing tbot as a service on Linux systems. #44083
  • Added ability to list access list members in json format in tctl. #44071
  • Update grpc to v1.64.1 (patches GO-2024-2978). #44067
  • Batch access review reminders into 1 message and provide link out to the web UI. #44034
  • Fixed denying access despite access being configured for Notification Routing Rules in the web UI. #44029
  • Honor proxy templates in tsh ssh. #44026
  • Fixed eBPF error occurring during startup on Linux RHEL 9. #44023
  • Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43968
  • Lower latency of detecting Kubernetes cluster becoming online. #43967
  • Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43962
  • Make tbot compilable on Windows. #43959
  • Add a new event to the database session recording with query/command result information. #43955
  • Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43938
  • extraLabels configured in teleport-kube-agent chart values are now correctly propagated to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43932
  • Add support for Teams to Opsgenie plugin alert creation. #43916
  • Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43876
  • SAML IdP service provider resource can now be updated from the Web UI. #4651
  • Fixed empty condition from unquoted string with YAML editor for Notification Routing Rules in the Web UI. #4636
  • Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service. #4568
  • Fixed inaccurately notifying user that access list reviews are due in the web UI. #4521

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.9

11 Jul 12:19
@camscale camscale
v15.4.9
aea5781
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.9

Description

  • Honor proxy templates in tsh ssh. #44027
  • Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43975
  • Teleport AMIs now optionally source environment variables from /etc/default/teleport as regular Teleport package installations do. #43961
  • Enabled setting event types to forward, skip events, skip session types in event-handler helm chart. #43939
  • Correctly propagate extraLabels configured in teleport-kube-agent chart values to post-delete hooks. A new extraLabels.job object has been added for labels which should only apply to the post-delete job. #43931
  • Machine ID outputs now execute individually and concurrently, meaning that one failing output does not disrupt other outputs, and that performance when generating a large number of outputs is improved. #43883
  • Omit control plane services from the inventory list output for Cloud-Hosted instances. #43778
  • Fixed session recordings getting overwritten or not uploaded. #42164

Enterprise:

  • Fixed inaccurately notifying user that access list reviews are due in the web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.0.4

04 Jul 07:01
@camscale camscale
v16.0.4
c733a8b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.0.4

Description

  • Omit control plane services from the inventory list output for Cloud-Hosted instances. #43779
  • Updated Go toolchain to v1.22.5. #43768
  • Reduced CPU usage in auth servers experiencing very high concurrent request load. #43755
  • Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure disable_exec_plugin. #43655
  • Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43653
  • Added support for dialling leaf clusters to the tbot SSH multiplexer. #43634
  • Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of cluster.local. #43631
  • Wait for user MFA input when reissuing expired certificates for a kube proxy. #43612
  • Improved error diagnostics when using Machine ID's SSH multiplexer. #43586

Enterprise:

  • Teleport Enterprise now supports the TELEPORT_REPORTING_HTTP(S)_PROXY environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Download the current release of Teleport plugins from the links below.

Assets 2
Loading