Teleport 2.3.5 RC1

Description

Teleport 2.3.5-rc1 is a pre-production release (internal version number is 2.3.3). Use at your own risk.

Teleport 2.3.1

Description

Teleport 2.3.1 is a maintenance release which contains two bug fixes.

Bug fixes

• Added CSRF protection to login endpoint. #1356
• Proxy subsystem handling is more robust. #1336

Known Issues

• Teleport may crash parsing HTTPS certificates specified in a configuration file #1349
• Teleport will reject self-signed HTTPS certificate specified in a configuration file #1392
• If 2FA is enabled, users may get temporarily locked out even if "failed login" counter is smaller than 5 (default value)

Teleport 2.3.0

This release focus was to increase Teleport user experience in the following areas:

• Easier configuration via tctl resource commands.
• Improved documentation, with expanded 'examples' directory.
• Improved CLI interface.
• Web UI improvements.

Improvements

• Web UI: users can connect to OpenSSH servers using the Web UI.
• Web UI now supports arbitrarty SSH logins, in addition to role-defined ones, for better compatibility with OpenSSH.
• CLI: trusted clusters can now be managed on the fly without having to edit Teleport configuration. #1137
• CLI: tsh login supports exporting a user identity into a file to be used later with OpenSSH.
• tsh agent command has been deprecated: users are expected to use native SSH Agents on their platforms.

Teleport Enterprise

• More granular RBAC rules #1092
• Role definitions now support templates. #1120
• Authentication: Teleport now supports multilpe OIDC/SAML endpoints.
• Configuration: local authentication is always enabled as a fallback if a SAML/OIDC endpoints go offline.
• Configuration: SAML/OIDC endpoints can be created on the fly using tctl and without having to edit configuration file or restart Teleport.
• Web UI: it is now easier to turn a trusted cluster on/off #1199.

Bug Fixes

• Proper handling of ENV_SUPATH from login.defs #1004
• Reverse tunnels would periodically lose connectivity. #1156
• tsh now stores user identities in a format compatible with OpenSSH. 1171.

Teleport 2.3.0-rc2

Description

Teleport 2.3.0-rc2 is a pre-production release. Use at your own risk.

Teleport 2.3.0-rc1

Description

Teleport 2.3.0-rc1 is a pre-production release. Use at your own risk.

Teleport 2.2.7

Description

Teleport 2.2.7 is a maintenance release which contains a bug fix.

Bug fixes

• Updated YAML parsing library. #1226.

Teleport 2.2.4

Description

Teleport 2.2.4 is a maintenance release which contains a bug fix.

Bug fixes

• Fixed issue with remote tunnel timeouts. #1140.

Teleport 2.2.3

Description

Teleport 2.2.3 is a maintenance release which contains two bug fixes.

Bugfixes

• Fixed issue with Trusted Clusters where a clusters could lose its signing keys. #1050.
• Fixed SAML signing certificate export in Enterprise. #1109.

Teleport 2.2.2

Description

Teleport 2.2.2 is a maintenance release which fixes the issue of refusing to accept certificates with long principal names [#1102].

Bugfixes

• Issue #1102: when using trusted clusters, Teleport cluster can refuse access to it's CA if the remote CA presents a certificate with a long principal in it.

Teleport 2.2.1

Description

Teleport 2.2.1 is a maintenance release which contains a improvement and a bug fix.

Improvements

• Added --compat=oldssh to both tsh and tctl that can be used to request certificates in the legacy format (no roles in extensions). #1083

Bugfixes

• Fixed multiple regressions when using SAML with dynamic roles. #1080