Skip to content

Releases: gravitational/teleport

Teleport 17.1.1

20 Dec 18:14
@r0mant r0mant
v17.1.1
73233d4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.1.1 Latest
Latest

Warning

17.1.1 fixes a regression in 17.1.0 that causes SSH server heartbeats to disappear
after a few minutes. Please skip 17.1.0 and upgrade straight to 17.1.1 or above. #50490

Description

Access requests support for AWS Identity Center

AWS Identity Center integration now allows users to request short or long term access to permission sets via Access Requests.

Database access for PostgreSQL via web UI

Database access users can now connect to PostgreSQL databases connected to Teleport right from the web UI and use psql-style interface to query the database.

Hosted email plugin for Access Requests

Users now have the ability to setup Mailgun or generic SMTP server for Access Request notifications using Teleport web UI without needing to self-host the email plugin.

Multi-port support for VNet

Users now supports multiple ports (or a range of ports) with a single TCP application, and Teleport VNet will make all of the application's ports accessible on the virtual network.

Graphical Role Editor

Teleport's web UI includes a new role editor that allows users to create and modify roles without resorting to a raw YAML editor.

Granular SSH port forwarding controls

Teleport now allows cluster administrators to enable local and remote port forwarding separately rather than grouping both types of port forwarding behind a single option.

Other improvements and fixes

  • Fixed an issue that could cause some antivirus tools to block Teleport's Device Trust feature on Windows machines. #50453
  • Updates the UI login redirection service to honor redirection to enterprise/saml-idp/sso path even if user is already authenticated with Teleport. #50442
  • Reduced cluster state storage load in clusters with a large amount of resources. #50430
  • Updated golang.org/x/net to v0.33.0 (addresses CVE-2024-45338). #50397
  • Fixed an issue causing panics in SAML app or OIDC integration deletion relating to AWS Identity Center integration. #50360
  • Fix missing roles in Access Lists causing users to be locked out of their account. #50298
  • Added support for connecting to PostgreSQL databases using WebUI. #50287
  • Improved the performance of Teleport agents serving a large number of resources in Kubernetes. #50279
  • Improve performance of Kubernetes App Auto Discover. #50269
  • Added more granular access controls for SSH port forwarding. Access to remote or local port forwarding can now be controlled individually using the new ssh_port_forwarding role option. #50241
  • Properly close ssh port forwarding connections to prevent requests hanging indefinitely. #50238
  • Teleport's RDP client now sets the load balancing cookie to improve compatibility with local traffic managers. #50226
  • Fixes an intermittent EKS authentication failure when dealing with EKS auto-discovery. #50197
  • Expose /.well-known/jwks-okta public endpoint for Okta API services type App. #50177
  • Switched to a new role editor UI. #50030
  • Added support for multiple ports to TCP applications. #49711
  • Allow multiple consecutive occurrences of - and . in SSH server hostnames. #50410
  • Fixed bug causing users to see notifications for their own access requests in some cases. #50076
  • Improved the cluster initialization process's ability to recovery from errors. #49966

Enterprise:

  • Adds AWS Account name to Identity Center Roles and resources. Some manual cleanup may be required where users and Access Lists have been assigned the obsolete roles.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.1.0

20 Dec 18:19
@fheinecke fheinecke
v17.1.0
6e777d4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.1.0

Warning

17.1.1 fixes a regression in 17.1.0 that causes SSH server heartbeats to disappear
after a few minutes. Please skip 17.1.0 and upgrade straight to 17.1.1 or above. #50490

Assets 2
Loading

Teleport 16.4.12

19 Dec 02:43
@doggydogworld doggydogworld
v16.4.12
5722b8b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.12

Description

  • Updated golang.org/x/net to v0.33.0 (addresses CVE-2024-45338). #50398
  • Improved the performance of Teleport agents serving a large number of resources in Kubernetes. #50280
  • Improve performance of Kubernetes App Auto Discover. #50268
  • Properly close ssh port forwarding connections to prevent requests hanging indefinitely. #50239
  • Teleport's RDP client now sets the load balancing cookie to improve compatibility with local traffic managers. #50225
  • Fixes an intermittent EKS authentication failure when dealing with EKS auto-discovery. #50198
  • Improved the cluster initialization process's ability to recovery from errors. #49967

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.5

11 Dec 22:16
@fheinecke fheinecke
v17.0.5
7cc4c2a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.5

Description

  • Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). #50078
  • Fixed tsh ssh -Y when jumping between multiple servers. #50031
  • Reduced Auth memory consumption when agents join using the azure join method. #49998
  • Our OSS OS packages (rpm, deb, etc) now have up-to-date metadata. #49962
  • tsh correctly respects the --no-allow-passwordless flag. #49933
  • The web session authorization dialog in Teleport Connect is now a dedicated tab, which properly shows a re-login dialog when the local session is expired. #49931
  • Added an interactive mode for tctl auth rotate. #49896
  • Fixed a panic when the auth server does not provide a license expiry. #49876

Enterprise:

  • Fixed a panic occurring during SCIM push operations when resource.metadata is empty. #5654
  • Improved "IP mismatch" audit entries for device trust web. #5642
  • Fixed assigning suggested reviewers in the edge case when the user already has access to the requested resources. #5629

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.4.11

11 Dec 23:39
@camscale camscale
v16.4.11
ce79021
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.11

Description

  • Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). #50079
  • Fix tsh ssh -Y when jumping between multiple servers. #50032
  • Fixed an issue preventing default shell assignment for host users. #50003
  • Reduce Auth memory consumption when agents join using the azure join method. #49999
  • Our OSS OS packages (rpm, deb, etc) now have up-to-date metadata. #49963
  • Tsh correctly respects the --no-allow-passwordless flag. #49934
  • The web session authorization dialog in Teleport Connect is now a dedicated tab, which properly shows a re-login dialog when the local session is expired. #49932
  • Prevent a panic if the Auth Service does not provide a license expiry. #49877

Enterprise:

  • Improved "IP mismatch" audit entries for device trust web.
  • Fixed assigning suggested reviewers in the edge case when the user already has access to the requested resources.
  • Users can now see a list of their enrolled devices on their Account page.
  • Jamf Service sync audit events are attributed to "Jamf Service".
  • Added license updater service.
  • Fixed a bug where Access Lists imported from Microsoft Entra ID fail to be created if their display names include special characters.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.24

12 Dec 00:05
@camscale camscale
v15.4.24
23330db
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.24

Description

  • Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). #50080
  • Fix tsh ssh -Y when jumping between multiple servers. #50034
  • Reduce Auth memory consumption when agents join using the azure join method. #50000
  • Tsh correctly respects the --no-allow-passwordless flag. #49935
  • Client tools {tctl,tsh} auto-updates controlled by cluster configuration. #48648

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.4

06 Dec 02:54
@camscale camscale
v17.0.4
627fdd5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.4

Description

  • Fixed a bug introduced in 17.0.3 breaking in-cluster joining on some Kubernetes clusters. #49841
  • SSH or Kubernetes information included for audit log list for start session events. #49832
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49768
  • Updated Go to 1.23.4. #49758
  • Fixed re-rendering bug when filtering Unified Resources. #49744

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 15.4.23

06 Dec 03:35
@camscale camscale
v15.4.23
5f57fde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.23

Description

  • Fixed a bug breaking in-cluster joining on some Kubernetes clusters. #49843
  • SSH or Kubernetes information is now included for audit log list for start session events. #49834
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49770
  • Updated Go to 1.22.10. #49760
  • Added ability to configure resource labels in teleport-cluster's operator sub-chart. #49649
  • Fixed proxy peering listener not using the exact address specified in peer_listen_addr. #49591
  • Kubernetes in-cluster joining now also accepts tokens whose audience is the Teleport cluster name (before it only allowed the default Kubernetes audience). Kubernetes JWKS joining is unchanged and still requires tokens with the cluster name in the audience. #49558
  • Restore interactive PAM authentication functionality when use_pam_auth is applied. #49520
  • Increase CockroachDB setup timeout from 5 to 30 seconds. This mitigates the Auth Service not being able to configure TTL on slow CockroachDB event backends. #49471
  • Fixed a potential panic in login rule and SAML IdP expression parser. #49432
  • Support for long-running kube exec/port-forward, respect client_idle_timeout config. #49430
  • Fixed a permissions error with Postgres database user auto-provisioning that occurs when the database admin is not a superuser and the database is upgraded to Postgres v16 or higher. #49391
  • Fixed missing user participants in session recordings listing for non-interactive Kubernetes recordings. #49345
  • Fixed an issue where teleport park processes could be leaked causing runaway resource usage. #49262
  • The tsh puttyconfig command now disables GSSAPI auth settings to avoid a "Not Responding" condition in PuTTY. #49191
  • Allow Azure VMs to join from a different subscription than their managed identity. #49158
  • Fixed an issue loading the license file when Teleport is started without a configuration file. #49148
  • Fixed a bug in the teleport-cluster Helm chart that can cause token mount to fail when using ArgoCD. #49070
  • Fixed an issue resulting in excess cpu usage and connection resets when teleport-event-handler is under moderate to high load. #49035
  • Fixed OpenSSH remote port forwarding not working for localhost. #49021
  • Allow to override Teleport license secret name when using teleport-cluster Helm chart. #48980
  • Fixed users not being able to connect to SQL server instances with PKINIT integration when the cluster is configured with different CAs for database access. #48925
  • Ensure that agentless server information is provided in all audit events. #48835
  • Fixed an issue preventing migration of unmanaged users to Teleport host users when including teleport-keep in a role's host_groups. #48456
  • Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it. #47953

Enterprise:

  • Jamf Service sync audit events are attributed to "Jamf Service".

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 16.4.10

06 Dec 01:15
@camscale camscale
v16.4.10
7bf1e95
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.10

Description

  • Fixed a bug introduced in v16.4.9 breaking in-cluster joining on some Kubernetes clusters. #49842
  • SSH or Kubernetes information included for audit log list for start session events. #49833
  • Avoid tight web session renewals for sessions with short TTL (between 3m and 30s). #49769
  • Updated Go to 1.22.10. #49759
  • Added support for hardware keys in Teleport Connect. #49701
  • Client tools {tctl,tsh} auto-updates controlled by cluster configuration. #48645

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.0.3

04 Dec 01:11
@doggydogworld doggydogworld
v17.0.3
1bcff22
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.0.3

Description

  • Restore ability to disable multi-factor authentication for local users. #49692
  • Bumping one of our dependencies to a more secure version to address CVE-2024-53259. #49662
  • Add ability to configure resource labels in teleport-cluster's operator sub-chart. #49647
  • Fixed proxy peering listener not using the exact address specified in peer_listen_addr. #49589
  • Teleport Connect now shows whether it is being used on a trusted device or if enrollment is required for full access. #49577
  • Kubernetes in-cluster joining now also accepts tokens whose audience is the Teleport cluster name (before it only allowed the default Kubernetes audience). Kubernetes JWKS joining is unchanged and still requires tokens with the cluster name in the audience. #49556
  • Session recording playback in the web UI is now searchable. #49506
  • Fixed an incorrect warning indicating that tsh v17.0.2 was incompatible with cluster v17.0.1, despite full compatibility. #49491
  • Increase CockroachDB setup timeout from 5 to 30 seconds. This mitigates the Auth Service not being able to configure TTL on slow CockroachDB event backends. #49469
  • Fixed a potential panic in login rule and SAML IdP expression parser. #49429
  • Support for long-running kube exec/port-forward, respect client_idle_timeout config. #49421
  • Fixed a permissions error with Postgres database user auto-provisioning that occurs when the database admin is not a superuser and the database is upgraded to Postgres v16 or higher. #49390

Enterprise:

  • Jamf Service sync audit events are attributed to "Jamf Service".
  • Users can now see a list of their enrolled devices on their Account page.
  • Add support for Entra ID groups being members of other groups using Nested Access Lists.
  • Added support for requiring reason for Access Requests (with a new role.spec.allow.request.reason.mode setting).

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading