Skip to content

Releases: gravitational/teleport

Teleport 18.7.2

06 Mar 21:36
@doggydogworld doggydogworld
v18.7.2
b317fe8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.2 Latest
Latest

Description

  • Added TeleportAccessMonitoringRuleV1 support to the Teleport Kubernetes operator. #64368
  • Added update scoped token support to tctl and update upsert scoped token rpc to not require status. #64345
  • Improved performance and reduced resource usage of the database proxy for clusters with large numbers of registered databases. #64311
  • Added more helpful messages to ssm.run events when there's a failure in discovering EC2 instances. #64273
  • Fixed a bug that could cause desktop connection errors during proxy upgrades for some cluster configurations. #64258
  • Fixed an issue where the UI would display a white screen and no error when an error occurred. #64246
  • Improve the layout of the web UI's message of the day. #64213
  • Fixed an issue where VNet on Windows could fail to start after an update with the error: The specified service does not exist as an installed service.. #64206
  • Fixed a bug where audit events could be created forever for an expired access request. #64180
  • Add scoped tokens to tctl resource commands. #64040
  • Fixed correct reporting of server discovery enrollment failures when the Proxy is not accessible from the target server. #64007
  • Fixed an issue that caused Discovery Service to stop working for Discovery Configs, also affecting AWS OIDC resource enrollments created from the UI. #63970
  • Added support for session summarizer resources to the Kubernetes operator. #63884

Enterprise:

  • Fixed an error log and a memory leak when manually deleting an okta_assignment resource.
  • Fixed a potential panic in Auth service when getting a non-existing plugin without list permissions.
  • Prevented membership modifications for Access Lists synchronized from Entra ID.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.7.20

06 Mar 23:09
@doggydogworld doggydogworld
v17.7.20
2797910
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.20

Description

  • Fix a bug where audit events could be created forever for an expired access request. #64355
  • Fixed an issue where the UI would display a white screen and no error when an error occurred. #64245
  • Fixed a bug that could cause desktop connection errors during proxy upgrades for some cluster configurations. #64224
  • Improve the layout of the web UI's message of the day. #64212
  • Fixed an issue where VNet on Windows could fail to start after an update with the error: The specified service does not exist as an installed service.. #64207
  • Fixed db session page refresh redirecting to empty page. #63988
  • Fixed out of sequent audit logs rendering in ui for same timestamp logs. #63819
  • Fixed tsh kubectl failing when kubectl flags appear before positional arguments (e.g., tsh kubectl -n default get pod). #63808
  • Added tctl recordings download command to download session recordings to local files without requiring direct access to the storage backend. #63727
  • Fixed a bug that could cause Windows desktops discovered via LDAP to be removed in error. #62472

Enterprise:

  • Fix an error log and a memory leak when manually deleting an okta_assignment resource.
  • Fix a potential panic in Auth service when getting a non-existing plugin without list permissions.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.7.1

25 Feb 16:40
@aadc-dev aadc-dev
v18.7.1
166d439
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.1

Description

  • Fixed web app access in leaf clusters when VNet is enabled. #63993
  • Fixed an issue where desktop session recordings would show a white screen instead of the recording player, and fixed an issue where if a session's metadata failed to load and the session had a summary it didn't display the summary. #63982
  • Fixed db session page refresh redirecting to empty page. #63938
  • Improved the performance of tsh and tctl when the profile directory is on a remote filesystem (NFS, SMB, etc.). #63937
  • Added platform information to ssm.run events when auto discovering EC2 instances. #63925
  • Added server side secret obfuscating for GetScopedTokens rpc and added UpsertScopedToken rpc. #63902

Enterprise:

  • Clarified MS Teams enrollment configuration values.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.7.0

17 Feb 23:03
@mjsmithnh mjsmithnh
v18.7.0
This tag was signed with the committer’s verified signature.
mjsmithnh Matt Smith
SSH Key Fingerprint: k063nd9uhyHXLXwa+ccoCcVh0PqPinXMMjebsu4kOHk
Verified
Learn about vigilant mode.
433b913
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.0

Description

Session timeline view for Identity Security

Session player for Identity Security users received an enhanced timeline view with
per-command session breakdown.

Organization-level auto-discovery for AWS EC2 instances

AWS auto-discovery supports EC2 instance enrollment from all or a subset of accounts
of an AWS organization without having to configure per-account discovery.

Organization-level discovery for other resources within AWS (RDS, EKS) as well as other
for cloud providers will follow in future releases.

Terraform-native flow for configuration of AWS EC2 auto-discovery

Teleport provides in-product UX for configuring EC2 auto-discovery in a single AWS
account using terraform module.

Static labels for auto-discovered Windows desktops

Teleport can now be configured to apply a set of static labels to Windows
desktops that it discovers via LDAP. This is an alternative to setting labels
based on the value of LDAP attributes.

Access requests privilege escalation UX for AWS

Teleport users are now able to see specific IAM roles available to them when requesting
elevated access to AWS CLI/console. Future releases will extend support for specific
principal selection to access requests for other resource types as well.

Entra ID integration status page

Teleport users are now able to see status of the configured Entra ID integration in the
web UI.

Inventory UI

Teleport's web UI now includes a new page showing the complete inventory of all instances
and bots connected to the cluster.

Managed Updates UI

Teleport's web UI now includes new functionality for working with managed updates.
The UI offers the ability to view and manage the updater configuration as well
as monitor the progress of update rollouts.

Split Windows CA

Teleport now introduces a new Windows CA responsible for issuing user certificates for
Windows Desktop access. Currently the User CA issues those certificates, as they are end-user certs.
Splitting the CAs improves Teleport's security posture by introducing a more specialized CA
and allows both CAs to be rotated independently.

Other fixes and improvements

  • Fixed tsh kubectl failing when kubectl flags appear before positional arguments (e.g., tsh kubectl -n default get pod). #63807
  • The tsh status command can now be executed in client-only mode with --client. This skips all server-side operations. #63786
  • Improved tracing support via tsh --trace kubectl. #63762
  • Added tctl recordings download command to download session recordings to local files without requiring direct access to the storage backend. #63726
  • MWI: Add new tbot start no-op helper that starts no services. #63666
  • Improved performance and user experience of teleport backend clone. #63635
  • Fixed out of sequent audit logs rendering in ui for same timestamp logs. #63613
  • Added the Windows CA, used to issue Windows Desktop Access user certificates. The Windows CA is initially created as a copy of the User CA, so existing trust relationships are maintained. You may rotate either CA in order to create distinct key material (make sure to consult the Certificate Authority Rotation guide before performing a CA rotation). The Windows CA is a top-level CA entity, so it is reflected in all commands that operate on CAs. Updating both command-line tools and Windows Desktop agents is recommended. #63547
  • Added support for summarizer resources to the Teleport Terraform provider. #63534
  • Add Managed Updates dashboard to the WebUI. #63310
  • Fixed a bug that could cause Windows desktops discovered via LDAP to be removed in error. #62471
  • Fixed an issue that could cause failed Active Directory user lookups to cache the error rather than retry. #62471
  • Ensure that discovered Windows desktops don't expire when a large discovery interval is configured. #62471
  • Each Windows desktop discovery_config can now include a set of static labels to apply to discovered hosts. #62452
  • Added support for discovering EC2 instances in all the accounts under an AWS Organization. #62302
  • Added support for EC2 instances to join based on their AWS Organization. #62302

Enterprise:

  • Updated Entra ID plugin UI to support Access List owners source configuration.
  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.
  • Added plugin status page for Teleport Entra ID integration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.6.8

10 Feb 23:21
@doggydogworld doggydogworld
v18.6.8
9a94677
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.6.8

Description

  • Added --exec-cmd and --exec-arg flags to tsh proxy kube to allow launching custom commands like k9s directly without requiring environment variable workarounds. #63066

Enterprise:

  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.19

11 Feb 00:14
@doggydogworld doggydogworld
v17.7.19
265ff01
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.19

Description

Enterprise:

  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.6.7

09 Feb 22:54
@doggydogworld doggydogworld
v18.6.7
0a2200f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.6.7

Description

  • Revised help messages for event handler CLI commands. #63620
  • Fixed tsh ssh user@foo=bar uptime from running serially if users did not have role:read permissions. #63612
  • The minimum version of macOS required to run Teleport or associated client tools is now macOS 12 (Monterey). #63587
  • The minimal macOS version required by Teleport Connect is now macOS 12. #63569
  • Fixed bug where event handler would throw an error on Athena backend when handling large events. #63550
  • Updated Go to 1.25.7. #63539
  • Fixed an issue where a role requiring a trusted device could incorrectly block access to all applications. #63527
  • Fixed bug where event handler would get stuck on DynamoDB backend when handling large events. #63526
  • Updated tsh/Linux to correctly capture the OS login user for device trust. #63452
  • Fixed a server error when rejecting a headless authentication request in the Web UI. #63431
  • Added opt-in support to use cert-manager certificates for teleport-plugin-event-handler helm chart. #63420
  • Modified tbot helm chart with default token value to simplify deployment. #63360
  • Improved GitHub + Kubernetes guide experience. #63185
  • Fixed teleport join openssh on recent versions of Ubuntu. #63040

Enterprise:

  • Extend Access Monitoring feature to Teleport Cloud customers using External Audit Storage.
  • Added recording and validation for the fixed OS login user values from tsh.
  • Mitigated a race in the Slack token refresh logic.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.18

10 Feb 04:52
@doggydogworld doggydogworld
v17.7.18
61b7c02
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.18

Description

Skipped 17.7.17 due to a build pipeline issue.

  • Revised help messages for event handler CLI commands. #63642
  • Fixed tsh ssh user@foo=bar uptime from running serially if users did not have role:read permissions. #63611
  • The minimum version of macOS required to run Teleport or associated client tools is now macOS 12 (Monterey). #63588
  • The minimal macOS version required by Teleport Connect is now macOS 12. #63570
  • Fixed bug where event handler would get stuck on DynamoDB backend when handling large events. #63562
  • Updated Go to 1.25.7. #63561
  • Fixed bug where event handler would throw an error on Athena backend when handling large events. #63551
  • Fixed an issue where a role requiring a trusted device could incorrectly block access to all applications. #63528
  • Updated tsh/Linux to correctly capture the OS login user for device trust. #63453
  • Fixed a server error when rejecting a headless authentication request in the Web UI. #63432
  • Fixed tsh/Linux sending a too-large username for device trust. #63388
  • Fixed teleport join openssh on recent versions of Ubuntu. #63042
  • Fix an issue in the Teleport SSH Service where interactive PAM Auth modules always fail when trying to run exec sessions with tty allocated. e.g. tsh ssh --tty <node> ls. #62065

Enterprise:

  • Extend Access Monitoring feature to Teleport Cloud customers using External Audit Storage.
  • Added recording and validation for the fixed OS login user values from tsh.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.6.6

03 Feb 06:30
@camscale camscale
v18.6.6
6750243
This commit was signed with the committer’s verified signature.
aadc-dev Angel Dionisio
SSH Key Fingerprint: jY4y60vmj4+3cRs/6JKlm9J6fIg+zjntdtY7y9yXTA8
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.6.6

Description

  • Fixed tsh/Linux sending a too-large username for device trust. #63387
  • Fixed an issue where MCP JSON-RPC messages with mixed-case field names could be parsed inconsistently and re-serialized to lower cases. Teleport now enforces canonical lowercase JSON-RPC fields. #63364
  • Improved robustness of the Slack hosted plugin to reduce the likeliness of failed token refresh when experiencing external disruption. #63344
  • Fixed a bug affecting access list review queries for lists where the name is a prefix of another list name. #63337
  • Updated the OCI SDK to support new regions. #63265
  • Ensure application session rejections for untrusted devices are consistently audited as AppSessionStart failures after MFA. #63149
  • Added Helm chart support to the teleport-event-handler configure command. #63147
  • Added tctl support for removing okta_assignment internal resource should it be needed. #62698

Enterprise:

  • Prevented manual membership changes to SCIM-type access lists while enabling support for their reviews.
  • Fixed the issue where Okta integration may not remove previously synced apps after plugin restart.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.16

03 Feb 00:20
@aadc-dev aadc-dev
v17.7.16
323893d
This commit was signed with the committer’s verified signature.
aadc-dev Angel Dionisio
SSH Key Fingerprint: jY4y60vmj4+3cRs/6JKlm9J6fIg+zjntdtY7y9yXTA8
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.16

Description

  • Improved robustness of the Slack hosted plugin to reduce the likeliness of failed token refresh when experiencing external disruption. #63347
  • Ensure application session rejections for untrusted devices are consistently audited as AppSessionStart failures after MFA. #63260
  • Fixed a CredentialContainer error when attempting to log in to the Web UI with a hardware key using Firefox >=147.0.2. #63246
  • Updated OpenSSL to 3.0.19. #63203

Enterprise:

  • Mitigated a race in the Slack token refresh logic.
  • Fixe the issue where Okta integration may not remove previously synced apps after plugin restart.
  • Added support for multi-arch lock file population for the terraform provider.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading