Teleport 14.3.23
Description
- Updated Go toolchain to
1.22.6
. #45196 - Teleport Connect now sets
TERM_PROGRAM: Teleport_Connect
andTERM_PROGRAM_VERSION: <app_version>
environment variables in the integrated terminal. #45065 - Fixed race condition between session recording uploads and session recording upload cleanup. #44980
- Prevent Kubernetes per-Resource RBAC from blocking access to namespaces when denying access to a single resource kind in every namespace. #44976
- Improved stability of very large teleport clusters during temporary backend disruption/degradation. #44696
- Fixed Application Access regression where an HTTP header wasn't set in forwarded requests. #44630
- Use the registered port of the target host when
tsh puttyconfig
is invoked without--port
. #44574 - Fixed Teleport Connect binaries not being signed correctly. #44473
- Fixed terminal sessions with a database CLI client in Teleport Connect hanging indefinitely if the client cannot be found. #44467
- Fixed a low-probability panic in audit event upload logic. #44423
- Prevented DoSing the cluster during a mass failed join event by agents. #44416
- Added audit events for AWS and Azure integration resource actions. #44405
- Prevented an infinite loop in DynamoDB event querying by advancing the cursor to the next day when the limit is reached at the end of a day with an empty iterator. This ensures the cursor does not reset to the beginning of the day. #44273
- Fixed a
kube-agent-updater
bug affecting resolutions of private images. #44193 - Prevented redirects to arbitrary URLs when launching an app. #44190
- The
teleport-cluster
chart can now use existing ingresses instead of creating its own. #44148 - Ensured that
tsh login
outputs accurate status information for the new session. #44145 - Fixes "device trust mode x requires Teleport Enterprise" errors on
tctl
. #44136 - Honor proxy templates in
tsh ssh
. #44031 - Fix eBPF error occurring during startup on Linux RHEL 9. #44025
- Fixed Redshift auto-user deactivation/deletion failure that occurs when a user is created or deleted and another user is deactivated concurrently. #43984
- Lowered latency of detecting Kubernetes cluster becoming online. #43969
- Teleport AMIs now optionally source environment variables from
/etc/default/teleport
as regular Teleport package installations do. #43960 - Fixed
teleport-kube-agent
Helm chart to correctly propagateextraLabels
to post-delete hooks. A newextraLabels.job
object has been added for labels which should only apply to the post-delete job. #43933 - Added audit events for discovery config actions. #43795
- Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. #43651
- Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of
cluster.local
. #43633 - Wait for user MFA input when reissuing expired certificates for a kube proxy. #43614
- Display errors in the web UI console for SSH sessions. #43492
- Updated
go-retryablehttp
tov0.7.7
(fixesCVE-2024-6104
). #43476 - Fixed an issue preventing accurate inventory reporting of the updater after it is removed. #43452
- Remaining alert TTL is now displayed with
tctl alerts ls
. #43434 - Fixed headless auth for SSO users, including when local auth is disabled. #43363
- Fixed an issue with incorrect yum/zypper updater packages being installed. #4686
- Fixed inaccurately notifying user that access list reviews are due in the web UI. #4523
- The Teleport updater will no longer default to using the global version channel, avoiding incompatible updates. #4475
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.