This release of Teleport contains multiple improvements and bug fixes.
Machine ID GitHub Actions
In addition, we're happy to announce a set of GitHub Actions that you can use in your workflows to assist with accessing Teleport Resources in your CI/CD pipelines.
Visit the individual repositories to find out more and see usage examples:
- https://github.com/teleport-actions/setup
- https://github.com/teleport-actions/auth
- https://github.com/teleport-actions/auth-k8s
For a more in-depth guide, see our refreshed documentation for using Teleport with GitHub Actions at https://goteleport.com/docs/machine-id/guides/github-actions/
Secure certificate mapping for Desktop Access
Later this year, Windows will begin requiring a stronger mapping from a certificate to an Active Directory user. In anticipation of this change, Teleport 11.2.0 is compliant with the new requirements.
Warning: This feature requires that Teleport's own service account also uses a strong mapping. In order to support this requirement, you must now set a new Security Identifier (sid
) field in the LDAP configuration for your Windows Desktop Services. You can find the SID for your service account by running the following PowerShell snippet (replace svc-teleport
with the name of the service account you are using):
Get-AdUser -Identity svc-teleport | Select SID
Other improvements and bugfixes
- Added an improved database joining flow in the web UI #1487
- Added support for secure certificate mapping for Windows desktop certificates #19737
- Fixed an issue with desktop directory sharing where large files could be corrupted #1472
- Fixed an issue where Desktop Access users may see a an error after ending a session #1470
- Fixed an issue preventing database agents from joining due to improperly formatted YAML #19958
- Updated the web UI to use session storage instead of local storage for Teleport's bearer token #1470
- Added rate limiting to SAML/OIDC routes #19950
- Fixed an issue connecting to leaf cluster desktops via reverse tunnel #19945
- Fixed a backwards compability issue with Database Access in 11.1.4 #19940
- Fixed an issue where access requests for Kubernetes clusters used improperly cached credentials #19912
- Added support for CentOS 7 in ARM64 builds #19895
- Added rate limiting to unauthenticated routes #19869
- Add suggested reviewers and requestable roles to Teleport Connect access requests #19846
- Fixed an issue listing all nodes with
tsh
#19821 - Made
gcp.credentialSecretName
optional in the Teleport Cluster Helm chart #19803 - Fixed an issue preventing audit events that exceed the maximum size limit from being logged #19736
- Fixed an issue preventing some users from being able to play desktop recordings #19709
- Added validation of AWS Account IDs when adding databases (#19638) #19702
- Added a new audit event for DynamoDB requests via Application Access #19667
- Added the ability to export
tsh
traces even when the Auth Server is not configured for tracing #19583 - Added support for linking Teleport Connect's embedded
tsh
binary for use outside of Teleport Connect #1488
Download
Download the current and previous releases of Teleport at https://goteleport.com/download/