Description
This release of Teleport contains multiple security fixes, improvements and bug fixes.
Security fixes
- Fixed issue with malicious SQL Server packet being able to cause proxy crash. #21638
- Fixed issue with session terminated after a short delay instead of being immediately paused when moderator leaves. #21974
Other improvements and bug fixes
- Fixed issue with orphaned child processes after session ends. #22222
- Fixed issue with not being able to see any pods with an active access request. #22196
- Fixed issue with remote cluster state not always being correctly updated. #22088
- Fixed heartbeat errors from database service. #22087
- Fixed issue with applications temporarily disappearing during app service restart. #21807
- Fixed issue with some Helm values being accidentally shared between auth and proxy configs. #21768
- Fixed issues with desktop access flow in Access Management interface. #21756
- Fixed "access denied" errors in Teleport Connect on Windows. #21720
- Fixed issue with database GUI client connections requiring random taps when per-session MFA is enabled. #21661
- Fixed issue with moderated sessions not working on leaf clusters. #21612
- Fixed issue with missing
--request-id
flag in UI for Kubernetes login instructions. #21445 - Fixed issue connecting to AWS resources when using full IAM role ARNs. #21251
- Fixed issue with
local_auth: false
setting being ignored without explicitly settingauthentication_type
. #22215 - Added
tctl
resource commands for Device Trust. #22157 - Added support for assuming roles in
tsh proxy aws
. #21990 - Added early feedback for successful security key taps in
tsh
. #21780 - Added device lock support. #21751
- Added suppport for security contexts in
teleport-kube-agent
Helm chart. #21535 - Updated
tsh version
command to display client version only via--client
flag. #22167 - Updated install script to use enterprise packages for enterprise clusters. #22109
- Updated install script to use deb/rpm repositories. #22108
- Updated proxy init container in Helm charts to use security context. #22064
- Updated
tsh
to include timestamps with debug logs. #21996 - Updated AWS access to fetch credentials with TTL matching user's certificate TTL. #21994
- Updated Go toolchain to
1.20.1
. #21931 - Updated
tsh kube login --all
to not require cluster name. #21765 - Updated
teleport db configure create
command to support more use-cases. #21690 - Improved performance in large clusters with etcd backend. #21905, #21496
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes