Description
This release of Teleport contains multiple security fixes, improvements and bug fixes.
Security fixes
- Teleport Proxy now restricts SFTP for normal users as described under Advisory GHSA-c9v7-wmwj-vf6x #36139
- Fixed an issue that would allow for SSRF via Teleport's reverse tunnel subsystem. Documented under the advisory
GHSA-hw4x-mcx5-9q36 #36131 - On macOS, Teleport filters the environment to prevent code execution via
DYLD_variables. Documented under GHSA-vfxf-76hv-v4w4 #36135
Other Fixes & Improvements
- Fixed an issue that would prevent websocket upgrades from completing #36090
- Added support for the IAM join method in ca-west-1 #36051
- Update
jose2goto version 1.5.1-0.20231206184617-48ba0b76bc88 #35984 - Changed the minimal supported macOS version of Teleport Connect to 10.15 (Catalina) #35889
- Bump golang.org/x/crypto to v0.17.0, which addresses the Terrapin vulnerability (CVE-2023-48795) #35877
- Include the lock expiration time in
lock.createaudit events #35876 - Include the lock expiration time in
lock.createaudit events #35864 - Prevent users from deleting their last passwordless device #35857
- Ensure expiration of Webauthn sessions #35790
- Fixed session upload audit events sometimes containing an incorrect URL for the session recording #35779
- Return the correct errors to users when an MFA ceremony fails #35752
- Prevent attempts to join a nonexistent SSH session from hanging forever #35745
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes, security-patch-alts=v12.4.31