github gravitational/teleport v13.4.14
Teleport 13.4.14
on GitHub

latest releases: v18.0.0-dev.vapopov.3, api/v18.0.0-dev.vapopov.3, v15.4.22...
10 months ago

Description

This release of Teleport contains multiple security fixes, improvements and bug fixes.

Security fixes

  • Teleport Proxy now restricts SFTP for normal users as described under Advisory GHSA-c9v7-wmwj-vf6x #36139
  • Fixed an issue that would allow for SSRF via Teleport's reverse tunnel subsystem. Documented under the advisory
    GHSA-hw4x-mcx5-9q36 #36131
  • On macOS, Teleport filters the environment to prevent code execution via DYLD_ variables. Documented under GHSA-vfxf-76hv-v4w4 #36135
  • A fix was applied to Access Lists to prevent possible privilege escalation of list owners. Documented under GHSA-76cc-p55w-63g3

Other Fixes & Improvements

  • Fixed an issue that would prevent websocket upgrades from completing #36089
  • Added support for the IAM join method in ca-west-1 #36050
  • Improved the formatting of access list notifications in tsh #36045
  • Update jose2go to version 1.5.1-0.20231206184617-48ba0b76bc88 #35985
  • Fix data race in HeartbeatV2 around .Spec.CloudMetadata (#35912) #35924
  • Changed the minimal supported macOS version of Teleport Connect to 10.15 (Catalina) #35888
  • Improved teleport agent performance when handling a large number of TCP forwarding requests #35886
  • Bump golang.org/x/crypto to v0.17.0, which addresses the Terrapin vulnerability (CVE-2023-48795) #35878
  • Include the lock expiration time in lock.create audit events #35875
  • Fixed PIV not being available on Windows tsh binaries #35865
  • Re-add PIV to amd64 centos7 release builds #35853
  • Stop users from deleting their last passwordless device #35856
  • The teleport-kube-agent chart now supports passing extra arguments to the updater #35832
  • Ensure expiration of Webauthn sessions #35789
  • Fixed session upload audit events sometimes containing an incorrect URL for the session recording #35778
  • Return the correct errors to users when an MFA ceremony fails #35751
  • Prevent attempts to join a nonexistent SSH session from hanging forever #35744

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes, security-patch-alts=v13.4.13

Check out latest releases or
releases around gravitational/teleport v13.4.14

Don't miss a new teleport release

NewReleases is sending notifications on new releases.

Get notifications