github gravitational/teleport v13.4.4
Teleport 13.4.4
on GitHub

latest releases: v17.0.0-beta.2, v16.4.6-dev.forrest.1, api/v16.4.6-dev.forrest.1...
13 months ago

Description

  • Prevented remote proxies from impersonating users from different clusters. #33540
  • Web SSH sessions are terminated right away when a user closes the tab. #33532
  • Added the ability for bots to submit access request reviews. #33510
  • Added access review notifications when logging in via tsh or running tsh status. #33469
  • Added optional security group selection in AWS RDS Discovery flow. #33454
  • Added new "Identity Governance & Security" navigation section in web UI. #33425
  • Fixed access list audit log messages to properly include user names. #33384
  • Added notification icon to Web UI to show Access List review notifications. #33382
  • Fixed access lists to allow them to affect access request permissions. #33351
  • Added job to update the Teleport version for deployments in Amazon ECS used during RDS Enrollment. #33311
  • Added support for Windows AD root domain for PKI operations. #33276

Security fixes

  • Updated golang.org/x/net dependency. #33447
    • CVE-2023-44487: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack
  • Updated google.golang.org/grpc to v1.57.1. #33488
    • CVE-2023-44487: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack
  • Updated OpenTelemetry dependency. #33551
  • CVE-2023-45142: OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
  • Updated Go library dependencies. #33527
    • CVE-2022-28948: gopkg.in/yaml.v3 Denial of Service
    • CVE-2023-33199: malformed proposed intoto entries can cause a panic
    • CVE-2023-30551: Rekor's compressed archives can result in OOM conditions
    • CVE-2023-28119: crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
  • Updated JS library dependencies. #33452
    • CVE-2022-25883: semver vulnerable to Regular Expression Denial of Service
    • CVE-2023-26115: word-wrap vulnerable to Regular Expression Denial of Service
  • Updated babel/core to 7.3.2. #33442
    • CVE-2023-45133: Arbitrary code execution when compiling specifically crafted malicious code

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes

Check out latest releases or
releases around gravitational/teleport v13.4.4

Don't miss a new teleport release

NewReleases is sending notifications on new releases.

Get notifications