github gravitational/teleport v14.3.0
Teleport 14.3.0
on GitHub

latest releases: v18.0.0-dev.vapopov.3, api/v18.0.0-dev.vapopov.3, v15.4.22...
10 months ago

Description

This release of Teleport contains multiple security fixes, improvements and bug fixes.

Security fixes

  • Teleport Proxy now restricts SFTP for normal users as described under Advisory GHSA-c9v7-wmwj-vf6x #36139
  • Fixed an issue that would allow for SSRF via Teleport's reverse tunnel subsystem. Documented under the advisory
    GHSA-hw4x-mcx5-9q36 #36131
  • On macOS, Teleport filters the environment to prevent code execution via DYLD_ variables. Documented under GHSA-vfxf-76hv-v4w4 #36135
  • A fix was applied to Access Lists to prevent possible privilege escalation of list owners. Documented under GHSA-76cc-p55w-63g3

Other Fixes & Improvements

  • Added the ability to promote an access request to an access list in Teleport Connect
  • Fixed an issue that would prevent websocket upgrades from completing. #36088
  • Enhanced the audit events related to Teleport's SAML IdP #36087
  • Added support for STS session tags in the database configuration for granular DynamoDB access. #36064
  • Added support for the IAM join method in ca-west-1. #36049
  • Improved the formatting of access list notifications in tsh. #36046
  • Fixed downgrade logic of KubernetesResources to Role v6 #36009
  • Fixed potential panic during early phases of SSH service lifetime #35923
  • Added a tsh latency command to monitor ssh connection latency in realtime #35916
  • Support GitHub joining from Enterprise accounts with include_enterprise_slug enabled. #35900
  • Added vpc-id as a label to auto-discovered RDS databases #35890
  • Improved teleport agent performance when handling a large number of TCP forwarding requests. #35887
  • Bump golang.org/x/crypto to v0.17.0, which addresses the Terrapin vulnerability (CVE-2023-48795) #35879
  • Include the lock expiration time in lock.create audit events #35874
  • Add custom attribute mapping to the saml_idp_service_provider spec. #35873
  • Fixed PIV not being available on Windows tsh binaries #35866
  • Restored direct dial SSH server compatibility with certain SSH tools such as ssh-keyscan (#35647) #35859
  • Prevent users from deleting their last passwordless device #35855
  • the teleport-kube-agent chart now supports passing extra arguments to the updater. #35831
  • New access lists with an unspecified NextAuditDate now pick a new date instead of being rejected #35830
  • Changed the minimal supported macOS version of Teleport Connect to 10.15 (Catalina) #35819
  • Add non-AD desktops to Enroll New Resource #35797
  • Fixed a bug in teleport-kube-agent chart when using both appResources and the discovery role. #35783
  • Fixed session upload audit events sometimes containing an incorrect URL for the session recording. #35777
  • Prevent tsh from re-authenticating if the MFA ceremony fails during tsh ssh #35750
  • Prevent attempts to join a nonexistent SSH session from hanging forever #35743
  • Improved Windows hosts registration with a new static_hosts configuration field #35742
  • Fixed the sorting of name and description columns for user groups when creating an access request #35729

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

labels: security-patch=yes, security-patch-alts=v14.2.4

Check out latest releases or
releases around gravitational/teleport v14.3.0

Don't miss a new teleport release

NewReleases is sending notifications on new releases.

Get notifications