Description
- Fixed a bug in the External Audit Storage bootstrap script that broke S3 bucket creation. #48179
- During the Set Up Access of the Enroll New Resource flows, Okta users will be asked to change the role instead of entering the principals and getting an error afterwards. #47959
- Fixed
teleport_connected_resourcemetric overshooting after keepalive errors. #47951 - Fixed an issue preventing connections with users whose configured home directories were inaccessible. #47918
- Auto-enroll may be locally disabled using the
TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1environment variable. #47718 - Alter ServiceAccounts in the teleport-cluster Helm chart to automatically disable mounting of service account tokens on newer Kubernetes distributions, helping satisfy security linters. #47701
- Avoid tsh auto-enroll escalation in machines without a TPM. #47697
- Postgres database session start events now include the Postgres backend PID for the session. #47645
- Fixes a bug where Let's Encrypt certificate renewal failed in AMI and HA deployments due to insufficient disk space caused by syncing audit logs. #47623
- Adds support for custom SQS consumer lock name and disabling a consumer. #47612
- Include host name instead of host uuid in error messages when SSH connections are prevented due to an invalid login. #47603
- Allow using a custom database for Firestore backends. #47585
- Extended Teleport Discovery Service to support resource discovery across all projects accessible by the service account. #47566
- Fixed a bug that could allow users to list active sessions even when prohibited by RBAC. #47562
- The
tctl tokens lscommand redacts secret join tokens by default. To include the token values, provide the new--with-secretsflag. #47547 - Fixed an issue with the Microsoft license negotiation for RDP sessions. #47544
- Fixed a bug where tsh logout failed to parse flags passed with spaces. #47461
- Added kubeconfig context name to the output table of
tsh proxy kubecommand for enhanced clarity. #47381 - Improve error messaging when connections to offline agents are attempted. #47363
- Teleport Connect for Linux now requires glibc 2.31 or later. #47264
- Updates self-hosted db discover flow to generate 2190h TTL certs, not 12h. #47128
Enterprise:
- Device auto-enroll failures are now recorded in the audit log.
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.
- Slack Linux amd64 | Linux arm64
- Mattermost Linux amd64 | Linux arm64
- Discord Linux amd64 | Linux arm64
- Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
- Event Handler Linux amd64 | Linux arm64 | macOS amd64
- PagerDuty Linux amd64 | Linux arm64
- Jira Linux amd64 | Linux arm64
- Email Linux amd64 | Linux arm64
- Microsoft Teams Linux amd64 | Linux arm64