gravitational/teleport v15.4.6

Teleport 15.4.6

on GitHub

Description

This release of Teleport contains a fix for a medium-level security issue impacting Teleport Enterprise, as well as various other updates and improvements

Security Fixes

[Medium] Fixes issue where a SCIM client could potentially overwrite. Teleport system Roles using specially crafted groups. This issue impacts Teleport Enterprise deployments using the Okta integration with SCIM support enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

Other updates and improvements

• Fixed Discover setup access error when updating user. #43561
• Updated Go toolchain to 1.22. #43550
• Fixed remote port forwarding validation error. #43517
• Added support to trust system CAs for self-hosted databases. #43500
• Added error display in the Web UI for SSH and Kubernetes sessions. #43491
• Update go-retryablehttp to v0.7.7 (fixes CVE-2024-6104). #43475
• Fixed accurate inventory reporting of the updater after it is removed.. #43453
• tctl alerts ls now displays remaining alert ttl. #43435
• Fixed input search for Teleport Connect's access request listing. #43430
• Added Debug setting for event-handler. #43409
• Fixed Headless auth for sso users, including when local auth is disabled. #43362
• Added configuration for custom CAs in the event-handler helm chart. #43341
• Fixed an issue with Database Access Controls preventing users from making additional database connections depending on their permissions. #43302
• Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". #43288

Enterprise only updates and improvements

• The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack (Linux amd64)
• Mattermost (Linux amd64)
• Discord (Linux amd64)
• Terraform Provider (Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal)
• Event Handler (Linux amd64 | macOS amd64)
• PagerDuty (Linux amd64)
• Jira (Linux amd64)
• Email (Linux amd64)
• Microsoft Teams (Linux amd64)

--
labels: security-patch=yes