Description
Security fixes
This release also includes fixes for the following security issues:
[Critical] Remote authentication bypass
- Removed special handling for
*ssh.Certificateauthorities in theIsHostAuthorityandIsUserAuthoritycallbacks used byx/crypto/ssh.CertChecker. #56254
Resolved an issue that allowed remote SSH authentication bypass on servers with Teleport SSH agents, OpenSSH-integrated deployments and Teleport Git proxy deployments. CVE-2025-49825. Refer to the RCA for the full details.
Other fixes and improvements
- Updated WindowsDesktop and WindowsDesktopService APIs to use pagination to avoid exceeding message size limitations. #56237
- Fixed duplicated entries in
tctl inventory listwhen using DynamoDB as cluster state storage. #56184 - Fixed an issue that could prevent Windows desktop sessions from terminating when the idle timeout was exceeded. #56052
- Added the
teleport-update status --is-up-to-dateflag to change the return code based on the update status. #55952 - Fixed a memory leak in Kubernetes Access caused by resources not being cleaned up when clients terminate watch streams. #55769
- Updated Go to 1.23.10. #55604
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.
- Slack Linux amd64 | Linux arm64
- Mattermost Linux amd64 | Linux arm64
- Discord Linux amd64 | Linux arm64
- Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
- Event Handler Linux amd64 | Linux arm64 | macOS amd64
- PagerDuty Linux amd64 | Linux arm64
- Jira Linux amd64 | Linux arm64
- Email Linux amd64 | Linux arm64
- Microsoft Teams Linux amd64 | Linux arm64
labels: security-patch=yes,security-patch-alts=v15.5.3