gravitational/teleport v17.4.0

Teleport 17.4.0

on GitHub

Description

Database access for Oracle RDS

Teleport database access now supports connecting to Oracle RDS with Kerberos
authentication.

AWS integration status dashboard

Teleport web UI now provides a detailed status dashboard for AWS integration as
well as the new "user tasks" view that highlights integration issues
requiring user attention along with suggested remediation steps.

Windows desktop improvements

Teleport now supports registering the same host twice - once as a domain-joined
machine, and one as a standalone machine. This allows Teleport users to
connect as Active Directory users and local users to the same host.

Other fixes and improvements

• Enable support for joining Kubernetes sessions in the web UI. #53450
• Fixed an issue tsh proxy db does not honour --db-roles when renewing certificates. #53445
• Fixed an issue that could cause backend instability when running very large numbers of app/db/kube resources through a single agent. #53419
• Added static_jwks field to the GitLab join method configuration to support cases where Teleport Auth Service cannot reach the GitLab instance. #53413
• Introduced workload-identity-aws-ra service for generating AWS credentials using Roles Anywhere directly from tbot. #53408
• Helm chart now supports specifying a second factor list, this simplifies setting up SSO MFA with the teleport-cluster chart. #53319
• Improved resource consumption when retrieving resources via the Web UI or tsh ls. #53302
• Added support for topologySpreadConstraints to the teleport-cluster Helm chart. #53287
• Fixed rare high CPU usage bug in reverse tunnel agents. #53281
• Fixed an issue PostgreSQL via WebUI fails when IP pinning is enabled. PostgreSQL via WebUI no longer requires Proxy to dial its own public address. #53250
• Added overview information to "Enroll New Resource" guides in the web UI. #53218
• Added support for SendEnv OpenSSH option in tsh. #53216
• Added support for using DynamoDB Streams FIPS endpoints. #53201
• Allow AD and non-AD logins to single Windows desktop. #53199
• Workload ID: support for attesting Systemd services. #53108

Enterprise:

• Fixed Slack plugin failing to enroll with "need auth" error in the web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64