Description
Breaking changes
Kubernetes API server proxy access
Access to the Kubernetes API server pods/{name}/proxy/{path},
services/{name}/proxy/{path}, and nodes/{name}/proxy/{path}
endpoints now requires the new proxy verb in kubernetes_resources.
Previously these endpoints were authorized as the get verb. Roles
that use the Kubernetes API server proxy must add "proxy" to the
relevant verbs list.
Other fixes and improvements
- Fixed Teleport Connect file uploads for empty files. #67926
- Fixed an issue where path separators could be included in scp file names during upload. #67773
- Sanitized AWS console federation transport errors to avoid logging AWS session credential material. #67708
- Fixed an SSRF vulnerability in AWS application access where a crafted X-Forwarded-Host header could divert IAM-signed AWS API requests to an attacker-controlled host. #67707
- Cap AWS STS AssumeRole session duration to the Teleport identity TTL, including query-string AssumeRole requests and requests made with cached assumed-role credentials. #67705
- Fixed role impersonation incorrectly being affected by user allow/deny rules. #67690
- Prevented users with the same name in different clusters from being able to cancel each others' remote port forwards. #67688
- Update golang.org/x/crypto to v0.53.0. #67641
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.
- Slack Linux amd64 | Linux arm64
- Mattermost Linux amd64 | Linux arm64
- Discord Linux amd64 | Linux arm64
- Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
- Event Handler Linux amd64 | Linux arm64 | macOS amd64
- PagerDuty Linux amd64 | Linux arm64
- Jira Linux amd64 | Linux arm64
- Email Linux amd64 | Linux arm64
- Microsoft Teams Linux amd64 | Linux arm64