gravitational/teleport v18.2.0

Teleport 18.2.0

on GitHub

Description

Encrypted session recordings

Teleport now provides the ability to integrate with Hardware Security Modules (HSMs) in order to encrypt session recordings prior to uploading them to storage.

AI session summaries

Teleport Identity Security users are now able to view AI-generated summaries for SSH, Kubernetes and database sessions.

Updated session recordings page

Session recordings page in Teleport web UI are now updated with a new design that will include session thumbnails and ability to view session summaries for Identity Security users.

Teleport Connect Managed Updates

Teleport Connect is now able to detect when application updates are available and automatically apply them on the next restart.

Teleport Device Trust Intune Support

Teleport now includes a new hosted plugin for Microsoft's Intune suite, allowing trusted devices to be synchronized from the Intune inventory.

Terraform support for Access List members

Users are now able to provision Access Lists and their members (including other nested Access Lists) with terraform.

Long-term access requests UX

Teleport access requests creation dialog in web UI now better differentiate between short and long-term access requests.

Database web terminal for MySQL

Teleport web UI now provides terminal interface for MySQL database access.

Database access for AlloyDB

Teleport now supports database access for GCP AlloyDB databases.

Other changes and improvements

• Improved observability by adding health check metrics for healthy, unhealthy, and unknown states. Database health checks can now be monitored with these metrics. #58708
• New session recordings now display an interactive timeline for faster navigation. #58671
• Removed AccessList review notification check from tsh login/status flow. #58662
• Lock, unlock and delete from the Bot Details page, as well as viewing lock status. #58653
• Fixed internal access list membership caching issue that caused high CPU usage when the total number of members exceeded 200. #58614
• Fix internal cache issue that could cause crashes in AWS IC, Database, and App access flows. #58611
• Fixed panic in tbot's ssh-multiplexer service. #58595
• Teleport now honours Entra ID OIDC groups overage claim. The OIDC connector spec in Teleport must be updated to request OIDC profile scope and the enterprise application in Entra ID must be granted with User.ReadBasic.All Graph API permission for this feature to work. By default, Teleport will query the Microsoft Graph API graph.microsoft.com endpoint and filter user's group membership of "security groups" group type. This behaviour can be updated by configuring entra_id_groups_provider configuration field, which is available in the OIDC connector configuration spec. #58593
• Enhanced session recordings RBAC to enforce recording access based on rules that reference creator’s roles, traits, and resource properties. #58563
• Added support for configure SCIM Plugin with OIDC or Github Teleport Connectors. #58554
• Added user_agent field to MySQL database session start audit events. #58523
• tbot now supports the configuration of a default namespace for kubeconfig files generated by the kubernetes/v2 service. #58494
• Reduced audit log clutter by compacting contiguous shared directory read/write events into a single audit log event. #58446
• Session metadata now appears next to SSH sessions in the UI. #58405
• Refreshed the list session recordings UI with thumbnails, more filtering options and a card/list view. #58390
• Added thumbnail and metadata generation for session recordings. #58360
• Teleport Connect now supports managed updates. #58260
• Teleport Connect now brings focus back from the browser to itself after a successful SSO login. #58260
• Added support for GCP AlloyDB. #58202
• Added Microsoft Intune integration for syncing devices into Teleport Device Trust. #57986
• Added support for encrypting session recordings at rest across all recording modes. Encryption can be enabled statically by setting auth_server.session_recording_config.enabled: yes in the Teleport file configuration, or dynamically by editing the session_recording_config resource and setting spec.encryption.enabled: yes. #57959
• Added a MySQL database client REPL to the Teleport web UI. #57798
• Added SSH SELinux module management to teleport-update. #57660
• Added Terraform support for Access List members. #57058

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64