github gravitational/teleport v4.3.7
Teleport 4.3.7

This release of Teleport contains a security fix and a bug fix.

  • Mitigated CVE-2020-15216 by updating


A vulnerability was discovered in the library which is used by Teleport to validate the
signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.


The goxmldsig library has been updated upstream and Teleport 4.3.7 includes the fix. Any Enterprise SSO users using Okta,
Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.3.7 and restart Teleport.

If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.

  • Fixed an issue where DynamoDB connections made by Teleport would not respect the HTTP_PROXY or HTTPS_PROXY environment variables. #4271


Download the current and previous releases of Teleport at

latest releases: v4.4.2, v4.3.8, v5.0.0-beta.9...
one month ago