Description
This release of Teleport contains a security fix.
Trusted Clusters security fix
An attacker in possession of a valid Trusted Cluster join token could inject a
malicious CA into a Teleport cluster that would allow them to bypass root
cluster authorization and potentially connect to any node within the root
cluster.
For customers using Trusted Clusters, we recommend upgrading to one of the
patched releases listed below then revoking and rotating all Trusted Cluster
tokens. As a best practice, make sure that Trusted Cluster tokens have short
time-to-live and ideally are removed after being used once.
Download
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.