Description
This release of Teleport contains a security fix as well as bug fixes and stability improvements.
RCE in SSH agent install script
Token value provided via HTTP request to download the node join script wasn't
properly validated. This could allow an attacker to generate a node join script
with malicious code included.
Other fixes
- Fixed issue with some
kubectlcommands getting "malformed HTTP response" during concurrent access. #15468 - Fixed
get-kubeconfig.shscript to work with Kubernetes 1.24+. #15618 - Fixed issue with resource listings not returning accurate results when there are denied resources. #14547
- Fixed issue with DynamoDB backend not returning all data in clusters with a lot of node churn. #16106
- Improved stability of remote cluster connections after proxy restart. #13798
- Improved stability of agent reconnects after proxy restart. #14508
- Improved internal cache efficiency for large clusters. #14307
- Improved network utilization in large clusters. #15841
- Improved stability in clusters with missing reverse tunnels. #15805
Download
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.