Description
This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.
Auth bypass in Moderated Sessions
When checking a user’s roles prior to starting a session, Teleport may have incorrectly allowed a session to proceed without moderation depending on the order roles are received from the backend.
If you're using Moderated Sessions, we recommend upgrading Auth, Proxy, SSH and Kubernetes agents.
Other improvements and fixes
- Fixed issue with per-session MFA swallowing keypresses. #13822
- Fixed issue with
tsh db ls -Rnow showing allowed users. #13626 - Fixed vertical and horizontal scroll in desktop access. #13905
- Fixed issue with invalid query filters forcing
tshrelogin. #13747 - Fixed issue with TLS routing and proxy jump. #13928
- Fixed issue with MongoDB connections timing out in certain scenarios. #13859
- Fixed issue with Machine ID certificate renewal with empty requested roles. #13893
- Fixed issue with Windows desktops not being labeled with LDAP attribute labels. #13681
- Fixed issue with desktop access streaming not being terminated properly. #14024
- Added ability to use FIPS endpoints for S3 and DynamoDB using
use_fips_endpointconnection option. #13703 - Added ability to specify CA pin as a file path in the config. #13089
- Improved reconnect reliability after root proxy restart. #13967
- Improved error messages for failed auth client connections. #13835
Download
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.