Skip to content

Teleport 16.4.7

Compare
Choose a tag to compare
@camscale camscale released this 12 Nov 03:36
· 2265 commits to master since this release
15dfef1

Description

  • Fixed bug in Kubernetes session recordings where both root and leaf cluster recorded the same Kubernetes session. Recordings of leaf resources are only available in leaf clusters. #48738
  • Machine ID can now be forced to use the explicitly configured proxy address using the TBOT_USE_PROXY_ADDR environment variable. This should better support split proxy address operation. #48675
  • Fixed undefined error in open source version when clicking on Add Application tile in the Enroll Resources page in the Web UI. #48616
  • Updated Go to 1.22.9. #48581
  • The teleport-cluster Helm chart now uses the configured serviceAccount.name from chart values for its pre-deploy configuration check Jobs. #48579
  • Fixed a bug that prevented the Teleport UI from properly displaying Plugin Audit log details. #48462
  • Fixed an issue preventing migration of unmanaged users to Teleport host users when including teleport-keep in a role's host_groups. #48455
  • Fixed showing the list of access requests in Teleport Connect when a leaf cluster is selected in the cluster selector. #48441
  • Added Connect support for selecting Kubernetes namespaces during access requests. #48413
  • Fixed a rare "internal error" on older U2F authenticators when using tsh. #48402
  • Fixed tsh play not skipping idle time when --skip-idle-time was provided. #48397
  • Added a warning to tctl edit about dynamic edits to statically configured resources. #48392
  • Define a new role.allow.request field called kubernetes_resources that allows admins to define what kinds of Kubernetes resources a requester can make. #48387
  • Fixed a Teleport Kubernetes Operator bug that happened for OIDCConnector resources with non-nil max_age. #48376
  • Updated host user creation to prevent local password expiration policies from affecting Teleport managed users. #48163
  • Added support for Entra ID directory synchronization for clusters without public internet access. #48089
  • Fixed "Missing Region" error for teleport bootstrap commands. #47995
  • Fixed a bug that prevented selecting security groups during the Aurora database enrollment wizard in the web UI. #47975
  • During the Set Up Access of the Enroll New Resource flows, Okta users will be asked to change the role instead of entering the principals and getting an error afterwards. #47957
  • Fixed teleport_connected_resource metric overshooting after keepalive errors. #47949
  • Fixed an issue preventing connections with users whose configured home directories were inaccessible. #47916
  • Added a resolve command to tsh that may be used as the target for a Match exec condition in an SSH config. #47868
  • Respect HTTP_PROXY environment variables for Access Request integrations. #47738
  • Updated tsh ssh to support the -- delimiter similar to openssh. It is now possible to execute a command via tsh ssh user@host -- echo test or tsh ssh -- host uptime. #47493

Enterprise:

  • Jamf requests from Teleport set "teleport/$version" as the User-Agent.
  • Add Web UI support for selecting Kubernetes namespaces during access requests.
  • Import user roles and traits when using the EntraID directory sync.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.