Teleport 16.4.7
Description
- Fixed bug in Kubernetes session recordings where both root and leaf cluster recorded the same Kubernetes session. Recordings of leaf resources are only available in leaf clusters. #48738
- Machine ID can now be forced to use the explicitly configured proxy address using the
TBOT_USE_PROXY_ADDR
environment variable. This should better support split proxy address operation. #48675 - Fixed undefined error in open source version when clicking on
Add Application
tile in the Enroll Resources page in the Web UI. #48616 - Updated Go to 1.22.9. #48581
- The teleport-cluster Helm chart now uses the configured
serviceAccount.name
from chart values for its pre-deploy configuration check Jobs. #48579 - Fixed a bug that prevented the Teleport UI from properly displaying Plugin Audit log details. #48462
- Fixed an issue preventing migration of unmanaged users to Teleport host users when including
teleport-keep
in a role'shost_groups
. #48455 - Fixed showing the list of access requests in Teleport Connect when a leaf cluster is selected in the cluster selector. #48441
- Added Connect support for selecting Kubernetes namespaces during access requests. #48413
- Fixed a rare "internal error" on older U2F authenticators when using tsh. #48402
- Fixed
tsh play
not skipping idle time when--skip-idle-time
was provided. #48397 - Added a warning to
tctl edit
about dynamic edits to statically configured resources. #48392 - Define a new
role.allow.request
field calledkubernetes_resources
that allows admins to define what kinds of Kubernetes resources a requester can make. #48387 - Fixed a Teleport Kubernetes Operator bug that happened for OIDCConnector resources with non-nil
max_age
. #48376 - Updated host user creation to prevent local password expiration policies from affecting Teleport managed users. #48163
- Added support for Entra ID directory synchronization for clusters without public internet access. #48089
- Fixed "Missing Region" error for teleport bootstrap commands. #47995
- Fixed a bug that prevented selecting security groups during the Aurora database enrollment wizard in the web UI. #47975
- During the Set Up Access of the Enroll New Resource flows, Okta users will be asked to change the role instead of entering the principals and getting an error afterwards. #47957
- Fixed
teleport_connected_resource
metric overshooting after keepalive errors. #47949 - Fixed an issue preventing connections with users whose configured home directories were inaccessible. #47916
- Added a
resolve
command to tsh that may be used as the target for a Match exec condition in an SSH config. #47868 - Respect
HTTP_PROXY
environment variables for Access Request integrations. #47738 - Updated tsh ssh to support the
--
delimiter similar to openssh. It is now possible to execute a command viatsh ssh user@host -- echo test
ortsh ssh -- host uptime
. #47493
Enterprise:
- Jamf requests from Teleport set "teleport/$version" as the User-Agent.
- Add Web UI support for selecting Kubernetes namespaces during access requests.
- Import user roles and traits when using the EntraID directory sync.
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.
- Slack Linux amd64 | Linux arm64
- Mattermost Linux amd64 | Linux arm64
- Discord Linux amd64 | Linux arm64
- Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
- Event Handler Linux amd64 | Linux arm64 | macOS amd64
- PagerDuty Linux amd64 | Linux arm64
- Jira Linux amd64 | Linux arm64
- Email Linux amd64 | Linux arm64
- Microsoft Teams Linux amd64 | Linux arm64