Skip to content

Releases: gravitational/teleport

Teleport 18.7.6

30 Apr 19:46
@doggydogworld doggydogworld
v18.7.6
8170bfc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.6 Latest
Latest

Description

Security fixes

This release includes various security-related improvements and bug fixes.
We recommend that users on versions prior to v18.7.4 upgrade their Auth and Database Services to this latest release.
For Teleport Cloud customers, your control plane has already been upgraded to a patched release.

[High] Authorization bypass in encrypted session recordings

Teleport did not ensure sufficient authorization in some of the encrypted session recordings APIs.
This could allow an attacker to upload recordings to the cluster.
For self-hosted users that do not use encrypted session recordings, the following debug log messages
on auth server would indicate vulnerable APIs being called:

  • “creating encrypted session upload”
  • “uploading encrypted session part”
  • “completing encrypted session upload”

This issue specifically affects Teleport v18. We recommend that all users upgrade their
Auth Services to this release to ensure continued security and stability.

[High] Cross-node session recording access

When checking system service access to session recordings and audit logs, Teleport did not
perform sufficient authorization. This could allow a compromised Teleport SSH node service to
access audit events and session recordings from other nodes in the cluster.
We recommend that all users upgrade their Auth Services to this release to ensure continued security and stability.

[Medium] SSRF via AWS database access endpoint

Teleport did not sufficiently validate the connection endpoint for AWS database access
(DynamoDB, OpenSearch, Keyspaces). This could allow a malicious actor with access to Teleport
configuration to steal database access credentials by crafting a connection endpoint pointing to
their domain.
All users that use Teleport to access AWS-hosted databases (DynamoDB, OpenSearch, Keyspaces)
are advised to upgrade their Auth and Database Services to this release to ensure continued security
and stability.

Other fixes and improvements

  • Fixed an issue that prevents GCP Server discovery to try to enroll all the VMs that are found when one of them returns an error. #66240
  • Added scoped roles support to the Terraform provider. #66225
  • Added scoped role assignment support to the Terraform provider. #66225
  • Fixed an issue where tctl edit plugin/jamf could break other plugins when providing non-zero duration value. #66191
  • Introduces skip_initial_connection option to the teleportmwi provider to allow lazy initialization of the provider. #66139
  • Initialize keystore sign and decrypt metrics at startup and register missing decrypt metric collectors. #66110
  • Added current and previous resources discovered summary per service to Discovery Config Status. #66097
  • Fixed a bug where generated JWT tokens were leaked into audit event. #66095
  • Updated internal database dependencies to resolve multiple security vulnerabilities (CVE-2026-4427, CVE-2026-32286, and others). #66083
  • Fixed a possible panic during TTY session processing/playback/summarization from crashing Teleport. #66080
  • Fixed an issue where the endpoint used by tsh scan keys could leak resources on a server error; this affected only clusters with Access Graph enabled. #66076
  • Added teleport_app_active_sessions Prometheus gauge with app label for app access agent autoscaling. #66050
  • Fixed joining for agents and proxies connecting directly to an Auth service when they specify a CA pin and any lock in the cluster is in force. #66044
  • Added scoped role to the k8s operator. #66034
  • Added scoped role assignments to the k8s operator. #66034
  • Fixed Access List-granted roles being absent from the web session created after a local user password reset or invite acceptance, requiring a logout/login cycle to restore access. #66011
  • Added support for Azure join tokens based on Azure tenant ID. #65989
  • Fixed a "No such process" error that could happen on the very first launch of VNet on macOS. #65967
  • Improved readability of the search results in Teleport Connect. #65928
  • Fixed a Teleport Connect issue on Windows where startup could fail when HTTPS_PROXY is set. #65924
  • Added user.metadata.name variable to RBAC role templates and expressions. #65923
  • Fix VNet SSH per-session MFA checks to use the requested SSH login instead of the profile default login. #65909
  • Initialize backend read and requests metrics to zero at startup. #65898
  • Fixed Teleport not taking over an existing unmanaged host user when configured to. #65838
  • Fixes race condition in dynamoDB backend which can lead to missed events, resulting in a inconsistent cache state. #65821
  • Added ui_config resource support to the Terraform provider. #65800
  • Set default name for UIConfig resource as ui-config. #65800
  • Fixed an issue in Teleport Connect on macOS where selecting "Open Teleport Connect" from the menu bar would not reliably open the app. #65774
  • The github join method now supports the enterprise/enterprise_id claims. #65700
  • Teleport Connect now displays user roles in an expandable list. #65654
  • Standard Teleport agents can now join using the bound_keypair join method. #65625
  • Add x11 forwarding, SSH File Copying, Agent Forwarding, SSH Port Forwarding, Create Host User, Max Sessions, and host sudoers to scoped ssh role options. #65601
  • Added tctl discovery nodes command for troubleshooting AWS EC2 auto-discovery enrollment issues. #65598
  • Update Go to v1.25.9. #65586
  • Fix access graph AWS discovery to not deadlock when Identity Activity Center is disabled. #65574
  • Clear certs from local ssh agent when switching between unscoped user to scoped user. #65568
  • Added lock resource support to the Kubernetes operator. #65543
  • Added support for * and $ globbing to the GitHub Actions token rules. #65539
  • The tbot keypair create command will now create the specified directory if necessary. #65528
  • Fixed an issue in Teleport Connect where the "Reopen" button in the "Reopen previous session" modal would not automatically receive focus. #65513
  • Fixed a bug where Teleport Connect displayed an error about an expired certificate instead of showing the login modal. #65512
  • Added visible teleport.dev/ labels for Azure and GCP auto-discovered VMs, making subscription ID, VM ID, region, resource group, VM name, and zone available in the web UI, CLI output, and RBAC rules. #65462
  • Fixed panic in tctl get scoped_token when non-token join method scoped tokens were present. #65461
  • Fix "tctl edit" bugs when editing multiple resources, or resources with sub_kinds (for example, CAs). #65341
  • Removed expired Baltimore CyberTrust Root CA used for Azure databases. #65329
  • Reimplemented how Teleport Connect handles deep links for Device Trust auth and launching VNet from the Web UI. #65316
  • Extended access monitoring predicate language with contains(set, item) expression. #65294
  • Fixed an issue where viewing a session recording that did not exist/was not uploaded yet would show an empty player instead of an error message. #65269
  • Auth connector names are now limited to 768 characters. #65242
    ...
Read more
Assets 2
Loading

Teleport 17.7.23

30 Apr 15:25
@aadc-dev aadc-dev
v17.7.23
e69ca99
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.23

Description

Security fixes

This patch addresses two security vulnerabilities.
Impacted users are recommended to upgrade their auth and database services to the latest version.
For Teleport Cloud customers, your control plane has already been upgraded to a patched release.

[High] Cross-node session recording access

When checking system service access to session recordings and audit logs, Teleport did not
perform sufficient authorization. This could allow a compromised Teleport SSH node service to
access audit events and session recordings from other nodes in the cluster.
All users are advised to upgrade their Auth services to the patched v17 release.

[Medium] SSRF via AWS database access endpoint

Teleport did not sufficiently validate the connection endpoint for AWS database access
(DynamoDB, OpenSearch, Keyspaces). This could allow a malicious actor with access to Teleport
configuration to steal database access credentials by crafting a connection endpoint pointing to
their domain.
All users that use Teleport to access AWS-hosted databases (DynamoDB, OpenSearch, Keyspaces)
are advised to upgrade their auth and database services to the patched v17 release

Other fixes and improvements

Changelog:

  • Initialize keystore sign and decrypt metrics at startup. #66109
  • Updated jackc/pgx packages to fix CVE-2026-4427/CVE-2026-32286, CVE-2026-33815, CVE-2026-33816, GHSA-j88v-2chj-qfwx. #66093
  • Added teleport_app_active_sessions Prometheus gauge with app label for app access agent autoscaling. #66049
  • Fixed a "No such process" error that could happen on the very first launch of VNet on macOS. #65968
  • Fixed a Teleport Connect issue on Windows where startup could fail when HTTPS_PROXY is set. #65925
  • Initialize backend read and requests metrics to zero at startup. #65901
  • Fixed Teleport not taking over an existing unmanaged host user when configured to. #65837
  • Fixes potential race condition in dynamoDB backend which can lead to missed events, resulting in a inconsistent cache state. #65822
  • Fixed an issue in Teleport Connect on macOS where selecting "Open Teleport Connect" from the menu bar would not reliably open the app. #65773
  • Updated github.com/go-git/go-git/v5 to resolve CVE-2026-34165. #65649
  • Updated OpenTelemetry dependencies to address CVE-2026-24051. #65647
  • Update Go to v1.25.9. #65587
  • Fixed "tctl edit" bugs when editing multiple resources, or resources with sub_kinds (for example, CAs). #65343
  • Removed expired Baltimore CyberTrust Root CA used for Azure databases. #65328
  • Reimplemented how Teleport Connect handles deep links for Device Trust auth and launching VNet from the Web UI. #65317
  • Fixed minor bug in Web UI and Connect where static and dynamic labels with the same key are duplicated. #65295
  • Fixed a goroutine leak in the Teleport Connect MFA prompt when both SSO MFA and Webauthn are available second factors. #65230
  • Fixed an issue that allowed bypassing Resource Access Requests' AllowedResourceIDs when creating app sessions. #65117
  • Fixed an issue that allowed IP Pinning protections to be bypassed via direct dial to a Teleport Node. #65095
  • Fixed an issue that allowed IP Pinning protections to be bypassed via the WebUI. Also fix an issue with sporadic WebUI connection errors when the Proxy sees an unexpected client IP even though IP Pinning is not enforced. #65093
  • Fixed intermittent issues with VNet on Windows with NRPT rules being wiped after Group Policy refresh. #65018
  • Device Trust is now accessible under Zero Trust Access in the web UI. #65006
  • Fixed an issue with desktop directory sharing in Teleport Connect that caused file modification times not to be displayed. #64920
  • Fixed an issue preventing Teleport Connect from launching on Windows when the OS username contains non-ASCII characters. #64886
  • API rate limiting for authenticated per-session MFA requests now follows the regular API rate limits, making the limit unlikely to be hit during parallel SSH operations. #64776
  • Print a message indicating that tctl recordings download <session_id> completed successfully. #64722
  • Updated github.com/docker/cli to v29.2.0+incompatible (addresses CVE-2025-15558). #64608
  • Teleport Connect now displays the Message of the Day (MOTD) before login. #64550
  • Fixed bug that causes Windows desktop connection errors on EC2 joined nodes. #64546
  • Fixed tsh login --request-id to display up to date profile information including the assumed access request and roles. #64537
  • Fixed error handling around empty uploads to ensure upload resources are consistently cleaned up. #64501
  • Update Go to v1.25.8. #64435
  • Fixed failures to record extra large session events in synchronous recording modes. #64344
  • Fixed a rare race condition causing initial node heartbeats to be missing an address. #64331

Enterprise:

  • Fix Okta assignment reconciliation failing for applications with large user lists where the API response time exceeded the 30s HTTP client timeout by increase the Okta http connection Timeout to 5 min.
  • Device Trust is now accessible under Zero Trust Access in the web UI.
  • Fixed an error log and a memory leak when manually deleting an okta_assignment resource.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

labels: security-patch=yes,security-patch-alts=v17.7.22

Loading

Teleport 18.7.2

06 Mar 21:36
@doggydogworld doggydogworld
v18.7.2
b317fe8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.2

Description

  • Added TeleportAccessMonitoringRuleV1 support to the Teleport Kubernetes operator. #64368
  • Added update scoped token support to tctl and update upsert scoped token rpc to not require status. #64345
  • Improved performance and reduced resource usage of the database proxy for clusters with large numbers of registered databases. #64311
  • Added more helpful messages to ssm.run events when there's a failure in discovering EC2 instances. #64273
  • Fixed a bug that could cause desktop connection errors during proxy upgrades for some cluster configurations. #64258
  • Fixed an issue where the UI would display a white screen and no error when an error occurred. #64246
  • Improve the layout of the web UI's message of the day. #64213
  • Fixed an issue where VNet on Windows could fail to start after an update with the error: The specified service does not exist as an installed service.. #64206
  • Fixed a bug where audit events could be created forever for an expired access request. #64180
  • Add scoped tokens to tctl resource commands. #64040
  • Fixed correct reporting of server discovery enrollment failures when the Proxy is not accessible from the target server. #64007
  • Fixed an issue that caused Discovery Service to stop working for Discovery Configs, also affecting AWS OIDC resource enrollments created from the UI. #63970
  • Added support for session summarizer resources to the Kubernetes operator. #63884

Enterprise:

  • Fixed an error log and a memory leak when manually deleting an okta_assignment resource.
  • Fixed a potential panic in Auth service when getting a non-existing plugin without list permissions.
  • Prevented membership modifications for Access Lists synchronized from Entra ID.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.20

06 Mar 23:09
@doggydogworld doggydogworld
v17.7.20
2797910
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.20

Description

  • Fix a bug where audit events could be created forever for an expired access request. #64355
  • Fixed an issue where the UI would display a white screen and no error when an error occurred. #64245
  • Fixed a bug that could cause desktop connection errors during proxy upgrades for some cluster configurations. #64224
  • Improve the layout of the web UI's message of the day. #64212
  • Fixed an issue where VNet on Windows could fail to start after an update with the error: The specified service does not exist as an installed service.. #64207
  • Fixed db session page refresh redirecting to empty page. #63988
  • Fixed out of sequent audit logs rendering in ui for same timestamp logs. #63819
  • Fixed tsh kubectl failing when kubectl flags appear before positional arguments (e.g., tsh kubectl -n default get pod). #63808
  • Added tctl recordings download command to download session recordings to local files without requiring direct access to the storage backend. #63727
  • Fixed a bug that could cause Windows desktops discovered via LDAP to be removed in error. #62472

Enterprise:

  • Fix an error log and a memory leak when manually deleting an okta_assignment resource.
  • Fix a potential panic in Auth service when getting a non-existing plugin without list permissions.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.7.1

25 Feb 16:40
@aadc-dev aadc-dev
v18.7.1
166d439
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.1

Description

  • Fixed web app access in leaf clusters when VNet is enabled. #63993
  • Fixed an issue where desktop session recordings would show a white screen instead of the recording player, and fixed an issue where if a session's metadata failed to load and the session had a summary it didn't display the summary. #63982
  • Fixed db session page refresh redirecting to empty page. #63938
  • Improved the performance of tsh and tctl when the profile directory is on a remote filesystem (NFS, SMB, etc.). #63937
  • Added platform information to ssm.run events when auto discovering EC2 instances. #63925
  • Added server side secret obfuscating for GetScopedTokens rpc and added UpsertScopedToken rpc. #63902

Enterprise:

  • Clarified MS Teams enrollment configuration values.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.7.0

17 Feb 23:03
@mjsmithnh mjsmithnh
v18.7.0
This tag was signed with the committer’s verified signature.
mjsmithnh Matt Smith
SSH Key Fingerprint: k063nd9uhyHXLXwa+ccoCcVh0PqPinXMMjebsu4kOHk
Verified
Learn about vigilant mode.
433b913
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.7.0

Description

Session timeline view for Identity Security

Session player for Identity Security users received an enhanced timeline view with
per-command session breakdown.

Organization-level auto-discovery for AWS EC2 instances

AWS auto-discovery supports EC2 instance enrollment from all or a subset of accounts
of an AWS organization without having to configure per-account discovery.

Organization-level discovery for other resources within AWS (RDS, EKS) as well as other
for cloud providers will follow in future releases.

Terraform-native flow for configuration of AWS EC2 auto-discovery

Teleport provides in-product UX for configuring EC2 auto-discovery in a single AWS
account using terraform module.

Static labels for auto-discovered Windows desktops

Teleport can now be configured to apply a set of static labels to Windows
desktops that it discovers via LDAP. This is an alternative to setting labels
based on the value of LDAP attributes.

Access requests privilege escalation UX for AWS

Teleport users are now able to see specific IAM roles available to them when requesting
elevated access to AWS CLI/console. Future releases will extend support for specific
principal selection to access requests for other resource types as well.

Entra ID integration status page

Teleport users are now able to see status of the configured Entra ID integration in the
web UI.

Inventory UI

Teleport's web UI now includes a new page showing the complete inventory of all instances
and bots connected to the cluster.

Managed Updates UI

Teleport's web UI now includes new functionality for working with managed updates.
The UI offers the ability to view and manage the updater configuration as well
as monitor the progress of update rollouts.

Split Windows CA

Teleport now introduces a new Windows CA responsible for issuing user certificates for
Windows Desktop access. Currently the User CA issues those certificates, as they are end-user certs.
Splitting the CAs improves Teleport's security posture by introducing a more specialized CA
and allows both CAs to be rotated independently.

Other fixes and improvements

  • Fixed tsh kubectl failing when kubectl flags appear before positional arguments (e.g., tsh kubectl -n default get pod). #63807
  • The tsh status command can now be executed in client-only mode with --client. This skips all server-side operations. #63786
  • Improved tracing support via tsh --trace kubectl. #63762
  • Added tctl recordings download command to download session recordings to local files without requiring direct access to the storage backend. #63726
  • MWI: Add new tbot start no-op helper that starts no services. #63666
  • Improved performance and user experience of teleport backend clone. #63635
  • Fixed out of sequent audit logs rendering in ui for same timestamp logs. #63613
  • Added the Windows CA, used to issue Windows Desktop Access user certificates. The Windows CA is initially created as a copy of the User CA, so existing trust relationships are maintained. You may rotate either CA in order to create distinct key material (make sure to consult the Certificate Authority Rotation guide before performing a CA rotation). The Windows CA is a top-level CA entity, so it is reflected in all commands that operate on CAs. Updating both command-line tools and Windows Desktop agents is recommended. #63547
  • Added support for summarizer resources to the Teleport Terraform provider. #63534
  • Add Managed Updates dashboard to the WebUI. #63310
  • Fixed a bug that could cause Windows desktops discovered via LDAP to be removed in error. #62471
  • Fixed an issue that could cause failed Active Directory user lookups to cache the error rather than retry. #62471
  • Ensure that discovered Windows desktops don't expire when a large discovery interval is configured. #62471
  • Each Windows desktop discovery_config can now include a set of static labels to apply to discovered hosts. #62452
  • Added support for discovering EC2 instances in all the accounts under an AWS Organization. #62302
  • Added support for EC2 instances to join based on their AWS Organization. #62302

Enterprise:

  • Updated Entra ID plugin UI to support Access List owners source configuration.
  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.
  • Added plugin status page for Teleport Entra ID integration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.6.8

10 Feb 23:21
@doggydogworld doggydogworld
v18.6.8
9a94677
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.6.8

Description

  • Added --exec-cmd and --exec-arg flags to tsh proxy kube to allow launching custom commands like k9s directly without requiring environment variable workarounds. #63066

Enterprise:

  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.19

11 Feb 00:14
@doggydogworld doggydogworld
v17.7.19
265ff01
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.19

Description

Enterprise:

  • Fixes a panic that occurred when External Audit Storage was available but not enabled in Teleport Cloud while Access Monitoring was enabled.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.6.7

09 Feb 22:54
@doggydogworld doggydogworld
v18.6.7
0a2200f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.6.7

Description

  • Revised help messages for event handler CLI commands. #63620
  • Fixed tsh ssh user@foo=bar uptime from running serially if users did not have role:read permissions. #63612
  • The minimum version of macOS required to run Teleport or associated client tools is now macOS 12 (Monterey). #63587
  • The minimal macOS version required by Teleport Connect is now macOS 12. #63569
  • Fixed bug where event handler would throw an error on Athena backend when handling large events. #63550
  • Updated Go to 1.25.7. #63539
  • Fixed an issue where a role requiring a trusted device could incorrectly block access to all applications. #63527
  • Fixed bug where event handler would get stuck on DynamoDB backend when handling large events. #63526
  • Updated tsh/Linux to correctly capture the OS login user for device trust. #63452
  • Fixed a server error when rejecting a headless authentication request in the Web UI. #63431
  • Added opt-in support to use cert-manager certificates for teleport-plugin-event-handler helm chart. #63420
  • Modified tbot helm chart with default token value to simplify deployment. #63360
  • Improved GitHub + Kubernetes guide experience. #63185
  • Fixed teleport join openssh on recent versions of Ubuntu. #63040

Enterprise:

  • Extend Access Monitoring feature to Teleport Cloud customers using External Audit Storage.
  • Added recording and validation for the fixed OS login user values from tsh.
  • Mitigated a race in the Slack token refresh logic.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.18

10 Feb 04:52
@doggydogworld doggydogworld
v17.7.18
61b7c02
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.18

Description

Skipped 17.7.17 due to a build pipeline issue.

  • Revised help messages for event handler CLI commands. #63642
  • Fixed tsh ssh user@foo=bar uptime from running serially if users did not have role:read permissions. #63611
  • The minimum version of macOS required to run Teleport or associated client tools is now macOS 12 (Monterey). #63588
  • The minimal macOS version required by Teleport Connect is now macOS 12. #63570
  • Fixed bug where event handler would get stuck on DynamoDB backend when handling large events. #63562
  • Updated Go to 1.25.7. #63561
  • Fixed bug where event handler would throw an error on Athena backend when handling large events. #63551
  • Fixed an issue where a role requiring a trusted device could incorrectly block access to all applications. #63528
  • Updated tsh/Linux to correctly capture the OS login user for device trust. #63453
  • Fixed a server error when rejecting a headless authentication request in the Web UI. #63432
  • Fixed tsh/Linux sending a too-large username for device trust. #63388
  • Fixed teleport join openssh on recent versions of Ubuntu. #63042
  • Fix an issue in the Teleport SSH Service where interactive PAM Auth modules always fail when trying to run exec sessions with tty allocated. e.g. tsh ssh --tty <node> ls. #62065

Enterprise:

  • Extend Access Monitoring feature to Teleport Cloud customers using External Audit Storage.
  • Added recording and validation for the fixed OS login user values from tsh.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading