Skip to content

Releases: gravitational/teleport

Teleport 18.2.2

20 Sep 04:31
@doggydogworld doggydogworld
v18.2.2
b1ba1d1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 18.2.2 Latest
Latest

Description

  • Fixed a regression in Teleport Connect for Windows that caused the executable to be unsigned. #59302
  • Fixed an issue that prevented uploading encrypted recordings using the S3 session recording backend. #59281
  • Fix issue preventing auto enrollment of EKS clusters when using the Web UI. #59272
  • Terraform provider: Allow creating access lists without setting spec.grants. #59217
  • Fixes a panic that occurs when creating a Bound Keypair join token with the spec.onboarding field unset. #59178
  • Added desktop name for Windows Directory and Clipboard audit events. #59146
  • Added the ability to update the AWS Identity Center SCIM token in tctl. #59114
  • Added services to correctly choose Access Request roles in remote clusters. #59062
  • Install script allows specifying a group for agent installation with managed updates V2 enabled. #59059
  • Added support for ElastiCache Serverless for Redis OSS and Valkey database access. #58891

Enterprise:

  • Fixed an issue in the Entra ID integration where a user account with an unsupported username value could prevent other valid users and groups to be synced to Teleport. Such user accounts are now filtered.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.7.5

19 Sep 04:42
@doggydogworld doggydogworld
v17.7.5
3c26a85
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.7.5

Description

  • Fix issue preventing auto enrollment of EKS clusters when using the Web UI. #59273
  • Terraform provider: Allow creating access lists without setting spec.grants. #59238
  • Fixes a panic that occurs when creating a Bound Keypair join token with the spec.onboarding field unset. #59179
  • Added desktop name for Windows Directory and Clipboard audit events. #59154
  • Added the ability to update the AWS Identity Center SCIM token in tctl. #59115
  • Fixed client tools managed updates sequential update. #59089
  • Fixed headless login so that it supports both WebAuthn and SSO for MFA. #59077
  • When selecting a login for an SSH server, Teleport Connect now shows only logins allowed by RBAC for that specific server rather than showing all logins which the user has access to. #59068
  • Added services to correctly choose Access Request roles in remote clusters. #59063
  • Install script allows specifying a group for agent installation with managed updates V2 enabled. #59060
  • Fixed a bug preventing users to create access lists with empty grants through Terraform. #59031
  • Fixed a DynamoDB bug potentially causing event queries to return a different range of events. In the worst case scenario, this bug would block the event-handler. #59030
  • Teleport Connect now runs in the background by default on macOS and Windows. On Linux, this behavior can be enabled in the app configuration. #58924
  • Added fdpass-teleport binary to install script for Teleport tar downloads. #58920
  • Support multiple resource editing in tctl edit when editing collections. #58901
  • Fixed an issue that would cause trusted cluster resource updates to fail silently. #58887
  • Added ability for user to select whether IC integration creates roles for all possible Account Assignments. #58862
  • Allow controlling the description of auto-discovered Kubernetes apps with an annotation. #58816
  • Added new bound_keypair join method for Machine and Workload ID to better support bots in on-prem and other environments without a platform-specific join method. #58334

Enterprise:

  • Fixed an issue in the Entra ID integration where a user account with an unsupported username value could prevent other valid users and groups to be synced to Teleport. Such user accounts are now filtered.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 16.5.16

19 Sep 04:42
@doggydogworld doggydogworld
v16.5.16
9aea9ed
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.5.16

Description

  • Fix issue preventing auto enrollment of EKS clusters when using the Web UI. #59274
  • Added desktop name for Windows Directory and Clipboard audit events. #59158
  • Fixed client tools managed updates sequential update. #59090
  • Install script allows specifying a group for agent installation with managed updates V2 enabled. #59061
  • Added fdpass-teleport binary to install script for Teleport tar downloads. #58921
  • Updated Go to 1.24.7. #58837
  • Allow controlling the description of auto-discovered Kubernetes apps with an annotation. #58815
  • Prevents an application from being registered if its public address matches a Teleport cluster address. #58768

Enterprise:

  • Fixed an issue in the Entra ID integration where a user account with an unsupported username value could prevent other valid users and groups to be synced to Teleport. Such user accounts are now filtered.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.2.1

13 Sep 02:52
@doggydogworld doggydogworld
v18.2.1
efcd76d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 18.2.1

Description

  • Fixed client tools managed updates sequential update. #59086
  • Fixed headless login so that it supports both WebAuthn and SSO for MFA. #59078
  • When selecting a login for an SSH server, Teleport Connect now shows only logins allowed by RBAC for that specific server rather than showing all logins which the user has access to. #59067
  • Terraform Provider is now supported on Windows machines. #59055
  • Enabled Oracle Cloud joining in Machine ID's tbot client. #59040
  • Fixed a bug preventing users to create access lists with empty grants through Terraform. #59032
  • Fixed a DynamoDB bug potentially causing event queries to return a different range of events. In the worst case scenario, this bug would block the event-handler. #59029
  • Fixed an issue where SSH file copying attempts would be spuriously denied in proxy recording mode. #59027
  • Updated Enroll Integration page design. #58985
  • Teleport Connect now runs in the background by default on macOS and Windows. On Linux, this behavior can be enabled in the app configuration. #58923
  • Added fdpass-teleport binary to install script for Teleport tar downloads. #58919
  • Support multiple resource editing in tctl edit when editing collections. #58902
  • Added support for browser window resizing to the Teleport Web UI database client terminal. #58900
  • Fixed a bug that prevented root users from viewing session recordings when they were participants. #58897
  • Added ability for user to select whether IC integration creates roles for all possible Account Assignments. #58861
  • Updated Go to 1.24.7. #58835
  • Populate user_roles and user_traits fields for SSH audit events. #58804
  • Added support for wtmpdb as a user accounting backend to wtmp. #58777
  • Prevents an application from being registered if its public address matches a Teleport cluster address. #58766
  • Added a preset role mcp-user that has access to all MCP servers and their tools. #58613

Enterprise:

  • Fixed an issue where sometimes the session summary was marked as a success, even though the summary was empty (this was particularly visible using GPT 5).
  • Updated Enroll Integration page design.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.4

09 Sep 06:42
@camscale camscale
v17.7.4
441db5b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.7.4

Description

  • Updated Go to 1.24.7. #58836
  • Added support for tbot configuration of a default namespace for kubeconfig files generated by the kubernetes/v2 service. #58791
  • Prevented an application from being registered if its public address matches a Teleport cluster address. #58767
  • Removed AccessList review notification check from tsh login / status flow. #58666
  • Added Lock, unlock and delete operations to the Bot Details page, as well as viewing lock status. #58647
  • Fixed panic in tbot's ssh-multiplexer service. #58596
  • MWI: Added support to tbot for managing Argo CD clusters via the kubernetes/argo-cd output service. #58567
  • Added support for configure SCIM Plugin with OIDC or Github Teleport Connectors. #58555
  • Appended headers to configuration files generated by teleport-update. #56578

Enterprise:

  • Updated AWS Identity Center plugin to honor Role and Access Request locks.
  • Updated AWS Identity Center plugin to not provision users when Teleport is not acting as a SAML IdP for AWS

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.2.0

05 Sep 15:44
@fheinecke fheinecke
v18.2.0
9d7a51c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 18.2.0

Description

Encrypted session recordings

Teleport now provides the ability to integrate with Hardware Security Modules (HSMs) in order to encrypt session recordings prior to uploading them to storage.

AI session summaries

Teleport Identity Security users are now able to view AI-generated summaries for SSH, Kubernetes and database sessions.

Updated session recordings page

Session recordings page in Teleport web UI are now updated with a new design that will include session thumbnails and ability to view session summaries for Identity Security users.

Teleport Connect Managed Updates

Teleport Connect is now able to detect when application updates are available and automatically apply them on the next restart.

Teleport Device Trust Intune Support

Teleport now includes a new hosted plugin for Microsoft's Intune suite, allowing trusted devices to be synchronized from the Intune inventory.

Terraform support for Access List members

Users are now able to provision Access Lists and their members (including other nested Access Lists) with terraform.

Long-term access requests UX

Teleport access requests creation dialog in web UI now better differentiate between short and long-term access requests.

Database web terminal for MySQL

Teleport web UI now provides terminal interface for MySQL database access.

Database access for AlloyDB

Teleport now supports database access for GCP AlloyDB databases.

Other changes and improvements

  • Improved observability by adding health check metrics for healthy, unhealthy, and unknown states. Database health checks can now be monitored with these metrics. #58708
  • New session recordings now display an interactive timeline for faster navigation. #58671
  • Removed AccessList review notification check from tsh login/status flow. #58662
  • Lock, unlock and delete from the Bot Details page, as well as viewing lock status. #58653
  • Fixed internal access list membership caching issue that caused high CPU usage when the total number of members exceeded 200. #58614
  • Fix internal cache issue that could cause crashes in AWS IC, Database, and App access flows. #58611
  • Fixed panic in tbot's ssh-multiplexer service. #58595
  • Teleport now honours Entra ID OIDC groups overage claim. The OIDC connector spec in Teleport must be updated to request OIDC profile scope and the enterprise application in Entra ID must be granted with User.ReadBasic.All Graph API permission for this feature to work. By default, Teleport will query the Microsoft Graph API graph.microsoft.com endpoint and filter user's group membership of "security groups" group type. This behaviour can be updated by configuring entra_id_groups_provider configuration field, which is available in the OIDC connector configuration spec. #58593
  • Enhanced session recordings RBAC to enforce recording access based on rules that reference creator’s roles, traits, and resource properties. #58563
  • Added support for configure SCIM Plugin with OIDC or Github Teleport Connectors. #58554
  • Added user_agent field to MySQL database session start audit events. #58523
  • tbot now supports the configuration of a default namespace for kubeconfig files generated by the kubernetes/v2 service. #58494
  • Reduced audit log clutter by compacting contiguous shared directory read/write events into a single audit log event. #58446
  • Session metadata now appears next to SSH sessions in the UI. #58405
  • Refreshed the list session recordings UI with thumbnails, more filtering options and a card/list view. #58390
  • Added thumbnail and metadata generation for session recordings. #58360
  • Teleport Connect now supports managed updates. #58260
  • Teleport Connect now brings focus back from the browser to itself after a successful SSO login. #58260
  • Added support for GCP AlloyDB. #58202
  • Added Microsoft Intune integration for syncing devices into Teleport Device Trust. #57986
  • Added support for encrypting session recordings at rest across all recording modes. Encryption can be enabled statically by setting auth_server.session_recording_config.enabled: yes in the Teleport file configuration, or dynamically by editing the session_recording_config resource and setting spec.encryption.enabled: yes. #57959
  • Added a MySQL database client REPL to the Teleport web UI. #57798
  • Added SSH SELinux module management to teleport-update. #57660
  • Added Terraform support for Access List members. #57058

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.3

03 Sep 02:50
@fheinecke fheinecke
v17.7.3
304ea29
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.7.3

Description

  • Aa namespace can now be specified for the tbot Kubernetes Secret destination. #58553
  • Fixed nested access list hierarchy propagation in case of tctl using UpsertAccessList API call. #58550
  • Added support for setting "*" in role kubernetes_users. #58478
  • Reduced audit log clutter by compacting contiguous shared directory read/write events into a single audit log event. #58445
  • Fixed an issue where VNet could not start because of "VNet is already running" error. #58389
  • Fixed incorrect scp exit status between OpenSSH clients and servers. #58328
  • Fixed sftp readdir failing due to broken symlinks. #58321
  • The following Helm charts now support obtaining the plugin credentials using tbot: teleport-plugin-discord, teleport-plugin-email, teleport-plugin-jira, teleport-plugin-mattermost, teleport-plugin-msteams, teleport-plugin-pagerduty, teleport-plugin-event-handler. #58300
  • Enabled separate request_object_mode setting for MFA flow in OIDC connectors. #58280
  • Teleport Connect now supports managed updates. #58261
  • Teleport Connect now brings focus back from the browser to itself after a successful SSO login. #58261
  • Fixed failure to close user accounting session. #58164
  • Fixed an uncaught exception in Teleport Connect on Windows when closing the app while the TELEPORT_TOOLS_VERSION environment variable is set. #58132
  • Fixed a Teleport Connect crash that occurred when assuming an access request while an application or database connection was active. #58110
  • Added paginated API ListDatabases, deprecate GetDatabases. #58104
  • Fixed modifier keys getting stuck during remote desktop sessions. #58102
  • Enable Azure joining with VMSS. #58093
  • Windows desktop LDAP discovery now auto-populates the resource's description field. #58081
  • TBot now emits a log message stating the current version on startup. #58057
  • Added experimental bound keypair joining method, disabled by default behind a flag. #57961
  • Updated Go to 1.24.6. #57860
  • Added new oidc joining mode for Kubernetes delegated joining to support providers that can be configured to provide public OIDC endpoints, like EKS, AKS, and GKE. #57800
  • Newly enrolled Kubernetes agents in will now use Managed Updates by default. #57783

Enterprise:

  • For OIDC SSO, the IdP app/client configured for MFA checks is no longer expected to return claims that map to Teleport roles. Valid claim to role mappings are only required for login flows.
  • Fixed SSO MFA method for applications when Teleport is the SAML identity provider and Per-Session MFA is enabled.
  • Fix: Handle disabling okta-requester role assignment.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 16.5.15

02 Sep 22:26
@fheinecke fheinecke
v16.5.15
3504ac4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.5.15

Description

  • The following Helm charts now support obtaining the plugin credentials using tbot: teleport-plugin-discord, teleport-plugin-email, teleport-plugin-jira, teleport-plugin-mattermost, teleport-plugin-msteams, teleport-plugin-pagerduty, teleport-plugin-event-handler. #58302
  • Fixed failure to close user accounting session. #58165
  • Fixed an uncaught exception in Teleport Connect on Windows when closing the app while the TELEPORT_TOOLS_VERSION environment variable is set. #58133
  • Added paginated API ListDatabases, deprecated GetDatabases. #58112
  • Fixed a Teleport Connect crash that occurred when assuming an access request while an application or database connection was active. #58111
  • Fixed modifier keys getting stuck during remote desktop sessions. #58101
  • Enabled Azure joining with VMSS. #58092
  • Windows desktop LDAP discovery now auto-populates the resource's description field. #58080
  • TBot now emits a log message stating the current version on startup. #58058
  • Improved error message when a User without any MFA devices enrolled attempts to access a resource that requires MFA. #58045
  • Added TELEPORT_UNSTABLE_GRPC_RECV_SIZE env var which can be set to overwrite client side max grpc message size. #58027
  • Fixed auto-updated client tools not using the intended version. #57872
  • Updated Go to 1.24.6. #57861
  • Newly enrolled Kubernetes agents in will now use Managed Updates by default. #57782
  • Fixed Alt+Click not being registered in remote desktop sessions. #57755
  • Kubernetes Access: kubectl port-forward now exits cleanly when backend pods are removed. #57741
  • Kubernetes Access: Fixed a bug when forwarding multiple ports to a single pod. #57739
  • Fixed unlink-package during upgrade/downgrade. #57722
  • Teleport event-handler now accepts HTTP Status Code 204 from the recipient. This adds support for sending events to Grafana Alloy and newer Fluentd versions. #57682
  • Enriched the windows.desktop.session.start audit event with additional certificate metadata. #57679
  • The tctl top command can now display raw prometheus metrics. #57633
  • Fixed a bug in the default discovery script that can happen discovering instances whose PATH doesn't contain /usr/local/bin. #57532
  • Make it easier to identify Windows desktop certificate issuance on the audit log page. #57519
  • Fixed a bug on Windows where a forwarded SSH agent would become dysfunctional after a single connection using the agent. #57514
  • The tctl top now respects local teleport config file. #57352
  • Disabled NLA in FIPS mode. #57309
  • Allow YubiKeys running 5.7.4+ firmware to be usable as PIV hardware keys. #57218
  • Fixed using relative path TELEPORT_HOME env with client tools managed update. #56952
  • Client tools managed updates support multi-cluster environments and track each version in the configuration file. #56952

Enterprise:

  • Slightly optimized access token refresh logic for Jamf integration when using API credentials

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.1.8

29 Aug 22:15
@doggydogworld doggydogworld
v18.1.8
5edd7a7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 18.1.8

Description

  • Fixed an issue introduced in v18.1.5 that caused desktop connection attempts to stall on the loading screen. #58500
  • Support setting "*" in role kubernetes_users. #58477
  • The following Helm charts now support obtaining the plugin credentials using tbot: teleport-plugin-discord, teleport-plugin-email, teleport-plugin-jira, teleport-plugin-mattermost, teleport-plugin-msteams, teleport-plugin-pagerduty, teleport-plugin-event-handler. #58301

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.1.7

28 Aug 03:43
@doggydogworld doggydogworld
v18.1.7
ddaf650
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 18.1.7

Warning

This release includes a regression that prevents connecting to Windows desktops via the Web UI.

The following workarounds are available:

  • Downgrade proxy servers to 18.1.4
  • Use Teleport Connect instead of the web UI to access desktops
  • Set your preferred keyboard layout (under account settings) to something other than system

Description

  • Fixed an issue where VNet could not start because of "VNet is already running" error. #58388
  • Fix MCP icon displaying as white/black blocks. #58347
  • Fix crash when running 'teleport backend clone' on non-Linux platforms. #58332
  • Disabled MySQL database health checks to avoid MySQL blocking the Teleport Database Service for too many connection errors. MySQL health checks can be re-enabled by setting max_connect_errors on MySQL to its maximum value and setting the environment variable TELEPORT_ENABLE_MYSQL_DB_HEALTH_CHECKS=1 on the Teleport Database Service instance. #58331
  • Fixed incorrect scp exit status between OpenSSH clients and servers. #58327
  • Fixed sftp readdir failing due to broken symlinks. #58320
  • Added "MCP Servers" filter in resources view for Web UI and Teleport Connect. #58309
  • Enable separate request_object_mode setting for MFA flow in OIDC connectors. #58281
  • Allow a namespace to be specified for the tbot Kubernetes Secret destination. #58203
  • MWI: tbot now supports managing Argo CD clusters via the kubernetes/argo-cd output service. #58200
  • Fixed failure to close user accounting session. #58163
  • Add paginated API ListDatabases, deprecate GetDatabases. #58105
  • Prevent modifier keys from getting stuck during remote desktop sessions. #58103
  • Fixed AWS app access signature verification for AWS requests that use an unsigned payload. #58085
  • Windows desktop LDAP discovery now auto-populates the resource's description field. #58082

Enterprise:

  • For OIDC SSO, the IdP app/client configured for MFA checks is no longer expected to return claims that map to Teleport roles. Valid claim to role mappings are only required for login flows.
  • Fix SSO MFA method for applications when Teleport is the SAML identity provider and Per-Session MFA is enabled.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading