Changelog History
Page 13
-
v4.1.13 Changes
๐ This release of Teleport contains a bug fix.
- ๐ Fixed issue where the port forwarding option in a role was ignored. #3208
-
v4.1.11 Changes
October 01, 2020๐ This release of Teleport contains a security fix.
- โก๏ธ Mitigated CVE-2020-15216 by updating github.com/russellhaering/goxmldsig.
Details
A vulnerability was discovered in the
github.com/russellhaering/goxmldsiglibrary which is used by Teleport to validate the
๐ง signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.Actions
โก๏ธ The
goxmldsiglibrary has been updated upstream and Teleport 4.1.11 includes the fix. Any Enterprise SSO users using Okta,
โฌ๏ธ Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.1.11 and restart Teleport.โก๏ธ If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.
Download
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
-
v4.1.10 Changes
April 01, 2020๐ As part of a routine security audit of Teleport, a security vulnerability was discovered that affects all recent releases of Teleport. We strongly suggest upgrading to the latest patched release to mitigate this vulnerability.
Details
๐ป Due to a flaw in how the Teleport Web UI handled host certificate validation, host certificate validation was disabled for clusters where connections were terminated at the node. This means that an attacker could impersonate a Teleport node without detection when connecting through the Web UI.
Clusters where sessions were terminated at the proxy (recording proxy mode) are not affected.
๐ป Command line programs like
tsh(orssh) are not affected by this vulnerability.Actions
โฌ๏ธ To mitigate this issue, upgrade and restart all Teleport proxy processes.
Downloads
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
-
v4.1.9 Changes
February 20, 2020๐ This release of Teleport contains a security fix.
- โก๏ธ Mitigated CVE-2020-9283 by updating golang.org/x/crypto.
-
v4.1.8 Changes
January 15, 2020๐ This release of Teleport contains a bug fix.
- ๐ Fixed a regression in role mapping between trusted clusters. #3252
-
v4.1.7 Changes
December 13, 2019๐ This release of Teleport contains a bug fix.
Description
- ๐ Fixed issue where the port forwarding option in a role was ignored. #3208
Download
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
-
v4.1.6 Changes
December 10, 2019๐ This release of Teleport contains a bug fix.
Description
- ๐ Fixed an issue that caused Teleport not to start with certain OIDC claims. #3053
Download
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
-
v4.1.5 Changes
November 27, 2019๐ This release of Teleport adds support for an older version of Linux.
- โ Added RHEL/CentOS 6.x builds to the build pipeline. #3175
-
v4.1.4 Changes
November 06, 2019๐ This release of Teleport contains a bug fix.
Description
- ๐ Fixed GSuite integration by adding support for service accounts. #3122
Download
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
-
v4.1.3 Changes
October 24, 2019๐ This release of Teleport contains multiple bug fixes.
Description
- Removed
TLS_RSA_WITH_AES_128_GCM_SHA{256,384}from default ciphersuites due to compatibility issues with HTTP2. - ๐ Fixed issues with
local_authfor FIPS builds. #3100 - โฌ๏ธ Upgraded Go runtime to 1.13.2 to mitigate CVE-2019-16276 and CVE-2019-17596.
Download
๐ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
- Removed