All Versions
256
Latest Version
Avg Release Cycle
3 days
Latest Release
-

Changelog History
Page 13

  • v4.1.13 Changes

    ๐Ÿš€ This release of Teleport contains a bug fix.

    • ๐Ÿ›  Fixed issue where the port forwarding option in a role was ignored. #3208
  • v4.1.11 Changes

    October 01, 2020

    ๐Ÿš€ This release of Teleport contains a security fix.

    • โšก๏ธ Mitigated CVE-2020-15216 by updating github.com/russellhaering/goxmldsig.

    Details

    A vulnerability was discovered in the github.com/russellhaering/goxmldsig library which is used by Teleport to validate the
    ๐Ÿ”ง signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
    bypass XML signature validation and pass off an altered file as a signed one.

    Actions

    โšก๏ธ The goxmldsig library has been updated upstream and Teleport 4.1.11 includes the fix. Any Enterprise SSO users using Okta,
    โฌ†๏ธ Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.1.11 and restart Teleport.

    โšก๏ธ If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.

    Download

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

  • v4.1.10 Changes

    April 01, 2020

    ๐Ÿš€ As part of a routine security audit of Teleport, a security vulnerability was discovered that affects all recent releases of Teleport. We strongly suggest upgrading to the latest patched release to mitigate this vulnerability.

    Details

    ๐Ÿ’ป Due to a flaw in how the Teleport Web UI handled host certificate validation, host certificate validation was disabled for clusters where connections were terminated at the node. This means that an attacker could impersonate a Teleport node without detection when connecting through the Web UI.

    Clusters where sessions were terminated at the proxy (recording proxy mode) are not affected.

    ๐Ÿ’ป Command line programs like tsh (or ssh) are not affected by this vulnerability.

    Actions

    โฌ†๏ธ To mitigate this issue, upgrade and restart all Teleport proxy processes.

    Downloads

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

  • v4.1.9 Changes

    February 20, 2020

    ๐Ÿš€ This release of Teleport contains a security fix.

    • โšก๏ธ Mitigated CVE-2020-9283 by updating golang.org/x/crypto.
  • v4.1.8 Changes

    January 15, 2020

    ๐Ÿš€ This release of Teleport contains a bug fix.

    • ๐Ÿ›  Fixed a regression in role mapping between trusted clusters. #3252
  • v4.1.7 Changes

    December 13, 2019

    ๐Ÿš€ This release of Teleport contains a bug fix.

    Description

    • ๐Ÿ›  Fixed issue where the port forwarding option in a role was ignored. #3208

    Download

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

  • v4.1.6 Changes

    December 10, 2019

    ๐Ÿš€ This release of Teleport contains a bug fix.

    Description

    • ๐Ÿ›  Fixed an issue that caused Teleport not to start with certain OIDC claims. #3053

    Download

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

  • v4.1.5 Changes

    November 27, 2019

    ๐Ÿš€ This release of Teleport adds support for an older version of Linux.

    • โž• Added RHEL/CentOS 6.x builds to the build pipeline. #3175
  • v4.1.4 Changes

    November 06, 2019

    ๐Ÿš€ This release of Teleport contains a bug fix.

    Description

    • ๐Ÿ›  Fixed GSuite integration by adding support for service accounts. #3122

    Download

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

  • v4.1.3 Changes

    October 24, 2019

    ๐Ÿš€ This release of Teleport contains multiple bug fixes.

    Description

    • Removed TLS_RSA_WITH_AES_128_GCM_SHA{256,384} from default ciphersuites due to compatibility issues with HTTP2.
    • ๐Ÿ›  Fixed issues with local_auth for FIPS builds. #3100
    • โฌ†๏ธ Upgraded Go runtime to 1.13.2 to mitigate CVE-2019-16276 and CVE-2019-17596.

    Download

    ๐Ÿš€ Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.