Gravitational Teleport v4.3.7

Version Release Notes from October 01, 2020 (over 3 years ago)

« Changelog History

Gravitational Teleport v4.3.7 Release Notes

Release Date: 2020-10-01 // over 3 years ago

🚀 This release of Teleport contains a security fix and a bug fix.
- ⚡️ Mitigated CVE-2020-15216 by updating github.com/russellhaering/goxmldsig.
Details

A vulnerability was discovered in the github.com/russellhaering/goxmldsig library which is used by Teleport to validate the
🔧 signatures of XML files used to configure SAML 2.0 connectors. With a carefully crafted XML file, an attacker can completely
bypass XML signature validation and pass off an altered file as a signed one.

Actions

⚡️ The goxmldsig library has been updated upstream and Teleport 4.3.7 includes the fix. Any Enterprise SSO users using Okta,
⬆️ Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to version 4.3.7 and restart Teleport.

⚡️ If you are unable to upgrade immediately, we suggest deleting SAML connectors for all clusters until the updates can be applied.
- Fixed an issue where DynamoDB connections made by Teleport would not respect the HTTP_PROXY or HTTPS_PROXY environment variables. #4271
Download

🚀 Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Awesome SysAdmin is part of the LibHunt network. Terms. Privacy Policy.