Gravitational Teleport v9.3.9 Release Notes

  • πŸš€ This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.

    Auth bypass in Moderated Sessions

    When checking a user’s roles prior to starting a session, Teleport may have incorrectly allowed a session to proceed without moderation depending on the order roles are received from the backend.

    πŸ›  Other improvements and fixes

    • πŸ›  Fixed issue with per-session MFA swallowing keypresses. #13822
    • πŸ›  Fixed issue with tsh db ls -R now showing allowed users. #13626
    • πŸ›  Fixed vertical and horizontal scroll in desktop access. #13905
    • πŸ›  Fixed issue with invalid query filters forcing tsh relogin. #13747
    • πŸ›  Fixed issue with TLS routing and proxy jump. #13928
    • πŸ›  Fixed issue with MongoDB connections timing out in certain scenarios. #13859
    • πŸ›  Fixed issue with Machine ID certificate renewal with empty requested roles. #13893
    • πŸ›  Fixed issue with Windows desktops not being labeled with LDAP attribute labels. #13681
    • πŸ›  Fixed issue with desktop access streaming not being terminated properly. #14024
    • Added ability to use FIPS endpoints for S3 and DynamoDB using use_fips_endpoint connection option. #13703
    • βž• Added ability to specify CA pin as a file path in the config. #13089
    • πŸ‘Œ Improved reconnect reliability after root proxy restart. #13967
    • πŸ‘Œ Improved error messages for failed auth client connections. #13835