Skip to content

Teleport 18.1.0

Latest
Latest
Compare
Choose a tag to compare
@fheinecke fheinecke released this 25 Jul 18:57
· 632 commits to master since this release
v18.1.0
8cdb161
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Description

MCP server access

Teleport now provides the ability to connect to stdio-based MCP servers with
connection proxying and audit logging support.

MCP for database access

Teleport now allows MCP clients such as Claude Desktop to execute queries in
Teleport-protected databases.

VNet for SSH

Teleport VNet adds native support for SSH, enabling any SSH client to connect to
Teleport SSH servers with zero configuration. Advanced Teleport features like
per-session MFA have first-class support for a seamless user experience.

Identifier-first login

Teleport adds support for identifier-first login flows. When enabled, the
initial login screen contains only a username prompt. Users are presented with
the SSO connectors that apply to them after submitting their username.

Bound keypair joining for Machine ID

The new bound keypair join method for Machine ID is a more secure and
user-friendly alternative to token joining in both on-prem environments and
cloud providers without a delegated join method. It allows for automatic
self-recovery in case of expired client certificates and gives administrators
new options to manage and automate bot joining.

Sailpoint SCIM integration

Teleport now supports Sailpoint as a SCIM provider allowing administrators to
synchronize Sailpoint entitlement groups with Teleport access lists.

LDAP server discovery for desktop access

Teleport's windows_desktop_service can now locate the LDAP server via DNS as
an alternative to providing the address in the configuration file.

Managed Updates canary support

Managed Updates v2 now support performing canary updates. When canary updates
are enabled for a group, Teleport will update a few agents first and confirm
they come back healthy before updating the rest of the group.

You can unable canary updates by setting canary_count in your
autoupdate_config:

kind: autoupdate_config
spec:
  agents:
    mode: enabled
    schedules:
      regular:
      - name: dev
        days:
        - Mon
        - Tue
        - Wed
        - Thu
        start_hour: 20
        canary_count: 5
    strategy: halt-on-error

Each group can have a maximum of 5 canaries, canaries are picked randomly among
the connected agents.

Canary update support is currently only support by Linux agents, Kubernetes
support will be part of a future release.

Improved access requests UX

Teleport's web UI makes a better distinction between just-in-time and long-term
access request UX.

Other changes and improvements

  • Fixed a bug causing tctl/tsh to fail on read-only file systems. #57147
  • The teleport-distroless container image now disables client tools updates by default (when using tsh/tctl, you will always use the version from the image). You can enable them back by unsetting the TELEPORT_TOOLS_VERSION environment variable. #57147
  • Fixed a crash in Teleport Connect that could occur when copying large clipboard content during desktop sessions. #57130
  • Audit log events for SPIFFE SVID issuances now include the name/label selector used by the client. #57129
  • Fixed an issue with tsh aws failing for STS and other AWS services. #57122
  • Fixed client tools managed updates downgrade to older version. #57073
  • Removed unnecessary macOS entitlements from Teleport Connect subprocesses. #57066
  • Machine and Workload ID: The tbot client will now discard expired identities if needed during renewal to allow automatic recovery without restarting the process. #57060
  • Defined access-plugin preset role. #57056
  • The tctl top command now supports the local unix sock debug endpoint. #57025
  • Added --listen flag to tsh proxy db for setting local listener address. #57005
  • Added multi-account support to teleport discovery bootstrap. #56998
  • Added TeleportRoleV8 support to the Teleport Kubernetes Operator. #56946
  • Fixed a bug in the Teleport install scripts when running on macOS. The install scripts now error instead of trying to install non existing macOS FIPS binaries. #56941
  • Fixed using relative path TELEPORT_HOME environment variable with client tools managed update. #56933
  • Client tools managed updates support multi-cluster environments and track each version in the configuration file. #56933
  • Fixed certificate revocation failures in Active Directory environments when Teleport is using HSM-backed key material. #56924
  • Fixed database connect options dialog displaying wrong database username options. #55560

Enterprise:

  • Fixed SCIM user provisioning when a user already exists and is managed by the same connector as the SCIM integration.
  • Added enrolment for a generic SCIM Integration.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading