Skip to content

Releases: gravitational/teleport

Teleport 18.4.1

20 Nov 22:09
@doggydogworld doggydogworld
v18.4.1
19afa95
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.4.1 Latest
Latest

Description

  • Fixed a bug that prevented searching audit log events in the web UI when using Athena audit storage. #61603
  • Prevented Trivy from reporting false positives when scanning the Teleport binaries. #61539
  • Added support for tsh logout --proxy (or TELEPORT_PROXY set) to work without --user flag when one identity exists. #61404
  • Fixed web upload/download failure behind load balancers when web listen address is unspecified. #61393
  • Fixed corrupted private keys breaking tsh. #61388
  • Resource names are now properly validated for AWS Roles Anywhere integration Generate Command. #61385
  • Added caches to reduce Active Directory user SID lookups and TLS certificate requests. #61317
  • GOAWAY errors received from Kubernetes API Servers configured with a non-zero --goaway-chance are now forward to clients to be retried. #61256
  • Added support for creating and managing scoped tokens using tctl scoped tokens add/ls/rm. SSH nodes can now join a cluster within a particular scope by joining with a scoped token. #60758

Enterprise:

  • Removed sync of the model identifier from Intune to avoid mismatches between the identifier reported by Intune vs Teleport clients.
  • Added support for Jamf's /v2/computers-inventory API (addresses Jamf's deprecation of /v1/computers-inventory).
  • Updated the AWS Identity Center resource synchronizer to handle AWS Account name changes more gracefully.
  • Added audit events in response to SCIM provisioning requests.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 18.4.0

14 Nov 04:30
@camscale camscale
v18.4.0
f1ebe3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.4.0

Description

Streamable-HTTP and SSE support for MCP Zero-Trust Access

MCP Zero-Trust Access users are now able to secure and audit connections to MCP servers that use HTTP-based transport protocols in addition to stdio.

Improved Bot Instances Dashboard

The Bot Instances dashboard now provides a more intuitive interface for managing a fleet of Machine & Workload Identity bot instances. This includes improved filtering, sorting and searching capabilities, and a high-level overview of the versions of all bot instances in the cluster.

Updated Oracle Joining Support

Oracle compute instances are no longer required to have additional IAM permissions granted to them in order to join. Oracle join tokens now also allow restricting which instances may leverage a token to join.

Other changes and improvements

  • Fixed an issue connections to MongoDB Atlas clusters fail if clusters use certs signed by Google Trust Services (GTS). #61324
  • Improved reverse tunnel dialing recovery from default route changes by 1min on average. #61319
  • Fixed an issue Postgres database cannot be accessed via Teleport Connect when per-session MFA is enabled and the role does not have wildcard db_names. #61299
  • Improved conflict detection of application public address and Teleport cluster addresses. #61290
  • Fixed AWS Roles Anywhere cli access when using per-session MFA. #61273
  • Fixed rare error in the authorized_keys secret scanner when running the Teleport agent on MacOS. #61268
  • Updated Go to v1.24.10. #61212
  • Terraform: teleport_bot resource now supports import, and follows the standard resource structure. #61201
  • Added support for tbot to teleport-update. #61198
  • Instrumented tbot to better support teleport-update. #61189
  • Improved error message of tsh when there is a certificate DNS SAN mismatch when connecting to Auth via Proxy. #61186
  • Improved error handling during desktop sessions that encounter unknown/invalid smartcard commands. This prevents abrupt desktop session termination with a "PDU error" message when using certain applications. #61180
  • Fixed an issue causing Access Automation Rules to evaluate incorrectly when users are granted traits via Access Lists. #61169
  • Added support for tsh copying files between two hosts, i.e. tsh scp alice@foo:/path/1.txt bob@bar:/path/2.txt. #61165
  • Added support for custom reason prompts for Access Requests, per requested role/resource (role.spec.allow.request.reason.prompt). #61127
  • Fixed the webUI timeout time to respect the cluster's WebIdleTimeout configuration. #61103
  • Added an option to restrict Oracle join tokens to specific instance IDs. #61078
  • Stabilized tsh paths when run from agent installation. #60873
  • Added advanced search and sorting to the bot instances list in the web UI. #60761
  • Added filter and sort flags to tctl bots instances ls. #60761
  • Added service health to the output tctl bots instances ls and tctl bot instance show commands. #60761
  • Added a dashboard to visualize bot instances by their version compatibility. #60761
  • Added bot instance service health to web UI. #60761
  • Added new env0 join method to support joining within Env0 workflows. #60710
  • Added a new OCI join method that does not require IAM policies. #60293
  • Added support for HTTP_PROXY in server auto-discovery installation. #60635

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.10

14 Nov 00:53
@aadc-dev aadc-dev
v17.7.10
f2d0ec2
This commit was signed with the committer’s verified signature.
aadc-dev Angel Dionisio
SSH Key Fingerprint: jY4y60vmj4+3cRs/6JKlm9J6fIg+zjntdtY7y9yXTA8
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.10

Description

  • Improved reverse tunnel dialing recovery from default route changes by 1min on average. #61318
  • Fixed an issue with the Identity Center resource cache that could cause the account resources to be deleted from the cache. #61313
  • Fixed an issue Postgres database cannot be accessed via Teleport Connect when per-session MFA is enabled and the role does not have wildcard db_names. #61300
  • Improved conflict detection of application public address and Teleport cluster addresses. #61292
  • Fixed rare error in the authorized_keys secret scanner when running the Teleport agent on MacOS. #61267
  • Updated Go to v1.24.10. #61210
  • Instrumented tbot to better support teleport-update. #61190
  • Improved error message of tsh when there is a certificate DNS SAN mismatch when connecting to Auth via Proxy. #61187
  • Improved error handling during desktop sessions that encounter unknown/invalid smartcard commands. This prevents abrupt desktop session termination with a "PDU error" message when using certain applications. #61179
  • Updated github.com/containerd/containerd dependency to fix GHSA-pwhc-rpq9-4c8w. #61145
  • Updated quic-go dependency to fix CVE-2025-59530. #61111
  • Fixed a bug causing tsh to stop waiting for access request approval and incorrectly report that the request had been deleted. #61110
  • Fixed an issue where resources in Teleport Connect were not always refreshed correctly after re-logging in as a different user. #61100
  • Fixed an issue which could lead to session recordings saved on disk being truncated. #60965

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.3.2

07 Nov 21:34
@fheinecke fheinecke
v18.3.2
a5c17d6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.3.2

Description

  • Updated github.com/containerd/containerd dependency to fix GHSA-pwhc-rpq9-4c8w. #61143
  • Fixed regression when connecting to non-AD desktops. #61117
  • Fixed a bug causing tsh to stop waiting for access request approval and incorrectly report that the request had been deleted. #61109
  • Fixed an issue where resources in Teleport Connect were not always refreshed correctly after re-logging in as a different user. #61099

Enterprise:

  • Added support for Amazon Bedrock to session recording summarizer (unavailable in Teleport Cloud). #7463

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.9

06 Nov 05:59
@fheinecke fheinecke
v17.7.9
209122c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.9

Description

  • Fixed configuration files such as .kube/config referring to non-existent tsh binaries. #60872
  • Fixed an issue in the web UI where a bot with zero tokens would show a validation error. #60759
  • The browser window for SSO MFA is slightly taller in order to accommodate larger elements like QR codes. #60702
  • Fixed MongoDB topology monitoring connection leak in the Teleport Database Service. #60693
  • Okta-managed apps are now pinned correctly in the web UI. #60677
  • Slack access plugin no longer crashes in the event access list is unsupported. #60674
  • Fixed tsh scp failing on files that grow during transfer. #60608
  • Allowed moderated session peers to perform file transfers. #60605
  • Fixed a startup error EADDRINUSE: address already in use in Teleport Connect on macOS and Linux that could occur with long system usernames. #60577
  • MWI: tbot's auto-generated service names are now simpler and easier to use in the /readyz endpoint. #60459
  • Client tools managed updates stores OS and ARCH in the configuration. This ensures compatibility when TELEPORT_HOME directory is shared with a virtual instance running a different OS or architecture. #60413
  • Updated LDAP dial timeout from 15 seconds to 30 seconds. #60392
  • Fixed a bug that prevented using database role names longer than 30 chars for MySQL auto user provisioning. Now role names as long as 32 chars, which is the MySQL limit, can be used. #60378
  • Fixed a bug in Proxy Recording Mode that causes SSH sessions in the WebUI to fail. #60368
  • Added extraEnv and extraArgs to the teleport-operator helm chart. #60356
  • Fixed malformed audit events breaking the audit log. #60335
  • Added editing bot description to the web UI. #60213

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.3.1

05 Nov 06:31
@fheinecke fheinecke
v18.3.1
1003e1c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.3.1

Description

  • Fixed an issue MCP session end event is not being sent sometimes. #61009
  • Teleport's Windows Desktop service can now discover the KDC server address via DNS. #60988
  • Fixed Kubernetes metrics API unmarshaling errors causing kubectl top commands to fail in certain scenarios. #60971
  • Fixed an issue which could lead to session recordings saved on disk being truncated. #60964
  • Fixed a bug causing unencrypted session recordings to be deleted 24 hours after being created while using node and proxy recording modes. #60948
  • Enabled summarization and metadata generation for encrypted session recordings, storing metadata and summaries in encrypted form. #60945
  • Fixed a bug where encrypted sessions recordings could not be uploaded to S3. #60895
  • Added "tsh mcp config/connect" support for custom headers for streamable-HTTP MCP servers. #60843
  • Fixed the session recording player that was unable to play SSH sessions captured prior to v18.1.6. #60832
  • Fixed an issue in the web UI where a bot with zero tokens would show a validation error. #60760
  • Added the ability to set OIDC Integration credentials in the tctl AWS Identity Center plugin installer. #60712
  • Kubernetes OIDC responses are now cached to improve performance and reliability when joining bots and nodes. #60711
  • Fixed MongoDB topology monitoring connection leak in the Teleport Database Service. #60692
  • Added support for topologySpreadConstraints to the teleport-kube-agent Helm chart. #58012
  • The teleport-kube-agent Helm chart now tries to spread pods across hosts and zones. #58012

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.3.0

30 Oct 04:21
@doggydogworld doggydogworld
v18.3.0
7d57227
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.3.0

Description

Web UI Workload ID

Teleport's Web UI now lists all workload identity resources registered in the cluster.

Relay Service

Teleport now includes a new relay service that acts as a lightweight proxy service. This new service can receive connections from both SSH clients and agents.

The relay service can be used to avoid routing SSH connections through the broader Teleport control plane, providing the ability to optimize network flows in large or complex deployments.

Multi-cluster Discovery

Multiple Teleport clusters can now discover the same EC2 instances simultaneously through auto-discovery, with each cluster operating independently without interference.

Kubernetes Health Checks

Teleport now continuously monitors the health of your registered Kubernetes clusters and displays their status directly in the web UI. When connecting to Kubernetes clusters, Teleport automatically routes you to healthy services, ensuring reliable access to your infrastructure.

ElastiCache Serverless

Teleport Database Access now supports connecting to ElastiCache Serverless databases.

Other fixes and improvements

  • The browser window for SSO MFA is slightly taller in order to accommodate larger elements like QR codes. #60703
  • Slack access plugin no longer crashes in the event access list is unsupported. #60671
  • Okta-managed apps are now pinned correctly in the web UI. #60667
  • Create and edit GitLab join tokens from the Web UI. #60649
  • Teleport Connect now displays the profile name (instead of the cluster name) in the UI when referring to the profile; this affects only clusters where the cluster name was specifically set to something else than the proxy hostname during setup. #60615
  • Fixed tsh scp failing on files that grow during transfer. #60607
  • Allowed moderated session peers to perform file transfers. #60604
  • Added support for regular expression conditions for AccessMonitoringRule. #60598
  • Added support for SSE and streamable-HTTP MCP servers. #60519
  • Added health checks for enrolled Kubernetes clusters. #60492
  • MWI: tbot's auto-generated service names are now simpler and easier to use in the /readyz endpoint. #60458
  • Client tools managed updates stores OS and ARCH in the configuration. This ensures compatibility when TELEPORT_HOME directory is shared with a virtual instance running a different OS or architecture. #60414
  • Added a Workload Identities page to the web UI to list workload identities. #59479

Enterprise:

  • Enabled Access Automation Rule schedule configuration within the WebUI.
  • Updated Entra ID plugin installation UI to support group filter configuration.
  • Okta: Allow changing time between importing Okta changes to Teleport from the default 30m with the new time_between_imports setting.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.2.10

24 Oct 22:21
@fheinecke fheinecke
v18.2.10
921ebcb

Choose a tag to compare

View all tags
Teleport 18.2.10

Description

  • Fixed a bug where listing members of an access list results in listing members of access lists which have names prefixed with the original access list name. This may lead to RBAC escalations. #60587
  • Fixed a startup error EADDRINUSE: address already in use in Teleport Connect on macOS and Linux that could occur with long system usernames. #60576
  • Fixed an issue where the eligibility reconsideration flow could continuously reset the Owner’s eligibility status when the Access List contains a dangling reference to a non-existent user. #60575
  • Fixed Username AccessList name collision. #60563
  • Playback speed can be changed in the new SSH/k8s recording player. #60451
  • Adapts EC2 Server auto discovery to send the correct parameters when using the AWS-RunShellScript pre-defined SSM Document. #60434
  • Updated tsh debug output to include tsh client version when --debug flag is set. #60407
  • Updated LDAP dial timeout from 15 seconds to 30 seconds. #60388
  • Fixed a bug that prevented using database role names longer than 30 chars for MySQL auto user provisioning. Now role names as long as 32 chars, which is the MySQL limit, can be used. #60377
  • Fixed a bug in Proxy Recording Mode that causes SSH sessions in the WebUI to fail. #60369
  • Added extraEnv and extraArgs to the teleport-operator helm chart. #60357
  • Fixed issue with inherited roles interfering with auto role provisioning cleanup in Postgres. #60345
  • Fixed malformed audit events breaking the audit log. #60334
  • Enabled use of schedules within automatic review and notification access_monitoring_rules. #60327
  • Fixed an issue that caused Kubernetes debug containers to fail with a “container not valid” error when launched by a user requiring moderated sessions. #60302
  • Added tbot start ssh-multiplexer helper to start the SSH multiplexer service without a config file. #60287
  • Fixed "The server-side graphics subsystem is in an error state" during connection initialization to Windows Desktop. #60285
  • Fixed a bug where SSH host certificates are missing the <hostname>.<clustername> principal, breaking SSH access via third-party clients. #60276
  • Reduces the memory usage when processing a session recording by ~80%. #60275
  • Fixed AWS CLI access when using the AWS Roles Anywhere integration. #60227
  • Fixed an issue in Teleport Connect where Ctrl+D would sometimes not close a terminal tab. #60221
  • Updated error messages displayed by tsh ssh when access to hosts is denied and when attempting to connect to a host that is offline or not enrolled in the cluster. #60215
  • Added editing bot description to the web UI. #60212
  • Added support for PodSecurityContext to tbot helm chart. #60206
  • MWI: Add teleport_bot_instances metric. #60196
  • The tbot Workload API now logs errors encountered when handling requests. #60193
  • Added explicit timeout to tbot when the Trust Bundle Cache is establishing an event watch. #60182
  • Fixed a bug where OpenSSH EICE node connections would fail. #60124
  • Updated Go to 1.24.9. #60108
  • Fixed SFTP audit events breaking the audit log. #60069
  • Fixed Access List owners permission inheritance when the nesting depth is one. (Members of an Access List configured as an Owner of another Access List). #60056
  • Added support for loading bound keypair joining parameters from the environment. #60031
  • Deleting an AWS OIDC integration will remove associated Teleport Discovery Configs and App servers that reference the integration. #60018
  • Fixed selinux warning in teleport-update output and error during remove. #59997
  • Fixed tsh scp getting stuck in symlink loops. #59994
  • Fixed handling of local tsh scp targets that contain a colon. #59981
  • Fixed EC2 auto discovery report of failed installations. #59972
  • Fixed issue where temporarily unreachable app servers were permanently removed from session cache, causing persistent connection failures: no application servers remaining to connect. #59956
  • Fixed the issue with automatic access requests for tsh ssh when spec.allow.request.max_duration is set on the requester role. #59924
  • Fixes a bug with the check for a running Teleport process in the install-node.sh script. #59887
  • Fixed handling SFTP file transfers when the SSH agent is enforced by SELinux. #59874
  • Periods of inactivity in SSH session playback can now be skipped. #59701

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.7.8

15 Oct 20:26
@fheinecke fheinecke
v17.7.8
13e1cdc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 17.7.8

Description

  • Updated error messages displayed by tsh ssh when access to hosts is denied and when attempting to connect to a host that is offline or not enrolled in the cluster. #60226
  • Fixed an issue in Teleport Connect where Ctrl+D would sometimes not close a terminal tab. #60222
  • Added support for PodSecurityContext to tbot helm chart. #60207
  • MWI: Add teleport_bot_instances metric. #60205
  • The tbot Workload API now logs errors encountered when handling requests. #60192
  • Added explicit timeout to tbot when the Trust Bundle Cache is establishing an event watch. #60187
  • Fixed a bug where OpenSSH EICE node connections would fail. #60125
  • Updated Go to 1.24.9. #60114
  • Fixed SFTP audit events breaking the audit log. #60070
  • Fixed excessive memory usage on Teleport Proxy Service instances when using the the Teleport Web UI PostgreSQL REPL. #60001
  • Fixed tsh scp getting stuck in symlink loops. #59995
  • Fixed handling of local tsh scp targets that contain a colon. #59982
  • Fixed issue where temporarily unreachable app servers were permanently removed from session cache, causing persistent connection failures: no application servers remaining to connect. #59955
  • Fixed the issue with automatic access requests for tsh ssh when spec.allow.request.max_duration is set on the requester role. #59925
  • Fixes a bug with the check for a running Teleport process in the install-node.sh script. #59888
  • MWI: The kubernetes/v2 output now supports customizing context names with a template. #59740
  • Updated mongo-driver to v1.17.4 to include fixes for possible connection leaks that could affect Teleport Database Service instances. #59733
  • The event-handler plugin will now skip over Windows desktop session recording events by default. #59682
  • MWI: The kubernetes/argo-cd output now supports customizing cluster names with a template. #59576

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 18.2.4

02 Oct 03:27
@camscale camscale
v18.2.4
b7ab869
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Teleport 18.2.4

Description

  • Fixed an issue where the new SSH/Kubernetes recording player would indefinitely show a loading spinner when seeking into a long period of inactivity. #59816
  • MWI: Added support for customizing context names with a template in kubernetes/v2 output. #59739
  • Updated mongo-driver to v1.17.4 to include fixes for possible connection leaks that could affect Teleport Database Service instances. #59732
  • Fixed excessive memory usage on Teleport Proxy Service instances when using the the Teleport Web UI MySQL REPL. #59719
  • Added support for multiple agents in EC2, GCP and Azure Server auto discovery, allowing server access from different Teleport clusters. #59688
  • Changed the event-handler plugin to skip over Windows desktop session recording events by default. #59681
  • Fixed an issue that would cause trusted cluster resource updates to fail silently. #58886

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading