Skip to content

Commit

Permalink
Release 14.3.21 (#43263)
Browse files Browse the repository at this point in the history
* Release 14.3.21

* Pull new changes into release
  • Loading branch information
tcsc authored Jun 21, 2024
1 parent c8b322a commit 548d240
Show file tree
Hide file tree
Showing 18 changed files with 149 additions and 104 deletions.
43 changes: 43 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,48 @@
# Changelog

## 14.3.21 (06/20/24)

* Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. [#43292](https://github.com/gravitational/teleport/pull/43292)
* Fixed bug where a Teleport instance running only Jamf or Discovery service would never have a healthy `/readyz` endpoint. [#43285](https://github.com/gravitational/teleport/pull/43285)
* Added a missing `[Install]` section to the `teleport-acm` systemd unit file as used by Teleport AMIs. [#43258](https://github.com/gravitational/teleport/pull/43258)
* Updated `teleport` to skip `jamf_service` validation when the Jamf is not enabled. [#43170](https://github.com/gravitational/teleport/pull/43170)
* Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. [#43163](https://github.com/gravitational/teleport/pull/43163)
* Made tsh and Teleport Connect return early during login if ping to proxy service was not successful. [#43087](https://github.com/gravitational/teleport/pull/43087)
* Added ability to edit user traits from the Web UI. [#43070](https://github.com/gravitational/teleport/pull/43070)
* Enforce limits when reading events from Firestore to prevent OOM events. [#42968](https://github.com/gravitational/teleport/pull/42968)
* Fixed an issue Oracle access failed through trusted cluster. [#42929](https://github.com/gravitational/teleport/pull/42929)
* Fixes errors caused by `dynamoevents` query `StartKey` not being within the [From, To] window. [#42914](https://github.com/gravitational/teleport/pull/42914)
* Fixed updating groups for Teleport-created host users. [#42883](https://github.com/gravitational/teleport/pull/42883)
* Update azidentity to v1.6.0 (patches CVE-2024-35255). [#42860](https://github.com/gravitational/teleport/pull/42860)
* Remote rate limits on endpoints used extensively to connect to the cluster. [#42836](https://github.com/gravitational/teleport/pull/42836)
* Improved the performance of the Athena audit log and S3 session storage backends. [#42796](https://github.com/gravitational/teleport/pull/42796)
* Prevented a panic in the Proxy when accessing an offline application. [#42787](https://github.com/gravitational/teleport/pull/42787)
* Improve backoff of session recording uploads by teleport agents. [#42775](https://github.com/gravitational/teleport/pull/42775)
* Reduced backend writes incurred by tracking status of non-recorded sessions. [#42695](https://github.com/gravitational/teleport/pull/42695)
* Fixed listing available DB users in Teleport Connect for databases from leaf clusters obtained through access requests. [#42681](https://github.com/gravitational/teleport/pull/42681)
* Fixed not being able to logout from the web UI when session invalidation errors. [#42654](https://github.com/gravitational/teleport/pull/42654)
* Updated OpenSSL to 3.0.14. [#42643](https://github.com/gravitational/teleport/pull/42643)
* Teleport Connect binaries for Windows are now signed. [#42473](https://github.com/gravitational/teleport/pull/42473)
* Updated Go to 1.21.11. [#42416](https://github.com/gravitational/teleport/pull/42416)
* Fix web UI notification dropdown menu height from growing too long from many notifications. [#42338](https://github.com/gravitational/teleport/pull/42338)
* Disabled session recordings for non-interactive sessions when enhanced recording is disabled. [#42321](https://github.com/gravitational/teleport/pull/42321)
* Fixed issue where removing an app could make teleport app agents incorrectly report as unhealthy for a short time. [#42269](https://github.com/gravitational/teleport/pull/42269)
* Fixed a panic in the DynamoDB audit log backend when the cursor fell outside of the [From,To] interval. [#42266](https://github.com/gravitational/teleport/pull/42266)
* The `teleport configure` command now supports a `--node-name` flag for overriding the node's hostname. [#42249](https://github.com/gravitational/teleport/pull/42249)
* Fixed an issue where mix-and-match of join tokens could interfere with some services appearing correctly in heartbeats. [#42188](https://github.com/gravitational/teleport/pull/42188)
* Improved temporary disk space usage for session recording processing. [#42175](https://github.com/gravitational/teleport/pull/42175)
* Fixed a regression where Kubernetes Exec audit events were not properly populated and lacked error details. [#42146](https://github.com/gravitational/teleport/pull/42146)
* Fix Azure join method when using Resource Groups in the allow section. [#42140](https://github.com/gravitational/teleport/pull/42140)
* Fixed resource leak in session recording cleanup. [#42069](https://github.com/gravitational/teleport/pull/42069)
* Reduced memory and cpu usage after control plane restarts in clusters with a high number of roles. [#42064](https://github.com/gravitational/teleport/pull/42064)
* Fixed the field `allowed_https_hostnames` in the Teleport Operator resources: SAML, OIDC, and GitHub Connector. [#42056](https://github.com/gravitational/teleport/pull/42056)
* Enhanced error messaging for clients using `kubectl exec` v1.30+ to include warnings about a breaking change in Kubernetes. [#41989](https://github.com/gravitational/teleport/pull/41989)

### Enterprise-Only changes:
* Improved memory usage when reconciling Access Lists members to prevent Out of Memory events when reconciling a large number of Access Lists members.
* Prevented Access Monitoring reports from crashing when large datasets are returned.
* Ensured graceful restart of `teleport.service` after an upgrade.

## 14.3.20 (05/23/24)

This release contains fixes for several high-severity security issues, as well
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
VERSION=14.3.20
VERSION=14.3.21

DOCKER_IMAGE ?= teleport

Expand Down
2 changes: 1 addition & 1 deletion api/version.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions build.assets/macos/tsh/tsh.app/Contents/Info.plist
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>14.3.20</string>
<string>14.3.21</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>14.3.20</string>
<string>14.3.21</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
4 changes: 2 additions & 2 deletions build.assets/macos/tshdev/tsh.app/Contents/Info.plist
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>14.3.20</string>
<string>14.3.21</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>14.3.20</string>
<string>14.3.21</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
2 changes: 2 additions & 0 deletions docs/cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,7 @@
"awsdatabases",
"awsuser",
"azblob",
"azidentity",
"azuread",
"azuredatabases",
"azurerm",
Expand Down Expand Up @@ -402,6 +403,7 @@
"dynamicappregexample",
"dynamicregexample",
"dynamoathenamigration",
"dynamoevents",
"eastus",
"editbasicsaml",
"efgh",
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/teleport-cluster/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "14.3.20"
.version: &version "14.3.21"

name: teleport-cluster
apiVersion: v2
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "14.3.20"
.version: &version "14.3.21"

name: teleport-operator
apiVersion: v2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
app.kubernetes.io/version: 14.3.20
helm.sh/chart: teleport-cluster-14.3.20
app.kubernetes.io/version: 14.3.21
helm.sh/chart: teleport-cluster-14.3.21
teleport.dev/majorVersion: "14"
name: RELEASE-NAME
rules:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
app.kubernetes.io/version: 14.3.20
helm.sh/chart: teleport-cluster-14.3.20
app.kubernetes.io/version: 14.3.21
helm.sh/chart: teleport-cluster-14.3.21
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-auth
namespace: NAMESPACE
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
image: public.ecr.aws/gravitational/teleport-operator:14.3.20
image: public.ecr.aws/gravitational/teleport-operator:14.3.21
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
Expand Down Expand Up @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -271,7 +271,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -357,7 +357,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -567,8 +567,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
app.kubernetes.io/version: 14.3.20
helm.sh/chart: teleport-cluster-14.3.20
app.kubernetes.io/version: 14.3.21
helm.sh/chart: teleport-cluster-14.3.21
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
app.kubernetes.io/version: 14.3.20
helm.sh/chart: teleport-cluster-14.3.20
app.kubernetes.io/version: 14.3.21
helm.sh/chart: teleport-cluster-14.3.21
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
Expand All @@ -26,16 +26,16 @@ sets clusterDomain on Deployment Pods:
template:
metadata:
annotations:
checksum/config: 83afe9ea4f94cc2e37352d3ac0a68d15872b5dd7714a32a7f536b7134b33c5e7
checksum/config: 7c4211990054c1dba86d9e66d3e5949bdaeb3dd035d3d37cf4385e2f00f5e43c
kubernetes.io/pod: test-annotation
kubernetes.io/pod-different: 4
labels:
app.kubernetes.io/component: proxy
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
app.kubernetes.io/version: 14.3.20
helm.sh/chart: teleport-cluster-14.3.20
app.kubernetes.io/version: 14.3.21
helm.sh/chart: teleport-cluster-14.3.21
teleport.dev/majorVersion: "14"
spec:
affinity:
Expand All @@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods:
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
Expand Down Expand Up @@ -137,7 +137,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
- args:
- echo test
Expand Down Expand Up @@ -194,7 +194,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -255,7 +255,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
nodeSelector:
environment: security
Expand Down Expand Up @@ -306,7 +306,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -374,7 +374,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
Expand Down Expand Up @@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
Expand Down Expand Up @@ -515,7 +515,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -583,7 +583,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.3.20
image: public.ecr.aws/gravitational/teleport-distroless:14.3.21
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/teleport-kube-agent/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "14.3.20"
.version: &version "14.3.21"

name: teleport-kube-agent
apiVersion: v2
Expand Down
Loading

0 comments on commit 548d240

Please sign in to comment.