Skip to content

Commit

Permalink
Release 16.0.3 (#43579)
Browse files Browse the repository at this point in the history
* Release 16.0.3

* spelling
  • Loading branch information
tcsc authored Jun 27, 2024
1 parent cbe65e3 commit 6938c60
Show file tree
Hide file tree
Showing 42 changed files with 241 additions and 208 deletions.
36 changes: 34 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,47 @@
# Changelog

## 16.0.2 (06/20/24)
## 16.0.3 (06/27/24)

This release of Teleport contains a fix for medium-level security issue impacting
Teleport Enterprise, as well as various other updates and improvements

### Security Fixes

* **[Medium]** Fixes issue where a SCIM client could potentially overwrite.
Teleport system Roles using specially crafted groups. This issue impacts
Teleport Enterprise deployments using the Okta integration with SCIM support
enabled.

We strongly recommend all customers upgrade to the latest releases of Teleport.

### Other updates and improvements

* Update `go-retryablehttp` to v0.7.7 (fixes CVE-2024-6104). [#43474](https://github.com/gravitational/teleport/pull/43474)
* Fixed Discover setup access error when updating user. [#43560](https://github.com/gravitational/teleport/pull/43560)
* Added audit event field describing if the "MFA for admin actions" requirement changed. [#43541](https://github.com/gravitational/teleport/pull/43541)
* Fixed remote port forwarding validation error. [#43516](https://github.com/gravitational/teleport/pull/43516)
* Added support to trust system CAs for self-hosted databases. [#43493](https://github.com/gravitational/teleport/pull/43493)
* Added error display in the Web UI for SSH and Kubernetes sessions. [#43485](https://github.com/gravitational/teleport/pull/43485)
* Fixed accurate inventory reporting of the updater after it is removed. [#43454](https://github.com/gravitational/teleport/pull/43454)
* `tctl alerts ls` now displays remaining alert ttl. [#43436](https://github.com/gravitational/teleport/pull/43436)
* Fixed input search for Teleport Connect's access request listing. [#43429](https://github.com/gravitational/teleport/pull/43429)
* Added `Debug` setting for event-handler. [#43408](https://github.com/gravitational/teleport/pull/43408)
* Fixed Headless auth for sso users, including when local auth is disabled. [#43361](https://github.com/gravitational/teleport/pull/43361)
* Added configuration for custom CAs in the event-handler helm chart. [#43340](https://github.com/gravitational/teleport/pull/43340)
* Updated VNet panel in Teleport Connect to list custom DNS zones and DNS zones from leaf clusters. [#43312](https://github.com/gravitational/teleport/pull/43312)
* Fixed an issue with Database Access Controls preventing users from making additional database connections. [#43303](https://github.com/gravitational/teleport/pull/43303)
* Fixed bug that caused gRPC connections to be disconnected when their certificate expired even though DisconnectCertExpiry was false. [#43290](https://github.com/gravitational/teleport/pull/43290)
* Fixed Connect My Computer in Teleport Connect failing with "bind: invalid argument". [#43287](https://github.com/gravitational/teleport/pull/43287)
* Fix a bug where a Teleport instance running only Jamf or Discovery service would never have a healthy `/readyz` endpoint. [#43283](https://github.com/gravitational/teleport/pull/43283)
* Added a missing `[Install]` section to the `teleport-acm` systemd unit file as used by Teleport AMIs. [#43257](https://github.com/gravitational/teleport/pull/43257)
* Patched timing variability in curve25519-dalek. [#43246](https://github.com/gravitational/teleport/pull/43246)
* Fixed setting request reason for automatic ssh access requests. [#43178](https://github.com/gravitational/teleport/pull/43178)
* Improved log rotation logic in Teleport Connect; now the non-numbered files always contain recent logs. [#43161](https://github.com/gravitational/teleport/pull/43161)
* Added `tctl desktop bootstrap` for bootstrapping AD environments to work with Desktop Access. [#43150](https://github.com/gravitational/teleport/pull/43150)

### Enterprise only changes
### Enterprise only changes and improvements

* The teleport updater will no longer default to using the global version channel, avoiding incompatible updates.
* Fixed sync error in Okta SCIM integration.

## 16.0.1 (06/17/24)
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
VERSION=16.0.2
VERSION=16.0.3

DOCKER_IMAGE ?= teleport

Expand Down
2 changes: 1 addition & 1 deletion api/version.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions build.assets/macos/tsh/tsh.app/Contents/Info.plist
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>16.0.2</string>
<string>16.0.3</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>16.0.2</string>
<string>16.0.3</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
4 changes: 2 additions & 2 deletions build.assets/macos/tshdev/tsh.app/Contents/Info.plist
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>16.0.2</string>
<string>16.0.3</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>16.0.2</string>
<string>16.0.3</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
1 change: 1 addition & 0 deletions docs/cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -776,6 +776,7 @@
"replicationgroup",
"requestable",
"requirepass",
"retryablehttp",
"reversetunnel",
"reviewee",
"rffx",
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/access/discord/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "16.0.2"
.version: &version "16.0.3"

apiVersion: v2
name: teleport-plugin-discord
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-discord-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-discord-16.0.3
name: RELEASE-NAME-teleport-plugin-discord
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-discord-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-discord-16.0.3
name: RELEASE-NAME-teleport-plugin-discord
spec:
replicas: 1
Expand All @@ -22,8 +22,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-discord-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-discord-16.0.3
spec:
containers:
- command:
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/access/email/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "16.0.2"
.version: &version "16.0.3"

apiVersion: v2
name: teleport-plugin-email
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ should match the snapshot (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on):
1: |
Expand Down Expand Up @@ -59,8 +59,8 @@ should match the snapshot (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, no starttls):
1: |
Expand Down Expand Up @@ -92,8 +92,8 @@ should match the snapshot (smtp on, no starttls):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, password file):
1: |
Expand Down Expand Up @@ -125,8 +125,8 @@ should match the snapshot (smtp on, password file):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, roleToRecipients set):
1: |
Expand Down Expand Up @@ -161,8 +161,8 @@ should match the snapshot (smtp on, roleToRecipients set):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, starttls disabled):
1: |
Expand Down Expand Up @@ -194,6 +194,6 @@ should match the snapshot (smtp on, starttls disabled):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ should be possible to override volume name (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -22,8 +22,8 @@ should be possible to override volume name (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand All @@ -34,7 +34,7 @@ should be possible to override volume name (smtp on):
env:
- name: TELEPORT_PLUGIN_FAIL_FAST
value: "true"
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.2
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.3
imagePullPolicy: IfNotPresent
name: teleport-plugin-email
ports:
Expand Down Expand Up @@ -75,8 +75,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -90,8 +90,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand Down Expand Up @@ -136,8 +136,8 @@ should match the snapshot (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -151,8 +151,8 @@ should match the snapshot (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand All @@ -163,7 +163,7 @@ should match the snapshot (mailgun on):
env:
- name: TELEPORT_PLUGIN_FAIL_FAST
value: "true"
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.2
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.3
imagePullPolicy: IfNotPresent
name: teleport-plugin-email
ports:
Expand Down Expand Up @@ -204,8 +204,8 @@ should match the snapshot (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -219,8 +219,8 @@ should match the snapshot (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand All @@ -231,7 +231,7 @@ should match the snapshot (smtp on):
env:
- name: TELEPORT_PLUGIN_FAIL_FAST
value: "true"
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.2
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.3
imagePullPolicy: IfNotPresent
name: teleport-plugin-email
ports:
Expand Down Expand Up @@ -272,8 +272,8 @@ should mount external secret (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -287,8 +287,8 @@ should mount external secret (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand All @@ -299,7 +299,7 @@ should mount external secret (mailgun on):
env:
- name: TELEPORT_PLUGIN_FAIL_FAST
value: "true"
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.2
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.3
imagePullPolicy: IfNotPresent
name: teleport-plugin-email
ports:
Expand Down Expand Up @@ -340,8 +340,8 @@ should mount external secret (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
name: RELEASE-NAME-teleport-plugin-email
spec:
replicas: 1
Expand All @@ -355,8 +355,8 @@ should mount external secret (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 16.0.2
helm.sh/chart: teleport-plugin-email-16.0.2
app.kubernetes.io/version: 16.0.3
helm.sh/chart: teleport-plugin-email-16.0.3
spec:
containers:
- command:
Expand All @@ -367,7 +367,7 @@ should mount external secret (smtp on):
env:
- name: TELEPORT_PLUGIN_FAIL_FAST
value: "true"
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.2
image: public.ecr.aws/gravitational/teleport-plugin-email:16.0.3
imagePullPolicy: IfNotPresent
name: teleport-plugin-email
ports:
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/access/jira/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "16.0.2"
.version: &version "16.0.3"

apiVersion: v2
name: teleport-plugin-jira
Expand Down
Loading

0 comments on commit 6938c60

Please sign in to comment.