Description

• Updated error messages displayed by tsh ssh when access to hosts is denied and when attempting to connect to a host that is offline or not enrolled in the cluster. #60226
• Fixed an issue in Teleport Connect where Ctrl+D would sometimes not close a terminal tab. #60222
• Added support for PodSecurityContext to tbot helm chart. #60207
• MWI: Add teleport_bot_instances metric. #60205
• The tbot Workload API now logs errors encountered when handling requests. #60192
• Added explicit timeout to tbot when the Trust Bundle Cache is establishing an event watch. #60187
• Fixed a bug where OpenSSH EICE node connections would fail. #60125
• Updated Go to 1.24.9. #60114
• Fixed SFTP audit events breaking the audit log. #60070
• Fixed excessive memory usage on Teleport Proxy Service instances when using the the Teleport Web UI PostgreSQL REPL. #60001
• Fixed tsh scp getting stuck in symlink loops. #59995
• Fixed handling of local tsh scp targets that contain a colon. #59982
• Fixed issue where temporarily unreachable app servers were permanently removed from session cache, causing persistent connection failures: no application servers remaining to connect. #59955
• Fixed the issue with automatic access requests for tsh ssh when spec.allow.request.max_duration is set on the requester role. #59925
• Fixes a bug with the check for a running Teleport process in the install-node.sh script. #59888
• MWI: The kubernetes/v2 output now supports customizing context names with a template. #59740
• Updated mongo-driver to v1.17.4 to include fixes for possible connection leaks that could affect Teleport Database Service instances. #59733
• The event-handler plugin will now skip over Windows desktop session recording events by default. #59682
• MWI: The kubernetes/argo-cd output now supports customizing cluster names with a template. #59576

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fixed an issue where the new SSH/Kubernetes recording player would indefinitely show a loading spinner when seeking into a long period of inactivity. #59816
• MWI: Added support for customizing context names with a template in kubernetes/v2 output. #59739
• Updated mongo-driver to v1.17.4 to include fixes for possible connection leaks that could affect Teleport Database Service instances. #59732
• Fixed excessive memory usage on Teleport Proxy Service instances when using the the Teleport Web UI MySQL REPL. #59719
• Added support for multiple agents in EC2, GCP and Azure Server auto discovery, allowing server access from different Teleport clusters. #59688
• Changed the event-handler plugin to skip over Windows desktop session recording events by default. #59681
• Fixed an issue that would cause trusted cluster resource updates to fail silently. #58886

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fixed auto-approvals in the Datadog Incident Management integration by updating the on-call API client. #59668
• Fixed auto-approvals in the Datadog Incident Management integration to ignore case sensitivity in user emails. #59668
• Database recordings now show the session summary if it is available. #59634
• Added automatic @<project-id>.iam suffix to GCP Postgres usernames (Teleport Connect). #59629
• Fixed tsh play not returning an error when playing a session fails. #59625
• Fixed an issue in Teleport Connect where clicking 'Restart' to apply an update could close the window without actually restarting the app. #59592
• Added automatic @<project-id>.iam suffix to GCP Postgres usernames (tsh, web UI). #59590
• Introduced application-proxy service to tbot for HTTP proxying to applications protected by Teleport. #59587
• MWI: Added support for customizing cluster names with a template to the kubernetes/argo-cd output. #59575
• Fixed persistence of metadata.description field for the Bot resource. #59570
• Fixed a crash in Teleport's Windows Desktop Service introduced in 18.2.0. Compaction of certain shared directory read/write audit events could result in a stack overflow error. #59515
• Added tctl tokens configure-kube helper command to easily trust Kubernetes clusters and allow secure repeatable joining. #59497
• Made the check for a running Teleport process in the install-node.sh script more robust. #59496
• Fixed tctl edit producing an error when trying to modify a Bot resource. #59480
• Added support for generating VSCode and Claude Code MCP servers configurations to the tsh mcp config and tsh mcp db config commands. #59473
• Fixed a bug where session IDs were tied to the client connection, resulting in issues when combined with multiplexed connection features (OpenSSH ControlPath/ControlMaster/ControlPersist). #59472
• Improved app access error messages in case of network error. #59468
• Fixed database IAM configurator potentially getting stuck and never recovering (#59290). #59417
• Added tbot copy-binaries command to simplify using tbot as a Kubernetes sidecar. #59404
• Fixed tsh config binary path after managed updates. #59384
• Updated Entra ID integration to support group filters. #59378
• Fixed regression allowing SAML apps to be included when filtering resources by 'Applications' in the Web UI. #59327
• Allow controlling the description of auto-discovered Kubernetes apps with an annotation. #58817
• Fixed an issue that prevented connecting to agents over peered tunnels when proxy peering was enabled. #59556

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fixed auto-approvals in the Datadog Incident Management integration by updating the on-call API client. #59669
• Fixed auto-approvals in the Datadog Incident Management integration to ignore case sensitivity in user emails. #59669
• Fixed tsh play not returning an error when playing a session fails. #59626
• Fixed an issue in Teleport Connect where clicking 'Restart' to apply an update could close the window without actually restarting the app. #59593
• Introduced application-proxy service to tbot for HTTP proxying to applications protected by Teleport. #59588
• Fixed persistence of metadata.description field for the Bot resource. #59571
• Fixed a crash in Teleport's Windows Desktop Service introduced in 17.7.3. Compaction of certain shared directory read/write audit events could result in a stack overflow error. #59514
• Enabled Oracle Cloud joining in Machine ID's tbot client. #59041
• Fixed an issue that prevented connecting to agents over peered tunnels when proxy peering was enabled. #59557

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fixed auto-approvals in the Datadog Incident Management integration by updating the on-call API client. #59670
• Fixed auto-approvals in the Datadog Incident Management integration to ignore case sensitivity in user emails. #59670
• Fixed tsh play not returning an error when playing a session fails. #59627
• Fixed persistence of metadata.description field for the Bot resource. #59572
• Fixed an issue that prevented connecting to agents over peered tunnels when proxy peering was enabled. #59558

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Made the check for a running Teleport process in the install-node.sh script more robust. #59495
• Fixed tctl edit producing an error when trying to modify a Bot resource. #59481
• Improved app access error messages in case of network error. #59467
• Fixed database IAM configurator potentially getting stuck and never recovering. #59418
• Fixed tsh config binary path after managed updates. #59385

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Made the check for a running Teleport process in the install-node.sh script more robust. #59494
• Fixed tctl edit producing an error when trying to modify a Bot resource. #59482
• Improved app access error messages in case of network error. #59466
• Fixed database IAM configurator potentially getting stuck and never recovering (#59290). #59419
• Fixed tsh config binary path after managed updates. #59386

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fix issue preventing auto enrollment of EKS clusters when using the Web UI. #59273
• Terraform provider: Allow creating access lists without setting spec.grants. #59238
• Fixes a panic that occurs when creating a Bound Keypair join token with the spec.onboarding field unset. #59179
• Added desktop name for Windows Directory and Clipboard audit events. #59154
• Added the ability to update the AWS Identity Center SCIM token in tctl. #59115
• Fixed client tools managed updates sequential update. #59089
• Fixed headless login so that it supports both WebAuthn and SSO for MFA. #59077
• When selecting a login for an SSH server, Teleport Connect now shows only logins allowed by RBAC for that specific server rather than showing all logins which the user has access to. #59068
• Added services to correctly choose Access Request roles in remote clusters. #59063
• Install script allows specifying a group for agent installation with managed updates V2 enabled. #59060
• Fixed a bug preventing users to create access lists with empty grants through Terraform. #59031
• Fixed a DynamoDB bug potentially causing event queries to return a different range of events. In the worst case scenario, this bug would block the event-handler. #59030
• Teleport Connect now runs in the background by default on macOS and Windows. On Linux, this behavior can be enabled in the app configuration. #58924
• Added fdpass-teleport binary to install script for Teleport tar downloads. #58920
• Support multiple resource editing in tctl edit when editing collections. #58901
• Fixed an issue that would cause trusted cluster resource updates to fail silently. #58887
• Added ability for user to select whether IC integration creates roles for all possible Account Assignments. #58862
• Allow controlling the description of auto-discovered Kubernetes apps with an annotation. #58816
• Added new bound_keypair join method for Machine and Workload ID to better support bots in on-prem and other environments without a platform-specific join method. #58334

Enterprise:

• Fixed an issue in the Entra ID integration where a user account with an unsupported username value could prevent other valid users and groups to be synced to Teleport. Such user accounts are now filtered.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Fix issue preventing auto enrollment of EKS clusters when using the Web UI. #59274
• Added desktop name for Windows Directory and Clipboard audit events. #59158
• Fixed client tools managed updates sequential update. #59090
• Install script allows specifying a group for agent installation with managed updates V2 enabled. #59061
• Added fdpass-teleport binary to install script for Teleport tar downloads. #58921
• Updated Go to 1.24.7. #58837
• Allow controlling the description of auto-discovered Kubernetes apps with an annotation. #58815
• Prevents an application from being registered if its public address matches a Teleport cluster address. #58768

Enterprise:

• Fixed an issue in the Entra ID integration where a user account with an unsupported username value could prevent other valid users and groups to be synced to Teleport. Such user accounts are now filtered.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64

Description

• Updated Go to 1.24.7. #58836
• Added support for tbot configuration of a default namespace for kubeconfig files generated by the kubernetes/v2 service. #58791
• Prevented an application from being registered if its public address matches a Teleport cluster address. #58767
• Removed AccessList review notification check from tsh login / status flow. #58666
• Added Lock, unlock and delete operations to the Bot Details page, as well as viewing lock status. #58647
• Fixed panic in tbot's ssh-multiplexer service. #58596
• MWI: Added support to tbot for managing Argo CD clusters via the kubernetes/argo-cd output service. #58567
• Added support for configure SCIM Plugin with OIDC or Github Teleport Connectors. #58555
• Appended headers to configuration files generated by teleport-update. #56578

Enterprise:

• Updated AWS Identity Center plugin to honor Role and Access Request locks.
• Updated AWS Identity Center plugin to not provision users when Teleport is not acting as a SAML IdP for AWS

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

• Slack Linux amd64 | Linux arm64
• Mattermost Linux amd64 | Linux arm64
• Discord Linux amd64 | Linux arm64
• Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
• Event Handler Linux amd64 | Linux arm64 | macOS amd64
• PagerDuty Linux amd64 | Linux arm64
• Jira Linux amd64 | Linux arm64
• Email Linux amd64 | Linux arm64
• Microsoft Teams Linux amd64 | Linux arm64