Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 15.4.28 #52153

Merged
merged 2 commits into from
Feb 13, 2025
Merged

Release 15.4.28 #52153

merged 2 commits into from
Feb 13, 2025

Conversation

camscale
Copy link
Contributor

15.4.28 (02/13/25)

Security Fixes

  • Fixed security issue with arbitrary file reads on SSH nodes. #52138
  • Verify that cluster name of TLS peer certs matches the cluster name of the CA that issued it to prevent Auth bypasses. #52132

Other fixes and improvements

  • Fixed graceful closing of networking subprocesses when the Teleport parent process is gracefully closed (SIGQUIT). #52117
  • Updated Go to 1.23.6. #52087
  • Updated OpenSSL to 3.0.16. #52039
  • Reduced CPU consumption required to map roles between clusters and perform trait to role resolution. #51941
  • Client tools managed updates require a base URL for the open-source build type. #51934
  • Added an escape hatch to allow non-FIPS AWS endpoints on FIPS binaries (TELEPORT_UNSTABLE_DISABLE_AWS_FIPS=yes). #51932
  • Added securityContext value to the tbot Helm chart. #51909
  • Teleport agents always create the debug.sock UNIX socket. The configuration field debug_service.enabled now controls if the debug and metrics endpoints are available via the UNIX socket. #51890
  • Updated Go to 1.22.12. #51837
  • Improved instance.join event error messaging. #51781
  • Added support for caching Microsoft Remote Desktop Services licenses. #51686
  • Added Audit Log statistics to tctl top. #51656
  • Fixed an issue where the Postgres backend would drop App Access events. #51645
  • Fixed a rare crash that can happen with malformed SAML connector. #51636
  • Fixed occasional Web UI session renewal issues (reverts "Avoid tight renewals for sessions with short TTL"). #51604
  • Quoted the KUBECONFIG environment variable output by the tsh proxy kube command. #51525
  • Added support for customizing the base URL for downloading Teleport packages used in client tools managed updates. #51482
  • Added support for continuous profile collection with Pyroscope. #51480
  • Improved handling of client session termination during Kubernetes Exec sessions. The disconnection reason is now accurately returned for cases such as certificate expiration, forced lock activation, or idle timeout. #51456
  • Fixed an issue that prevented IPs provided in the X-Forwarded-For header from being honored in some scenarios when TrustXForwardedFor is enabled. #51425
  • Added support for multiple active CAs in the /auth/export endpoint. #51420
  • Fixed a bug in GKE auto-discovery where the process failed to discover any clusters if the identity lacked permissions for one or more detected GCP project IDs. #51401
  • Added support for multiple active CAs in tctl auth export. #51377
  • Added more granular audit logging surrounding SSH port forwarding. #51327

@camscale camscale added the no-changelog Indicates that a PR does not require a changelog entry label Feb 13, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 13, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
release/15.4.28 HEAD 1 ✅SUCCEED release-15-4-28 2025-02-13 22:14:27

@camscale camscale added this pull request to the merge queue Feb 13, 2025
Merged via the queue into branch/v15 with commit 443b841 Feb 13, 2025
43 checks passed
@camscale camscale deleted the release/15.4.28 branch February 13, 2025 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@fheinecke fheinecke fheinecke approved these changes

@doggydogworld doggydogworld doggydogworld approved these changes

Assignees
No one assigned
Labels
backport helm no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@camscale @r0mant @fheinecke @doggydogworld