Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

teleport 14.1.3 #154469

Merged
merged 2 commits into from
Nov 16, 2023
Merged

teleport 14.1.3 #154469

merged 2 commits into from
Nov 16, 2023

Conversation

BrewTestBot
Copy link
Member

Created by brew bump

Created with brew bump-formula-pr.

release notes 
## Description

This release contains two security fixes, plus numerous other fixes and improvements.


Security Fixes


[Medium] Arbitrary code execution with LD_PRELOAD and SFTP


Teleport implements SFTP using a subcommand. Prior to this release it was

possible to inject environment variables into the execution of this

subcommand, via shell init scripts or via the SSH environment request.


This is addressed by preventing LD_PRELOAD and other dangerous environment

variables from being forwarded during re-exec.


#3274


[Medium] Outbound SSH from Proxy can lead to IP spoofing


If the Teleport auth or proxy services are configured to accept PROXY

protocol headers, a malicious actor can use this to spoof their IP address.


This is addressed by requiring that the first bytes of any SSH connection are

the SSH protocol prefix, denying a malicious actor the opportunity to send their

own proxy headers.


#33729


Other Fixes & Improvements


    

  • Fixed issue where tbot would select the wrong address for Kubernetes Access when in ports separate mode #34283
    • 

  • Added post-review state of Access Request in audit log description #34213
    • 

  • Updated Operator Reconciliation to skip Teleport Operator on status updates #34194
    • 

  • Updated Kube Agent Auto-Discovery to install the Teleport version provided by Automatic Upgrades #34157
    • 

  • Updated Server Auto-Discovery installer script to use bash instead of sh #34144
    • 

  • When a promotable Access Request targets a resource that belongs to an Access List, owners of that list will now automatically be added as reviewers.  #34131
    • 

  • Added Database Automatic User Provisioning support for Redshift #34126
    • 

  • Added teleport_auth_type config parameter to the AWS Terraform examples #34124
    • 

  • Fixed issue where an auto-provisioned PostgreSQL user may keep old roles indefinitely  #34121
    • 

  • Fixed incorrectly set file mode for Windows TPM files #34113
    • 

  • Added dynamic credential reloading for access plugins #34079
    • 

  • Fixed Azure Identity federated Application ID #33960
    • 

  • Fixed issue where Kubernetes Audit Events reported incorrect information in the exec audit #33950
    • 

  • Added support for formatting hostname as host:port to tsh puttyconfig #33883
    • 

  • Added support for --set-context-name to tsh proxy kube
    • 

  • Fixed various Access List bookkeeping issues #33834
    • 

  • Fixed issue where tsh aws ecs execute-command would always fail #33833
    • 

  • Updated UI to automatically redirect to login page on missing session cookie #33806
    • 

  • Added Dynamic Discovery matching for Databases #33693
    • 

  • Fixed formatting errors on empty result sets in tsh #33633
    • 

  • Added Database Automatic User Provisioning support for MariaDB #34256
    • 

  • Fixed issue where MySQL auto-user deletion fails on usernames with quotes #34304
    • 



Download


Download the current and previous releases of Teleport at https://goteleport.com/download.

@github-actions github-actions bot added go Go use is a significant feature of the PR or issue nodejs Node or npm use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Nov 16, 2023
@BrewTestBot @chenrui333
teleport 14.1.3
9b1bd46 
teleport: update homepage

Signed-off-by: Rui Chen <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

:shipit: @chenrui333 has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Nov 16, 2023
@BrewTestBot BrewTestBot added this pull request to the merge queue Nov 16, 2023
Merged via the queue into Homebrew:master with commit e78a6d5 Nov 16, 2023
12 checks passed
@BrewTestBot BrewTestBot deleted the bump-teleport-14.1.3 branch November 16, 2023 02:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@chenrui333 chenrui333 chenrui333 approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. go Go use is a significant feature of the PR or issue homepage nodejs Node or npm use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BrewTestBot @chenrui333