teleport 18.1.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

Details

release notes

## Description
MCP server access
Teleport now provides the ability to connect to stdio-based MCP servers with

connection proxying and audit logging support.
MCP for database access
Teleport now allows MCP clients such as Claude Desktop to execute queries in

Teleport-protected databases.
VNet for SSH
Teleport VNet adds native support for SSH, enabling any SSH client to connect to

Teleport SSH servers with zero configuration. Advanced Teleport features like

per-session MFA have first-class support for a seamless user experience.
Identifier-first login
Teleport adds support for identifier-first login flows. When enabled, the

initial login screen contains only a username prompt. Users are presented with

the SSO connectors that apply to them after submitting their username.
Bound keypair joining for Machine ID
The new bound keypair join method for Machine ID is a more secure and

user-friendly alternative to token joining in both on-prem environments and

cloud providers without a delegated join method. It allows for automatic

self-recovery in case of expired client certificates and gives administrators

new options to manage and automate bot joining.
Sailpoint SCIM integration
Teleport now supports Sailpoint as a SCIM provider allowing administrators to

synchronize Sailpoint entitlement groups with Teleport access lists.
LDAP server discovery for desktop access
Teleport's windows_desktop_service can now locate the LDAP server via DNS as

an alternative to providing the address in the configuration file.
Managed Updates canary support
Managed Updates v2 now support performing canary updates. When canary updates

are enabled for a group, Teleport will update a few agents first and confirm

they come back healthy before updating the rest of the group.
You can unable canary updates by setting canary_count in your

autoupdate_config:
kind: autoupdate_config
spec:
  agents:
    mode: enabled
    schedules:
      regular:
      - name: dev
        days:
        - Mon
        - Tue
        - Wed
        - Thu
        start_hour: 20
        canary_count: 5
    strategy: halt-on-error
Each group can have a maximum of 5 canaries, canaries are picked randomly among

the connected agents.
Canary update support is currently only support by Linux agents, Kubernetes

support will be part of a future release.
Improved access requests UX
Teleport's web UI makes a better distinction between just-in-time and long-term

access request UX.
Other changes and improvements

Fixed a bug causing tctl/tsh to fail on read-only file systems. #57147
The teleport-distroless container image now disables client tools updates by default (when using tsh/tctl, you will always use the version from the image). You can enable them back by unsetting the TELEPORT_TOOLS_VERSION environment variable. #57147
Fixed a crash in Teleport Connect that could occur when copying large clipboard content during desktop sessions. #57130
Audit log events for SPIFFE SVID issuances now include the name/label selector used by the client. #57129
Fixed an issue with tsh aws failing for STS and other AWS services. #57122
Fixed client tools managed updates downgrade to older version. #57073
Removed unnecessary macOS entitlements from Teleport Connect subprocesses. #57066
Machine and Workload ID: The tbot client will now discard expired identities if needed during renewal to allow automatic recovery without restarting the process. #57060
Defined access-plugin preset role. #57056
The tctl top command now supports the local unix sock debug endpoint. #57025
Added --listen flag to tsh proxy db for setting local listener address. #57005
Added multi-account support to teleport discovery bootstrap. #56998
Added TeleportRoleV8 support to the Teleport Kubernetes Operator. #56946
Fixed a bug in the Teleport install scripts when running on macOS. The install scripts now error instead of trying to install non existing macOS FIPS binaries. #56941
Fixed using relative path TELEPORT_HOME environment variable with client tools managed update. #56933
Client tools managed updates support multi-cluster environments and track each version in the configuration file. #56933
Fixed certificate revocation failures in Active Directory environments when Teleport is using HSM-backed key material. #56924
Fixed database connect options dialog displaying wrong database username options. #55560

Enterprise:

Fixed SCIM user provisioning when a user already exists and is managed by the same connector as the SCIM integration.
Added enrolment for a generic SCIM Integration.

Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
Plugins
Download the current release of Teleport plugins from the links below.

Slack Linux amd64 | Linux arm64
Mattermost Linux amd64 | Linux arm64
Discord Linux amd64 | Linux arm64
Terraform Provider Linux amd64 | Linux arm64 | macOS amd64 | macOS arm64 | macOS universal
Event Handler Linux amd64 | Linux arm64 | macOS amd64
PagerDuty Linux amd64 | Linux arm64
Jira Linux amd64 | Linux arm64
Email Linux amd64 | Linux arm64
Microsoft Teams Linux amd64 | Linux arm64

View the full release notes at https://github.com/gravitational/teleport/releases/tag/v18.1.0.

---

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.

Caution

Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch.