Skip to content

Release 12.4.15#30829

Merged
camscale merged 3 commits intobranch/v12from
release/12.4.15
Aug 23, 2023
Merged

Release 12.4.15#30829
camscale merged 3 commits intobranch/v12from
release/12.4.15

Conversation

@camscale
Copy link
Copy Markdown
Contributor

@camscale camscale commented Aug 22, 2023
edited
Loading

  • Fixed S3 metric name for completed multipart uploads. #30697
  • Fixed Teleport Connect to properly show errors from the remote end. #30695
  • Fixed Review Requests to disallow reviews after request is resolved. #30689
  • Fixed an issue with tsh aws ssm start-session. #30669
  • Fixed Discovery service panics on GKE clusters without labels. #30646
  • Fixed forwarding of SSH agent in a Cygwin environment. #30581
  • Removed legacy AWS "aurora" engine type from discovery. #30547
  • Fixed memory leak using PAM libraries. #30520
  • Updated LDAP desktop discovery to handle slow DNS queries better. #30463
  • Updated SAML certificate parsing to allow leading/trailing spaces. #30451
  • Fixed "user is not managed" error when accessing ElastiCache and MemoryDB. #30354
  • Show error if users attempt to do tsh login --headless. #30308
  • Fixed resources being deleted from Firestore on update. #30288
  • Fixed desktop access connecting to direct dial nodes. #30276
  • Improved audit logging support for large SQL Server queries. #30244
  • Fixed infinite retry in generic app access plugin. #30232
  • tsh and tctl commands that output a text-formatted table will now consistently output resource labels as a comma-separated string, sorted by label namespace. Labels starting with teleport.dev/, teleport.hidden/, and teleport.internal/ are omitted unless the --verbose flag is used. #30227 #30224
  • Explicitly mention registered and new device when running tsh mfa add on Windows. #30216
  • helm: Allow setting storage class name for auth component in the teleport-cluster chart. #30144
  • helm: Use imagePullSecrets for pre-deploy test pods in the teleport-cluster chart. #30143
  • Improved logging of Teleport Connect child processes. #30026
  • Added IP pinning support for TLS routing behind ALB mode. #30004
  • Tighten discovery service permissions. #29995

Security fix

  • Security improvements with possible medium severity DoS conditions through protocol level attacks. #30854

@github-actions github-actions Bot requested review from jakule and rosstimothy August 22, 2023 08:33
@jentfoo jentfoo mentioned this pull request Aug 22, 2023
Merged
jentfoo
jentfoo reviewed Aug 23, 2023
View reviewed changes
Comment thread CHANGELOG.md Outdated
camscale and others added 3 commits August 23, 2023 11:42
@camscale
Release 12.4.15
b9c0d30
@jentfoo @camscale
Json Unmarshal Panic fix
b3ce7b8 
From recent fuzzing work a new panic was discovered where a pointer is allocated then a pointer to the pointer is passed into json.Unmarshal.  It is then possible for this original pointer to remain a `nil` reference.

This pattern looks unexpected, so all cases of double pointers being passed into json.Unmarshal were changed to the more standard empty struct pointer style to avoid potential nil reference panics.
@camscale
Add changelog entry for security fix
bdd8343
@camscale camscale added this pull request to the merge queue Aug 23, 2023
Merged via the queue into branch/v12 with commit 62000fc Aug 23, 2023
@camscale camscale deleted the release/12.4.15 branch August 23, 2023 02:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@jakule jakule Awaiting requested review from jakule

@rosstimothy rosstimothy Awaiting requested review from rosstimothy

+1 more reviewer

@jentfoo jentfoo jentfoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport helm size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@camscale @r0mant @jentfoo