diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fe3b2e5e01d3..91d818aa2d138 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,46 @@
# Changelog
+## 12.4.23 (10/18/23)
+
+### Security fixes
+* Updated golang.org/x/net dependency. [#33448](https://github.com/gravitational/teleport/pull/33448)
+ * swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack: [CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
+* Updated `google.golang.org/grpc` to v1.57.1. [#33487](https://github.com/gravitational/teleport/pull/33487)
+ * swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack: [CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
+* Updated Go library dependencies. [#33544](https://github.com/gravitational/teleport/pull/33544)
+ * crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb: [CVE-2023-28119](https://github.com/advisories/GHSA-5mqj-xc49-246p)
+ * Snowflake Golang Driver vulnerable to Command Injection: [CVE-2023-34231](https://github.com/advisories/GHSA-fwv2-65wh-2w8c)
+ * Docker Swarm encrypted overlay network may be unauthenticated: [CVE-2023-28840](https://github.com/advisories/GHSA-232p-vwff-86mp)
+ * Docker Swarm encrypted overlay network traffic may be unencrypted: [CVE-2023-28841](https://github.com/advisories/GHSA-33pg-m6jh-5237)
+ * Docker Swarm encrypted overlay network with a single endpoint is unauthenticated: [CVE-2023-28842](https://github.com/advisories/GHSA-6wrf-mxfj-pf5p)
+* Updated OpenTelemetry dependency. [#33552](https://github.com/gravitational/teleport/pull/33552)
+ * OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics: [CVE-2023-45142](https://github.com/advisories/GHSA-rcjv-mgp8-qvmr)
+* Updated JS dependencies. [#33426](https://github.com/gravitational/teleport/pull/33426) [#33467](https://github.com/gravitational/teleport/pull/33467)
+ * Regular Expression Denial of Service in trim: [CVE-2020-7753](https://github.com/advisories/GHSA-w5p7-h5w8-2hfq)
+ * semver vulnerable to Regular Expression Denial of Service: [CVE-2022-25883](https://github.com/advisories/GHSA-c2qf-rxjj-qqgw)
+ * word-wrap vulnerable to Regular Expression Denial of Service: [CVE-2023-26115](https://github.com/advisories/GHSA-j8xg-fqg3-53r7)
+ * xmldom allows multiple root nodes in a DOM: [CVE-2022-39353](https://github.com/advisories/GHSA-crh6-fp67-6883)
+ * loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS): [CVE-2022-37599](https://github.com/advisories/GHSA-hhq3-ff78-jv3g)
+ * Prototype pollution in webpack loader-utils: [CVE-2022-37601](https://github.com/advisories/GHSA-76p3-8jx3-jpfq)
+ * loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable: [CVE-2022-37603](https://github.com/advisories/GHSA-3rfm-jhwj-7488)
+ * Prototype pollution in Plist before 3.0.5 can cause denial of service: [CVE-2022-22912](https://github.com/advisories/GHSA-4cpg-3vgw-4877)
+ * decode-uri-component vulnerable to Denial of Service (DoS): [CVE-2022-38900](https://github.com/advisories/GHSA-w573-4hg7-7wgq)
+ * Cross-realm object access in Webpack 5: [CVE-2023-28154](https://github.com/advisories/GHSA-hc6q-2mpp-qw7j)
+ * Prototype Pollution in JSON5 via Parse Method: [CVE-2022-46175](https://github.com/advisories/GHSA-9c47-m6qq-7p4h)
+ * http-cache-semantics vulnerable to Regular Expression Denial of Service: [CVE-2022-25881](https://github.com/advisories/GHSA-rc47-6667-2j5j)
+ * Exposure of sensitive information in follow-redirects: [CVE-2022-0155](https://github.com/advisories/GHSA-74fj-2j2h-c42q)
+ * node-fetch forwards secure headers to untrusted sites: [CVE-2022-0235](https://github.com/advisories/GHSA-r683-j2x4-v87g)
+ * Exposure of Sensitive Information to an Unauthorized Actor in nanoid: [CVE-2021-23566](https://github.com/advisories/GHSA-qrpm-p2h7-hrv2)
+ * Terser insecure use of regular expressions leads to ReDoS: [CVE-2022-25858](https://github.com/advisories/GHSA-4wf5-vphf-c2xc)
+* Updated babel/core to 7.3.2. [#33445](https://github.com/gravitational/teleport/pull/33445)
+ * Arbitrary code execution when compiling specifically crafted malicious code: [CVE-2023-45133](https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92)
+
+### Other fixes and improvements
+
+* Fixed failure to connect to OpenSSH nodes when tracing is enabled. [#33594](https://github.com/gravitational/teleport/pull/33594)
+* Web SSH sessions are terminated right away when a user closes the tab. [#33535](https://github.com/gravitational/teleport/pull/33535)
+* Added support for Windows AD root domain for PKI operations. [#33395](https://github.com/gravitational/teleport/pull/33395)
+
## 12.4.22 (10/11/23)
### Security Fixes
diff --git a/Makefile b/Makefile
index 6c54925268c18..82a1277ba9265 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
-VERSION=12.4.22
+VERSION=12.4.23
DOCKER_IMAGE ?= teleport
diff --git a/api/version.go b/api/version.go
index 8a756420b5982..6f9f986665e8f 100644
--- a/api/version.go
+++ b/api/version.go
@@ -1,7 +1,7 @@
// Code generated by "make version". DO NOT EDIT.
package api
-const Version = "12.4.22"
+const Version = "12.4.23"
// Gitref is set to the output of "git describe" during the build process.
var Gitref string
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index 5948473e3cce5..46bb3b631e518 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 12.4.22
+ 12.4.23
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 12.4.22
+ 12.4.23
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index cdecffa8a459e..69aab164a098a 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 12.4.22
+ 12.4.23
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 12.4.22
+ 12.4.23
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/docs/cspell.json b/docs/cspell.json
index 4808a1ec3df20..5d095540aa690 100644
--- a/docs/cspell.json
+++ b/docs/cspell.json
@@ -322,6 +322,7 @@
"createrole",
"createrow",
"creds",
+ "crewjam",
"crond",
"customizability",
"datacenter",
@@ -588,6 +589,7 @@
"operatorenabled",
"opsexample",
"organisation",
+ "otelhttp",
"oustanding",
"oxrq",
"packagekit",
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index dfafa55710f0b..7a4f6fd6d0163 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "12.4.22"
+.version: &version "12.4.23"
name: teleport-cluster
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 9ff4429e95aa3..584f5076a8c1e 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "12.4.22"
+.version: &version "12.4.23"
name: teleport-operator
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index 1a049cdfc3709..88983368d2778 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
- image: public.ecr.aws/gravitational/teleport-operator:12.4.22
+ image: public.ecr.aws/gravitational/teleport-operator:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -30,7 +30,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -138,7 +138,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -216,7 +216,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -283,7 +283,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index bbc7185bc1483..fc9c84c4d6cf9 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -5,7 +5,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v11.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
name: wait-auth-update
- args:
- echo test
@@ -61,7 +61,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -119,7 +119,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v11.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
name: wait-auth-update
nodeSelector:
environment: security
@@ -154,7 +154,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -219,7 +219,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v11.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -236,7 +236,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -301,7 +301,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v11.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
@@ -325,7 +325,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -390,7 +390,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v11.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index 6ef4d8f9d484e..55dc197a8b3cc 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "12.4.22"
+.version: &version "12.4.23"
name: teleport-kube-agent
apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index a936fc4972fd8..b32dcf6369401 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -30,7 +30,7 @@ sets Deployment annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -101,7 +101,7 @@ sets Deployment labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -159,7 +159,7 @@ sets Pod annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -217,7 +217,7 @@ sets Pod labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -292,7 +292,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -351,7 +351,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -409,7 +409,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -465,7 +465,7 @@ should expose diag port if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -535,7 +535,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -605,7 +605,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -663,7 +663,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -721,7 +721,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -786,7 +786,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: "true"
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -854,7 +854,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -918,7 +918,7 @@ should provision initContainer correctly when set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1012,7 +1012,7 @@ should set SecurityContext if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1090,7 +1090,7 @@ should set affinity when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1148,7 +1148,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1219,7 +1219,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: "true"
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1335,7 +1335,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1393,7 +1393,7 @@ should set nodeSelector if set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1453,7 +1453,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1523,7 +1523,7 @@ should set preferred affinity when more than one replica is used if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1581,7 +1581,7 @@ should set priorityClassName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1640,7 +1640,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1708,7 +1708,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1766,7 +1766,7 @@ should set resources when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1831,7 +1831,7 @@ should set serviceAccountName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1889,7 +1889,7 @@ should set tolerations when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index 07052947c5fa5..ca123d2a484e8 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -16,7 +16,7 @@ sets Pod annotations when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -84,7 +84,7 @@ sets Pod labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -176,7 +176,7 @@ sets StatefulSet labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -574,7 +574,7 @@ should expose diag port:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -872,7 +872,7 @@ should have one replica when replicaCount is not set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: RELEASE-NAME
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1413,7 +1413,7 @@ should set SecurityContext:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1501,7 +1501,7 @@ should set affinity when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values:
value: RELEASE-NAME
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1854,7 +1854,7 @@ should set nodeSelector if set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2150,7 +2150,7 @@ should set resources when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2429,7 +2429,7 @@ should set tolerations when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport:12.4.22
+ image: public.ecr.aws/gravitational/teleport:12.4.23
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/version.go b/version.go
index 86ae5d0270728..d0b20cff999a6 100644
--- a/version.go
+++ b/version.go
@@ -1,7 +1,7 @@
// Code generated by "make version". DO NOT EDIT.
package teleport
-const Version = "12.4.22"
+const Version = "12.4.23"
// Gitref is set to the output of "git describe" during the build process.
var Gitref string