diff --git a/_service b/_service
index ae1ea6f..3e13dc2 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v15.1.9
+ v15.2.0
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-15.1.9.obscpio b/teleport-15.1.9.obscpio
deleted file mode 100644
index b6c5bb3..0000000
--- a/teleport-15.1.9.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:615e8382c3ab49ea5c366b88ec00c19a8040325303e66ee743db89403744be30
-size 246522382
diff --git a/teleport-15.2.0.obscpio b/teleport-15.2.0.obscpio
new file mode 100644
index 0000000..1fcfc80
--- /dev/null
+++ b/teleport-15.2.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d6dac1592104c5a004948a5afa868a925ff1677ac9a01e8c95a13fecb19b6660
+size 247606798
diff --git a/teleport.changes b/teleport.changes
index 73d7062..4246426 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,145 @@
+-------------------------------------------------------------------
+Sat Mar 30 17:16:29 UTC 2024 - Johannes Kastl
+
+- update to 15.2.0:
+ * Improved Access Requests UI
+ The access requests page of the web UI will be backed by a
+ paginated API, ensuring fast load times even on clusters with
+ many access requests.
+ Additionally, the UI allows you to search for access requests,
+ sort them based on various attributes, and includes several new
+ filtering options.
+ * Zero-downtime web asset rollout
+ Teleport 15.2 changes the way that web assets are served and
+ cached, which will allow multiple compatible versions of the
+ Teleport Proxy to run behind the same load balancer.
+ * Workload Identity MVP
+ With Teleport 15.2, Machine ID can bootstrap and issue identity
+ to services across multiple computing environments and
+ organizational boundaries. Workload Identity issues
+ SPIFFE-compatible x509 certificates that can be used for mTLS
+ between services.
+ * Support for Kubernetes 1.29+
+ The Kubernetes project is deprecating the SPDY protocol for
+ streaming commands (kubectl exec, kubectl port-forward, etc)
+ and replacing it with a new websocket-based subprotocol.
+ Teleport 15.2.0 will support the new protocol to ensure
+ compatibility with newer Kubernetes clusters.
+ * Automatic database access requests
+ Both tsh db connect and tsh proxy db will offer the option to
+ submit an access request if the user attempts to connect to a
+ database that they don't already have access to.
+ * GCP console access via Workforce Identity Federation
+ Teleport administrators will be able to setup access to GCP web
+ console through Workforce Identity Federation using Teleport as
+ a SAML identity provider.
+ * IaC support for OpenSSH nodes
+ Users will be able to register OpenSSH nodes in the cluster
+ using Terraform and Kubernetes Operator.
+ * Access requests start time
+ Users submitting access requests via web UI will be able to
+ request specific access start time up to a week in advance.
+ * Terraform and Operator support for agentless SSH nodes
+ The Teleport Terraform provider and Kubernetes operator now
+ support declaring agentless OpenSSH and OpenSSH EC2 ICE
+ servers. You can follow this guide to register OpenSSH agents
+ with infrastructure as code.
+ Setting up EC2 ICE automatic discovery with IaC will come in a
+ future update.
+ * Operator and CRDs can be deployed separately
+ The teleport-operator and teleport-cluster charts now support
+ deploying only the CRD, the CRD and the operator, or only the
+ operator.
+ From the teleport-cluster Helm chart:
+ operator:
+ enabled: true|false
+ installCRDs: always|never|dynamic
+ From the teleport-operator Helm chart:
+ enabled: true|false
+ installCRDs: always|never|dynamic
+ In dynamic mode (by default), the chart will install CRDs if
+ the operator is enabled, but will not remove the CRDs if you
+ temporarily disable the operator.
+ * Operator now propagates labels
+ Kubernetes CR labels are now copied to the Teleport resource
+ when applicable.
+ This allows you to configure RBAC for operator-created
+ resources, and to filter Teleport resources more easily.
+ * Terraform provider no longer forces resource re-creation on
+ version change
+ Teleport v15 introduced two Terraform provider changes:
+ - setting the resource version is now mandatory
+ - a resource version change triggers the resource re-creation
+ to ensure defaults were correctly set
+ The second change was too disruptive, especially for roles, as
+ they cannot be deleted if a user or an access list references
+ them. Teleport 15.2 lifts this restriction and allows version
+ change without forcing the resource deletion.
+ Another change to ensure resource defaults are correctly set
+ during version upgrades will happen in v16.
+ * Other improvements and fixes
+ - Fixed "Invalid URI" error in Teleport Connect when starting
+ mongosh from database connection tab. #40033
+ - Adds support for easily exporting the SPIFFE CA using tls
+ auth export --type tls-spiffe and the /webapi/auth/export
+ endpoint. #40007
+ - Update Rust to 1.77.0, enable RDP font smoothing. #39995
+ - The role, server and token Teleport operator CRs now display
+ additional information when listed with kubectl get. #39993
+ - Improve performance of filtering resources via predicate
+ expressions. #39972
+ - Fixes a bug that prevented CA import when a SPIFFE CA was
+ present. #39958
+ - Fix a verbosity issue that caused the
+ teleport-kube-agent-updater to output debug logs by default.
+ #39953
+ - Reduce default Jamf inventory page size, allow custom values
+ to be provided. #39933
+ - AWS IAM Roles are now filterable in the web UI when launching
+ a console app. #39911
+ - The teleport-cluster Helm chart now supports using the Amazon
+ Athena event backend. #39907
+ - Correctly show the users allowed logins when accessing leaf
+ resources via the root cluster web UI. #39887
+ - Improve performance of resource filtering via labels and
+ fuzzy search. #39791
+ - Enforce optimistic locking for AuthPreferences,
+ ClusterNetworkingConfig, SessionRecordingConfig. #39785
+ - Fix potential issue with some resources expiry being set to
+ 01/01/1970 instead of never. #39773
+ - Update default access request TTLs to 1 week. #39509
+ - Fixed an issue where creating or updating an access list with
+ Admin MFA would fail in the WebUI. #3827
+
+-------------------------------------------------------------------
+Fri Mar 29 19:31:04 UTC 2024 - Johannes Kastl
+
+- update to 15.1.10:
+ * Fixed possible phishing links which could result in code
+ execution with install and join scripts. #39837
+ * Fixed MFA checks not being prompted when joining a session.
+ #39814
+ * Added support for Kubernetes websocket streaming subprotocol v5
+ connections. #39770
+ * Fixed a regression causing MFA prompts to not show up in
+ Teleport Connect. #39739
+ * Fixed broken SSO login landing page on certain versions of
+ Google Chrome. #39723
+ * Teleport Connect now shows specific error messages instead of
+ generic "access denied". #39720
+ * Added audit events for database auto user provisioning. #39665
+ * Updated Electron to v29 in Teleport Connect. #39657
+ * Added automatic access request support for tsh db login, tsh db
+ connect and tsh proxy db. #39617
+ * Fixed a bug in Teleport Cloud causing the hosted ServiceNow
+ plugin to crash when setting up the integration. #39603
+ * Fixed a bug of the discovery script failing when jq was not
+ installed. #39599
+ * Ensured that audit events are emitted whenever the
+ authentication preferences, cluster networking config, or
+ session recording config are modified. #39522
+ * Database object labels will now support templates. #39496
+
-------------------------------------------------------------------
Tue Mar 19 20:27:13 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 10d18ac..50c7c97 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 15.1.9
-mtime: 1710875533
-commit: 2ba061355e99dfdec78081f9cfb615b3cda5e556
+version: 15.2.0
+mtime: 1711746250
+commit: bb8bd77625f4e82178d068da6f0f4756d043e37c
diff --git a/teleport.spec b/teleport.spec
index ae85cd9..50756f9 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 15.1.9
+Version: 15.2.0
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 2721f86..6f0aa8b 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:10a08525dc87c021601492b9d55671c54cbdecdebf87f210792bfc097f098030
-size 44158894
+oid sha256:7044d9dec404dc6300dc472a5b990809720c12810a4691c08eef54f3c2196a81
+size 44221695