diff --git a/_service b/_service
index e057962..19a8595 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v16.1.0
+ v16.1.3
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-16.1.0.obscpio b/teleport-16.1.0.obscpio
deleted file mode 100644
index 04938b6..0000000
--- a/teleport-16.1.0.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5f140a7a074cabce5ab56da2b74df4f9712d9528ed5b0aa8b622810eddded6c1
-size 255606798
diff --git a/teleport-16.1.3.obscpio b/teleport-16.1.3.obscpio
new file mode 100644
index 0000000..92fc59d
--- /dev/null
+++ b/teleport-16.1.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce83e5f3632d9e9300f46746fa13753488b8039ff8ef53f80c28e3245f4a49ae
+size 258359822
diff --git a/teleport.changes b/teleport.changes
index 61c39a3..bb3d385 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,125 @@
+-------------------------------------------------------------------
+Wed Aug 7 07:16:37 UTC 2024 - Johannes Kastl
+
+- update to 16.1.3 (not release 16.1.2):
+ * Fixed an issue where tsh aws may display extra text in addition
+ to the original command output. #45168
+ * Fixed regression that denied access to launch some Apps. #45149
+ * Bot resources now honor their metadata.expires field. #45130
+ * Teleport Connect now sets TERM_PROGRAM: Teleport_Connect and
+ TERM_PROGRAM_VERSION: environment variables in
+ the integrated terminal. #45063
+ * Fixed a panic in the Microsoft Teams plugin when it receives an
+ error. #45011
+ * Added a background item for VNet in Teleport Connect; VNet now
+ prompts for a password only during the first launch. #44994
+ * Added warning on tbot startup when the requested certificate
+ TTL exceeds the maximum allowed value. #44989
+ * Fixed a race condition between session recording uploads and
+ session recording upload cleanup. #44978
+ * Prevented Kubernetes per-Resource RBAC from blocking access to
+ namespaces when denying access to a single resource kind in
+ every namespace. #44974
+ * SSO login flows can now authorize web sessions with Device
+ Trust. #44906
+ * Added support for Kubernetes Workload Attestation into Teleport
+ Workload Identity to allow the authentication of pods running
+ within Kubernetes without secrets. #44883
+
+-------------------------------------------------------------------
+Thu Aug 1 07:25:49 UTC 2024 - Johannes Kastl
+
+- update to 16.1.1:
+ * Added option to allow client redirects from IPs in specified
+ CIDR ranges in SSO client logins. #44846
+ * Machine ID can now be configured to use Kubernetes Secret
+ destinations from the command line using the kubernetes-secret
+ schema. #44801
+ * Prevent discovery service from overwriting Teleport dynamic
+ resources that have the same name as discovered resources.
+#44785
+ * Reduced the probability that the event-handler deadlocks when
+ encountering errors processing session recordings. #44771
+ * Improved event-handler diagnostics by providing a way to
+ capture profiles dynamically via SIGUSR1. #44758
+ * Teleport Connect now uses ConPTY for better terminal resizing
+ and accurate color rendering on Windows, with an option to
+ disable it in the app config. #44742
+ * Fixed event-handler Helm charts using the wrong command when
+ starting the event-handler container. #44697
+ * Improved stability of very large Teleport clusters during
+ temporary backend disruption/degradation. #44694
+ * Resolved compatibility issue with Paramiko and Machine ID's SSH
+ multiplexer SSH agent. #44673
+ * Teleport no longer creates invalid SAML Connectors when calling
+ tctl get saml/ | tctl create -f without the
+ --with-secrets flag. #44666
+ * Fixed a fatal error in tbot when unable to lookup the user from
+ a given UID in containerized environments for checking ACL
+ configuration. #44645
+ * Fixed Application Access regression where an HTTP header wasn't
+ set in forwarded requests. #44628
+ * Added Server auto-discovery support for Rocky and AlmaLinux
+ distros. #44612
+ * Use the registered port of the target host when tsh puttyconfig
+ is invoked without --port. #44572
+ * Added more icons for guessing application icon by name or by
+ label teleport.icon in the web UI. #44566
+ * Remove deprecated S3 bucket option when creating or editing AWS
+ OIDC integration in the web UI. #44485
+ * Fixed terminal sessions with a database CLI client in Teleport
+ Connect hanging indefinitely if the client cannot be found.
+#44465
+ * Added application-tunnel service to Machine ID for establishing
+ a long-lived tunnel to a HTTP or TCP application for Machine to
+ Machine access. #44443
+ * Fixed a regression that caused Teleport Connect to fail to
+ start on Intel Macs. #44435
+ * Improved auto-discovery resiliency by recreating Teleport
+ configuration when the node fails to join the cluster. #44432
+ * Fixed a low-probability panic in audit event upload logic.
+ #44425
+ * Fixed Teleport Connect binaries not being signed correctly.
+ #44419
+ * Prevented DoSing the cluster during a mass failed join event by
+ agents. #44414
+ * The availability filter is now a toggle to show (or hide)
+ requestable resources. #44413
+ * Moved PostgreSQL auto provisioning users procedures to pg_temp
+ schema. #44409
+ * Added audit events for AWS and Azure integration resource
+ actions. #44403
+ * Fixed automatic updates with previous versions of the
+ teleport.yaml config. #44379
+ * Added support for Rocky and AlmaLinux when enrolling a new
+ server from the UI. #44332
+ * Fixed PostgreSQL session playback not rendering queries line
+ breaks correctly. #44315
+ * Fixed Teleport access plugin tarballs containing a build
+ directory, which was accidentally added upon v16.0.0 release.
+#44300
+ * Prevented an infinite loop in DynamoDB event querying by
+ advancing the cursor to the next day when the limit is reached
+ at the end of a day with an empty iterator. This ensures the
+ cursor does not reset to the beginning of the day. #44275
+ * The clipboard sharing tooltip for desktop sessions now
+ indicates why clipboard sharing is disabled. #44237
+ * Prevented redirects to arbitrary URLs when launching an app.
+ #44188
+ * Added a --skip-idle-time flag to tsh play. #44013
+ * Added audit events for discovery config actions. #43793
+ * Enabled Access Monitoring Rules routing with Mattermost plugin.
+ #43601
+ * SAML application can now be deleted from the Web UI. #4778
+ * Fixed an Access List permission bug where an access list owner,
+ who is also a member, was not able to add/remove access list
+ member. #4744
+ * Fixed a bug in Web UI where clicking SAML GCP Workforce
+ Identity Federation discover tile would throw an error,
+ preventing from using the guided enrollment feature. #4720
+ * Fixed an issue with incorrect yum/zypper updater packages being
+ installed. #4684
+
-------------------------------------------------------------------
Tue Jul 16 09:32:46 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 35f01ac..d4d62d2 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 16.1.0
-mtime: 1721089456
-commit: fd6032e88e2de2bf5a5c90ec771356bc611619a8
+version: 16.1.3
+mtime: 1722982495
+commit: b7b867588808879c7e066572691688990e76bf25
diff --git a/teleport.spec b/teleport.spec
index f1da7d1..66dbef1 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 16.1.0
+Version: 16.1.3
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: AGPL-3.0-only
@@ -36,7 +36,7 @@ Source6: vendor.tar.zst
BuildRequires: cargo >= 1.69
BuildRequires: cargo-packaging
BuildRequires: git-core
-BuildRequires: go >= 1.22
+BuildRequires: go1.22
BuildRequires: pam-devel
BuildRequires: systemd-rpm-macros
Requires: teleport-tctl
diff --git a/vendor.tar.gz b/vendor.tar.gz
index f0880cc..da37597 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:d1df58897d206c99ba54b6ef0bd1b76ba6c0460d314b3a4bb49f184c186d28d0
-size 52512380
+oid sha256:bac42adce31f8cb19abf50a6df1f4cd2eaae6f0228808c0593ae78cc28372f49
+size 46610566