diff --git a/_service b/_service
index c4513ca..ab81ce9 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v16.4.2
+ v16.4.3
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-16.4.2.obscpio b/teleport-16.4.2.obscpio
deleted file mode 100644
index 9d185b4..0000000
--- a/teleport-16.4.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:be75bc021d11df96d2e76480dd157b65558ac714b7a2f5676b021aa2b1c15f51
-size 270941198
diff --git a/teleport-16.4.3.obscpio b/teleport-16.4.3.obscpio
new file mode 100644
index 0000000..64c6f00
--- /dev/null
+++ b/teleport-16.4.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9003dbd95143e457e013439e5c4b3d0ca95dff2b210fe3e9ba5bf60e2fb93f7
+size 280437262
diff --git a/teleport.changes b/teleport.changes
index ca6312f..f6eff7b 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Fri Oct 18 06:50:44 UTC 2024 - Johannes Kastl
+
+- update to 16.4.3:
+ * Extended Teleport Discovery Service to support resource
+ discovery across all projects accessible by the service
+ account. #47568
+ * Fixed a bug that could allow users to list active sessions even
+ when prohibited by RBAC. #47564
+ * The tctl tokens ls command redacts secret join tokens by
+ default. To include the token values, provide the new
+ --with-secrets flag. #47545
+ * Added missing field-level documentation to the terraform
+ provider reference. #47469
+ * Fixed a bug where tsh logout failed to parse flags passed with
+ spaces. #47460
+ * Fixed the resource-based labels handler crashing without
+ restarting. #47452
+ * Install teleport FIPS binary in FIPS environments during Server
+ Auto Discover. #47437
+ * Fix possibly missing rules when using large amount of Access
+ Monitoring Rules. #47430
+ * Added ability to list/get AccessMonitoringRule resources with
+ tctl. #47401
+ * Include JWK header in JWTs issued by Teleport Application
+ Access. #47393
+ * Teleport Workload ID now supports issuing JWT SVIDs via the
+ Workload API. #47389
+ * Added kubeconfig context name to the output table of tsh proxy
+ kube command for enhanced clarity. #47383
+ * Improve error messaging when connections to offline agents are
+ attempted. #47361
+ * Allow specifying the instance type of AWS HA Terraform bastion
+ instance. #47338
+ * Added a config option to Teleport Connect to control how it
+ interacts with the local SSH agent (sshAgent.addKeysToAgent).
+ #47324
+ * Teleport Workload ID issued JWT SVIDs are now compatible with
+ OIDC federation with a number of platforms. #47317
+ * The "ha-autoscale-cluster" terraform module now support default
+ AWS resource tags and ASG instance refresh on configuration or
+ launch template changes. #47299
+ * Fixed error in Workload ID in cases where the process ID cannot
+ be resolved. #47274
+ * Teleport Connect for Linux now requires glibc 2.31 or later.
+ #47262
+ * Fixed a bug where security group rules that refer to another
+ security group by ID were not displayed in web UI enrollment
+ wizards when viewing security group rules. #47246
+ * Improve the msteams access plugin debug logging. #47158
+ * Fix missing tsh MFA prompt in certain OTP+WebAuthn scenarios.
+ #47154
+ * Updates self-hosted db discover flow to generate 2190h TTL
+ certs, not 12h. #47125
+ * Fixes an issue preventing access requests from displaying user
+ friendly resource names. #47112
+ * Fixed a bug where only one IP CIDR block security group rule
+ for a port range was displayed in the web UI RDS enrollment
+ wizard when viewing a security group. #47077
+ * The tsh play command now supports a text output format. #47073
+ * Updated Go to 1.22.8. #47050
+ * Fixed the "source path is empty" error when attempting to
+ upload a file in Teleport Connect. #47011
+ * Added static host users to Terraform provider. #46974
+ * Enforce a global device_trust.mode=required on OSS processes
+ paired with an Enterprise Auth. #46947
+ * Added a new config option in Teleport Connect to control SSH
+ agent forwarding (ssh.forwardAgent); starting in Teleport
+ Connect v17, this option will be disabled by default. #46895
+ * Correctly display available allowed logins of leaf AWS Console
+ Apps on tsh app login. #46806
+ * Allow all audit events to be trimmed if necessary. #46499
+
-------------------------------------------------------------------
Fri Sep 27 20:35:28 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 80fb2c2..a556818 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 16.4.2
-mtime: 1727309599
-commit: e414b8fcd479f71ec62f2c8daf498d2c7b8dec8d
+version: 16.4.3
+mtime: 1729078070
+commit: d506b628c2d6bc3b3bd257350261713cb4b0df3e
diff --git a/teleport.spec b/teleport.spec
index 407153b..eb678d4 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 16.4.2
+Version: 16.4.3
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: AGPL-3.0-only
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 19bc373..b40e34c 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:dfea0ae4e1fdef96846b5ad2a738f23569236fd4c2abf9d53be2ee130e27d763
-size 46697453
+oid sha256:79a18db8daa78cf72b6aba9d80e8421c1f334a3883a97b8f8100ca1322b7f7ae
+size 46790012
diff --git a/vendor.tar.zst b/vendor.tar.zst
index b790bce..e297552 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:077db6813e5684cefe9276e082349efe720bc794782467213d7039e2f427f1e5
-size 723955
+oid sha256:4ab85d230031a7ff69ff4ffb80efe1e6e3048a17543cd75004004833cc976b97
+size 729773