diff --git a/_service b/_service
index 9f97e6a..794655a 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v16.4.7</param>
+    <param name="revision">v17.0.2</param>
     <param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
diff --git a/teleport-16.4.7.obscpio b/teleport-16.4.7.obscpio
deleted file mode 100644
index 720c54e..0000000
--- a/teleport-16.4.7.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:611284ef1cfaf5f8184f3585fb94b8022e2f95600fc3b06e7a81e1bf08c55b43
-size 279968782
diff --git a/teleport-17.0.2.obscpio b/teleport-17.0.2.obscpio
new file mode 100644
index 0000000..7764d04
--- /dev/null
+++ b/teleport-17.0.2.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e4923d80673f4fc50ccb24143990816085502230ff233ab5550f16bd83807b51
+size 268694030
diff --git a/teleport.changes b/teleport.changes
index a4fc5d2..15f6c89 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,133 @@
+-------------------------------------------------------------------
+Tue Nov 26 13:53:42 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 17.0.2:
+  * Fixed missing user participants in session recordings listing
+    for non-interactive Kubernetes recordings. #49343
+  * Support delegated joining for Bitbucket Pipelines in Machine
+    ID. #49335
+  * Fix a bug in the Teleport Operator chart that causes the
+    operator to not be able to watch secrets during secret
+    injection. #49327
+  * You can now search text within SSH sessions in the Web UI and
+    Teleport Connect. #49269
+  * Teleport Connect now refreshes the resources view after
+    dropping an access request. #49264
+  * Fixed an issue where teleport park processes could be leaked
+    causing runaway resource usage. #49260
+  * Fixed VNet not being able to connect to the daemon. #49199
+  * The tsh puttyconfig command now disables GSSAPI auth settings
+    to avoid a "Not Responding" condition in PuTTY. #49189
+  * Allow Azure VMs to join from a different subscription than
+    their managed identity. #49156
+  * Fix an issue loading the license file when Teleport is started
+    without a configuration file. #49150
+  * Added support for directly configuring JWKS for GitHub joining
+    for circumstances where the GHES is not reachable by the
+    Teleport Auth Service. #49049
+  * Fixed a bug where Access Lists imported from Microsoft Entra ID
+    fail to be created if their display names include special
+    characters. #5551
+
+-------------------------------------------------------------------
+Wed Nov 20 09:50:15 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 17.0.1 (17.0.0 was not released):
+  * Teleport 17 brings the following new features and improvements:
+    - Refreshed web UI
+    - Modern signature algorithms
+    - (Preview) AWS IAM Identity Center integration
+    - Hardware key support for Teleport Connect
+    - Nested access lists
+    - Access lists UI/UX improvements
+    - Signed and notarized macOS assets
+    - Datadog Incident Management plugin for access requests
+    - Hosted Microsoft Teams plugin for access requests
+    - Dynamic registration for Windows desktops
+    - Support for images in web SSH sessions
+    - tbot CLI updates
+  * Refreshed Web UI
+    We have updated and improved designs and added a new navigation
+    menu to Teleport 17’s web UI to enhance its usability and
+    scalability.
+  * Modern signature algorithms
+    Teleport 17 admins have the option to use elliptic curve
+    cryptography for the majority of user, host, and certificate
+    authority key material.  This includes Ed25519 SSH keys and
+    ECDSA TLS keys, replacing the RSA keys used today.  New
+    clusters will leverage modern signature algorithms by default.
+    Existing Teleport clusters will continue to use RSA2048 until a
+    CA rotation is performed.
+  * (Preview) AWS IAM Identity Center integration
+    Teleport 17 integrates with AWS IAM Identity Center to allow
+    users to sync and manage AWS IC group members via Access Lists.
+    See documentation guide.
+  * Hardware key support for Teleport Connect
+    We have extended Teleport 17’s support for hardware-backed
+    private keys to Teleport Connect.
+  * Nested access lists
+    Teleport 17 admins and access list owners can add access lists
+    as members in other access lists.  See details in the
+    documentation.
+  * Access lists UI/UX improvements
+    Teleport 17 web UI has an updated access lists page that will
+    include the new table view, improved search and filtering
+    capabilities.
+  * Datadog Incident Management plugin for access requests
+    Teleport 17 supports PagerDuty-like integration with Datadog's
+    on-call and incident management APIs for access request
+    notifications.  See the configuration guide.
+  * Hosted Microsoft Teams plugin for access requests
+    Teleport 17 adds support for Microsoft Teams integration for
+    access request notifications using Teleport web UI without
+    needing to self-host the plugin.
+  * Dynamic registration for Windows desktops
+    Dynamic registration allows Teleport administrators to register
+    new Windows desktops without having to update the static
+    configuration files read by Teleport Windows Desktop Service
+    instances.
+  * Support for images in web SSH sessions
+    The SSH console in Teleport’s web UI includes support for
+    rendering images via both the SIXEL and iTerm Inline Image
+    Protocol (IIP).
+  * tbot CLI updates
+    The tbot client now supports starting most outputs and services
+    directly from the command line with no need for a configuration
+    file using the new tbot start <mode> family of commands. If
+    desired, a given command can be converted to a YAML
+    configuration file with tbot configure <mode>.  Additionally,
+    tctl now supports inspection and management of bot instances
+    using the tctl bots instances family of commands. This allows
+    onboarding of new instances for existing bots with tctl bots
+    instances add, and inspection of existing instances with tctl
+    bots instances list.
+  * Breaking changes and deprecations
+    - Enforced stricter requirements for SSH hostnames
+      Hostnames are only allowed if they are less than 257
+      characters and consist of only alphanumeric characters and
+      the symbols . and -.  Any hostname that violates the new
+      restrictions will be changed, the original hostname will be
+      moved to the teleport.internal/invalid-hostname label for
+      discoverability.  Any Teleport agents with an invalid
+      hostname will be replaced with the host UUID.  Any Agentless
+      OpenSSH Servers with an invalid hostname will be replaced
+      with the host of the address, if it is valid, or a randomly
+      generated identifier.  Any hosts with invalid hostnames
+      should be updated to comply with the new requirements to
+      avoid Teleport renaming them.
+    - TELEPORT_ALLOW_NO_SECOND_FACTOR removed
+      As of Teleport 16, multi-factor authentication is required
+      for local users. To assist with upgrades, Teleport 16
+      included a temporary opt-out mechanism via the
+      TELEPORT_ALLOW_NO_SECOND_FACTOR environment variable. This
+      opt-out mechanism has been removed.
+    - TOTP for per-session MFA
+      Teleport 17 is the last release where tsh will allow for
+      using TOTP with per-session MFA. Starting with Teleport 18,
+      tsh will require a strong webauthn credential for per-session
+      MFA.  TOTP will continue to be accepted for the initial
+      login.
+
 -------------------------------------------------------------------
 Fri Nov 15 08:43:06 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
 
diff --git a/teleport.obsinfo b/teleport.obsinfo
index b5927f7..1d21455 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
 name: teleport
-version: 16.4.7
-mtime: 1731375738
-commit: 15dfef10fe2175e458e54e81e94dcae0b5f59757
+version: 17.0.2
+mtime: 1732556604
+commit: a5c84e4b74f1da43a44bd6c18ae184f612fb26f6
diff --git a/teleport.spec b/teleport.spec
index 3bbfbb7..da59a17 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -17,7 +17,7 @@
 
 
 Name:           teleport
-Version:        16.4.7
+Version:        17.0.2
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        AGPL-3.0-only
@@ -35,7 +35,7 @@ BuildRequires:  bash-completion
 BuildRequires:  cargo >= 1.69
 BuildRequires:  cargo-packaging
 BuildRequires:  git-core
-BuildRequires:  go1.22 >= 1.22.9
+BuildRequires:  go >= 1.23
 BuildRequires:  pam-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  zsh
diff --git a/vendor.tar.gz b/vendor.tar.gz
index f0ecc8c..7e459b4 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c77a1db3984a74b6c2a7f4c7e6fa3f9f475e1ad49bc8d1123d2d149e5e63939d
-size 46781164
+oid sha256:22a1ddd2520ebfe453dbefc4becf924fe3517691113fcbac3cb7c2ab9235bf8c
+size 52242184
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 2780074..17b7856 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:76257b2718534c1704e89d1f423d6c384c810517a913abbc26d3a98fbcec5c5b
-size 728970
+oid sha256:2ed8ddc8901673530dcde15ea516f9b78b132e7de63a07c8216e75dbabe1b6a3
+size 730021