diff --git a/_service b/_service
index fc0ff22..140de3c 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v15.2.4
+ v15.2.5
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-15.2.4.obscpio b/teleport-15.2.4.obscpio
deleted file mode 100644
index fe2d4e6..0000000
--- a/teleport-15.2.4.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:be9cf855d9ebd74bc7b7254e20f0c37699217a47f3e9e6419e37fe7460b816bc
-size 252724238
diff --git a/teleport-15.2.5.obscpio b/teleport-15.2.5.obscpio
new file mode 100644
index 0000000..c08d103
--- /dev/null
+++ b/teleport-15.2.5.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ecef04d41d76f82ead6eef05ed4359f827068f4f97a18807f2387b71446414fa
+size 252961294
diff --git a/teleport.changes b/teleport.changes
index 2cf9650..96c9f5f 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Sat Apr 27 09:30:21 UTC 2024 - Johannes Kastl
+
+- update to 15.2.5:
+ * Extend proxy templates to allow the target host to be resolved
+ via a predicate expression or fuzzy matching. #40966
+ * Fix an issue where access requests would linger in UI and tctl
+ after expiry. #40964
+ * The teleport-cluster Helm chart can configure AccessMonitoring
+ when running in aws mode. #40957
+ * Make podSecurityContext configurable in the teleport-cluster
+ Helm chart. #40951
+ * Allow to mount extra volumes in the updater pod deployed by the
+ teleport-kube-agentchart. #40946
+ * Improve error message when performing an SSO login with a
+ hardware key. #40923
+ * Fix a bug in the teleport-cluster Helm chart that happened when
+ sessionRecording was off. #40919
+ * Fix audit event failures when using DynamoDB event storage.
+ #40913
+ * Allow setting additional Kubernetes labels on resources created
+ by the teleport-cluster Helm chart. #40909
+ * Fix Windows cursor getting stuck. #40890
+ * Issue cert.create events during device authentication. #40872
+ * Add the ability to control ssh_config generation in Machine
+ ID's Identity Outputs. This allows the generation of the
+ ssh_config to be disabled if unnecessary, improving performance
+ and removing the dependency on the Proxy being online. #40861
+ * Prevent deleting AWS OIDC integration used by External Audit
+ Storage. #40851
+ * Introduce the tpm join method, which allows for secure joining
+ in on-prem environments without the need for a shared secret.
+ #40823
+ * Reduce parallelism when polling AWS resources to prevent API
+ throttling when exporting them to Teleport Access Graph. #40811
+ * Fix spurious deletion of Access List Membership metadata during
+ SCIM push or sync. #40544
+ * Properly enforce session moderation requirements when starting
+ Kubernetes ephemeral containers. #40906
+
-------------------------------------------------------------------
Thu Apr 25 05:34:37 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 148341e..62f7e1d 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 15.2.4
-mtime: 1713922041
-commit: e103ec47ce8f4c30590962f8d9c5a19e4367bae8
+version: 15.2.5
+mtime: 1714168247
+commit: 7d2a77bfa17ef43cc4799078887da8e0e9ddd09d
diff --git a/teleport.spec b/teleport.spec
index 0edc271..e4f22cb 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 15.2.4
+Version: 15.2.5
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 0fa009b..90abe30 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:7b108b6eebf56e360909063d5fac7c09987c0a7a37f92095ca5758fd48dafa29
-size 44778548
+oid sha256:f05fa3b16d6f5cf62a09eb70bc070f75cbb42a3c41381141f184f96650a8c1bd
+size 44779229