diff --git a/_service b/_service
index 29f3d30..dc38bf3 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v15.0.2
+ v15.1.6
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-15.0.2.obscpio b/teleport-15.0.2.obscpio
deleted file mode 100644
index b1135e5..0000000
--- a/teleport-15.0.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f0e4ad12cc7aba97f24032871a7c5a8f1060eb4ee0b5e30cfc609e4e621967a6
-size 247395342
diff --git a/teleport-15.1.6.obscpio b/teleport-15.1.6.obscpio
new file mode 100644
index 0000000..77d2ecd
--- /dev/null
+++ b/teleport-15.1.6.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf00b514198d48faae12b425858909185ee92a14d1d5cbfdc9472cde43a47e89
+size 246301710
diff --git a/teleport.changes b/teleport.changes
index b731aa9..c05e644 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,273 @@
+-------------------------------------------------------------------
+Sun Mar 17 13:44:52 UTC 2024 - Johannes Kastl
+
+- update to 15.1.6:
+ * Added remote port forwarding for Teleport nodes. #39440
+ * Added remote port forwarding for OpenSSH nodes. #39438
+
+-------------------------------------------------------------------
+Sun Mar 17 13:32:06 UTC 2024 - Johannes Kastl
+
+- update to 15.1.5:
+ * Improve error messaging when creating resources fails because
+ they already exist or updating resources fails because they
+ were removed. #39395
+ * The audit entry for access_request.search will now truncate the
+ list of roles in the audit UI if it exceeds 80 characters.
+ #39372
+ * Re-enable AWS IMDSv1 fallback due to some EKS clusters having
+ their IMDSv2 hop limit set to 1, leading to IMDSv2 requests
+ failing. Users who wish to keep IMDSv1 fallback disabled can
+ set the AWS_EC2_METADATA_V1_DISABLED environmental variable.
+ #39366
+ * Only allow necessary operations during moderated file transfers
+ and limit in-flight file transfer requests to one per session.
+ #39351
+ * Make the Jira access plugin log Jira errors properly. #39346
+ * Fixed allowing invalid access request start time date to be
+ set. #39322
+ * Teleport Enterprise now attempts to load the license file from
+ the configured data directory if not otherwise specified.
+ #39314
+ * Improve the security for MFA for Admin Actions when used
+ alongside Hardware Key support. #39306
+ * The saml_idp_service_provider spec adds a new preset field that
+ can be used to specify predefined SAML service provider
+ profile. #39277
+ * Fixed a bug that caused some MFA for Admin Action flows to fail
+ instead of retrying: ex: tctl bots add --token=. #39269
+
+-------------------------------------------------------------------
+Sun Mar 17 13:20:04 UTC 2024 - Johannes Kastl
+
+- update to 15.1.4:
+ * Raised concurrent connection limits between Teleport Cloud
+ regions and in clusters that use proxy peering. #39233
+ * Improved clean up of system resources during a fast shutdown of
+ Teleport. #39211
+ * Resolved sporadic errors caused by requests fail to comply with
+ Kubernetes API spec by not specifying resource identifiers.
+ #39168
+ * Added a new password change wizard. #39124
+ * Fixed the NumLock and Pause keys for Desktop Access sessions
+ not working. #39095
+
+-------------------------------------------------------------------
+Sun Mar 17 12:52:27 UTC 2024 - Johannes Kastl
+
+- update to 15.1.3:
+ * Fix a bug when using automatic updates and the discovery
+ service. The default install script now installs the correct
+ teleport version by querying the version server. #39099
+ * Fix a regression where tsh kube credentials fails to re-login
+ when credentials expire. #39075
+ * TBot now supports --proxy-server for explicitly configuring the
+ Proxy address. We recommend switching to this if you currently
+ specify the address of your Teleport proxy to --auth-server.
+ #39055
+ * Expand the EC2 joining process to include newly created AWS
+ regions. #39051
+ * Added GCP MySQL access IAM Authentication support. #39040
+ * Fixed compatibility of the Teleport service file with older
+ versions of systemd. #39032
+ * Update WebUI database connection instructions. #39027
+ * Teleport Proxy Service now runs a version server by default
+ serving its own version. #39017
+ * Significantly reduced latency of network calls in Teleport
+ Connect. #39012
+ * SPIFFE SVID generation introduced to tbot (experimental).
+ #39011
+ * Adds tsh workload issue command for issuing SVIDs using tsh.
+ #39115
+ * Fixed an issue in SAML IdP entity descriptor generator process,
+ which would fail to generate entity descriptor if the
+ configured Entity ID endpoint would return HTTP status code
+ above 200 and below 400 . #38987
+ * Updated Go to 1.21.8. #38983
+ * Updated electron-builder dependency to address possible
+ arbitrary code execution in the Windows installer of Teleport
+ Connect (CVE-2024-27303). #38964
+ * Fixed an issue where it was possible to skip providing old
+ password when setting a new one. #38962
+ * Added database permission management support for Postgres.
+ #38945
+ * Improved reliability and performance of tbot. #38928
+ * Filter terminated sessions from the tsh sessions ls output.
+ #38887
+ * Make it easier to identify Teleport browser tabs by placing the
+ session information before the cluster name. #38737
+ * The teleport-ent-upgrader package now gracefully restarts the
+ Teleport binary if possible, to avoid cutting off ongoing
+ connections. #3578
+ * Trusted device authentication failures may now include a brief
+ explanation message in the corresponding audit event. #3572
+ * Okta access lists sync will now sync groups without members.
+ #3636
+
+-------------------------------------------------------------------
+Sun Mar 17 12:38:22 UTC 2024 - Johannes Kastl
+
+- update to 15.1.2:
+ * Fix a bug when using automatic updates and the discovery
+ service. The default install script now installs the correct
+ teleport version by querying the version server. #39099
+ * Fix a regression where tsh kube credentials fails to re-login
+ when credentials expire. #39075
+ * TBot now supports --proxy-server for explicitly configuring the
+ Proxy address. We recommend switching to this if you currently
+ specify the address of your Teleport proxy to --auth-server.
+ #39055
+ * Expand the EC2 joining process to include newly created AWS
+ regions. #39051
+ * Added GCP MySQL access IAM Authentication support. #39040
+ * Fixed compatibility of the Teleport service file with older
+ versions of systemd. #39032
+ * Update WebUI database connection instructions. #39027
+ * Teleport Proxy Service now runs a version server by default
+ serving its own version. #39017
+ * Significantly reduced latency of network calls in Teleport
+ Connect. #39012
+ * SPIFFE SVID generation introduced to tbot (experimental).
+ #39011
+ * Adds tsh workload issue command for issuing SVIDs using tsh.
+ #39115
+ * Fixed an issue in SAML IdP entity descriptor generator process,
+ which would fail to generate entity descriptor if the
+ configured Entity ID endpoint would return HTTP status code
+ above 200 and below 400 . #38987
+ * Updated Go to 1.21.8. #38983
+ * Updated electron-builder dependency to address possible
+ arbitrary code execution in the Windows installer of Teleport
+ Connect (CVE-2024-27303). #38964
+ * Fixed an issue where it was possible to skip providing old
+ password when setting a new one. #38962
+ * Added database permission management support for Postgres.
+ #38945
+ * Improved reliability and performance of tbot. #38928
+ * Filter terminated sessions from the tsh sessions ls output.
+ #38887
+ * Make it easier to identify Teleport browser tabs by placing the
+ session information before the cluster name. #38737
+ * The teleport-ent-upgrader package now gracefully restarts the
+ Teleport binary if possible, to avoid cutting off ongoing
+ connections. #3578
+ * Trusted device authentication failures may now include a brief
+ explanation message in the corresponding audit event. #3572
+ * Okta access lists sync will now sync groups without members.
+ #3636
+
+-------------------------------------------------------------------
+Sun Mar 17 11:29:44 UTC 2024 - Johannes Kastl
+
+- update to 15.1.1:
+ * Fixed panic when an older tsh or proxy changes an access list.
+ #38861
+ * SSH connection resumption now works during graceful upgrades of
+ the Teleport agent. #38842
+ * Fixed an issue with over counting of reported Teleport updater
+ metrics. #38831
+ * Fixed tsh returning "private key policy not met" errors instead
+ of automatically initiating re-login to satisfy the private key
+ policy. #38819
+ * Made graceful shutdown and graceful restart terminate active
+ sessions after 30 hours. #38803
+
+-------------------------------------------------------------------
+Sun Mar 17 09:41:08 UTC 2024 - Johannes Kastl
+
+- update to 15.1.0:
+ * New Features
+ - Standalone tbot Docker image
+ We now ship a new container image that contains tbot but
+ omits other Teleport binaries, providing a light-weight
+ option for Machine ID users.
+ - Custom mouse pointers for remote desktop sessions
+ Teleport remote desktop sessions now automatically change the
+ mouse cursor depending on context (when hovering over a link,
+ resizing a window, or editing text, for example).
+ - Synchronization of Okta groups and apps
+ Okta integration now support automatic synchronization of
+ Okta groups and app assignments to Teleport as access lists
+ giving users ability to request access to Okta apps without
+ extra configuration.
+ - EKS auto-discovery in Access Management UI
+ Users going through EKS enrollment flow in Access Management
+ web UI now have an option to enable auto-discovery for EKS
+ clusters.
+ * Other changes
+ - Fixed application access events being overwritten when using
+ DynamoDB as event storage. #38815
+ - Fixed a regression that had reintroduced long freezes for
+ certain actions like "Run as different user". #38805
+ - When teleport is configured to require MFA for admin actions,
+ MFA is required to get certificate authority secrets. Ex:
+ tctl auth export --keys or tctl get
+ cert_authority/host/root.example.com --with-secrets. #38777
+ - Added auto-enrolling capabilities to EKS discover flow in the
+ web UI. #38773
+ - Heavily optimized the Access List page in the UI, speeding
+ things up considerably. #38764
+ - Align DynamoDB BatchWriteItem max items limit. #38763
+ - tbot-distroless image is now published. This contains just
+ the tbot binary and therefore has a smaller image size.
+ #38718
+ - Fixed a regression with Teleport Connect not showing the
+ re-login reason and connection errors when accessing
+ databases, Kube clusters, and apps with an expired cert.
+ #38716
+ - Re-enabled the Windows key and prevents it from sticking or
+ otherwise causing problems when cmd+tab-ing or alt+tab-ing
+ away from the browser during desktop sessions. #38699
+ - Resource limits are now correctly applied to the
+ wait-auth-update initContainer in the teleport-cluster Helm
+ chart. #38692
+ - When teleport is configured to require MFA for admin actions,
+ MFA is required to create, update, or delete trusted
+ clusters. #38690
+ - Fixed error in tctl get users --with-secrets when using SSO.
+ #38663
+ - When device trust is required and MFA is optional, users will
+ need to add their first MFA device from a trusted device.
+ #38657
+ - Temporary files are no longer created during Discover UI EKS
+ cluster enrollment. #38649
+ - When teleport is configured to require MFA for admin actions,
+ MFA is required to get or list tokens with tctl. Ex: tctl
+ tokens ls or tctl get tokens/foo. #38645
+ - Implemented dynamic mouse pointer updates to reflect
+ context-specific actions, e.g. window resizing. #38614
+ - MFA approval is no longer required in the beginning of EKS
+ Discover flow. #38580
+ - Fixed Postgres v16.x compatibility issue preventing multiple
+ connections for auto-provisioned users. #38543
+ - Fixed incorrect color of resource cards after changing the
+ theme in Web UI and Connect. #38537
+ - Updated the dialog for adding new authentication methods in
+ the account settings screen. #38535
+ - Displays review dates for access lists in dates, not
+ remaining hours in tsh. #38525
+ - Ensure that tsh continues to function if one of its profiles
+ is invalid. #38514
+ - Fixed logging output for teleport configure ... commands.
+ #38508
+ - Fixed tsh/WebAuthn.dll panic on Windows Server 2019. #38490
+ - Fixes an issue that prevented the Web UI from properly
+ displaying the hostname of servers in leaf clusters. #38469
+ - Added ssh_service.enhanced_recording.root_path configuration
+ option to change the cgroup slice path used by the agent.
+ #38394
+ - Fixed a bug that could cause expired SSH servers from
+ appearing in the Web UI until the Proxy is restarted. #38310
+ - Desktops can now be configured to use the same screen
+ resolution for all sessions. #38307
+ - The maximum duration for an access request is now 14 days,
+ the okta-requester role has been added which takes advantage
+ of this. #38224
+ - Added TLS routing native WebSocket connection upgrade
+ support. #38108
+ - Fixed a bug allowing the operator to delete resource it does
+ not own. #37750
+
-------------------------------------------------------------------
Sun Feb 25 17:46:00 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 31370d1..e578dfb 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 15.0.2
-mtime: 1708116513
-commit: 520f79d46f94d3737cb06e9da055d63a16bb7685
+version: 15.1.6
+mtime: 1710562463
+commit: 9e7a7589d667cf6978154b5a3b4f9b2489c005c2
diff --git a/teleport.spec b/teleport.spec
index 0e4c9bb..0a0b359 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 15.0.2
+Version: 15.1.6
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 7bfc532..f3bf2fc 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:59d369e9668771b846c07625c9e347f707e43baa14adb9657cf3cbd3310d94f2
-size 43957309
+oid sha256:1893a5db52b6cc16774afa5764450671b7e403fddbe089d188a85ce26491200a
+size 44150230