diff --git a/_service b/_service
index 794655a..c2e8900 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v17.0.2
+ v17.0.3
v*
@PARENT_TAG@
v(.*)
diff --git a/teleport-17.0.2.obscpio b/teleport-17.0.2.obscpio
deleted file mode 100644
index 7764d04..0000000
--- a/teleport-17.0.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e4923d80673f4fc50ccb24143990816085502230ff233ab5550f16bd83807b51
-size 268694030
diff --git a/teleport-17.0.3.obscpio b/teleport-17.0.3.obscpio
new file mode 100644
index 0000000..68efe9c
--- /dev/null
+++ b/teleport-17.0.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9370d2052ee5605841ff9c20d7b1ecea33b1b86b971d599bdaf09a064ed18d08
+size 268925966
diff --git a/teleport.changes b/teleport.changes
index 15f6c89..91e06ee 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed Dec 4 06:05:05 UTC 2024 - Johannes Kastl
+
+- update to 17.0.3:
+ * Restore ability to disable multi-factor authentication for
+ local users. #49692
+ * Bumping one of our dependencies to a more secure version to
+ address CVE-2024-53259. #49662
+ * Add ability to configure resource labels in teleport-cluster's
+ operator sub-chart. #49647
+ * Fixed proxy peering listener not using the exact address
+ specified in peer_listen_addr. #49589
+ * Teleport Connect now shows whether it is being used on a
+ trusted device or if enrollment is required for full access.
+ #49577
+ * Kubernetes in-cluster joining now also accepts tokens whose
+ audience is the Teleport cluster name (before it only allowed
+ the default Kubernetes audience). Kubernetes JWKS joining is
+ unchanged and still requires tokens with the cluster name in
+ the audience. #49556
+ * Session recording playback in the web UI is now searchable.
+ #49506
+ * Fixed an incorrect warning indicating that tsh v17.0.2 was
+ incompatible with cluster v17.0.1, despite full compatibility.
+ #49491
+ * Increase CockroachDB setup timeout from 5 to 30 seconds. This
+ mitigates the Auth Service not being able to configure TTL on
+ slow CockroachDB event backends. #49469
+ * Fixed a potential panic in login rule and SAML IdP expression
+ parser. #49429
+ * Support for long-running kube exec/port-forward, respect
+ client_idle_timeout config. #49421
+ * Fixed a permissions error with Postgres database user
+ auto-provisioning that occurs when the database admin is not a
+ superuser and the database is upgraded to Postgres v16 or
+ higher. #49390
+
-------------------------------------------------------------------
Tue Nov 26 13:53:42 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 1d21455..7dc11cb 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 17.0.2
-mtime: 1732556604
-commit: a5c84e4b74f1da43a44bd6c18ae184f612fb26f6
+version: 17.0.3
+mtime: 1733259895
+commit: 1bcff22e55a87bed13cd0d88d33ed39f69222b9d
diff --git a/teleport.spec b/teleport.spec
index da59a17..74bbcf8 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -17,7 +17,7 @@
Name: teleport
-Version: 17.0.2
+Version: 17.0.3
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: AGPL-3.0-only
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 7e459b4..82ecde8 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:22a1ddd2520ebfe453dbefc4becf924fe3517691113fcbac3cb7c2ab9235bf8c
-size 52242184
+oid sha256:22001dacf3856a9dd5b2ddfe0aa41d0047ea019b522ed41e9dcf64af3628ae5c
+size 52266711
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 17b7856..cf07954 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:2ed8ddc8901673530dcde15ea516f9b78b132e7de63a07c8216e75dbabe1b6a3
-size 730021
+oid sha256:d21b721976efca4fa5c72e7cab58d2b381df9035e4413097e003051b0ca85890
+size 728057