-------------------------------------------------------------------
Tue Mar 07 05:48:42 UTC 2023 - kastl@b1-systems.de

- Update to version 12.1.0:
  * Release 12.1.0 (#22694)
  * (v12) Downgrade Go to 1.19.6 (#22691)
  * Add MaxRetryPeriod for cachePolicy config to use in tests
    (#22656) (#22692)
  * [v12] temporarily disable TestHSMDualAuthRotation (#22682)
  * [v12] Docs: Add Datadog guide. (#22677)
  * Update node listing troubleshooting (#22678)
  * [v12] Update access request enterprise description (#22621)
  * [v12] Machine ID Agent Anonymous Analytics (#22658)
  * test keyword frontmatter (#22666)
  * Machine ID telemetry docs (#22541) (#22660)
  * SCP - Change file attrs only when requested (#22579) (#22609)
  * Fix broken Teleterm stories (#22665)
  * spell fixes and discord config fix (#22617)
  * Remove network I/O from database_service collection apply
    (#22588)
  * [v12] Add OSS repo name to github actions trigger (#22653)
  * Update e (#22608)
  * Refresh remote cluster connection status periodically (#22575)
  * bump cloud version (#22542)
  * fix typo in image (#22138) (#22552)
  * Bump e ref. (#22602)

-------------------------------------------------------------------
Sat Mar 04 08:45:41 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.5:
  * Release 12.0.5 (#22599)
  * Add SAML IdP service providers to default allow rules.
    (#22600)
  * [v12] node hb and watcher scalability improvements (#21495)
  * Add in SAML IdP service provider session metadata to auth
    attempts. (#22544) (#22562)
  * update eref (#22596)
  * [Web] Refactor serverside filtering and pagination
    (#20823) (#22432)
  * fix video link (#22576)
  * Use `btree.BTreeG` directly in memory backend (#22409)
  * [v12] Add GCP Service Account parameter to tctl users add
    reference (#22543)
  * [v12] Add Telnet into docker to test connectivity for cloud
    getting started (#22570)
  * Allow all alert severities to be acknowledged (#22582)
  * add github.com/google/go-attestation/attest to e imports #2
    (#22465)
  * Fix compilation on ARM (#22569)
  * [v12] Refresh the Access Controls menu (#22523)
  * [v12] update e ref to latest branch/v12 (#22566)
  * Added 03/02 Upcoming Releases Update (#22547)
  * [v12] Enable BPF on ARM64 (#22550)
  * Teleport 12 Videos (#22527)
  * Add Azure auto-joining (#21087) (#22521)
  * [v12] Unify x86/ARM64 build process (#22495)
  * Fix pickDefaultAddr not respecting HTTPS_PROXY (#22492)
  * Set `create_as_resource` in device-related `tctl` RPCs
    (#22415) (#22518)
  * Improve `tsh kube credentials` read operations (#22508)
  * [v12] SAML IdP audit events. (#22510)
  * [v12] `lib/usagereporter` refactor and consolidation (#22512)
  * [v12] Make curl fail on server error when downloading binaries
    in buildbox (#22380) (#22442)
  * add known STS endpoint for ap-southeast-4 (#22486)
  * [v12] Server Access RBAC Docs page (#22500)
  * Okta local service. (#22434) (#22513)
  * chore: Bump Buf to v1.15.0 (#22430) (#22472)
  * [v12] Allow devices writes with resource-like semantics
    (#22470)
  * Initial Okta objects. (#22151) (#22431)
  * [v12] Update to libbpf 1.0.1  (#22424)
  * Automatically parse entity ID from SAML SP during CLI creation.
    (#22101) (#22368)
  * [v12] Add static and dynamic web ui configuration options
    (#22422)
  * [v12] feat: add LoginRule methods to api/client (#22426)
  * [v12] Add docs steps to create machine-id data dir and systemd
    enablement (#22477)
  * [v12] Remove non-applicable roles from teleport start --roles
    reference (#22311)
  * [v12] Use developer-friendly and precise technical language in
    docs (#22412)
  * docs: use approved terminology for desktop access w/ local
    users (#22418)
  * [v12] Add CLI doc changes after new client only parameter for
    tsh version (#22392)
  * Export runtime traces from tsh (#22406)
  * [v12] fixes #21970 - remove broken config validation check in
    scratch mode (#22423)
  * [v12] sshserver: Correctly handle PuTTY winadj channel requests
    (#22420)
  * Docs: Device Trust role and locking support (#21915) (#22416)
  * [v12] update e-ref (#22381)
  * Install libbpf 1.0.1 in buildboxes (#22317)
  * [v12] Update to default k8s deployment docs (#22396)
  * Update docs Teleport version and golang (#22384)
  * Add caching to web assets (#22183)
  * [v12] Connect: Remove resource cache (#22316)
  * Machine ID readme example script fix (#22394)
  * Add Azure join method (#22204)
  * [v12] Bump versions in docker images to 12 (#22375)
  * Updates to enable merge queue (#22370)
  * Fix incorrect login options for Windows Desktops
    (#22118) (#22333)
  * [v12] Update eref (#22343)
  * Add WEBASSETS_SKIP_BUILD to Makefile (#22337)
  * Always include webassets_embed when building teleport (#22339)
  * Add `isDashboard` to web config object (#20830) (#22329)
  * [v12] [Web] Add custom element support to SearchPanel (#22325)
  * Fix SAML IdP service provider CLI bug. (#22322)
  * [v12] [web] Move filtering out cloud and tcp apps to the
    frontend (#22324)

-------------------------------------------------------------------
Tue Feb 28 07:52:01 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.4:
  * Release 12.0.4 (#22321)
  * Terminate the local shell when a session closes (#22222)
  * Ignore all node_module paths when running shellcheck lint.
    (#22233)
  * [v12] Enable xterm links and clean up MFA modal (#22278)
  * [v12] Web: Fix regression for not able to create or reset
    users (#22267)
  * Mark Proxy Peering as in Preview (#22209)
  * [v12] helm: allow to set security contexts in
    `teleport-kube-agent` (#21535)
  * Format collected data in the device tctl resource nicely
    (#22198) (#22258)
  * Fix `disconnect_expired_cert` and `client_idle_timeout`
    description (#22255)
  * spell fix kubernetes resource doc (#22259)

-------------------------------------------------------------------
Tue Feb 28 06:52:22 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.3:
  * Release 12.0.3 (#22250)
  * [v12] Fix Kube impersonation header overwrite when dealing
    with remote clusters (#22244)
  * Fix an issue Redis protocol not handling nil response
    (#22200) (#22228)
  * preserve explicit local auth disable
  * Create a generic local backend service. (#22236)
  * [v12] Adds `kubernetes_resources` references (#22217)
  * User group API and cache. (#21956) (#22147)
  * [v12] Provide flag to only display tsh binary version (#22167)
  * [v12] Extend security context to proxy init container
    wait-auth-update. (#22064)
  * createPtyProcess: Return early on error (#22190)
  * ClustersService: Remove internal logins when syncing root
    clusters (#22187)
  * [v12] Implement tctl resource commands for Device Trust
    (#22157)
  * Added 02/23 Upcoming Releases Update
  * [v12] Add docs for Device Trust tctl commands (#22201)
  * Inherit `kubernetes_resources` from roles when using access
    requests to kube_cluster
  * [v12] Add service for "plugin" resources (#21210) (#22185)
  * [v12] Add Security-Kerberos Event Log for Desktop
    Troubleshooting (#22170)
  * add MFA type and Login flow to register challenge event
    (#22112) (#22159)
  * add bypassses for UI GHA's (#22105) (#22141)
  * Add expire time to SAML session creation. (#22135)
  * [v12] Add Plugin resource schema, methods (#20990) (#22177)
  * [v12] Connect: Enable font configuration (#22122)
  * Update e (#22156)
  * Spell fix previews page (#22152)
  * Add in WrapContextWithUserFromTLSConnState. (#22136)
  * [v12] Bump cloud version to 11.3.4 (#22114)
  * disable MFA TTL limit for local proxy tunnel (#21661)
  * [v12] Document silent install of Connect on Windows (#22119)
  * Clarifications in Okta SSO doc (#22036)
  * [v12] Docs: update fluentd guide (#22077)
  * Remove usage of lodash methods  (#21567) (#22102)
  * Discover: install ent image when cluster is enterprise
    (#22109)
  * [v12] Install deb/yum repos when using node-join script
    (#22108)
  * Ensure UpdateRemoteCluster updates all fields (#22024) (#22088)
  * fix: improve tsh logs when skipping auto Access Request
    (#22094)
  * Add DatabaseService KeepAlive type (#22042) (#22087)
  * SAML IdP sessions added to the API and cache. (#22098)
  * Correctly handle LOCAL command of PROXY protocol v2 in
    multiplexer (#22092)
  * Import jest-canvas-mock in teleport tests which import xterm
    paths (#22074)
  * Refresh Introduction Page (#21261) (#22032)
  * [v12] Add non-HA Teleport cluster to Deploy with Helm links
    (#22039)
  * Emit usage events for `port`, `kube.request`, `sftp`
    (#21740) (#22016)
  * Relay child exit code in g-build (#21898)
  * [v12] [Web:Discover] Add missing checks (#22029)
  * Align AWS assume-role request duration with cert expiration
    (#21670) (#21994)
  * Support assumed roles for "tsh proxy aws" (#20568) (#21990)
  * [doc] Update app access reserved headers X-Teleport-*
    (#21000) (#21993)
  * [v12] Change init logger to include timestamp for debug level
    (#21996)
  * Add minor improvements to `lib/kube/proxy` (#21917)
  * [v12] Support proxy reading of SAML IdP CA. (#22030)
  * Mention --mfa-mode in the `tsh mfa add` flow (#22018) (#22034)
  * [docs] add a note on `rds:DescribeDBClusters` (#22007) (#22025)
  * Improve formatting for TLS cert requests (#22013)
  * CI: bypass OS compatibility check for some changes
    (#21989) (#22021)
  * [v12] Updates to windows getting started (#22019)
  * [v12] SAML IdP access checker. (#21955)
  * Expose access point in web handler. (#21957)
  * Include Enterprise in output of tctl version for commercial
    pre-req (#22004)
  * [v12] Fix Moderated session on leave pause action. (#21974)
  * [v12] [Web] Fix missing --request-id= flag in UI for Kubernetes
    login instructions (#21445)
  * [v12] Connect: Use SSH server UUID instead of hostname for file
    transfer (#21962)
  * [v12] Fix uncaught errors in Desktop's Discover flow (#21756)
  * Added 02/16 Upcoming Releases Update
  * Add metrics to track connection ingress (#19734) (#21771)
  * Switch CodeQL to scheduled (#21942)
  * Refer to tsh apps subcommand (#21857)
  * Adjust clientIP/pinnedIP fields according to IP pinning RFD
    (#21906)
  * Update Go toolchain to 1.20.1 (#21931)
  * [v12] Docs/TF: Identity as b64 (#21933)
  * Docs: Remove Jira Custom Field reference (#21908)
  * Update role > lock and add missing word." (#21897)
  * Reduce etcd requests performed by a KeepAlive (#21926)
  * Update Teleport Enterprise Cloud compare description (#21922)
  * [v12] Update teleterm README (#21879)
  * Disable instance heartbeats by default (#21901) (#21905)
  * [v12] Add docs references to `tsh request search --kind=pod`
    (#21887)
  * [v12] Add more info re: AWS credentials to the docs (#21776)
  * [v12] Include enterprise in tctl prereqs for ent  and cloud
    (#21890)
  * Initial user group object. (#21657)
  * [v12] Add SAML query functions to auth preferences. (#21825)
  * SAML IdP session objects. (#21758)
  * [v12] Update troubleshooting docs (#21762)
  * [v12] Change error response formatting for "/version" endpoint
    (#21846)
  * Update download link (#21674)
  * use Enterprise over Commercial (#21370)
  * Improve webpack "exclude" expressions (#21663) (#21725)
  * [doc] allow either role name or full ARN for AWS IAM role
    db_users (#21240) (#21837)
  * helm: fix proxy and auth config referring to the same subdict
    (#21768)
  * Fixup teleport db configure create (#20968) (#21690)
  * spell fixes (#21855)
  * Bump Buf to v1.14.0 (#21842)
  * Run reviewers check on (un)labeled PR events (#21814) (#21819)
  * [v12] docs: login rule docs (#21829)
  * Remove deprecated warning when proxy starts (#21817)
  * [v12] Move CentOS 7 assets to GitHub repo (#21784)
  * feat: early feedback for successful security key taps (#21780)
  * set SessionExpires on new sessions (#21688) (#21733)
  * [v12] Skip deleting server heartbeats during in-process restart
    (#21807)
  * Remove code related to restarting lib/teleterm gateways (#21533)
  * AWS IAM role matching for database users (#20610) (#21251)
  * Add device lock support (#21667) (#21751)
  * [v12] Turn off parallelization of teleterm's integration tests
    (#21737)
  * [v12] Remove support for DEBUG_ASSETS_PATH  (#21473)
  * Remove required cluster name when using `tsh kube login --all`
    (#21765)
  * [v12] Moderated sessions request is not forwarded into the leaf
    cluster (#21612)
  * Role access requests available for all scopes (#21752)
  * Update docs link to master db access rfd (#21736)
  * Cache etcd lease ttl (#21496)
  * Fix linter issues (#21748)
  * [v12] Update Go toolchain to 1.20 (#21680)
  * Add Pod resource search web API (#21595)
  * Update docs version (#21744)
  * [v12] Make UsageSessionStart report TCP app access separately
    (#21711)
  * [v12] Connect: Link to docs in `UsageData` dialog  (#21730)
  * Delete assets/aws/cloudformation directory (#21696)
  * lib/utils/fs.go: Do not remove lockfiles on Windows
  * Update SQL Server library (#21065) (#21638)
  * Update database config samples (#21480) (#21543)
  * Change debug commands during discover flow (#21557)
  * [v12] Ask for job role on the second launch (#21640)
  * Correct namespace name in k8s doc (#21589)
  * Remove version warnings for EOL Teleport versions (#21665)

-------------------------------------------------------------------
Mon Feb 13 15:53:03 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.2:
  * Release 12.0.2 (#21679)
  * Bump cloud version to 11.3.3 (#21672)
  * Fix kube agent shutdown during upgrades (#21617)
  * [v12] Updates port validation to restrict to valid port numbers 1-65535 (#21651)
  * Improve listing resources across clusters (#21003) (#21577)
  * [v12] Skip deleting database servers on agent shutdown during binary upgrade (#21635)
  * [v12] Update JS grpc-tools to 1.12.4 (#21532)
  * capture custom role creation in prehog (#21123) (#21599)
  * Verify if proxy can handle application requests when creating session (#21615)
  * Extract entity ID when creating SAML service provider. (#21603)
  * Allow invalid namespaces in role templates (#21573)
  * Remove GCB checks (#21593)
  * [v12] Compare TLS and SSH principals independent of order (#21578)
  * [v12] Skip device authz when issuing App or Windows certs (#21571)
  * fix link in troubleshooting guide (#21581)
  * [v12] Use test IP addresses for auth_proxy_test. (#21576)
  * Remove unused `CheckResourceUpsertableByError` function (#21562)
  * refactor db local proxy logic (#21335)
  * Add field to user cert request (#21474)
  * Fix k8s docs links (#21553)
  * Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#21514)
  * Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#21513)
  * [v12] Update e-ref (#21547)
  * [v12] Add SAML IdP service providers to the cache and CLI. (#21471)
  * [v12] Improve error message when trying to rename resource (#21179)
  * [v12] Remove Auth/Proxy instructions from DB guides (#21333)
  * properly resolve conflict (#21409)
  * [v12] Update okta.mdx (#21410)
  * [v12] helm-docs: Separate cert-manager and ACM values for clarity in AWS guide (#21361)
  * Rename protoEqual and add a big warning (#21505)
  * [v12] Connect: return logged in user in `ListRootClusters` (#21467)
  * Run go mod tidy in CI (#21140) (#21482)
  * Align the Okta and Auth Connector configuration examples in Okta SSO guide (#21475)
  * [v12] Add in file configuration for the SAML IdP. (#21486)
  * improve 'tsh scp' error message when no remote path is specified (#21373)
  * Add `tsh request search --kind=pod` support (#21456)
  * Removes the "overflow: auto" from StyledXterm (#20868)
  * fix partial links (#21470)
  * Reduce CPU usage in enhanced session
  * update contribute instructions to use major version (#21462)
  * [v12] [Docs] update Desktop Access introduction for v12 (#21458)
  * Update the version support table for v12 (#21428)
  * single-source access control guides list (#21415)
  * [v12] Move Connect-specific MenuLogin story out of shared package (#21386)
  * Fix flaky tctl UT - allocate network listener (#21390)
  * Add RBAC labels for Database Services access (#21093) (#21244)
  * Enable role-based device authz for DB, k8s and SSH (#20640) (#21432)
  * [v12] Bump OpenSSL and libcbor (#21425)
  * [v12] Require flag for dynamic resources matching "tsh db configure create" (#21395)
  * [v12] Allow role-based device verification in AccessChecker (#20846)
  * Bump forked go-libfido2 (#21175)
  * fix k8s docs links (#21414)
  * Show enterprise installs for Cloud scope MacOS Installs (#19669) (#21368)
  * Update docs version to 12 (#21418)
  * [v12] Add missing license headers to files. (#21405)
  * correct tsh scp docs (#21378)
  * Docs: AWS RDS Proxy Guide (#21322) (#21401)
  * [v12] Update security information in docs. (#21358)
  * Updated Dronegen for v12 release (#21355)
  * [v12] Fix the navigation not listening to the back button (#21236)
  * Spelling fix and app access link fix (#21397)
  * [v12] Remove deprecated `/webapi/nodes/token` endpoint (#21152)
  * Add gRPC Kubernetes Service (#21359)

-------------------------------------------------------------------
Wed Feb 08 08:08:12 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.1:
  * Release 12.0.1 (#21372)
  * Fix operator build (#21369)
  * fix lint-breaking spacing (#21356)
  * [v12] Preview Page (#21283)

-------------------------------------------------------------------
Wed Feb 08 07:53:13 UTC 2023 - kastl@b1-systems.de

- Update to version 12.0.0:
  Full changelog is available at
  https://github.com/gravitational/teleport/releases/tag/v12.0.0

  Teleport 12 brings the following marquee features and improvements:
    - Device Trust (Preview, Enterprise only)
    - Passwordless Windows access for local users (Preview, Enterprise only)
    - Per-pod RBAC for Kubernetes Access (Preview)
    - Azure and GCP CLI support for Application Access (Preview)
    - Support for more databases in Database Access:
      - AWS DynamoDB
      - AWS Redshift Serverless
      - AWS RDS Proxy for PostgreSQL/MySQL
      - Azure SQLServer Auto Discovery
      - Azure Flexible Servers
    - Refactored Helm charts (Preview)
    - Dropped support for SHA1 in Server Access
    - Signed/notarized macOS binaries

  * Azure and GCP CLI support for Application Access (Preview)
    In Teleport 12 administrators can interact with Azure and GCP APIs through
    Application Access using `tsh az` and `tsh gcloud` CLI commands, or using
    standard `az` and `gcloud` tools through the local application proxy.
  * Support for more databases in Database Access
    Database Access in Teleport 12 brings a number of new integrations to AWS-hosted
    databases such as DynamoDB (now with audit log support), Redshift Serverless and
    RDS Proxy for PostgreSQL/MySQL.
    On Azure, Database Access adds SQLServer auto-discovery and support for Azure
    Flexible Server for PostgreSQL/MySQL.
  * Refactored Helm charts (Preview)
    The “teleport-cluster” Helm chart underwent significant refactoring in Teleport
    12 to provide better scalability and UX. Proxy and Auth are now separate
    deployments and the new “scratch” chart mode makes it easier to provide a custom
    Teleport config.
    “Custom” mode users should follow the migration guide:
    https://goteleport.com/docs/ver/12.x/deploy-a-cluster/helm-deployments/migration-v12/
  * Dropped support for SHA1 in Server Access
    Newer OpenSSH clients connecting to Teleport 12 clusters no longer need the
    “PubAcceptedKeyTypes” workaround to include the deprecated “sha” algorithm.
  * Signed/notarized macOS binaries
    Users who download Teleport 12 Darwin binaries would no longer get an untrusted
    software warning from macOS.
  * tctl edit
    tctl now supports an edit subcommand, allowing you to edit resources directly in
    your preferred text editor.
  * Breaking Changes
    Please familiarize yourself with the following potentially disruptive changes in
    Teleport 12 before upgrading.
    - Helm charts
      The teleport-cluster Helm chart underwent significant changes in Teleport 12. To
      upgrade from an older version of the Helm chart deployed in “custom” mode, use
      the following migration guide:
      https://goteleport.com/docs/ver/12.x/deploy-a-cluster/helm-deployments/migration-v12/
      Additionally, PSPs are removed from the chart when installing on Kubernetes 1.23
      and higher to account for the deprecation/removal of PSPs by Kubernetes.
    - tctl auth export
      The tctl auth export command only exports the private key when passing the
      --keys flag. Previously it would output the certificate and private key
      together.
    - Desktop Access
      Windows Desktop sessions disable the wallpaper by default, improving
      performance. To restore the previous behavior, add `show_desktop_wallpaper: true`
      to your windows_desktop_service config.

-------------------------------------------------------------------
Thu Feb 02 06:59:38 UTC 2023 - kastl@b1-systems.de

- remove non-breakable-space character from changes file
- Update to version 11.3.2:
  * Release 11.3.2 (#21121)
  * Update ec2-tags.mdx (#21115)
  * Fix MongoDB readHeaderAndPayload BSON max size (#21113)
  * [v11] Fix direct node dial from WebUI (#20928)
  * Update docker-compose docs (#21045)
  * Use CDN links for install node scripts (#20985) (#21057)
  * [v11] Remove CentOS6 and RHEL6 as valid distros (#20986)
  * Skip TestBot_Run_CARotation (#20944)
  * Use `SameSiteNoneMode` for application access cookies (#21049)
  * Fix data race when closing listener (#21040)
  * Conditionally build the UI if there are changes. (#20489) (#21018)
  * [v11] Use the webassets directory at the root of the project for the web ui. (#21016)
  * remove quotes from messages in makefile (#20740)
  * Open Support links in UI to new page (#20984)
  * [v11] Merge backports (#20997)
  * [v11] Enable building teleport with the new UI location (#20965)
  * Elasticsearch: explicitly require `--db-user`. (#20695) (#20919)
  * Use concurrent streams for SFTP connections (#20953)
  * update docs version (#20973)
  * Disable disk-based logging for TestResizeTerminal (#20871)
  * Fix language for try out teleport intro (#20948)
  * Use a GitHub app for the check and backport workflows (#20873) (#20958)
  * [v11] Add node and yarn to the buildboxes in preparation for the webapps merge (#20952)
  * Hardware Key UX fixes (#20949)
  * Update Rust to 1.67.0 (#20883)
  * [v11] chore: Bump Buf to v1.13.1 (#20921)
  * Added 01/26 Upcoming Releases Update
  * [v11] fix `tsh proxy aws --endpoint-url` (#20880)
  * Temporarily ignore the web directory when linting for license headers.
  * [v11] Migrate AppLauncher tests into webapps. (#1532)
  * Rearrange buildbox layers for faster updates (#20838)
  * Use ghcr image for doc tests (#20876)
  * Update app tests for rewritten headers (#20801)
  * [v11] Add support for Moderated Sessions in the Web UI (#1540)
  * [v11] [Discover] Enable mysql flow (#1539)
  * [v11] feat: login rule audit events (#1537)
  * [v11] Connect: Add useWorkspaceLoggedInUser (#1536)
  * [v11] Update eref (#1534)
  * Decode URL encoded values from AppLauncher's ARN. (#1530)
  * Update e ref (#1528)
  * Add --quiet to eslint package.json script (#1510) (#1523)
  * Update webapps.e reference to latest commit (#1522)
  * Fix clipboard permissions apparent inconsistency (#1509) (#1513)
  * Change the application access authentication flow (#1515)
  * capture additional prehog events (#1508)
  * [v11] backport #1505 (Revert "Use sessionStorage for Authentication Bearer Token) (#1506)
  * Add lazy loading for desktop sessions (#1503)
  * Add lazy loading for session playback (#1502)
  * Update e ref (#1500)
  * Make trusted cluster screen hidden based on user roles (#1484) (#1494)
  * Update Electron to 22.0.0 (#1498) (#1499)
  * [v11] Discover: Implement Day 1 Database Postgres Flow (#1487)
  * Update sessionPath value to new endpoint (#1486) (#1492)
  * [v11] [Connect] requestableRoles and suggestedReviewers on LoggedInUser (#1485)
  * [v11] Make bundled tsh available outside of Connect (#1488)
  * Connect: Add missing modal stories, misc modal fixes (#1479) (#1482)
  * Include session id in Session Uploaded event display (#1476)
  * awaits the file write and close to avoid data corruption (#1471) (#1472)
  * Fix websocket close (#1463) (#1470)
  * [v11] add app access dynamodb event (#1462)
  * [v11] backport #1275 (Use sessionStorage for Authentication Bearer Token) (#1458)
  * Adds a status code to the closing of the tdp client's websocket (#1442) (#1455)
  * [v11] [Connect] Use resourcesList in review access request table (#1456)
  * Add support for InstanceJoin and BotJoin audit events (#1414) (#1440)
  * Update electron-builder to 24.0.0-alpha.5 (#1434) (#1438)
  * Connect: Use typed URIs (#1394) (#1436)
  * Fix Connect stories (#1422) (#1435)
  * Connect: Implement tshd event handlers for db cert renewal (#1383) (#1416)
  * Add `recoveryCodesEnabled` (#1408) (#1419)
  * Add subject value to app sessions (#1413) (#1426)
  * alert convention matches grpc (#1424) (#1425)
  * [Connect] Async autocomplete (#1406) (#1423)
  * Fix large file corruption (#1382) (#1421)
  * capture events from webapps (#1344) (#1411)
  * Connect: Tell fpm to not use symlinks when building the rpm package (#1407) (#1410)
  * useAsync: Add support for abort signal (#1377) (#1409)
  * Update xterm to 5.0.0 (#1400) (#1401)
  * [v11] backport #1321 (Add checkbox component to design package)  (#1393)
  * Lazy load Telemetry only when needed (#1399)
  * Fix alerts from not disappearing on route changes (#1395) (#1397)
  * Display `verb`, `request_path` & `response_code` in `kube.request` events (#1384) (#1391)
  * [v11] Use a single websocket for SSH connections (#1361) (#1392)
  * Pass clusterUri rather than documentUri to retryWithRelogin (#1385) (#1386)
  * [v11] [Connect] Use server side search in resource tables (Advanced Search) (#1381)
  * [v11] Forward SSH agent (#1366) (#1370)
  * [v11] Update to Electron 21 (#1351) (#1360)
  * Fix iterating over null array for sshLogins from fetched nodes (#1356)
  * [Discover] Refactor SetupAccess Screens (#1310)
  * Prevent non-https protocol from opening external windows (#1343) (#1345)
  * Shared Directory Audit Events (#1290) (#1348)
  * Connect: Set up tshd events server for tshd-initiated communication (#1285) (#1339)
  * [v11] retryWithRelogin: Enable use outside of document context (#1341)
  * Show all kinds of active sessions (#1337)
  * [v11] Log shared process `stdout` and `stderr` (#1046) (#1336)
  * [v11] Discover: Add back button for `TestConnection` screens (#1329)
  * Update ensureBaseUrl to use URL constructors only (#1328) (#1330)
  * Update ensureBaseUrl conditional (#1320) (#1322)
  * [v11] Handle private key policy errors and config (#1298) (#1311)
  * Warn user when desktop is active (#1297) (#1312)
  * Connect: Use gap instead of margins for <Label> groups (#1316) (#1317)
  * [UI]: Make roles render as labels (#1299) (#1308)
  * [v11] Connect: Accommodate for making gRPC server creds in shared process (#1220) (#1302)
  * Change Session Recording created date to UTC timestamp (#1304) (#1305)
  * Make linguist correctly classify JS protobuf files (#1300) (#1301)
  * [v11] Stop `FeatureBox` from adding a scrollbar (#1295)
  * Connect: Fix filtering internal logins (#1292) (#1293)
  * [v11] Discover implement kube flow day 1 (#1287)
  * Change Desktop page to link to Discover, fix k8s typo (#1289)
  * [v11] [Connect] Conditionally render Access Request navigation menu (#1281)
  * [v11] File Transfer UI fixes (#1276) (#1284)
  * [v11] Assumed roles bar improvements (#1274) (#1283)
  * Connect: Adjust size of sync button & search input (#1280) (#1282)
  * Connect testing fixes (#1269) (#1272)
  * Update support ticket url (#1259)
  * Fixes clipboard sync (#1250) (#1267)
  * [v11] Do not keep assumed requests in `app_state.json` (#1254) (#1255)
  * CatchError and Discover related feature extensions (#1249) (#1262)
  * [v11] [Connect] Add Document Access Requests (#1203) (#1252)
  * [v11] Backports (#1248)
  * Update e-ref (#1245)
  * [v11] Add support for Cassandra audit events (#1241)
  * [v11] Add file transfer to Connect (#1225) (#1244)
  * [Teleport] Create Tabs Component(#1234)
  * Fix copy for SCP upload audit event (#1233)
  * TDP PNG2 (#1230)
  * Handles connect and disconnect audits for database servers where database name is not given. (#1226)
  * Create TextSelectCopyMulti that allows multi lines and adding comments (#1194)
  * Add audit log changes for SSM executions (#1192)
  * Add `WEBPACK_PORT` (#1215)
  * Add application CRUD audit events.
  * Elasticsearch audit events. (#1213)
  * Update Hot Reloading to work under more conditions, add `WEBPACK_PORT` (#1210)
  * Create a FeatureContext to replace passing features as a prop (#1211)
  * Add caching to Webpack during development (#1207)
  * Add events for create, update and delete `kube_clusters` (#1202)
  * Remove `raw-loader` completely (#1206)
  * [Discover] Desktop Setup Flow (#1172)
  * Minor kube fixes (#1195)
  * add cluster alert links to UX (#1193)
  * Add type-check step to CI (#1197)
  * Remove auto-refresh for Active Sessions list (#1196)
  * Add kube support (#1191)
  * Fix double scroll bars, make everything have min width 1250px (#1178)
  * Add BannerList and Banner components to display cluster alerts on load (#1169)
  * [Discover] Check permission during the flow step instead of at beginning (#1185)
  * Use node server_name of addr.local in audit log display (#1089)
  * Change DEB artifact name (#1183)
  * [Discover] Bug fix appending index number to login trait names (#1180)
  * [Discover] User menu checkmark, alert bubble, tweaks (#1173)
  * Adds `is_empty` to the File System Object (#1174)
  * Remove leftover Connect proto file, update shared process protos (#1162)
  * [Discover] Add permissions checks and available Teleport versions (#1126)
  * [Discover] Update copy and design tweaks (#1131)
  * Update generated protos for Connect (#1155)
  * Update GitHub connector template (#1157)
  * Adds special handling for CapsLock on MacOS (#1153)
  * Enforce react-testing-library eslint rules (#1150)
  * Allow Webpack's HTTPS options to be set through environment variables (#1151)
  * adds (preview) to Share Directory menu item (#1148)
  * Add `--request-id` flag to connection instructions for Kubes and Databases (#1130)
  * Turn on directory sharing by default  (#1141)
  * Add default value for CONNECT_TSH_BIN_PATH in dev mode (#1143)
  * Change Linux artifact names (#1142)
  * Add support for Connect builds with Touch ID (#1116)
  * Ignore `*.story.tsx` when type checking during Webpack builds (#1140)
  * [Discover] Implement onboarding (#1121)
  * update e ref (#1129)
  * Improve Linux support (#1098)
  * Enable no-unused-vars (#1118)
  * [Discover] Prompt the user on pressing the back button during Discover (#1119)
  * Add functional empty states to discover UI (#1106)
  * bump e-ref (#1117)
  * [Discover] Refactor context and top nav user menu dropdown (#1113)
  * Reorganize approach to cluster names (#1086)
  * Move electron-builder to a JS file (#1111)
  * [Discover] Refactor and re-use Main component styling (#1112)
  * Add warning dialog for unsupported browsers for directory sharing (#1110)
  * Add an event for when a session recording is accessed (#970)
  * SharedDirectoryDeleteRequest and SharedDirectoryDeleteResponse (#1096)
  * [Discovery] Add Finish Component and Tweaks (#1109)
  * Remove building native deps from `yarn build-term` (#1058)
  * Use `.ico` for Windows (#1097)
  * style sidebar (#1104)
  * Update app access events (#1100)
  * Remove AgentConnect (#1099)
  * [Discover] Test Connection Boilerplating (#1094)
  * `SharedDirectoryCreateRequest` and `SharedDirectoryCreateResponse` (#1090)
  * Show Connect icon in better quality (#1091)
  * Add a playback speed selector for Desktop Access recordings (#1072)
  * [Discover] Add resource discovery polling and static OS logins (#1088)
  * [Connect] Refactor FormLogin and add passwordless capabilities (#1019)
  * `SharedDirectoryMoveResponse` (#1074)
  * Switch webapps automation to main repo (#1082)
  * Mark app session with "AWS" (#1050)
  * Refactor input focusing after transition (#1071)
  * Move focus to active document (#1070)
  * Dockerfile: Check yarn.lock only on CI servers (#1076)
  * Use git diff to show the difference after yarn install (#1069)
  * Update e reference to master (#1073)
  * Add protocol interceptor (#1025)
  * useDocumentGateway: Default to '' rather than '0' (#1061)
  * Add SFTP audit events (#968)
  * Add ability to change port for db proxy (#900)
  * CI: Fail if an update to yarn.lock is needed (#1047)
  * Remove the stash (#1055)
  * webassets: stash and pull to stay up to date (#1054)
  * Further improvements to the webassets automation (#1053)
  * `SharedDirectoryMoveRequest` (#1045)
  * Fix git push (#1052)
  * Checkout webassets at the right branch (#1051)
  * Set TCP protocol explicitly (#1048)
  * Tidy up `sharedDirectoryManager` (#1010)
  * `SharedDirectoryWriteResponse` (#1008)
  * `SharedDirectoryWriteRequest` (#1007)
  * `SharedDirectoryReadResponse` (#1005)
  * `SharedDirectoryReadRequest` (#1003)
  * `SharedDirectoryListResponse` (#1000)
  * `SharedDirectoryListRequest` (#999)
  * Add automation to update webassets on push (#868)
  * `SharedDirectoryInfoResponse` (#996)
  * Add resource selection scaffold (#1035)
  * [discover] Create Download Script Component (#1028)
  * Add dash to Windows artifact name (#1039)
  * Make "Learn More" button open Connect docs (#1040)
  * Allow only one instance of Connect (#1038)
  * Allow users to update Upgrade Window Start (#980)
  * Connect: Wait for tshd gRPC server to start (#1021)
  * Fix minor Windows issues (#1027)
  * Add Windows support for Connect (#971)
  * Fix the plugins for Connect so React Refresh works (#1032)
  * Add unsafe-eval to CSP in dev mode to make source maps work (#1031)
  * Added eslint rule to enforce the order of file imports (#1030)
  * Add source maps and type checking to Webpack, config improvements (#985)
  * Create LoginTrait Component (#992)
  * Add section to README about audit events (#1022)
  * Add `c-` prefix to the OS field of the feedback form (#1009)
  * Display UTC time in audit log and session recording log (#991)
  * Remove pathname injection in 404 message (#1002)
  * added a content-security-policy (#987)
  * add database uses db configure create (#912)
  * Fix bug caused by having no participants in a Kube session recording (#995)
  * updated webPreferences config (#988)
  * deny any permission requests until needed (#986)
  * `SharedDirectoryInfoRequest` (#966)
  * `SharedDirectoryAcknowledge` (#965)
  * `SharedDirectoryAnnounce` (#960)
  * Remove unnecessary tranformValue for gap (#984)
  * Updates Babel build targets (#977)
  * Apply discover perm check (#982)
  * Add gap property to Flex (#981)
  * Fix typo in malformed packet error (#978)
  * Update caniuse-lite (#975)
  * Add k8s to recordings and active sessions list (#972)
  * Remove EOT fonts (#969)
  * Update teleterm protobuf files (#967)
  * autofill username if loggedInUser exists on cluster (#954)
  * Add targetUser to DocumentGateway help text (#961)
  * Discover wizard screen POC + boilerplating (#942)
  * Directory sharing menu item (#952)
  * [3/3] Prettify teleterm package and add prettier to CI rule (#956)
  * [2/3] Prettify shared, build, and teleport packages (#955)
  * [1/3] Prettify Design Package (#953)
  * Adds directory sharing flag to the ACL, protected by a config variable (#951)
  * Connect: Add note about resource lifecycle to readme (#950)
  * wrap switchTab in a conditional (#941)
  * Change page size in Connect to 15 (#943)
  * Make DocumentGateway responsive (#944)
  * fowards path parameter to app access authentication (#913)
  * Change window title to `Teleport Connect Preview` (#939)
  * Add section about --insecure to Connect's readme (#937)
  * Sort connections only when the list opens and show newest on the top (#925)
  * Filter out logins starting with dash (#932)
  * Update "Connect with GUI" section, add universal context menu (#926)
  * Add default username for Redis (#919)
  * Fix menu bug (#929)
  * Limit db connections to one per db server & db username (#889)
  * if no tab present, do nothing when CMD+W pressed (#923)
  * Add ability to change db name for db proxy (#883)
  * Fall back to leaf cluster id when restoring leaf cluster terminal document (#920)
  * Update eref: change language 'search' to 'resource' access req (#921)
  * Show connection type in connection tracker (#906)
  * Show cluster breadcrumbs (#901)
  * Remove username from the `Identity` selector  (#903)
  * Connect `ShareFeedback` with API (#899)
  * Update e-ref: prevent rendering with nonrecoverable error [access request] (#910)
  * Small fixes and tweaks while going through test plan (#908)
  * Refactor StepSlider Component (#884)
  * changes 0.0.0.0 to 127.0.0.1 (#905)
  * Add story for Identity (#902)
  * Update e-ref for story fix (#897)
  * Update e-ref: fix for search based request list total count bug (#894)
  * Revert "setup project to run prettier (#886)" (#893)
  * Mention Teleport Connect in the README (#888)
  * Ensure the gateway is created only when opening the document (#890)
  * setup project to run prettier (#886)
  * Re-order kube resource connection instructions for clarity  (#880)
  * Add share feedback form (#878)
  * Show node specific ssh logins options (#873)
  * Add `TextArea` and `FieldTextArea` components (#870)
  * Update e-ref (#881)
  * Build Connect in Webapps-Build pipeline  (#874)
  * Restart cluster gateways on login (#879)
  * Add error callback to `handleRequest()` method on devserver (#877)
  * Various small fixes and touch ups (#876)
  * Add `access_request.search` event to audit log (#875)
  * Show recent clusters list (#865)
  * Search based request related changes and Table addons (#867)
  * Improve handling timeouts when resolving shell env (#862)
  * Fix null role response from users fetch (#871)
  * Change app name to `Teleport Connect` (#869)
  * Fix logout icon (#859)
  * Create agent type for resources (#828)
  * type-check script: Perform type check only (#861)
  * Add missing word to `PromptSsoStatus` (#854)
  * SQLServer audit events (#860)
  * Fix types for Logger/NullService (#864)
  * Retry with relogin on errors related to expired certs (#846)
  * Capture tshd logs (#853)
  * Allow "Activity" tab to be hidden (#844)
  * Add get-teleport-connect-dir script (#856)
  * Use only dmg target for Teleport Connect (#855)
  * Update eref for docs link fix (#850)
  * Do not show the login dialog when user adds a cluster that is connected (#840)
  * Prevent `active` label jumping in identity list (#839)
  * Remove connections when logging out (#837)
  * Increase scrollback size to 5k lines (#838)
  * Do not include secrets in gRPC logs (#829)
  * Add cloud link download to Help & Support (#820)
  * Create a LabelPicker component (#823)
  * yarn.lock: electron@^19 -> electron@19.0.0 (#833)
  * Upgrade Electron to 19.0.0 (#830)
  * Add two event codes for SSO test flow. (#717)
  * Prevent `restorePersistedState()` crash when there is no persisted workspace for a cluster (#825)
  * Add gRPC files generation and logging to shared process (#821)
  * Update Electron & add shared process (#819)
  * Add tooltips with keyboard shortcuts (#822)
  * Refactor Teleport Reset/Invite Flow (#818)
  * Create new SlideTab component (#817)
  * Refactor Teleport Login Flow (#816)
  * Create StepSlider Component (#815)
  * useDocumentGateway: Remove null rootCluster checks (#814)
  * useDocumentGateway: Pin shell to correct cluster (#812)
  * Add Kubes initial sorting (#810)
  * Add Initial Sorting for Tables (#809)
  * Add Clickable Labels (#791)
  * Add predicate doc link with predicate error messages (#776)
  * Update e ref (#805)
  * Add new icons: key, arrow forward/back (#804)
  * Device name wiring and clean up FormNewCredentials (#803)
  * Passwordless wiring on login and add device (#724)
  * Indicate whether session.network events were allowed or blocked (#800)
  * Move RecoveryCode component from enterprise (#789)
  * bump webapps.e hash.
  * Fix pagination bug (#798)
  * Bump Teleport Connect version to 1.0.1 (#796)
  * Omit title when comparing previous and current documents (#788)
  * Update author and owner in package.json to be Gravitational (#792)
  * update webapps.e submodule.
  * Pin local shell to the specified cluster (#767)
  * When updating cluster resources, remove only those that belong to this cluster (#782)
  * Simplify k8s join (#750)
  * Replace "Lorem ipsum" for empty states (#756)
  * Hide command bar when no cluster is selected (#772)
  * Prepend PATH with bundled tsh (#769)
  * Change predicate example to use bracket notation (#774)
  * Add configure step (#751)
  * Add support for notarization (#770)
  * Use new Teleconnect icon (#768)
  * Teleport Connect: Add dropdown for database name (#757)
  * Remove state related to a cluster when removing it (#755)
  * Fix trying to read from a null token (#759)
  * Fix check for the --insecure flag (#758)
  * Show database username suggestions in Teleport Connect (#754)
  * Change app name to `Teleport Connect` (#753)
  * Add Serverside Pagination, Filtering, and Sorting (#739)
  * Resolve issues on logout (#740)
  * Change connections shortcut to `Command/Ctrl-P` (#747)
  * Fix getting cwd in presence of lsof warnings (#745)
  * Add IAM method to web ui (#690)
  * Close `Identity` popover after selecting an option (#741)
  * Fix not clickable notifications when displayed over xterm
  * Use new colors for theme
  * Bring back native scrollbar as the styled one causes content to jump when it becomes visible
  * Use the mac package download link instead of the tarball.
  * update webapps to support more MySQL audit events (#729)
  * IdentityList: Move roles list back into conditional (#736)
  * Add max-width on Identity popover (#735)
  * DocumentGateway: Replace the Copy button with a Run button (#733)
  * Use dropdown for the db connect button (#732)
  * Fix path to packaged assets in Teleterm (#731)
  * Use DB CLI commands provided by tsh daemon (#726)
  * Show cluster document instead of keyboard shortcuts as an empty state
  * Show leaf cluster selector only when cluster has leaves
  * Adds the Servers tab as a configurable UI feature (#728)
  * Save window size and position
  * Create shared instance of `fileStorage` for all processes, save app state before closing
  * Handle cancellation of `ClusterConnectDialog` when changing workspace, use `onCancel` instead of `onClose`
  * Ask user whether to reopen previous documents
  * Support Electron's main process environment in `theme/getPlatform()`
  * Move App initialization to the `AppInitializer` so it has access to all contexts
  * Use dark background for the window
  * Resolve shell env (#718)
  * Simplify the db connection tab (#720)
  * Prevent crash when network or cluster is offline (#712)
  * Add Redis, MariaDB and Microsoft SQL Server to DB wizard (#709)
  * Improve Teleterm README (#719)
  * Remove u2f components and logic (#711)
  * Use teleterm/logger in runtimeSettings (#716)
  * Remove global `keyDown` handler from `KeyboardArrowsNavigation` as it blocked submitting forms
  * Submit modals' forms on `Enter` press
  * Revert "Use x64 arch when building & packaging Teleterm"
  * Fix accessing `serversSyncStatus` Map in `clustersService`
  * Do not block app rendering when initializing function fails
  * Use `Notifications` error in `syncRootCluster()` and `removeGateway()`
  * Show errors in `ClusterResources`' tables using standard `Danger` labels
  * Add `Notifications` component and service
  * Use x64 arch when building & packaging Teleterm
  * Update e-ref
  * Update getMfaOptions to createMfaOptions
  * Fix half auto-filling OTP's for input boxes meant for it (#706)
  * Update to electron@13.6.9 (#703)
  * Limit navigation capabilities to reduce attack surface
  * Update node snapshot for new terminology.
  * Modify wording of add node messaging.
  * Add view documentation button to desktop view.
  * Fix Active Sessions Table Misalignment (#699)
  * use has* to determine when to render the Add resource buttons.
  * Properly use `css` prop
  * Make connections icon bigger
  * Enable `babel-plugin-styled-components` in production and tests (#697)
  * Apply `Identity` design changes
  * Change command `cluster-remove` to `cluster-logout`
  * Adjust `Identity` layout, combine `logout` and `clusterRemove` into a single action
  * Update snapshots for new UI changes.
  * Cleanup issues with jumping elements and some button cleanup.
  * Use connection dropdown instead of modal for supplying SSH username
  * Render ssh menu item as `NavLink` only when URL is provided
  * Update protobufs for Teleterm (LoginRequest params)
  * Update command for updating proto files
  * Show username when possible in identity list (#687)
  * Prevent breaking layout on long cluster name (#688)
  * remove `Navigator` code (#685)
  * Update electron-builder to 23.0.3
  * Fixed up failing CI.
  * Update failing snapshot tests from the updated Empty UI.
  * Use inline style instead of modifying text template.
  * Lint
  * Fix flashing the 'add entity' button on load when empty.
  * Hide header add button if empty.
  * Update desktop UI empty state to new layout.
  * Updated nodes page to new empty state.
  * Update empty state for databases to new design.
  * Update empty Kubernetes listing page to new design.
  * Format Empty component to new design layout and apply new change to applications view.
  * Change shortcut to open `QuickInput`
  * Force `TopBar` items to take full height
  * Hide kubes and apps
  * Show leaf cluster name when possible in Connections list
  * Change placeholder text in `ClusterAdd`
  * Autocomplete database names for tsh proxy db
  * Don't close the tab on non-zero exit code
  * Always use root cluster URI to obtain `documentsService` in `useServerConnect`
  * Update connection icon
  * Automatically try to connect a connection when possible
  * Display cluster name for each connection
  * Take `localClusterUri` into account in `QuickInput` (#679)
  * make middle part of `TopBar` central
  * always show active item in `QuickInputList`
  * adjust `QuickInput` to match designs
  * add simple empty state to pickers
  * Launch unsupported invocations of tsh ssh in local shell
  * Remove leftover cruft from quick pickers
  * Simplify manual db join (#653)
  * Refactor join tokens generation to use new endpoint (#672)
  * Update teleterm styles (#674)
  * Create DocumentTshNode after executing "tsh ssh" in command bar
  * Include command to run in AutocompleteResult
  * useQuickInput: Rename serviceQuickInput to quickInputService
  * Fix opening new terminal when there's no active document
  * Adjust how showing & hiding autocomplete works in command bar
  * Append space after picking command suggestion
  * Open command bar commands in new local shell
  * Autocomplete ssh hostnames
  * QuickInputService.getAutocomplete: Return no-match on empty suggestions
  * Automatically append @ after ssh login suggestion
  * Ignore case for autocomplete
  * Autocomplete commands and ssh logins
  * Remove old pickers, rename Item to Suggestion
  * Remove code related to empty command bar item
  * Show autocomplete suggestions in command bar
  * Remove command palette commands from command launcher
  * Reformat commandLauncher.ts
  * Improve identity picker (#670)
  * Add clusters picker (#668)
  * Update e-ref for regression fixes (#665)
  * Fix Table Regression Bugs (#642)
  * Support the 'unknown' audit event
  * Updates Alert to use break-word (#655)
  * Add keyboard support to `Connections` popover (#651)
  * changes hostname to be the hostname rather than the ip addr (#654)
  * Simplify manual app joining process (#641)
  * Add connections switcher (#647)
  * smooth out progress bar (#648)
  * Add cluster context switching (#624)
  * added internal back in
  * Add windows internal logins back in
  * internal k8s users
  * internal k8s groups add
  * remove whitespace and changes
  * grammer
  * Set all protocols
  * Update default roles template
  * desktop playback error handling (#638)
  * only synchronize clipboards if data was or is going to be sent (#640)
  * Update FormLogin.tsx (#608)
  * Disable autocomplete on the SSH login input (#605)
  * Fix two 'unkown' mispellings in alerts
  * Use generated join token to simplify manual resources join (#619)
  * Maintain aspect ratio on Desktop Playback (#635)
  * Edit api response for getXXX (resources) (#622)
  * Fix clipboard sync (#628)
  * added missing prop.
  * lint.
  * Add cluster name to `tsh login` for kube instructions (#632)
  * Use prop drilling to get the isEnterprise flag down into the DownloadLinks components.
  * Remove the context calls from DownloadLinks to make testing easier.
  * Update command for generating gRPC files for Teleterm
  * Add more tests to Teleterm (#601)
  * add missing license.
  * If running in enterprise version then provide the enterprise download links.
  * desktop per session mfa (#613)
  * Clipboard (#594)
  * Add chrome as unsupported for U2F checks (#609)
  * Update e-ref for fetch more btn move (#607)
  * Move Fetch More Button In Table (#606)
  * Fix date picker (#604)
  * postgres function is not prepared statements, revert
  * update postgres events, and 2 more mysql statements event
  * Add desktop clipboard audit events
  * switch recordings service endpoint back to clusterEventsRecordingsPath so that returned recordings respect rbac where clauses, and users won't try to playback desktop sessions they don't have permission to (#600)
  * Add `VirtualScroll` component (#595)
  * add UT and test out storybook
  * Add the `cert.create` event (#584)
  * Update teleterm proto files (#593)
  * Allow the automatic toggle to be visible when adding new nodes in OSS version.
  * add db_name
  * add events
  * modifyResponse: Add optional space before /> to regex (#591)
  * Teleterm Preview (beta) (#590)
  * moving progress bar (#577)
  * Add session connect event (#583)
  * Update e-ref for flaky test fix and DataTable import (#582)
  * Remove DataTable v1 (#573)
  * Add storybook, make TunnelPublicAddress prop optional
  * Add public tunnel address
  * desktop session recording (#572)
  * Fix typo in makeCluster and add unit test (#578)
  * Update e-ref for date-fns migration (#571)
  * Replace momentjs with date-fns (#568)
  * Fixed the lint warnings for unused variables in the desktop session story.
  * List recordings (#558)
  * Add x11 forward events (#561)
  * Clean up custom cells in Tables (#550)
  * Update e-ref for updated UsageSummary and RequestList (#551)
  * Update MfaDeviceList to use TableV2 (#549)
  * Update RecordingList to TableV2 (#546)
  * Table V2 Tweaks (#544)
  * Update SessionList to TableV2 (#545)
  * Update ClusterList to TableV2 (#548)
  * Update RoleList to TableV2 (#542)
  * Update UserList to TableV2 (#543)
  * Update EventList to TableV2 (#541)
  * Disable drone for PR (#540)
  * Add Postgres Audit Events (#512)
  * Update AppList to use TableV2 (#535)
  * Add the `access_request.delete` event (#532)
  * Update DesktopList to use TableV2 (#537)
  * Update KubeList to use TableV2 (#536)
  * Update DatabaseList to TableV2 (#534)
  * Update NodeList to use Table V2 (#525)
  * Add Table V2 (#524)
  * Update xterm to the latest (#511)
  * Adds a TDP Error message (#527)
  * Replace `waitForElement` and `wait` with `waitFor` in tests (#529)
  * Add error message for failed SSO authorization (#530)
  * Add pagination to SelectFilters component (#518)
  * Address `eslint` warnings (#522)
  * Restore Build pipeline in CI (#521)
  * Remove unused code (#517)
  * Revert "Remove old `PlayerNext` (#513)" (#515)
  * Remove old `PlayerNext` (#513)
  * Create url filter and query params hook (#465)
  * FIx devServer csrf and berear token handling (#506)
  * Move search bar into Table (#502)
  * Update e-ref for Invite/Reset refactoring and YAML import fix (#503)
  * Fix YAML template imports (#501)
  * Refactor Invites/Reset Components (#496)
  * move jest rules to test overrides (#498)
  * Add Separate Recordings List Service (#491)
  * GCB buildfile
  * cleanup `webpack.base.js` (#476)
  * CR
  * Makes getDisplaySize its own function
  * removing unecessary client from onInit
  * mirroring backend variable name updates
  * updates to use connection string params rather than json
  * attempting to add login and screensize to websocket string but getting smartcard not enabled, going back to master for a sanity check
  * Update build depedencies (#473)
  * Update e-ref for invite/reset welcome card (#483)
  * Add prompt prior to form for Invite and Reset (#479)
  * Make language for empty resources list more accurate (#472)
  * Fix Safari Favicon & Update Docker Node Version (#464)
  * changes inaccurate desktopId to desktopName
  * updated to use cleaner backend api
  * adds useMemo for document.title
  * consolidating username, desktopId, clusterId extraction
  * mimics clusterId • username@hostname document title of console for desktop sessions
  * Create a general multiselect filter component (#454)
  * Bug fix: Show a authentication dialog for web terminal (#452)
  * Add created date to recovery codes respones (#442)
  * State UTC timezone for consistent dates in tests (#449)
  * Add account dashboard support for SSO users (#445)
  * Update e-ref for dashboard (#446)
  * MFA Device Management Dashboard (#412)
  * Add audit log support for privilege token event (#440)
  * adds Firefox specific keycodes
  * adds mouse wheel support
  * add preventDefault to prevent default browser shortcuts from interfering with desktop sessions
  * refinements while creating isaiah/features-test branch for enterprise repo
  * adds a test to ensure that the client only emits a "connect" message on the first png frame
  * emit connect event when the connection is actually confirmed
  * adds back disconnected flag (now private)
  * Revert "removing disconnected flag"
  * adding desktops to the cluster list
  * fixing cell naming and component usage
  * adding name column
  * Add webauthn options to forms (#423)
  * changing ts to js to remove allow json from tsconfig to see if that fixes ci error
  * Remove the OS column in the desktop list view
  * updating test and snapshot
  * changing the disconnected message
  * configuring Audit logs to display desktop events
  * removing disconnected flag
  * redesign to remove focus variable
  * refactored with styled components
  * removing resize
  * moving TdpClientCanvas to its own directory
  * CR nits
  * refining naming
  * Change RenderData to ImageData
  * adds test for decoding regions
  * adds test for message decoding
  * Adds Desktops (preview) to the Main.story
  * fixing test.
  * making chrome-windows keycodes the default
  * changing desktopServers to desktops
  * fixing tests
  * adds ui labels
  * removing unnecessary useCallback
  * shorter topbar and domain changed to hostname
  * pipes in the windows logins from the userACL and displays allowed logins (carbon copy of how we do it for ssh server access
  * Adds (preview) to desktop features and adds acl check for desktops. Now needs to add logic for windows_desktop_logins
  * dealing with ts version discrepancy
  * removing saveMessages flag
  * rename connection to connectionAttempt
  * performance testing code for requestAnimationFrame-array
  * Sets up the basics of a performance test in storybook
  * adding flag for capturing arraybufs as they come in and printing them to the console on disconnect
  * fixing storybook
  * makes system work accross browsers by using onload function
  * moves openNewTab into a utils file and uses it for Desktop
  * adds storybook and fixes incorrect loading jsx logic
  * big performance improvements by converting image array buffer to a base64 encoded string and strapping that as the source of an html image element
  * Changing websocket type to arraybuffer and modifying codec to work with that
  * ignoring unrecognized keys
  * refactor
  * extending protocol functionality to full mvp functionality
  * finishing touches
  * makes TdpClientCanvas its own file component with state hook
  * refactored internal structure
  * refactors client and DesktopSession to simplify state management
  * Revert "Noticed that it was confusing the the tdpclient was now both an emitter, and could return a Promise on the initial connection. This redesign puts the Promise logic into useDesktopSession so that tdpclient remains exclusively an event emitter."
  * Noticed that it was confusing the the tdpclient was now both an emitter, and could return a Promise on the initial connection. This redesign puts the Promise logic into useDesktopSession so that tdpclient remains exclusively an event emitter.
  * makes tdpclient.connect a promise so that it can be passed into a Promise.all and state can be consolidated
  * changing styling
  * CR
  * adds disconnected state, adds storyboard
  * Updating comments
  * switches jsx components to use useTheme hook instead of being a implicit styled-components theme consumers which is confusing
  * gets the real user@Host and adds logic for tracking a meta state between rest api calls and websocket
  * updating topbar, icons, adding action menu
  * Moves TopBar into its own file, adds ActionMenu (needs to updated with appropriate in-menu behavior)
  * adds clipboard sharing en/disabled text and icon
  * replace direct call to socket.close() with a tdpclient.disconnect for easier mock-ing
  * adds cleanup handling and fixes bugs
  * converts client to be an emitter
  * deleting vestigial cruft
  * move connection string wrangling to hook
  * renamings and minor fixes
  * First draft of a system which can pop up a new desktop session and render desktop screen to canvas
  * Moves getHostName into api service for use elsewhere in the code
  * Opens a new window when a desktop is selected (currently displays an empty Console component)
  * nit
  * removing status light
  * CR
  * nits
  * cleaning up rdp port from domain addr
  * Adds the basic design for the table
  * Adding Desktop and Circle icons
  * displays desktop data in table
  * Strips Desktops of some database cruft that I'm not focusing on for now and creates a desktops service which successfully retrieves desktop objects from the backend
  * renaming DatabaseList to DesktopList
  * renaming Databases.tsx to Desktops
  * copying Databases into a new Desktops dir and adding it as an option in the sidebar, and renaming useDatabases to useDesktops
  * small fixes from final CR
  * cosmetic changes + updating based on updated rfd0037
  * renaming to "tdp"
  * adds the nodejs TextEncoder to the window
  * updating to use browser TextEncoder api. Unfortunately its another one jsdom hasn't caught up to yet
  * adding codec and encoding tests
  * Add webauthn support to web terminal mfa prompt (#421)
  * Add webauthn methods to auth service (#418)
  * Remove depracated endpoints (#417)
  * Add Array Buffer and Base64URL converter (#415)
  * Add database created/updated/deleted events (#413)
  * Move FormLogin and FormInvite from shared to teleport (#411)
  * Delete Gravity (#410)
  * Update e-ref (#408)
  * Add support for SessionProcessExit event (#407)
  * Yarn workspace fails to add local package as dependency (#405)
  * Add Account Recovery Flows (#398)
  * Fix table pager clipping (#390)
  * Update e-ref for access requests table fix (#392)
  * Add support for unicode passwords (#389)
  * Add watcher that logs user out when reaching max idle timeout  (#378)
  * Add lock events to audit log (#377)
  * Update Github YAML (#365)
  * Temp fix for empty paginate result in session recording list (#368)
  * [forward-port] AWS Console Access Tweaks (#366)
  * Fix overflowing text with long cluster name in tc list view (#361)
  * update e-ref (#360)
  * Convert applications tiles view to table view (#340) (#359)
  * Update e-ref: Access request bug fix and design update (#355)
  * MongoDB and MySQL GCP support (#350)
  * Use filter `session.end` to retrieve events for session recording screen (#339)
  * Allow webapps to build without e (#352)
  * Update trusted_cluster_enterprise.yaml
  * Revert events list sorting back to original (latest to oldest) (#341)
  * Add pagination to Audit Log screen (#329)
  * Update drone signature for drone.teleport.dev (#334)
  * Empty States (#333)
  * Refactor services get link return value (#331)
  * Refactor default dropdown selector CSS (#317)
  * Add more icons to design package (#327)
  * Update e-ref for changes in switchback banner (#324)
  * Add kube and db to our cluster list action menu  (#323)
  * :memo: Update e-ref for webapps.e database
  * Created database access screen (#303)
  * Update e-ref on adding Kube feature (#318)
  * Create Kubernetes access screen (#304)
  * Language/wording fixes with our editor (#313)
  * Fix manual tsh login commands for apps and nodes (#311)
  * Set default empty object on regular renew token request (#314)
  * Filter out session end events with "session_recording" set to off (#306)
  * Use dedicated API for app FQDN resolving (#284)
  * Update e-ref on billing chart ytick formatting fix (#290)
  * :bug: Fix not being able to filter nodes by searching exact label
  * Updated empty node name to N/A and changed the placeholder text (#246, #276) (#278)
  * Update renew session response and renew URL (#261)
  * Type and style tweaks and add unix display date (#257)
  * Correct misspelling in kubernetes comment for role (#263)
  * Remove duplicate `deny` section in Role template (#260)
  * Update e-ref: Remove verb update check for access request reviews (#258)
  * Update README.md
  * mfa related fixes (#251)
  * Add more fields to user context (#216)
  * terminal: check whether the browser supports U2F (#249)
  * ssh: handle U2F challenge in web terminal (#248)
  * Update link to github discussion and feedback email (#239)
  * Add billing events for audit logs (#245)
  * Convert datetimes returned by day-picker lib to begin at start and end of day (#244)
  * Support multiple MFA methods on login (#241)
  * Add Billing Feature (#238)
  * Increase token renewal threshold to 3 min (#242)
  * Update README.md
  * mfa: support multiple U2F devices on login (#236)
  * Handle new MFA audit events
  * Implement OAuth-style state token for AAP auth flow
  * Disable use of web workers in ace editor (#232)
  * Fix bug and consistent error banner placement (#233)
  * Fix error handling on the Delete Role Dialog (#231)
  * Open source and refactor resources (#222)
  * Refactor error handling for auth cn (#226)
  * Add app URI validation regexp to match backend logic (#227)
  * Tiny grammar fix (#223)
  * Check for browser u2f support and display user-friendly err msg (#218)
  * Update README.md
  * Update README.md
  * Update README.md
  * Populate "Node" name in k8s session recordings (#214)
  * Update e-ref (#213)
  * Replace app name check with regex that conform to rfc 1035 (#210)
  * Refactor and update user context object (#211)
  * Add database access audit events
  * Set default role to 'admin' vs 'admins' (#208)
  * Grab auth type from config for manual step flag --auth (#201)
  * Rename Blog (#202)
  * Update links to https://goteleport.com (#200)
  * Fix manual steps and remove share session dialog (#199)
  * Disable AddServer and AddApp buttons on leaf clusters (#198)
  * Fix some regression bugs (#197)
  * Fix instructions for Manual steps (#196)
  * Minor improvements to dialogs (#195)
  * Add ShareSession dialog and share button to DocumentSsh (#193)
  * Safari fixes (#192)
  * Add KUBE_REQUEST event and improve existing k8s events (#190)
  * Lisa/manual testing bugs (#189)
  * TextSelectCopy appends $ to text when bash flag is true (#188)
  * Teleport V5 (#185)
  * [teleport] Implement account access check and waiting room (#178)
  * Fix case sensitive testing for sso providers (#174)
  * [teleport] Add session.reject, trusted_cluster.create/delete events (#172)
  * [teleport] Handle null value response when retrieving audit logs (#166)
  * Remove gh from web-apps Docker image (#154)
  * [teleport] Remove url, proxy version, node count from clusters list (#152)
  * Update gh version to latest
  * [teleport] Remove checking for error keywords for websocket close event (#147)
  * Install gh in Dockerfile
  * Tidy up
  * Tidy up
  * Remove update-teleport-repo
  * Change update-teleport-repo job to raise a PR rather than instantly committing
  * Raise a PR rather than pushing to Teleport
  * [teleport] Set server/cluster ID for new session requests (#140)
  * [teleport] Fix flex issue with terminal ActionBar (#141)
  * Check out submodules
  * Check out submodules
  * Change directory
  * Split up steps and add dockersock
  * Install make
  * Sign file
  * Add initial .drone.yml
  * [teleport] Work around for server sending close events for shell exit errors(#127)
  * [teleport] Drop UTM link prefixes (#128)
  * Add boaders and onhover styles to table rows (#126)
  * [teleport] Fix grammar for non/interactive session event log (#124)
  * [teleport] Various fixes (#123)
  * Typescript conversion mostly in shared package (#120)
  * Fix a bug with 0 nodes in the cluster list
  * Add Open Terminal Button to the Cluster List (#121)
  * Bring back QuickLaunch (#118)
  * Better audit events description (#117)
  * [teleport] Set user permission for viewing audit logs (#116)
  * [design] Remove uppercasing of login names (#115)
  * Update icomoon library with new icons (#114)
  * Touchups round 2 (#113)
  * Grammatical fix (#112)
  * [Teleport] Remove sessions view from Audit Log (#109)
  * [Teleport] Use native URLSearchParams to handle escape symbols in URL params (#107)
  * [Teleport] Account for empty hostname and server addrs in Session (#106)
  * Allow dashes for login name in QuickLauncher (#108)
  * [Teleport] Replace session button with quicklauncher in Node (#105)
  * [Teleport] Fix assortment of user issues (#103)
  * Update e-ref (#104)
  * [Teleport] Tweak styling for topbar auto scrollX and text alignment (#102)
  * Replace cluster view button and open terminal related actions in new tabs (#101)
  * Check for expired session before resources unload (redirect) (#100)
  * Fix session scroller (#99)
  * Replace "entity" with "name" in Audit Events
  * Delete un-used files
  * Alexey/updateddesign (#98)
  * Update xterm to 2.8.1 (#95)
  * Filter non interactive sessions out (#94)
  * Address code review
  * Change action btn, rename title, refactor fetchSession
  * Add back clusterId for makeSessions, refactor fetchSession
  * Clean up active sessions list
  * update e-ref
  * Bump jquery from 3.4.1 to 3.5.0 in /packages/gravity (#89)
  * [Teleport] Allow switching tabs with hotkeys (#81)
  * update e-ref (#82)
  * [Teleport] Create Support component, story, and snpashot test (#78)
  * Fix U2F login error messages (#76)
  * Display nodes hostname instead of its ID under session audit log (#75)
  * Display hostname and addr in active sessions list (#74)
  * README file updates
  * Fixed broken docker build
  * Cleanup
  * Type SessionList
  * Use local tsc intance when building force project
  * Fix eslint warning messages
  * Add proto files to force MVP
  * use custom scrollbars styles on macs
  * Address url-loader breaking changes
  * Fix OSS redirects (#72)
  * Auto close active terminal tab on terminal.close event (#73)
  * update e-ref (#71)
  * Fix url-loader and file-loader (#70)
  * Fix build pipeline (#66)
  * Display cluster info when user clicks btn using user context (#63)
  * Simplify and clean up Makefile (#62)
  * use UTC in unit-tests (#58)
  * Fix broken tests (#59)
  * Automated builds (#53)
  * Receive auth version for Cluster interface (#54)
  * update e-ref (#57)
  * fix: vscode does not resolve aliases in the new files
  * Fix peer dep. warnings (#56)
  * Cleanup
  * cleanup
  * dist files + updated e-ref
  * Update e-ref
  * JS to TS migration (#55)
  * [teleport] Receive and display nodeCount and publicURL in cluster table (#52)
  * Remove unused imports from makeEvent.ts
  * Typescript migration (#51)
  * [Teleport] Prompt user with a confirmation window for session tabs (#49)
  * Refactor tabs creation to a separate hook and add unit-tests (#50)
  * Do not rerender in-active document (#47)
  * regenerate dist files
  * New Terminal (#46)
  * Unit test rest of Dialog*.jsx and TopNav*.jsx (#45)
  * Read localAuthEnabled config from backend (#44)
  * Unit Test Popover (#43)
  * Unit test teleport/Login (#40) closes #39
  * Test rendering of SideNav, SideNavItem, SideNavItemIcon (#41)
  * Unit test featureBase (#38)
  * Unit test useStore (#37)
  * Unit test FormPassword (#36)
  * Unit test FormLogin (#35)
  * Unit test FieldSelect (#34)
  * Test useRule unsubscribe behavior and some cleanup (#33)
  * Unit test FieldInput (#32)
  * Unit test useRule custom hook from Validation (#31)
  * Prettify package design (#25)
  * Unit test rules.js and Validation provider context (#30)
  * Prettify package shared (#27)
  * Prettify root config files for *.{js,json} (#29)
  * Update README.md
  * Unit Test ButtonSso and Validator Class (#24)
  * Unit Test shared/ActionMenu (#23)
  * Update dist files
  * Fix modal test failing and include code coverage scripts (#22)
  * Unit test design pkg (#18)
  * Update E reference and port Gravity changes (#17)
  * Add unit-test for Portal component (#16)
  * Unit test LabelInput and LabelState (#15)
  * Unit Test Design/Package/* [Part 3] (#14)
  * Unit test all components inside Table.jsx (#13)
  * Add vscode config file
  * Add ResetPassword and Invite (#12)
  * Unit Test Design/Packges [Part 2] (#11)
  * Unit test Design/Alert, Button, ButtonIcon [Part 1] (#10)
  * Snapshot Test package/gravity/login Story (#9)
  * Finish converting package/design stories to CSF [Part 3] (#8)
  * Disable eBPF stories (#7)
  * Convert Card*, DataTable, Dialog*, Flex stories to CSF [Part 2] (#6)
  * Update README and convert Alert, Button to CSF (#5)
  * Upgrade storybook and convert a few stories to CSF
  * Disable github hooks
  * Docker should work when submodules are missing
  * Rename e submodule to webapps.e
  * Fix storybook sorting
  * Add Force Web UI package
  * Add initial BPF viewer implementation
  * Add typescript support and update npm depenencies
  * Update README.md (#2)
  * Fix user invite
  * Fix typos
  * Add a better comment
  * Do not delete dist folders on make clean
  * Update packages/build README file.
  * Update e-ref
  * Allow custom webpack config in dev builds
  * Refactor dev server code
  * Change default datetime format
  * Fix type on design stories
  * Update e-ref
  * Docs (#1)
  * Exclude all dist folders
  * Update e-ref
  * dist files
  * Update e-ref
  * Add E reference
  * Move code to this repo
  * Initial commit

-------------------------------------------------------------------
Tue Jan 31 15:22:27 UTC 2023 - kastl@b1-systems.de

- Update to version 11.3.1:
  * Release 11.3.1 (#20864)
  * Add tsh proxy types aws,db,ssh to CLI ref (#20547)
  * Fixed issue where container image tag and push step would fail due to missing `docker pull` `--platform` argument (#20859)

-------------------------------------------------------------------
Tue Jan 31 15:16:55 UTC 2023 - kastl@b1-systems.de

- Update to version 11.3.0:
  * Release 11.3.0 (#20841)
  * InstallNode Script: use correct version (oss vs ent) (#20816)
  * WebAPI/CreateDB: improve error message when DB already exists (#20755)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20803)
  * [v11] Add support for Moderated Sessions in the Web UI  (#19647)
  * Fix key attestation error on `tsh login` (#20712)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20790)
  * Renew Kubernetes cluster credentials until the cluster is removed from inventory (#20788)
  * [v11] update e and webassets to latest v11 (#20780)
  * [v11] feat: evaluate login rules for OIDC and SAML users (#20738)
  * Pass parent context to `prompt.Confirmation()` in `identityfile`. (#20685) (#20773)
  * [v11] feat: evaluate login rules for GitHub users (#20737)
  * fix(azure): verify if system identity is set (#20483)
  * Add test that verifies connectivity when Auth is down (#20450) (#20683)
  * [v11] Reject access requests with invalid cluster names (#20674)
  * [v11] Convert rhel `VERSION_ID`s to only include the major version (#20604)
  * Fix two issues with Oracle MySQL client on Windows. (#20599)
  * [v11] feat: add login rule audit event types
  * [v11] feat: add RW verbs for login rules to preset editor role
  * [v11] ci: Use large macOS runner for build-macos workflow (#20718)
  * [v11] Disconnect moderated session on Ctrl+C (#20588)
  * Alert ack API + CLI implementation (#20692)
  * Enforce using github.com/google/uuid (#20633) (#20681)
  * Update ssh-approval-email.mdx (#20701)
  * [v11] Move connection metrics to `proxy.Router` (#20688)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20625)
  * [v11] (buddy) helm: Add nodeSelector field (#20441)
  * [v11] helm: have proxy reload certificates daily (#20503)
  * helm: addPodMonitor support (#20564)
  * [v11] Fix typo in install-node script's usage message (#20668)
  * Show `client_idle_timeout_message` for windows access (#20617)
  * [v11] feat: add login rule evaluator to auth.Server (#20629)
  * Document Machine ID and CircleCI joining (#20545)
  * Docs. Direct invite link via docs (#20548)
  * helm: support passing raw config in `teleport-kube-agent` (#20129) (#20449)
  * [v11] Docker install doc updates (#20578)
  * Update FedRAMP link (#20464)
  * Docs version update (#20612)
  * Fix: change var to inner scope's Testing t (#20595)
  * fix `tctl auth sign --format kubernetes` when using remote auth server (#20497) (#20571)
  * Increase `ReadDeadline` to accommodate slow clients (#20517)

-------------------------------------------------------------------
Tue Jan 24 20:42:58 UTC 2023 - kastl@b1-systems.de

- Update to version 11.2.3:
  * Release 11.2.3 (#20570)
  * [11] Add metric for incomplete file uploads (#19724) (#20492)
  * Fix kube access proxy peering compatibility (#20561) (#20566)
  * docs: update trusted clusters page (#20159)
  * Backport GHA workflows (#20507)
  * [v11] Respect --auth and --mfa-mode before defaulting to passwordless (#20474)
  * expand for CNAME records (#20445)
  * [v11] feat: login rule tctl CRUD commands (#20236)
  * sort database guides (#20501)
  * Remove unmaintained AWS Cloudformation example (#20459)
  * [v11] Support multiple transformations in role templates (#20296)
  * Bump webassets. (#20422)
  * [v11] Add initial instructions for cluster role map updating (#20480)
  * Fix "tsh db connect" with "mariadb" when proxy is in seperate port mode (#20409)
  * Don't prematurely close context in app service. (#20437)
  * Integ tests: Use address of web UI as Proxy.PublicAddrs (#20470)
  * spell fixes (#20457)
  * update style guide relating to focus and content duplication (#20292)
  * [v11] helm: support dnsConfig in `teleport-kube-agent` chart (#20107)
  * Update Cloud architecture with DDoS security (#19429)
  * [v11] Fix "*":"*" matching in EC2 auto discovery (#20390)
  * adding video banner to documentation (#20354)
  * [v11] Allow updating of trusted cluster role maps (#20286)
  * Skip unparsable events when decoding searchevents results (#20329)
  * Bump `gravitational/trace` to `v1.2.1` (#20349)

-------------------------------------------------------------------
Fri Jan 20 10:08:52 UTC 2023 - kastl@b1-systems.de

- Update to version 11.2.2:
  * Release 11.2.2 (#20363)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20375)
  * Remove invalid commands on login with ssh port (#20364)
  * spell fixes (#20279)
  * [v11] Add Connect docs about linking tsh (#20029)
  * Validate AWS regions when configuring the AWSMatcher (#20288)
  * Add redirects to the new Audit Events section (#19553) (#19968)
  * [v11] Point at source version in docs rather then generic master. (#20303)
  * [v11] [Docs] Use gravitational.com to download checksums. (#20282)
  * Added binary signing for darwin tarballs - branch/v11 backport (#20305)
  * [v11] Machine ID and GitHub Actions docs copy improvements (#20291)
  * Add mysql conn tester (#20177) (#20230)
  * fix: Always dial to root cluster for single-use certificates (#20238)
  * [v11] Set extra proxy headers in all `tsh` HTTP requests (#20071)
  * [v11] Updates to cloud getting started (#20256)
  * Update Rust to 1.66.1 (#20201)
  * Bump Buf to v1.12.0 (#20194)
  * [v11] Stop heartbeating during graceful shutdown (#20225)
  * [v11] docs: add overview of session recording (#19934)
  * [v11] Use pre-generated RSA keys in tests (#19448)
  * [v11] Document GitHub Actions and Kubernetes (#20179)
  * fixes ldap filter example (#20223)
  * [v11] Update Linux install package link for Cloud (#20210)
  * Grant the built-in kube role semaphore permissions (#20174)
  * Adds a post-delete hook to delete the `kube-agent` state secrets (#20169)
  * Stablize RemoteConnCleanup (#20048) (#20086)
  * [v11] Change the application access authentication flow (#20165)
  * Bump cloud version to 11.2.1 (#20157)
  * [v11] capture additional prehog events (#20114)
  * Ensure Proxy uses cache for periodic operations (#20153)
  * Add kube and windows_desktop tctl tokens add handling (#20139)
  * Added 01/12 Upcoming Releases Update (#20137)
  * [v11] feat: add login rule service proto definition  (#20112)
  * [v11] Trim error messages on UserLogin events (#20125)
  * [v11] Fix `certificate signed by unknown authority` after reconciling a dynamic RDS resource (#20099)
  * Update to 11.2.1 for docs (#20117)
  * Fix CertificateInvalidError in formatCertError (#20052)

-------------------------------------------------------------------
Thu Jan 12 06:03:42 UTC 2023 - kastl@b1-systems.de

- Update to version 11.2.1:
  * Release 11.2.1 (#20113)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20102)
  * [v11] chore: Bump Go to 1.19.5 (#20084)
  * [v11] Minor docs fixes (#20006)
  * Update config example to turn off ssh, proxy, auth and use teleport start example (#20076)
  * revert plugin version (#20093)
  * Update webassets in preparation for 11.2.1 release (#20074)
  * Fix RFD link in the Directory Sharing guide (#20062)
  * [v11] Periodically reload proxy certificates (#20040)
  * Remove RW on `license` and `download` from preset editor role (#19997) (#20033)
  * Unbundle TestAppInvalidateAppSessionsOnLogout (#20037)
  * Change "name" to "sAMAccountName" (#20022)
  * Fix bot IAM joining (#20011)
  * docs: update version to 11.2.0 (#19971)
  * Fix Machine ID Certificate TTL on IAM join (#20001)
  * [v11] Make Connect's --insecure flag easier to find in docs (#19991)
  * Use one Buf workspace instead of three (#19774) (#19990)

-------------------------------------------------------------------
Sat Jan 07 14:58:25 UTC 2023 - kastl@b1-systems.de

- Update to version 11.2.0:
  * Other improvements and bugfixes
    - Added an improved database joining flow in the web UI #1487
    - Added support for secure certificate mapping for Windows desktop certificates #19737
    - Fixed an issue with desktop directory sharing where large files could be corrupted #1472
    - Fixed an issue where Desktop Access users may see a an error after ending a session #1470
    - Fixed an issue preventing database agents from joining due to improperly formatted YAML #19958
    - Updated the web UI to use session storage instead of local storage for Teleport's bearer token #1470
    - Added rate limiting to SAML/OIDC routes #19950
    - Fixed an issue connecting to leaf cluster desktops via reverse tunnel #19945
    - Fixed a backwards compability issue with Database Access in 11.1.4 #19940
    - Fixed an issue where access requests for Kubernetes clusters used improperly cached credentials #19912
    - Added support for CentOS 7 in ARM64 builds #19895
    - Added rate limiting to unauthenticated routes #19869
    - Add suggested reviewers and requestable roles to Teleport Connect access requests #19846
    - Fixed an issue listing all nodes with tsh #19821
    - Made gcp.credentialSecretName optional in the Teleport Cluster Helm chart #19803
    - Fixed an issue preventing audit events that exceed the maximum size limit from being logged #19736
    - Fixed an issue preventing some users from being able to play desktop recordings #19709
    - Added validation of AWS Account IDs when adding databases (#19638) #19702
    - Added a new audit event for DynamoDB requests via Application Access #19667
    - Added the ability to export tsh traces even when the Auth Server is not configured for tracing #19583
    - Added support for linking Teleport Connect's embedded tsh binary for use outside of Teleport Connect #1488

-------------------------------------------------------------------
Sat Dec 24 08:59:31 UTC 2022 - michael@stroeder.com

- Update to version 11.1.4
  * Security fixes:
    - [Critical] RBAC bypass in SSH TCP tunneling
    - [High] Application Access session hijack
    - [Medium] SSH IP pinning bypass
    - [Low] Web API session caching
  * Other improvements and bugfixes
    - Fixed issue with noisy-square distortions in desktop access. #19545
    - Fixed issue with LDAP search pagination in desktop access. #19533
    - Fixed issue with SSH sessions inheriting OOM score of the parent process. #19521
    - Fixed issue with ambiguous host resolution in web UI. #19513
    - Fixed issue with using desktop access with Windows 10. #19504
    - Fixed issue with session.start events being overwritten by session.exec events. #19497
    - Fixed issue with tsh login --format kubernetes not setting SNI info. #19433
    - Fixed issue with websockets not working via app access if the upstream web server is using HTTP/2. #19423
    - Fixed TLS routing in insecure mode. #19410
    - Fixed issue with connecting to ElastiCache 7.0.4 in database access. #19400
    - Fixed issue with SAML connector validation calling descriptor URL prior to authz checks. #19317
    - Fixed issue with database access complaining about "redis" engine not being registered. #19251
    - Fixed issue with disconnect_expired_cert and require_session_mfa settings conflicting with each other. #19178
    - Fixed startup failure when MongoDB URI is not resolvable. #18984
    - Added resource names for access requests in Teleport Connect. #19549
    - Added support for Github Enterprise join method. #19518
    - Added the ability to supply Access Request TTLs. #19385
    - Added new instance.join and bot.join audit events. #19343
    - Added support for port-forward over websocket protocol in Kubernetes access. #19181
    - Reduced latency of tsh ls -R. #19482
    - Updated desktop access config script to disable password prompt. #19427
    - Updated Go to 1.19.4. #19127
    - Improved performance when converting traits to roles. #19170
    - Improved handling of expired database certificates in Teleport Connect. #19096

-------------------------------------------------------------------
Wed Dec 07 06:34:44 UTC 2022 - kastl@b1-systems.de

- Update to version 11.1.2:
  * Release 11.1.2 (#19117)
  * Fixed container images dockerfile download using hardcoded repo name (#19090)
  * Remove mentions of "setup" as a verb (#18949)
  * spelling, typos, and non-example nouns fixed (#18943) (#18976)
  * docs: fix tsh --cert-format reference (#19057)
  * update webassets (#19070)
  * [v11] Update e ref to conditionally enable usage reporting in cloud/enterprise (#19064)
  * Add a new usage reporter (#18142) (#19059)
  * [v11] docs: Add warnings about using layer 7 LBs with TLS routing (#19052)
  * Provided expanded definition on internal.logins (#19035)
  * [v11] Re-add the section about EC2 instances including the AmazonSSMManagedInstanceCore (#19029)
  * [v11] Fix web ssh session with proxy recording mode (#19021)
  * [v11] Create a partial for adding a role to a user (#19026)
  * [v11]  BUGFIX | Teleport ALPN Proxy doesn't respect HTTP CONNECT Proxy (#19038)
  * [v11] Move corrupted uploads to separate directory (#19040)
  * Cache static desktop labels (#18874)
  * docs: clean up per-session MFA page (#18952)
  * [v11] Fix unknown group error issue (#18990)
  * full link to main site (#19004)
  * [v11] Add clarification as to the purpose of Metrics endpoint. (#19017)
  * Ensure `tctl windows_desktops ls` produces expected output (#18779) (#19016)
  * correct heading level for 11.0.1 release (#18998)
  * update docs version (#18997)
  * Properly check err from EmitAuditEvent. (#18963)
  * [v11] Add a guide to GKE Auto-Discovery (#18986)
  * Address feedback
  * Added 12/01 Upcoming Releases Update
  * Fix dir path in Enterprise install instructions (#18967)
  * [v11] Improve the Kubernetes Dynamic Registration guide (#18950)
  * [v11] Add the `--version` flag to `helm install` (#18947)
  * docs version update (#18927)
  * [v11] [Docs] Update EC2 Discovery guide for bootstrapping. (#18924)
  * [v11] Fixes for ec2 discovery installer script on legacy ubuntu and fixes for `teleport discovery bootstrap` (#18965)
  * Connect: Check db cert before using it for local proxy (#18740) (#18852)
  * [v11] Connect: Set TeleportClient.AuthConnector before logging in (#18900)

-------------------------------------------------------------------
Thu Dec 01 05:44:31 UTC 2022 - kastl@b1-systems.de

- Update to version 11.1.1:
  * Release 11.1.1. (#18957)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18954)
  * [v11] backport #18036 (Allow for specifying roles when making Resource Access Requests in the UI)  (#18868)
  * [v11] Add Terraform provider links to Terraform module README (#18162)
  * backport spell fixes (#18941)
  * operator: Handle conflicts properly during tests (#18916)
  * Fix FIPS builds (#18902)
  * Remove DEBUG env var from Connect macOS dronegen (#18899) (#18921)
  * [v11] Include ssh protocol in start, end audit events (#18895)
  * [v11] Securely delete OTP QR code (#18917)
  * [v11] Update permit_user_env comments in config ref (#18912)
  * Include upload ID & session ID in failed upload warning logs (#18788) (#18872)
  * Fix duplicate docs page titles (#18862)
  * fuzz: fix broken OSS-Fuzz build (#18878)
  * [v11] Add info on license renewals (#18848)
  * Swaps Allow remote RDP connections and Open firewall to inbound RDP connections steps (#18844)
  * Add `server_hostname` to `session.*` events (#18812) (#18832)
  * [v11] Improve error message if dialing etcd nodes times out (#18822)
  * [v11] feat: GCP KMS support (#18835)

-------------------------------------------------------------------
Tue Nov 29 08:02:09 UTC 2022 - kastl@b1-systems.de

- Update to version 11.1.0:
  * Release 11.1.0 (#18806)
  * saml: Don't check existence of templated role names (#18766)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18841)
  * Export GithubConverter type (#18751) (#18836)
  * Generate new session on new ssh websocket connection. (#18523) (#18839)
  * [v11] Improve `tsh play` JSON & YAML output (#18825)
  * Add extra database validations to CreateDatabase (#18776) (#18785)
  * Do not run parker process for all SSH sessions (#18810)
  * Add `tctl windows_desktops` as the default and keep `tctl desktops` as an alias (#18816)
  * Add `teleport discovery bootstrap` command (#18641)
  * [v11] Add info to docs about working with github enterprise server (#18808)
  * [v11] Session Control + UI SSH Performance (#18797)
  * [v11] Ensure app session is in backend in app access integration tests. (#18803)
  * call out restrictions on Var in code blocks (#18714)
  * [v11] Document Discord access plugin (#18790)
  * [v11] [Docs] Desktop Access Value and Log updates (#18799)
  * [v11] Undos support for `TELEPORT_PROXY` in `tctl` (#18796)
  * [v11] Reformat imports GCI (#18736)
  * [v11] Update GetDatabases to use the correct cluster uri (#18735) (#18762)
  * [v11] Fix for Teleport start config file log (#18778)
  * Add STS endpoints for new regions (#18756)
  * [v11] Fix issue self-hosted databases with ec2 hostnames fail to create (#18773)
  * [v11] Add FIPS support for Desktop Access (#18743)
  * [v11] Release server CI integration improvements (#18513) (#18702)
  * [v11] Terminate sessions when peers disconnect (#18684)
  * Added 11/23 Upcoming Releases Update
  * bump etcd client
  * Stop creating Snowflake ocsp_response_cache.json (#18720)
  * [v11] Fix Mongo document sequence msg validation (#18738)
  * Fix up GCP docs (#18729)
  * [v11] operator: Add `auth_connector` support (#18350)
  * Add additional space to apt commands (#18733)
  * [v11] Make the Standalone Kubernetes guide easier to use (#18694)
  * [v11] Ensure ssh connection rejection errors are returned (#18708)
  * Connect: Add prerequisites for gracefully handling expired db proxy certs (#18259) (#18678)
  * GCS: don't swallow cleanup errors (#18725)
  * CodeQL: Rename from codeql-analysis.yml to codeql.yml
  * spell fixes (#18692)
  * Fix trusted clusters for Desktop Access
  * Enable and fix AuditOn. (#18574)
  * update teleport.e submodule (#18687)
  * [v11] Adds GCP GKE auto-discovery (#18396)
  * [v11] [Docs] Fix rewrite key example. (#18387)
  * Add ability to have multiple Github auth connector implementations (#18521)
  * [v11] Allow configuration of identity file and proxy url with env in `tctl` and `tsh`. (#18673)
  * Add tests for teleterm.Serve with TCP address (#18144) (#18637)
  * Add mutex for certs in local proxy (#18278) (#18623)
  * [Docs] remove tf language from codeblocks (#18669)
  * Make SessionTracker heartbeat loop more robust (#18415) (#18576)
  * [v11] Allow connections to nodes when Auth is offline (#18585)
  * docs: improve wording on free cloud trials (#18653)
  * Make proxy routing logic reusable (#18370) (#18596)
  * [v11] Add TLV support to ProxyLine (#18650)
  * Docs: Update Terraform suggested role (#18648)
  * [v11] Take cloud labels into account for application access permissions calculation. (#18642)
  * attempt to fix TestProxyProtocolRedis flakiness (#18316)
  * [v11] [Docs] Minor Config Reference Update (#18613)
  * [Docs] Add AWS credentials to variables block (#17916) (#18645)
  * [v11] [Docs] End User Doc Page (#18619)
  * Docs: fix TF role's `<resource>_labels` type (#18635)
  * remove single quotes from env vars for k8s (#18624)
  * [v11] Fix web ListResources total count with apps and update tests (#18601)
  * Added EOL dates for releases. (#18630)
  * Add Teleport 11 videos (#18629)
  * [v11] Add a guide to dynamic Kubernetes registration (#18533)
  * Deflake TestWebSessionsRenewDoesNotBreakExistingTerminalSession (#18529)
  * [v11] Improve trusted cluster observability (#18609)
  * Forward traces from the web UI (#18519) (#18598)
  * [v11] fix aws rds discovery invalid engine filter (#18590)
  * [v11] Fix Flaky TestDatabaseRootLeafIdleTimeout test (#18422)
  * Added 11/17 Upcoming Releases Update (Cloud)
  * [v11] Desktop Discovery guide (#18571)
  * spell fixes (#18583)
  * [v11] add allowed users to tsh db ls json and yaml output (#18543)
  * Bump cloud version to 10.3.8 (#18560)
  * Close local proxy conn if middleware errors (#18242) (#18527)
  * [v11] Update the teleport-kube-agent reference (#18535)
  * Added 11/17 Upcoming Releases Update
  * Update to use db configure create, troubleshooting, required cert (#18556)
  * Add support for user.spec in moderated sessions filters (#18455)
  * Deflake TestResizeTerminal (#18406)
  * Sign tsh on windows builder for connect (#18165) (#18477)
  * Minor logging order tweak in tbot (#18511)
  * [v11] Add new audit event for DynamoDB protos (#18035)
  * [v11] Allow users to merge multiple clusters in the same `kubeconfig` file when using `tctl auth sign --format kubernetes` (#18525)
  * Docs version update (#18512)
  * [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18505)
  * Use temp files instead of current dir for active dir install script (#18502)
  * set cluster connector name on signin for first cloud user (#17834) (#18445)
  * Allow non-moderated sessions during outage (#17309) (#18441)
  * docs: add FAQ entry for seeing resource name in access requests (#18400)
  * [v11] improve kube rbac docs (#18480)
  * Shared Directory Audit events (#17410) (#18398)
  * [v11] [Docs] Document AWS quotas (#18450)
  * Correct username -> user in tsh alias guide (#18482)
  * Fix role word reference (#18471)
  * Remove CertificateTTL from appaccess integration tests. (#18448)

-------------------------------------------------------------------
Tue Nov 15 07:20:33 UTC 2022 - michael@stroeder.com

- Update to version 11.0.3:
  * Fixed issue with validation of U2F devices. #17876
  * Fixed tsh ssh -J not being able to connect to leaf cluster nodes. #18268
  * Fixed issue with failed database connection when client requests GSS encryption. #17811
  * Fixed issue with setting Teleport version to v10 in Helm charts resulting in invalid config. #18008
  * Fixed issue with Teleport Kubernetes resource name conflicting with builtin resources. #17717
  * Fixed issue with invalid MS Teams plugin systemd service file. #18028
  * Fixed issue with failing to connect to OpenSSH 7.x servers. #18248
  * Fixed issue with extra trailing question mark in application access requests. #17955
  * Fixed issue with application access websocket requests sometimes failing in Chrome. #18002
  * Fixed issue with multiple tbot's concurrently using the same output directory. #17999
  * Fixed issue with tbot failing to parse version on some kernels. #18298
  * Fixed panic when v9 node runs against v11 auth server. #18383
  * Fixed issue with Kubernetes proxy caching client credentials between sessions. #18109
  * Fixed issue with agents not being able to reconnect to proxies in some cases. #18149
  * Fixed issue with remote tunnel connections not being closed properly. #18224
  * Added CircleCI support to Machine ID. #17996
  * Added support for arm and arm64 Docker images for Teleport and Operator. #18222
  * Added PostgreSQL and MySQL RDS Proxy support to database access. #18045
  * Improved database access denied error messages. #17856
  * Improved desktop access errors in case of locked sessions. #17549
  * Improved web UI handling of private key policy errors. #17991
  * Improved memory usage in clusters with large numbers of active sessions. #18051
  * Updated tsh proxy ssh to support HTTPS_PROXY. #18295
  * Updated Azure hosted databases to fetch the new CA. #18172
  * Updated tsh kube login to support providing default user, group and namespace. #18185
  * Updated web UI session listing to include active sessions of all types. #18229
  * Updated user locking to terminate in progress TCP application access connections. #18187
  * Updated teleport configure command to produce v2 config when auth server is provided. #17914
  * Updated all systemd service files to set max open files limit. #17961

-------------------------------------------------------------------
Thu Oct 27 15:29:33 UTC 2022 - Michael Ströder <michael@stroeder.com>

- Update to version 11.0.1:
  * Block SFTP in Moderated Sessions #17727
  * Fixed issue with agent forwarding not working for auto-created users. #17586
  * Fixed "traits missing" error in Application Access. #17737
  * Fixed connection leak issue in IAM joining. #17737
  * Fixed panic in "tsh db ls". #17780
  * Fixed issue with "tsh mfa add" not displaying OTP QR code image on Windows. #17703
  * Fixed issue with tctl rm windows_desktop/<name> removing all desktops. #17732
  * Fixed issue connecting to Redis 7.0 in cluster mode. #17849
  * Fixed "failed to open user account database" error after exiting SSH session. #17825
  * Improved tctl UX when using hardware-backed private keys. #17681
  * Improved tsh mfa add error reporting. #17580

-------------------------------------------------------------------
Tue Oct 25 04:54:30 UTC 2022 - kastl@b1-systems.de

- Update to version 11.0.0:
  * Full changelog see https://github.com/gravitational/teleport/releases/tag/v11.0.0
  * Teleport 11 brings the following new major features and improvements:
    - Hardware-backed private keys support for Server Access (Enterprise only).
    - Replacement of obsolete SCP protocol with SFTP for Server Access.
    - Removal of persistent storage requirement for Helm charts.
    - Automatic discovery and enrollment of EKS/AKS clusters for Kubernetes Access.
    - Richer Azure integrations for Server and Database Access.
    - Cassandra and Scylla support for Database Access, including AWS Keyspaces.
    - GitHub Actions and Terraform support for Machine ID.
    - Access Requests and file upload/download support for Teleport Connect.

-------------------------------------------------------------------
Thu Oct 20 08:03:56 UTC 2022 - michael@stroeder.com

- Update to version 10.3.3 with multiple improvements and bug fixes:
  * Fixed issue with EC2 auto-enrollment not working on Ubuntu instances. #17467
  * Fixed issue with tctl auth sign producing "access denied" error. #17557
  * Fixed issue with agents entering permanent error loop if they had expired
    join tokens and the cluster had previously undergone host CA rotation. #17599
  * Fixed issue with tsh producing auditd errors on some systems. #17495
  * Fixed issue with Machine ID bots joined via IAM token not respecting requested certificate TTL. #17371
  * Fixed issue with Teleport failing to initialize properly without configuration file. #17343
  * Fixed desktop access clipboard sharing with newer versions of Chrome. webapps#1266
  * Added license expiration alerts. #17489
  * Added support for imagePullSecret in teleport-kube-agent Helm chart. #16678
  * Added support for join parameters in teleport-kube-agent Helm chart. #17534
  * Improved error when trying to connecto to a Windows desktop that is locked. #17548
  * Improved SAML connectors validation upon creation. #16854
  * Improved desktop access connection error handling. #17390
  * Updated tsh ls --query to allow querying SSH nodes by hostname. #17038
  * Updated Machine ID to export user CA when generating SSH host certificate. #17525
  * Updated tsh to default to passwordless login if Touch ID is available. #17472

-------------------------------------------------------------------
Fri Oct 14 04:56:55 UTC 2022 - kastl@b1-systems.de

- Update to version 10.3.2:
  * Release 10.3.2 (#17303)
  * [v10] Fix FIPS aws credentials (#17304)
  * Desktop Access optimizations (#17071)
  * [v10] Add AWS Roles to Drone pipelines  (#17296)
  * [v10] Refactor Drone Pipelines to use AWS role assumption (#17244)
  * Tweak wording of joining nodes blurb.
  * AWS Terraform App Access, DB listeners variables (#17105)
  * [v10] Remove installer, app and database watchers for remote proxies (#17226)
  * [v10] Fix X11 forwarding for non-root users (#17130)
  * [v10] Manually print installer scripts instead of using asciitable  (#17167)
  * [v10] Fetch tags when promoting rpm/deb (#17031)
  * [v10] Ensure operator tests are run when Go dependencies change (#17032)
  * desktop clipboard: prevent integer underflow (#17179)
  * Bump Cloud Version (#17150)
  * Fix background database local proxy termination by SIGINT signal (#16932)
  * Drain errChan in `api.client/connect` (#17159)
  * Limit number of resources loaded into memory for version metrics (#17087)
  * Port in Tiago's feedback.
  * Update tool/tsh/app.go
  * Fix unit test.
  * Update tool/tsh/app.go
  * Remove cacert flag from curl output during tsh app login.
  * Revert change from PKCS1 to PKCS8 (#17045)
  * Fix ListResources for WindowsDesktops (#17093) (#17117)
  * Added 10/06 Upcoming Releases Update
  * Add `username_claim` to OIDC config to select claim from Identity Provider to use as username (#17070)
  * Update on-prem version in docs (#17091)
  * [v10] fix: data race in NodeSession.runCommand (#17073)
  * [v10] Finalize CI release API integration (#17064)
  * Stop using etcd serializable mode (#17049)
  * Missing spaces in on/offboarding section (#17039)
  * [v10] correct plugin name reference (#17019)
  * Refactor TestResolveEndpoints to avoid test failure when AWS SDK changes (#16943) (#16987)
  * correct protocol name (#16995)
  * [v10] Add docs for IdP-initiated SSO (#16897)
  * docs: mention that WindowsDesktop now supports EC2 join (#16811)
  * [v10] [Docs] Update 'Using Teleport Connect' for Linux & Windows (#16945)
  * bump cloud version (#16855) (#16885)
  * snowflake access fixes (#16940)
  * Fixes Dismiss Stale Workflows Runs GitHub Actions (#16926)
  * Fix client idle timeout ending sessions too early (#16868)
  * Release 10.3.1 (#16915)
  * docs: add more details on audit log retention (#16814)
  * [v10] Drop direct dependency on github.com/golang/protobuf (#16904)
  * local alert resync
  * security patch alerts
  * Release 10.3.0 (#16891)
  * [v10] security: include exec command in session.start.initial_command (#16905)
  * typo correction (#16839)
  * Fix label based tsh when per session mfa is enabled via role (#16893)
  * Implement RFD 82: Session Tracker Resource RBAC (#15760) (#16554)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16888)
  * [v10] Backport Elasticsearch suppport (#16873)
  * Update download link (#16836)
  * [v10] Drop a couple of deprecated/shallow Go dependencies (#16883)
  * Added 09/29 Upcoming Releases Update
  * update webassets (#16860)
  * update eref (#16859)
  * Initial RDPDR tests (#16470) (#16846)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16807)
  * [v10] Clean up old artifacts when retrying a tag build (#16669) (#16785)
  * [v10] Add an Elastic Stack guide (#16842)
  * [v10] security: one allow one exec request per SSH channel (#16813)
  * [v10] Change kube logged in message (#16829)
  * [v10] Document MsTeams access plugin (#16642)
  * Update on-prem docs version (#16725)
  * [v10] Fix auto discovery on secondary cluster of a global Aurora database (#16710)
  * Updated operating system support
  * [v10] Retrieve an IMDS token in the default ec2 discovery installer (#16808)
  * [v10] Docs: Update Docker Config Path (#16522)
  * docs: add ssh_file_copy to role spec (#16766)
  * Update the docs issues contributing guide (#16529) (#16631)
  * [v10] Backport PagerDuty edits (#16052)
  * [v10] fix: Handle failures when checking for excluded credentials (#16765)
  * [v10] update e ref (#16731)
  * Hide `--db-user`/`--db-name` flags if they are not needed. (#16747)

-------------------------------------------------------------------
Sat Oct 01 16:49:17 UTC 2022 - kastl@b1-systems.de

- Update to version 10.3.1:
  * Release 10.3.1 (#16915)
  * docs: add more details on audit log retention (#16814)
  * [v10] Drop direct dependency on github.com/golang/protobuf (#16904)
  * local alert resync
  * security patch alerts

-------------------------------------------------------------------
Sat Oct 01 16:25:21 UTC 2022 - kastl@b1-systems.de

- Update to version 10.3.0:
  * Release 10.3.0 (#16891)
  * [v10] security: include exec command in session.start.initial_command (#16905)
  * typo correction (#16839)
  * Fix label based tsh when per session mfa is enabled via role (#16893)
  * Implement RFD 82: Session Tracker Resource RBAC (#15760) (#16554)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16888)
  * [v10] Backport Elasticsearch suppport (#16873)
  * Update download link (#16836)
  * [v10] Drop a couple of deprecated/shallow Go dependencies (#16883)
  * Added 09/29 Upcoming Releases Update
  * update webassets (#16860)
  * update eref (#16859)
  * Initial RDPDR tests (#16470) (#16846)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16807)
  * [v10] Clean up old artifacts when retrying a tag build (#16669) (#16785)
  * [v10] Add an Elastic Stack guide (#16842)
  * [v10] security: one allow one exec request per SSH channel (#16813)
  * [v10] Change kube logged in message (#16829)
  * [v10] Document MsTeams access plugin (#16642)
  * Update on-prem docs version (#16725)
  * [v10] Fix auto discovery on secondary cluster of a global Aurora database (#16710)
  * Updated operating system support
  * [v10] Retrieve an IMDS token in the default ec2 discovery installer (#16808)
  * [v10] Docs: Update Docker Config Path (#16522)
  * docs: add ssh_file_copy to role spec (#16766)
  * Update the docs issues contributing guide (#16529) (#16631)
  * [v10] Backport PagerDuty edits (#16052)
  * [v10] fix: Handle failures when checking for excluded credentials (#16765)
  * [v10] update e ref (#16731)
  * Hide `--db-user`/`--db-name` flags if they are not needed. (#16747)

-------------------------------------------------------------------
Tue Sep 27 18:46:58 UTC 2022 - michael@stroeder.com

- Update to version 10.2.6:
  * Fixed issue with connecting to SQL Server in a leaf cluster through the local proxy. [#16616]
  * Fixed regression issue introduced in `10.2.3` with enterprise specific web UI pages returning errors. [webapps#1212]

-------------------------------------------------------------------
Tue Sep 27 07:57:11 UTC 2022 - michael@stroeder.com

- Update to version 10.2.5:
  * Fixed issue with connecting to servers with some GUI clients e.g. PyCharm. [#16662]
  * Added support for simplified Active Directory configuration in Desktop Access. [#16623]

-------------------------------------------------------------------
Tue Sep 27 06:39:03 UTC 2022 - kastl@b1-systems.de

- Update to version 10.2.4:
  * Release 10.2.4 (#16712)
  * Fix link with a long redirect chain in the CHANGELOG (#16527)
  * [v10] helm: allow custom CA in teleport-cluster without custom certs (#16475)
  * Disable MongoDB server selection in tests (#14622) (#16695)

-------------------------------------------------------------------
Tue Sep 27 06:32:20 UTC 2022 - kastl@b1-systems.de

- Update to version 10.2.3:
  * Release 10.2.3 (#16686)
  * [v10] Misc Backports (#16674)
  * [v10] Improve logging when TDP input streaming fails (#16525)
  * Fix issue with builtin remote proxy role getting access denied to roles (#16685)
  * [v10] ci: Add Dependency Review linting tool (#16651)
  * Use `testauthority` instead of `native` to generate keys in tests (#16486) (#16625)
  * [v10] Fix flaky integration test: TestAppServersHA/RootServer (#16628) (#16666)
  * helm: add minReadySeconds to teleport-cluster chart (#16675)
  * Add a timeout for device cancels (#16657)
  * bucket etcd leases (#16659)
  * Add a version support table to the FAQ (#15924) (#16630)
  * docs: move S3 IAM policy into an include (#16476)
  * Introduce discovery_service and automatically run an SSM Document on discovered EC2 nodes  (#14094) (#16588)
  * [v10] Connect: Fix premature `proxyClient.Close()` when getting kube clusters (#16538) (#16586)
  * Backport V10: Add an AWS EC2 instance fetcher (#13886) (#16006)
  * spell fix (#16607)
  * [v10] azure mysql postgres auto discovery docs (#16562)
  * Make the Fluentd guide more usable (#16051)
  * add cluster alert links (#16426) (#16595)
  * Fix CA pool loading for etcd backend (#16484) (#16598)
  * Generic retrieval of FnCache values (#16485) (#16544)
  * add status interface for cluster alerts (#16505) (#16574)
  * [v10] ci: Swap CodeQL to larger runner and improve workflow (#16535)
  * [v10] [Docs] note S3 versioning requirement (#16454)
  * Allow opting out of forced OIDC email verification (#15847) (#16142)
  * [v10] Move GitHub review bot to shared-workflows repository (#16226) (#16557)
  * [v10] Register Windows native artifacts in release API (#16197) (#16540)
  * Update on-prem v10 docs version (#16514)
  * [v10] TLS Routing support with Teleport Proxy behind ALB for database access (#16415)
  * Fix issue "tsh db env" returns error when TLS routing enabled (#16252) (#16468)
  * Change caching resolver to return a copy of cached data (#16219) (#16353)

-------------------------------------------------------------------
Wed Sep 21 08:27:17 UTC 2022 - kastl@b1-systems.de

- Update to version 10.2.2:
  * Release 10.2.2 (#16469)
  * update e-ref
  * rework cmd registration
  * Add EC2 joining for Windows Desktop Service (#16438)
  * Fix incorrect PagerDuty guide redirect (#15917)
  * [v10] VSCode remote ssh extension settings (#16462)
  * Add documentation for Event Handler chart (#15662)
  * adding video banner to mssql server db quide (#16420)
  * Fix minor issues that impact SEO (#15920)
  * Fix auditd status on older kernels (#16448)
  * [v10] Fix `known_hosts` locking by refactoring our locks in `utils/fs` (#16441)
  * [v10] Nodes use FIPS STS endpoints for IAM join method when in FIPS mode (#16374)
  * Added 09/15 Upcoming Releases Update
  * operator: Fix flaky drift tests (#15815) (#16338)
  * Add `where` predicate and Machine ID support to SSH host certificates (#16261) (#16427)
  * [v10] helm: support Kubernetes 1.25 (#16343)
  * Capture stderr from "tsh db connect" and reformat redis error (#13843) (#16416)
  * [v10] Rephrase docs on moderated sessions backward compatibility (#16349)
  * Remove Stripe from `Content-Security-Policy` header (#16390)
  * Unhide tctl alert create (#16290)
  * Add Default Allow Rules for new resources (#16237) (#16399)
  * [v10] Prevent ssh.Session SendRequest from wrapping payload twice (#16171)
  * [v10] Correct hsm service docs command (#16405)
  * [v10] docs: fix joinParams reference (#16381)
  * [v10] ci: Add paths/paths-ignore to GitHub Actions workflows to reduce unnecessary builds (#15708)
  * [v10] Kubernetes Exec via Websockets (#16282)
  * Documentation for AWS API access (#14429) (#16066)
  * Use tracing handler per server not per route (#16372)
  * [v10] Document `tbot configure` (#16373)
  * [v10] Add /webapi/sites/:site/alerts endpoint to the apiserver (#16336)
  * updates changelog to document when rdp licensing negotiation was added (#16340)
  * Fix `TestTokenGeneration` flakiness (#15090) (#16362)
  * [v10] backport #16136 and #16151 (#16213)
  * [v10] Wrap `desktopplayback` endpoint with `WithClusterAuth` rather than `WithAuth` (#16292)
  * [v10] Adds warning about directories blocked from being shared (#16328)
  * [v10] Clarify access denied due to Teleport role permission (#16331)
  * [v10] Dial by UUID for label based ssh (#16324)
  * spell fixes (#16166)
  * [v10] docs: Add missing commands key to dynamic labels in reference (#16294)
  * Update on-prem docs version (#16313)
  * Tweak TestAgentForward (#16304)
  * changelog: fix moderated sessions typo (#16222)

-------------------------------------------------------------------
Tue Sep 13 12:46:41 UTC 2022 - kastl@b1-systems.de

- Update to version 10.2.1:
  * Release 10.2.1 (#16283)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16287)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16280)
  * [v10] Reduce the severity of the upgrade alert to 'info' (#16211)
  * [v10] Add documentation for Jira Helm chart (#15921)
  * [v10] Categorize Teleport Connect linux builds correctly (#16272)
  * Remove the "." from the end of the auth token generated by "tctl tokens add" command (#16157) (#16238)
  * Update Helm snapshots when updating version (#16189)
  * Change base image for os compatibility check. (#16177)
  * (v10) Bump Go to 1.18.6 (#16259)
  * [v10] fix tctl auth server flag (#16255)
  * [v10] Calculate shasums of TCon Linux OS packages (#16253) (#16256)
  * Added 09/08 Upcoming Releases Update
  * Update grpc-go (#16199)
  * Add validation for hostname read from EC2 (#16015)
  * [v10] Correct cluster auth preference dynamic example (#16246)
  * [v10] bump go mod go1.18 (#16088)
  * Add serialization of writes to `known_hosts` file. (#16203)
  * [v10] Update the CockroachDB logo in our guide (#16194)
  * bumps rust to 1.63.0, fixes linting errors (#16056) (#16152)
  * Fix running ssh command on multiple nodes with mfa per session (#16148)
  * [v10] Add a guide to Desktop Access Directory Sharing (#15932)

-------------------------------------------------------------------
Wed Sep 07 06:53:32 UTC 2022 - kastl@b1-systems.de

- Update to version 10.2.0:
  * Release 10.2.0 (#16172)
  * upgrade notifications
  * implements IRP_MJ_LOCK_CONTROL (#16139)
  * [v10] Generalize private keys in tsh (PIV integration) (#15890)
  * [v10] Replace quay.io with amazon ECR where appropriate (#15713)
  * Rename web JSON field names and wrap traits (#14611) (#16173)
  * Auditd integration (#14948) (#16140)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16169)
  * [v10] Add OS compatibility checker (#16141)
  * [v10] Add section on teleport.cluster.local (#16153)
  * [v10] Update buildbox to push to ECR  (#15725)
  * [v10] Update user traits when renew session (#16122)
  * Plugin ECR Documenation updates (#15719)
  * [v10] Docs: Update Contributing Page (#16115)
  * [v10] Add retries on operation denied in fido2 (#16085)
  * Restrict Google JSON creds to service_account (#16042)
  * Add support for `--browser none` to `tctl sso test`. (#16086)
  * [v10] ConnectionDiagnostics: SSH Tester (#15413)  (#16087)
  * Forward flags to "tsh ssh" and "tsh aws" (#16058) (#16094)
  * Support AWS Console for US GovCloud Partition (#13442) (#16067)
  * [v10] Make `tctl bots add` display the proxy address  (#16089)
  * Fix outdated CHANGELOG links (#16110)
  * Increase dynamo get limit (#16103)
  * [v10] Use regional STS endpoints for IAM join method (#15915)
  * [v10] Update Library for new systemd install  (#16030)
  * Drop libudev-dev from buildbox dependencies (#16102)
  * Fix username in example (#14276) (#16077)
  * Add omitempty for GitHub teams_to_roles (#16012)
  * Add comment and import cycle proto linters (#16092)
  * Fix infinite session heartbeat failures (#16065)
  * [v10] Correct links to tracks (#16078)
  * dronegen: Enable verbose logs for electron tooling on macOS (#15836) (#15894)
  * [v10] Add an `is_empty` field to `FileSystemObject` (#16059)
  * [v10] Add support for `FileNamesInformation` (#16054)
  * Added 09/01 Upcoming Releases Update
  * [v10] Backport TLS routing Ping connection (#16017)
  * [v10] azure mysql postgres auto discovery watchers (#15992)
  * [v10] Add Access Request ID to response for UserContext (#15962)
  * [v10] Add architecture guide for Machine ID (#16036)
  * [v10] Avoid wrongly filtering Yubikey4 devices (#16011)
  * [v10] Update on-prem version to 10.1.9 (#16020)
  * [v10] Remove deprecated upsert password endpoint (#15855) (#15938)
  * [v10] Fix a flaky operator test (#16010)
  * [v10] NodeJoin script: fix when no labels are provided (#15755)
  * improve semaphore flakiness test
  * fncache test improvements
  * github releases scraper
  * [v10] Add lock target to lock.create event (#15981)
  * Added section on Cloud upgrades.
  * [v10] azure mysql postgres auto discovery api (#15991)
  * [v10] azure mysql postgres auto discovery proto (#15989)
  * [v10] Azure mysql postgres auto discovery config create (#15990)
  * [v10] Apply linters to legacy protos (#15961)
  * [v10] Azure mysql postgres auto discovery configuration (#15988)

-------------------------------------------------------------------
Wed Sep 07 06:48:02 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.9:
  * Release 10.1.9 (#15980)
  * [v10] Add default debug setting for install.sh AMI script (#15936)
  * [v10] Record when a session recording is accessed (#15729)
  * [v10] backports for 13630 14267 14959 15289 15364 15789 15743 (directory sharing) (#15767)

-------------------------------------------------------------------
Wed Sep 07 06:44:22 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.8:
  * Release 10.1.8 (#15952)
  * [v10] Fix race in `reversetunnel.remoteConn` (#15943)
  * [v10] Organize docs guide sections chronologically (#15735)
  * [v10] Fix link in Authentication options docs (#15276)
  * [v10] Connect: Add tests for ParseClusterURI (#15942)
  * [v10] Use Buf linters and formatter on lib/teleterm protos (#15919)
  * [v10] Use Buf to build/lint/format lib/ protos (#15913)
  * [v10] Add omitempty for deprecated teams_to_logins field (#15933)
  * [v10] Added sles as another identifier for suse in auto install (#15702)
  * [v10] Build Teleport Connect for Windows (#15292) (#15899)
  * [v10] moved redirect path param to RawQuery and added escaping (#15628) (#15908)

-------------------------------------------------------------------
Wed Sep 07 06:40:07 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.7:
  * Release 10.1.7 (#15931)
  * [v10] Edit the Mattermost guide (#15508)
  * [v10] Add redirect from /user-manual (#15525)
  * [v10] Authenticated pulls to build artifacts  (#15791)
  * [v10] Replace `Tile` components with lists of links (#15423)

-------------------------------------------------------------------
Wed Sep 07 06:36:39 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.6:
  * Release 10.1.6 (#15914)
  * [v10] Default debug to false in aws AMI scripts (#15909)
  * Fix SAML alternate redirects (#15868)
  * [v10] Backport #13924 (#15733)
  * [v10] Use to Buf to lint, format and generate api/ protos  (#15875)
  * cluster alerts
  * [v10] Correctly handle Firestore pagination with DocumentID cursors (#13756)

-------------------------------------------------------------------
Wed Sep 07 06:34:23 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.5:
  * Release 10.1.5 (#15866)
  * [v10] Use Debug flag in aws scripts (#15431)
  * [v10] Increase missing tunnels check interval  (#15802)
  * Merge pull request #15853 from gravitational/capnspacehook/backport/v10/15144
  * [v10] Fix an issue `tsh aws s3` fails when using path with special characters (#15819)
  * Added 08/25 Upcoming Releases Update
  * [v10] Update deprecated pty dependency (#15857)
  * [v10] Update fpm images to use amazon ECR (#15561)
  * [v10] Ensure watchers are using cache when applicable (#15838)
  * [v10] Documentation for AWS API access (#14429) (#15807)
  * [v10] Add Machine ID FAQ section on per-session MFA (#15831)
  * [v10] Remove TestMux/Timeout reliance on real time (#15827)
  * [v10] Add drone pipeline for building Connect with signed tsh.app (#15832)
  * [v10] Check if user has access to any registered resource (#15637) (#15814)
  * [v10] Deflake TestEC2Hostname (#15809)
  * [v10] Backport Teleport Connect Linux Builds (#15783)
  * [v10] Teleport Operator ECR (#15438)
  * [v10] update e & webassets (#15785)
  * [v10] Ignore Logins when listing Nodes (#15597) (#15797)
  * [v10] backport #14326 (Remove check for `local_auth` when creating privilege token) (#15776)
  * [V10] Show proper error message when "tsh db env/config" are not supported (#15734)
  * [v10] (buddy) Pass JWT headers on websocket requests (#15738)
  * [v10] upgrade window events (#15732)
  * [v10] Fix race condition to sessions map in K8S proxy (#15456)
  * [v10] Fix invalid Write implementation on K8S join stream (#15657)
  * [v10] Improve error logging on reconnect node (#15639)
  * [v10] ci: Reduce CodeQL max goroutines to address failed extraction (#15698)
  * [v10] Fix table formatting in the SOC 2 guide (#15692)
  * [v10] Span improvements (#15670)
  * [v10] Fix race in EC2 label warning (#15685)
  * [v10] Delete touch_id credentials during tsh mfa rm (#15675)
  * [v10] Remove duplicate words in trusted cluster overview (#15663)
  * [v10] helm: allow to disable local auth in teleport-cluster chart (#15595)
  * Added 08/18 Upcoming Releases Update
  * [v10] Update on-prem and cloud in docs to 10.1.4 (#15666)
  * [v10] Stop validating schema for labels in k8s operator (#15600)
  * [v10] Add an Email Access Request guide (#15414)
  * [v10] Improve K8S session join error propagation (#15492)
  * [v10] Reorganize approach to cluster names in Connect (#15200) (#15638)
  * [v10] Document `teleport.dev/database_name` tag. (#14923) (#15604)
  * [v10] Make tctl auth sign to write out kube TLS server name if TLS routing is enabled (#15632)
  * [v10] Fix 'get-kubeconfig.sh' to work with Kubernetes v1.24+ (#15617)
  * [v10] Connection Diagnostic: update, traces and ConnectionTester (#15158) (#15551)
  * Attempt to connect to other proxies on failure (#14954) (#15313)
  * [v10] Store AuthConnector in profile (#15552)
  * [v10] Reorganise Machine ID docs (#15522) (#15570)
  * [v10] Alias support for `tsh` (#13305, #14931) (#14919)
  * [v10] Add info to login command about passwordless (#15548)
  * [v10] Support China and GovCloud for database access (#15583)
  * [v10] Fix OS package repo promotion parallelism issue (#15531)
  * Lower EC2 label log frequency (#15179)
  * [v10] Publish to Release API on release promotion (#15153) (#15251)
  * [v10] Document multi-role-behavior for `create_host_user` option (#15587)
  * Backport #15268: Added docs for new RPM repos (#15268) (#15533)
  * [v10] misc docs fixes (#15539)
  * [v10] Add AWS troubleshooting page and add into applicable pages (#15568)
  * Fix cloud scope for db configure command. (#15567)
  * Allow reverse tunnel join without exposing the web API (#13598)

-------------------------------------------------------------------
Wed Sep 07 06:26:31 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.4:
  * Release 10.1.4 (#15527)
  * (v10) Update Cloud package repo instructions (#15007)
  * [v10] Add Machine ID Kubernetes and Apps guides (#15501)
  * [v10] Fix inverted check for `join_params` and `auth_token` mutual exclusion (#15517)
  * Backport/branch/v10/pr 12763 (#15429)
  * [v10] Machine ID support for Logins trait (#15117) (#15470)
  * [v10] Fix TLS usage across multiple protocols (#15464)
  * Backport "Added YUM implementation of OS package build tool" (#14203) into branch/v10 (#15127)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#15504)
  * [v10] docs: Improve cloud security/compliance documentation (#15460)

-------------------------------------------------------------------
Wed Sep 07 06:23:56 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.3:
  * Release 10.1.3 (#15499)
  * [v10] Add instructions for backporting PRs (#15420)
  * [v10] Remove tctl access ls from cli ref (#15496)
  * [v10] helm: Add support for mounting existing TLS root CA (#15347)
  * [v10] auditlog: fix panic during concurrent streams of the same session (#15360)
  * [v10] Add RBAC instructions for DB tctl auth sign (#15451)
  * [v10] Use the absolute path of the teleport binary in node join script (#15473)
  * Added 08/11 Upcoming Releases Update
  * [v10] Add support for variable playback speed for Desktop Access recordings (#15326)
  * [v10] Remove deprecated GenerateUserCerts HTTP endpoint (#15412)
  * [v10] Pick correct cert when signing Connect (#15344) (#15411)
  * [v10] Add better handling for common libfido2 errors (#15395)
  * [branch/v10] Update docs to use the latest Cloud version number (#15418)
  * [v10] Document teleport-operator (#15320)
  * [v10] Documentation for AWS DynamoDB guide (#14319) (#15387)
  * [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#15406)
  * [v10] Adjust Machine ID generated ssh cert path to align with convention (#15297)
  * [v10] Update last report date for SOC 2 report (#15377)
  * fix peer addr for in-memory control stream
  * [v10] backport #15012 (Add `teleport install systemd` command) (#15270)
  * [v10] Connect docs: Add section about insecure mode (#15340)
  * [v10] Use a getter/setter for reading the token value from the config (#15372)
  * [v10] Add "RDP connection fail" section to desktop access troubleshooting docs (#15324)
  * [backport v10] Make dir before trying to open config file on `teleport configure --output=/some/dir ` (#15352)
  * [v10] Tag forwarded spans with custom attributes  (#15215)
  * Fix cert renewal by recovering certbot state (#3610)
  * Fix bash examples in terraform README
  * Support terraform v1 (#15087)
  * [v10] Trace ssh sessions (#15228)
  * [v10] Create and List Connection Diagnostics (#14781) (#15080)
  * [v10] Add passwordless login capabilities to teleterm (#15265)
  * [v10] Add Suggested Labels to Provision Tokens (#15114) (#15319)
  * [v10] Use `waitForError` instead of `require.Eventually` in SessionRecordingModes integration tests (#15221)
  * [v10] Shutdown TCP socket on Go-side close (#14996)
  * [v10] Machine ID docs: Trusted Cluster support (#15295)
  * [v10] ci: Implement code scanning with CodeQL (#15279)
  * [v10] docs: Add additional known issues to BPF-based enhanced session recording security warning (#15308)
  * [v10] Add more general information to our SSO guide (#15307)
  * [v10] desktop access: send full websocket messages to the browser (#15314)
  * [v10] Add directory sharing to the ACL (#14653)
  * [v10] Move Access Requests guides to Access Controls (#15138)
  * [v10] docs: add a note about desktop session recording RBAC (#15290)
  * [v10] Add calls to action for Teleport Cloud (#15139)
  * [v10] desktop access: try using system DNS resolver first (#15255)
  * [v10] Fix missing cluster name on session.upload via Upload Completer (#15239)
  * [v10] [doc] Remove "tsh db login" from database guides (#15240)
  * [v10] Add FAQ and Troubleshooting docs for Machine ID (#15226)
  * [v10] Detect M1/M2 ARM CPUs when using the install script (#15233)
  * [v10] Revert "Use high CPU pool for unit & integration (#13875)" (#15229)
  * [v10] Minor updates to FedRAMP documentation (#15273)
  * Backport #12815 to branch/v10 (#15261)
  * [v10] Remove incorrect URLs from config.json (#15219)
  * [v10] Update instructions on checking version (#15071)
  * Backport #14852 to branch/v10 (#15084)
  * Backport #15099 to branch/v10 (#15260)
  * Backport #15191 to branch/v10 (#15257)
  * [v10] Fix data race on shutdown (#15248)
  * [v10] Add custom unmarshal for second_type factor (#15201)
  * [v10] Backport #13507 (#14456)
  * [v10] Fix session join requirements documentation (#14416) (#15130)
  * [v10] Actually use the cache for Snowflake sessions (#15193)
  * Added 08/04 Upcoming Releases Update
  * [v10] Add a version to the role in the GitHub CA guide (#14901)
  * [v10] AWS session audit log (#13288) (#15207)
  * [v10] [docs] AWS external ID support (#15161)
  * [v10] Skip cache during CreateBot RPC (#15116)
  * [v10] Don't reset eventID to 0 when out of events in the Postgres backend (#15165)
  * [v10] Fix the behavior of `tsh mfa add --allow-passwordless` (#15137)
  * [v10] helm: configure dynamoDB autoscaling in teleport-cluster  (#15122)
  * [v10] backport #14698 (embed auth.Cache in auth.Server) (#14984)
  * [v10]Update docs version (#15132)
  * [v10] helm: configure session recording in teleport-cluster (#15003)
  * [v10] reduce sensitivity of fncache cancellation test (#15069)
  * [V10] Proxy Protocol support for Proxy SSH listener (#14712) (#15086)
  * [v10] Clarify when HTTP_PROXY applies (#14673)
  * [v10] `tctl` - Add --set flags for every trait (#14552) (#15108)
  * [v10] Add docs for TCP apps access (#15125)
  * [v10] fix help output for --access-request flag. (#15052)
  * [v10] Backport #14564 (#14992)
  * Amend 10.1.2 changelog (#15112)

-------------------------------------------------------------------
Tue Aug 02 07:25:30 UTC 2022 - kastl@b1-systems.de

- Update to version 10.1.2:
  * Release 10.1.2 (#15104)
  * [v10] Check manifest before attempting to push docker images (#15095)
  * Backport [v10] Add error messages to SFTP audit events (#15035)
  * [v10] SSH request tracing (#14124) (#14968)
  * Release 10.1.1 (#15067)
  * [V10] Download mTLS files from Web (#14526) (#15081)
  * [v10] Make tsh installer non relocatable and drop version from app (#15033)
  * [v10] helm: Deploy CRDs when the operator is enabled (#15006)
  * [v10] Fix drone teleport operator publishing (#15066)
  * [v10] Fix duplicated JWT import (#14888)
  * [v10] docs: mark resource access requests as in preview (#15059)
  * [v10] Document `tsh request drop` (#15038)
  * Release 10.1.0 (#15047)
  * [v10] Return nil on success for web UI file tranfers (#15044)
  * [v10] Move Helm references (#13102) (#14166)
  * [v10] Fix chan_shutdown_read issue (#15049)
  * [v10] Fix tsh proxy ssh handshake (#15010)
  * improve semaphore retries and tests
  * Refactor tests under services package.
  * [v10] Change IAM "UnmodifiableEntity" error to a debug log (#14958)
  * [v10] backport 14985  (#15026)
  * [v10] backport #14940 (refactor `Supervisor.WaitForEvent`) (#14994)
  * [v10] Update drone publishing (#14961)
  * Added 07/28 Upcoming Releases Update
  * [v10] Updated Teleport 10 Getting started videos (#14906)
  * [v10] Enable BPF tests in CI (#14501)
  * [v10] Firestore: Err Not Found if doc was already deleted (#14982)
  * [v10] Use IP as `LocalAddress` when gateway is created on Windows for SQL Server (#15000)
  * [v10] helm: Add CA Pinning Support  (#14893)
  * [v10] Connect: Implement SetGatewayLocalPort RPC (#14828)
  * [v10] Backport  "Add on_leave documentation for require policies" (#14182) (#14579)
  * [v10] Make EC2 availability check more robust (#14962)
  * Added 07/27 Upcoming Releases Update
  * Backport [v10] SFTP server side support (#14209)
  * [v10] Fix artifact registration in Releases API for Teleport Connect (#13946) (#14925)
  * [v10] Validate token for node join script (#14944)
  * [v10] Fix Token creation TTL regression (#14943)
  * (v10) Add support for proxying TCP apps (#14896)
  * [v10] Add docs for Teleport Connect (#14945)
  * [v10] Support AWS external id (#14086) (#14894)
  * [v10] Rename `teleport.dev/database-name` to `teleport.dev/database_name` to match convention. (#14933)
  * [v10] Handle `"true"` being passed for the `email_verified` OIDC claim (#14917)
  * [v10] `tsh ssh` `--forward` and `--dynamic-forward`: graceful error handling (#14914) (#14745)
  * [v10] Error out if port is already bound #13464 (#14886)
  * [v10] Force unlock keychain on Darwin Push Build (#14910)
  * [v10] Teleport 10 Video (#14811)
  * [v10] Support dynamic registration in kube-agent helm chart (#14881)
  * [v10] Fix makeClientForProxy user extraction (#14865)
  * [v10] Refactor reversetunnel localsite (#14785)
  * [v10] Fix flakiness in `TestRoleUpdate` (#14890)
  * [v10] Warn that all nodes must be on v10 for Resource Access Requests (#14868)
  * [v10] Add context.Context to session.Service inteface (#14877)
  * [v10] Support TCP protocol in tshd (#14882)
  * [v10] Add dynamodb metrics (#14757)
  * [v10] Improve error message if data dir on tbot and tctl not available for permissions (#14872)
  * [v10] Teleport Operator (#14860)
  * [v10] Add `tsh request drop` command (#14843)
  * [v10] Add context.Context to AuthenticateWebUser and AuthenticateSSHUser (#14846)
  * [v10] Fix TestMux/Timeout (#14483)
  * [v10] Correct Node/agent naming and usage (#14650)
  * [v10] Allow setting public addresses in `teleport-cluster` chart (#14768)
  * [v10] Ensure that the WindowsDesktopReady event is emitted (#14839)
  * [v10] Adjust global logger to include `\r` when terminal is in raw mode. (#14831)
  * [v10] Retry login for tsh proxy ssh (#14814)
  * [v10] Fix possible deadlock during server close (#14816)
  * [v10] Spelling fixes additional (#14837)
  * [v10] Allow "tsh proxy db" without "tsh db login" first (#14336) (#14798)
  * [v10] Allow to override db name using AWS tag. (#14799)
  * [v10] Remove time.Sleep in teleterm tests (#14829)
  * [v10] Spelling Fixes (#14819)
  * [v10] Fix session join access denied (#14770)
  * [v10] Fix the device detection loop for U2F devices (#14795)
  * [v10] Update advisory to remove that SQL Server audit logs aren't available (#14805)
  * [auto] Update webassets in branch/v10 (#14769)
  * Backport #12770 to branch/v10 (#14714)
  * [v10] Fix tctl instructions in DB Access guides (#14600)
  * [v10] Fix bug when merging resource and role requests (#14711) (#14777)
  * [v10] Ensure the upload completer sets the time on session.upload events (#14559)
  * Backport #14658 to branch/v10 (#14784)
  * [v10] Better error message on ping parse error. (#14735)
  * [v10] Add SSH session recording modes to documentation (#14747)
  * [v10] Add app access support to Machine ID (#14551) (#14723)
  * [v10] backport #14177 (build-time cbindgen) (#14684)
  * [v10] Fix Enterprise spelling in intro (#14670)
  * [v10] Fix docs redirects (#14720)
  * [v10] Add documentation for the sqlite backend options (#14744)
  * [v10] Move the tsh guide to the new "Use Teleport" section (#14682)
  * [v10] [docs] Consistently quote second_factor in cluster_auth_preference (#14727)
  * [v10] Allow traces to be exported to files (#14746)
  * [v10] Updates to loadtest assets  (#14527)
  * [v10] Correctly exit out of tbot when one shot mode is enabled (#14683)
  * [v10] Allow dynamic libfido2 builds via Makefile (#14693)
  * [v10] Update port used in Machine ID database guide (#14708)
  * Added 07/20 Upcoming Releases Update
  * Apply forScopes feature to articles (#14704) (#14709)
  * [branch/v10] Add context.Context to CreateWebSession and DeleteWebSession (#14663) (#14699)
  * Update scaling documentation.
  * [v10] Add s3 metrics (#14664)
  * [auto] Update webassets in branch/v10 (#14675)
  * [v10] add config flags to db configure create (#14654)
  * [v10] Fix CTRL-C hanging if session is paused (#14511)
  * [v10] Add note about disabling password authentication for added security (#14626)
  * [v10] lib/teleterm: Refactor daemon gateways to a hash map (#14640)
  * [v10] Reduce flakiness of Testbot_Run_CARotation (#14628)
  * [v10] Add error message for failed SSO authorization (#9622)
  * [v10] Docs update version 10.0.2 for on-prem, 9.3.10 cloud (#14524)
  * [v10] WebAPI: return user traits (#14138) (#14453)
  * Add support for session recording config override
  * [v10] Complete renaming of the Graceful Restarts guide (#14605)
  * Backport "Update docs for new APT repos" (#12959) into branch/v10 (#14591)
  * Fix TestAgentStart flakiness (#14610) (#14639)
  * [v10] Implement the Touch ID credential picker (#14643)
  * [v10] Add tbot to nightly build (#14631)
  * [v10] Remove `update` verb requirement when creating Tokens (#14506) (#14624)
  * [v10] Fail `db_service` start on invalid configuration (#14515)
  * [v10]: fix tsh status cluster env var (#14335)

-------------------------------------------------------------------
Wed Jul 20 05:47:24 UTC 2022 - kastl@b1-systems.de

- Update to version 10.0.2:
  * Release 10.0.2 (#14613)
  * [v10] Replace `ssh proxy` execution with `crypto/ssh` call (#14522)
  * [v10] Add Kubernetes Access support to Machine ID (#14269) (#14550)
  * [v10] Deflake TestOpenExecSessionSetsSession (#14588)
  * [v10] Fix broken links (#14532)
  * [v10] Update error message returned when user is not allowed to sign db certs (#14426)
  * [v10] tsh: Suppress PPK deletion error when file doesn't exist (#14572)
  * Fix TestProxyTunnelStrategyAgentMesh flakiness (#14398) (#14474)
  * [v10] Expand the edition comparison table (#14255)
  * [v10] Add RBAC instructions for Kubernetes Access (#14258)
  * [v10] Display helpful error when joining with invalid host ID for EC2 join method (#14494)
  * [v10] Bundle `tbot` into the built docker images (#14462)
  * [v10] Fail `app_service` start on invalid configuration (#14325) (#14478)
  * [v10] Add check that roles in given user exist (#14459)

-------------------------------------------------------------------
Mon Jul 18 05:57:27 UTC 2022 - kastl@b1-systems.de

- Update to version 10.0.1:
  Changelog omitted due to size, please see here:
  https://github.com/gravitational/teleport/releases/tag/v10.0.1

-------------------------------------------------------------------
Mon Jul 11 14:04:02 UTC 2022 - kastl@b1-systems.de

- Update to version 10.0.0:
  Changelog omitted due to size, please see here:
  https://github.com/gravitational/teleport/releases/tag/v10.0.0

-------------------------------------------------------------------
Mon Jul 04 12:35:43 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.9:
  * Release 9.3.9 (#14034)
  * [v9] Fix TDP/RDP termination (#14024)
  * Updated upcoming releases (06/30)
  * (v9) Fully check the policy set for and v5 policies without short-circuiting (#14013)
  * [v9] Fix database role fetch for `tsh db ls --all` (#13626)
  * [v9] Add error check before `handle_bitmap` (#13828) (#14019)
  * remove extra `handle.Delete()` (#14010)
  * [v9] Backport #11616, #11714, and #12499 (#13707)
  * [v9] Open a new remote client when the remote site has changed in a web session (#13967)
  * [v9] Improve error msg when client fails to auth in Teleport (#13835)
  * [v9] Improve log message when we fail to retrieve the client cert pool (#13675)
  * [v9] Fix JumpHost TLSRouting flow when root cluster is offline (#13791) (#13928)
  * [v9] Fix AWS credentials format in IBM guide (#13847)
  * [v9] updates rdp-rs ref to new HEAD where scroll wheel delta is fixed (#13905)
  * Clarify our version compatibility guarantees (#13593)
  * [v9] fix panic child.Close() called without logger initialized (#11117) (#13907)
  * [v9] Properly handle empty list of role requests (#13456) (#13893)
  * [v9] Mongo clients with `serverSelectionTimeoutMS` set to 5000 (#13859)
  * Optionally provide ca_pin as a file path (#13089)
  * [v9] Pass proxy address to PromptMFAChallenge calls (#13772) (#13856)
  * [v9] Move predicate err check earlier, inside RetryWithRelogin (#13368) (#13747)
  * [v9] ensure timestamps on request reviews (#13758)
  * [v9] Add OpenSSH Proxy Jump docs (#13851)
  * Backport lib/utils/prompt improvements to [v9] (#13822)
  * [v9] Update Terraform reference (retries and provider source) (#13842)
  * [v9] Fix LDAP attribute labeling
  * [v9] Update docs version (#13810)
  * [v9] backport fips #11291 and #13222 (#13703)
  * Enterprise docker getting started fixes (#13550)
- skipping non-existent version 9.3.8

-------------------------------------------------------------------
Wed Jun 22 20:44:53 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.7:
  * Release 9.3.7 (#13742)
  * Backport #10708 to branch/v9 (#13250)
  * Backport #12946 to branch/v9 (#13244)
  * [v9] Fix Teleport welcome screen image (#13710)
  * Update libbpf to 0.7.0-teleport (#13650)
  * [v9] Add better error handling for ec2 labels (#13487)
  * Fixes potential `cgo.Handle` panic (#13479) (#13590)
  * Fixed AWS 'teleport-generate-config' script when IMDSV2 is used (#13537)
  * [auto] Update webassets in branch/v9 (#13665)
  * Error out if port is already bound (#13679)
  * Fix panic when tsh kube exec is invoked (#13655)
  * [V9] Add `sshLogins` to nodes endpoint on `webapi` (GET /nodes)  (#13474)
  * deflake TestAgentForwardPermission (#13638)
  * Update our list of support databases (#12841)
  * docs(helm): remove wrong statement from kube-agent highAvailability (#13262)
  * Drop rdpsnd messages (#13496)
  * Deflake TestX11Forward (#13493)
  * [v9] `tsh` list resources accross proxies and clusters (#12934) (#13313)
  * Backport #12828 to branch/v9 (#13421)
  * Update docs self-hosted version to 9.3.6 (#13533)
  * Naji/backport 13287 (#13520)
  * Update downloads.mdx (#13431)
  * Optimize instance metadata availability check (#13167)
  * Fix CA rotation watcher not starting when database svc enabled w/ no cfg (#13470) (#13517)
  * Replaced bsh with code blocking in docs (#13486)

-------------------------------------------------------------------
Wed Jun 22 12:17:21 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.6:
  * Release 9.3.6 (#13500)
  * [v9] Check for unimplemented error during stream receive in Client.GetAccessRequests (#13490)
  * Backport of #10746 to v9 (#13197)
  * Rephrase the Teleport Cloud introduction (#13422)
  * Add de-duplicating apps, dbs, and desktops when sorting/totalCount is needed (#12685) (#13451)
  * Backport #12840 to branch/v9 (#13420)
  * [v9] Aurora serverless v2 support (#13203)
  * [v9] Wait for app requests to finish before closing the session chunk (#13469)
  * [v9] Backport #12891 (#13391)
  * [v9] Deflake TestNoReadWhenOff (#13415)
  * [v9] Fix file descriptor leaks in `tbot` (#13386)

-------------------------------------------------------------------
Wed Jun 22 11:18:01 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.5:
  * Release 9.3.5 (#13449)
  * Added debugging packages to Docker images (#13199)
  * [v9] Access request compatibility for servers without v2 api (#13428)
  * Backport #12712 to branch/v9 (#12881)
  * Hide Access Controls links/pages based on scope (#12880)
  * CamelCase GitHub (#13269)
  * Hide Getting Started pages/links based on scope (#12882)
  * Hide Server Access menu items based on scope (#12883)
  * Hide Setup menu items based on scope (#12886)
  * [v9] Backport docs PRs related to scoped visibility (#12888)
  * Backport #12682 to branch/v9 (#12950)
  * Update the tctl auth sign --ttl flag docs (#12947)
  * Add a more complete Teleport Cloud introduction (#13081)
  * [v9] backport #13310 (use `auth_servers` when proxying) (#13399)
  * [v9] Forward kubernetes errors to user when running in remote exec mode (#13400)
  * Improve kube exec Audit Log events (#13381)
  * [v9] Deflake TestAgentForward (#13166) (#13358)
  * [v9] Enable Database and Application Access in AWS Terraforms (#13383)
  * [v9] Backport #13016 (Buddy merge for #11939)
  * [v9] Fix help string for "tctl version" (#13255)
  * SQLServer add suport for SSMS client (#13337)
  * Update upcoming-releases.mdx (#13344)
  * Implement proxy templates (#13311)
  * [v9] Make `TestDefaultTemplateRendering` less failure prone (#13002) (#13225)
  * Update to 9.3.4 for self-hosted (#13339)
  * V9: Backport #13029 (thread context.Context in tctl) (#13185)
  * Minor bugfix to correct dronegen error link in v9 (#13200)

-------------------------------------------------------------------
Fri Jun 10 19:32:42 UTC 2022 - kastl@b1-systems.de

- skipped non-existent version 9.3.3
- Update to version 9.3.4:
  * Release 9.3.4 (#13315)
  * Remove rdpclient's Cargo.lock (#13290)
  * [v9] Improve resourceAccessChecker performance (#13263)
  * Remove outdated MySQL DBeaver note (#13272)
  * Backport #12183 to branch/v9 (#13248)
  * (v9) Security fixes (#13301)
  * [v9] Add missing flags to "tctl auth sign" docs (#13279)
  * Document `tsh --mfa-mode` flag (#13264)
  * [v9] Expand --mfa-mode and disable stdin hijack by default (#13134) (#13212)
  * [auto] Update webassets in branch/v9 (#13265)
  * [v9] Add S3:AbortMultipartUpload to AWS IAM policies (#13235)
  * Make windows terminal keep up with real time (#13221)
  * [v9] docs: Fix proxy config for GCP (#13259)
  * [v9] Label desktops based on the content of LDAP attributes (#13238)
  * Reorganize the docs homepage menu (#13247)
  * Support proxy protocol v2 in MySQL (#12424) (#12993)
  * fix typo in RBAC guides.mdx (#13172)
  * Edit tctl instructions to clarify remote login (#13078)
  * Prereqs for tctl and enterprise, cloud flow (#12998)
  * Backport #12544 to branch/v9 (#13110)
  * Add a link from the older docs versions page (#12953)
  * Backport #12504 to branch/v9 (#13112)
  * [v9] Simplify reexec on linux (#13119)
  * Change tsh to only print non exit errors on exit (#12903)
  * Filter out invalid EC2 tag keys (#13131)
  * Update to Go 1.17.11 (#13104)
  * Add JWT auth guide for ElasticSearch (#12612)
  * Add disabled imds client by default for integration tests (#13109)
  * [v9] Cloud customer auth servers use port 443 (#13066)
  * Fix EC2 labels concurrent write (#13072)
  * [v9] Docs Backports (#12894)
  * Add ap-south-1 (Mumbai) as a cloud proxy region
  * OIDC multiple redirect URLs (#13046)
  * Backport #12038 to branch/v9 (#12642)
  * V9: Backport #12898 #12855  (#13065)
  * docs version update to 9.3.0 (#13004)
  * Automatically import EC2 tags (#12593)

-------------------------------------------------------------------
Wed Jun 01 11:28:24 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.2:
  * [v9] Fix broken version check in tbot's `tshwrap` (#13034) (#13037)
  * Updated Upcoming Relapses (05/26).
  * skip no credential providers error (#12984)
  * [v9] Fix CA rotation docs inconsistently providing `--type` flag (#12929)
  * [v9] Deflake TestLockWatcherStale (#12981)
- skipping 9.3.1 release that does not exist

-------------------------------------------------------------------
Mon May 30 14:39:12 UTC 2022 - kastl@b1-systems.de

- Update to version 9.3.0:
  * Release 9.3.0 (#12955)
  * [v9] Re-add `kinds` config field to tbot with a deprecation warning (#13000)
  * Read all PROXYv2 header bytes (#12861) (#12994)
  * Fix missing SSH HostCA in tbot impersonated identities (#12992)
  * Add `tbot proxy` and `tbot db` wrapper commands (#12687) (#12990)
  * Extend support for identity files in tsh (#12686) (#12922)
  * [auto] Update webassets in branch/v9 (#12989)
  * Backport #11768 #12411 to branch/v9 (#12975)
  * [v9] When adding a cluster, return it if it was already added (#12978)
  * add ExactKey function to create absolute storage paths (#12721)
  * ensure tctl outputs all debug log messages (#12920)
  * Update docs docker versions for oss and enterprise (#12917)
  * Chage `teleport configure` to accept non existent `--data-dir` directory (#12673) (#12806)
  * Revert "Avoid nil dereferencing when tlsConfig is nil. (#9788)" (#12874)
  * [v9] Set TELEPORT_ETCD_TEST=yes. (#12784) (#12851)
  * Backport #12034 to branch/v9 (#12842)
  * Fix `tsh db ls` for remote clusters. (#12281) (#12853)
  * Improve CertAuthorityWatcher (#10403) (#12724)
  * Improve performance using session trackers in large clusters (#12584) (#12832)
  * tctl: Respect TELEPORT_HOME value when grabbing profile (#12486) (#12738)
  * [v9] Fix Redis Cluster default user AUTH cmd (#12754)
  * Warn instead of hard error when validating u2f facets (#12826)
  * [v9] Update docs version to 9.2.4 for self-hosted and cloud (#12823)
  * Remove non-https facets from documentation (#12776) (#12785)

-------------------------------------------------------------------
Sat May 21 18:28:41 UTC 2022 - kastl@b1-systems.de

- Update to version 9.2.4:
  * Release 9.2.4 (#12788)
  * [v9] Upgrade MySQL driver to v1.5.0 and set missing mysql client cap (#12734)
  * [v9] Add hostlogin to proxy config for windows desktop  (#12781)
  * 05/19 Upcoming Releases Update
  * Backport #12119 to branch/v9 (#12645)
  * Backport #12236 to branch/v9 (#12648)
  * Add Video Banner for Installing Teleport page (#12746)
  * Ensure h2 has precedence over http/1.1 (#12740) (#12749)
  * Update Teleport Cloud FAQ (#12663)
  * Ignore access denied errors when creating/getting a session tracker as db, app, or windows desktop service. (#12728)
  * Backports redirects from #12528, adds indexing page (#12655)
  * [v9] Listener hygiene (#12689)
  * `tbot configure` command for assisting Machine ID configuration (#12517) (#12576)
  * Updates terraform docs for provider (#12314) (#12595)
  * Optionally skip unshallowing step (#10978) (#12669)
  * ssh: Ignore PuTTY-specific channel requests (#12662)
  * Replace title-less Details boxes with ScopedBlocks (#12608)
  * [v9] Proxy restart fixes (#12488)
  * Restore "Adds optional deployment key for CI (#10506) (#12590)" (#12624)
  * Reduce latency of GetNodes (#12637)
  * Implement global tsh config file: `/etc/tsh.yaml` (#12598) (#12626)
  * docs version update to 9.2.3 (#12631)
  * [v9] Link to Interactive Teleport Labs (#12620)
  * [v9] Client timeout fixes (#12632)

-------------------------------------------------------------------
Fri May 13 14:54:38 UTC 2022 - kastl@b1-systems.de

- Update to version 9.2.3:
  * Release 9.2.3 (#12623)

-------------------------------------------------------------------
Fri May 13 14:52:56 UTC 2022 - kastl@b1-systems.de

- Update to version 9.2.2:
  * Release 9.2.2 (#12621)
  * Update upcoming-releases.mdx
  * [v9] Add Session tracker to DB, App, and Windows Desktop Sessions; Fix make grpc
  * [v9] Refactor non-interactive sessions out of proxy/sess.go (#12541)
  * Update to Go 1.17.10 (#12607)
  * add --format flag to 'token add' and make the same flag visible for 'token ls' (#12588)
  * docs: mention new desktop label for OU (#12548)
  * Revert "Adds optional deployment key for CI (#10506) (#12590)" (#12603)
  * Ignore HTTP_PROXY in reverse tunnels, part 2 (#12335)
  * Stop loading the enitre node set into memory per tsh ssh connection (#12014) (#12573)
  * [v9] Fix user mismatch in postgres backend (#12553)
  * include groups example for role in k8s controls docs (#12563)
  * Adds optional deployment key for CI (#10506) (#12590)
  * App access JWT header improvements (#12589)
  * [v9] Includes Audit Log into common sso Troubleshooting (#12565)
  * Make the Installation guide more usable (#12369)
  * Add a UI reference entry for code blocks (#12428)
  * feat(helm): add priorityClassName and extraLabels to kube-agent (#12559) (#12568)
  * add pam tag back to tctl build (#12572)
  * Add new config templates to `tbot` for databases and identity files (#11596) (#12500)
  * Re-add grace period to Upload completer for backwards compatibility. (#12535)
  * Disable ssh_service for app config (#12539)
  * [v9] Upgrade gravitational/kingpin to latest master (8b7839c62700) (#12511)
  * Desktop access: add teleport.dev/ou label (#12502)
  * helm: Buddy merge for #11368 (Enable persistence in custom mode) (#11993) (#12218)
  * Make the Troubleshooting guide more usable (#12431)
  * Fix RDS Redshift dynamic resources registration logic (#11868) (#12451)
  * update version in docs to 9.2.1 (#12476)

-------------------------------------------------------------------
Fri May 06 06:43:30 UTC 2022 - kastl@b1-systems.de

- Update to version 9.2.1:
  * Release 9.2.1 (#12472)
  * Database agents to share same IAM policy (#11320) (#12457)
  * Only acquire semaphore lease if maxconnections is configured (#12462) (#12468)
  * [v9] Add roles needed in dynamic reg app and db docs (#12469)
  * Add hint message when removing access requests. (#11963) (#12435)
  * Update help message for `add token` command and allow token removal from the `rm` command. (#12118) (#12439)
  * [v9] Add nil check for billing mode in AWS DynamoDB events driver (#12461)
  * Update docs version to 9.2.0 for teleport (#12442)

-------------------------------------------------------------------
Thu May 05 15:11:02 UTC 2022 - kastl@b1-systems.de

- Update to version 9.2.0:
  * Release 9.2.0 (#12427)
  * Add a partial for agent installs in Teleport Cloud (#12366)
  * reduce verbosity of missing kernel support warning for secure symlink (#12396) (#12423)
  * [auto] Update webassets in branch/v9 (#12422)
  * Allow users to request database certificates in Machine ID (#11904) (#12195)
  * Fix tunnel mode for CockroachDB (#12400)
  * Deflake TestTSHSSH (#12402)
  * [auto] Update webassets in branch/v9 (#12338)
  * Update docs version to 9.1.3 self-hosted, 9.1.2 for cloud (#12382)
  * set cloud version in user pre (#12386)
  * Add context.Context to GetReverseTunnels (#12393)
  * Fix lingerAndDie race condition (#12376)
  * Update DBeaver guides to use authenticated local proxy. (#12037) (#12384)
  * [v9] Rollup backport (#12360)
  * [v9] Disallow malformed U2F facets (#12208)
  * moved status page cloud question up in faq order (#12354)
  * Updated release dates in Machine ID documentation.

-------------------------------------------------------------------
Thu May 05 13:11:30 UTC 2022 - kastl@b1-systems.de

- Update to version 9.1.3:
  * Release 9.1.3 (#12343)
  * Never use `--tlsUseSystemCA` and `--tlsCAFile` together with `mongosh` (#12363)
  * [v9] Advertise correct MySQL server version (#12340)
  * Updated scaling limits.
  * Improve error message for resource predicate query (#12262) (#12339)
  * Prevent relative expiry from emitting more events than can be processed (#12002) (#12247)
  * [v9] Specify the `NodeName` in `auth.ReRegister` (#12333)
  * Gracefully degrade `tsh db ls` in case fetching roles fails. (#12320)
  * added diagrams and install instuctions for db and app guides, getting started (#12313)
  * Connect: Use SSHAgentLogin when second_factor is set to optional or on (#12322) (#12323)
  * Upcoming releases: Replace Terminal with Connect (#12317)
  * [auto] Update webassets in branch/v9 (#12316)
  * Connect: Refresh leaf cluster certs before fetching certs for database (#12293) (#12315)
  * Backport Teleport Connect gateway changes from #11720 (#12297)
  * escape pipe char in table cell (#12280)
  * Dial only application servers that serve the requested application (#12217) (#12300)
  * SSH Session fixes (#12286)
  * Add `proxy_host` and temporary `actual_name` fields to the cluster response object (#12291)
  * Update predicate doc example to use bracket notation (#12237) (#12271)
  * Update upcoming-releases.mdx (#12276)
  * Create remote site cache based on remote auth version (#12130) (#12251)
  * Speed up TestAppServersHA (#12128) (#12253)
  * update docs version to 9.1.2 (#12278)
  * give direct link to cloud signup (#12219)
  * Add flags to `teleport configure` command (#11766) (#12267)
  * Teleport Connect: Accept database name when setting up proxy (#12173) (#12228)
  * Expose RoleSet.EnumerateDatabaseUsers to Teleport Terminal  (#12070) (#12207)
  * [v9] Backport quoting Postgres connection string & generating DB CLI commands for Teleport Connect (#12206)
  * [v9] Backport initial Teleport Connect PR + fixes (#12205)

-------------------------------------------------------------------
Wed Apr 27 17:14:24 UTC 2022 - kastl@b1-systems.de

- Update to version 9.1.2:
  * Release 9.1.2 (#12259)
  * Revert "Backport #11725 #11249 #11799 to branch/v9 (#11795)" (#12243)
  * docker: Add lint-helm to build.assets Makefile (#12189)
  * [v9] Regenerate host UUID of node if host_uuid is empty (#12222)
  * Simplify user creation in database access guides (#12136) (#12235)
  * bump to 9.1.1 in docs (#12210)

-------------------------------------------------------------------
Tue Apr 26 19:47:35 UTC 2022 - kastl@b1-systems.de

- Update to version 9.1.1:
  * Release 9.1.1 (#12192)
  * docs: Add example for label usage with `tsh ssh` (#12110) (#12158)
  * [auto] Update webassets in branch/v9 (#12170)
  * Added support for JumpCloud. (#11936)
  * [v9] docs: Machine ID update (#12155)
  * Ignore HTTP_PROXY for reverse tunnels (#11990) (#12035)
  * Respect Firestore commit write limits (#12111) (#12177)
  * updates meta-description (#11746)
  * update latest 9 version (#12174)
  * Update upcoming-releases.mdx (#12166)
  * Update upcoming-releases.mdx
  * Fix Download Link (#12132) (#12134)
  * Prevent blocking forever when transport channel fails to open (#11875) (#12122)
  * Mention ScopedBlock in the UI reference (#12085)
  * Backport #12001 to branch/v9 (#12088)
  * Backport #11419 to branch/v9 (#12091)
  * Backport #11913 and #11826 to v9 (#12095)
  * Fix flaky test - TestAuditOn (#12135)
  * Fix ProxyKube not reporting its readiness (#12152)

-------------------------------------------------------------------
Tue Apr 26 18:54:52 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- introduce new executable tbot for new feature Machine ID
  https://goteleport.com/docs/machine-id/getting-started/ 

-------------------------------------------------------------------
Tue Apr 26 06:24:53 UTC 2022 - kastl@b1-systems.de

- Update to version 9.1.0:
  * Release 9.1.0 (#12020)
  * Manually extract SSO redirect URL to preserve its own query params (#12100) (#12125)
  * Allow setting additional traits in tctl users add command (#12102) (#12133)
  * Fix reference to tbot start --oneshot (#12064) (#12112)
  * [auto] Update webassets in branch/v9 (#12126)
  * [v9] backport #12057 (panic in `CertAuthority.Clone`) (#12004)
  * [v9] backport #11019 (`ListResources` in the webapi layer) (#12106)
  * Add manual websocket pingloop (#11765) (#11915)
  * Improve error handling in `tbot start` (#11756) (#12012)
  * Pipe terminal stdin to session in kubernetes peer mode (#11288) (#11918)
  * Allow requesting a join token with IAM method from the web api (#11339) (#12060)
  * Fix globbing for Moderated Sessions join policies (#12067) (#12071)
  * Make `tsh db ls` lists available db users. (#10458) (#11942)
  * Switch to forked `httprouter` and enable `UseRawPath` option (#11068) (#12080)
  * Prevent goroutine leak in oidc client (#11974) (#12078)
  * docs: Don't lint external links when running in CI (#12058) (#12069)
  * Fix flaky test - TestChaosUpload (#12052)
  * Add JSON and YAML to several tsh commands (#11681)
  * update prereqs for machineid ansible guide (#12066)
  * fix(db): send initial heartbeat when there is no static dbs (#11160) (#12039)
  * Generate database access credentials with tctl auth sign command (#10785) (#12042)
  * Align atomics on ARM32 (#11822) (#11917)
  * Correct note on node (#12045)
  * Update linux-server.mdx (#11682) (#11815)
  * fix docker example (#12027)
  * update teleport cloud version to 8.3.7 in docs (#12017)
  * Update installation docs (#11677) (#12013)
  * Includes advisory for pages that are installing proxy, auth for cloud scope (#12030)
  * Ensure Cache `types.WatchKinds` and `proto.WatchEvents` are in sync (#11692) (#11927)
  * Backport #11381 to branch/v9 (#11969)
  * Backport #10996 to branch/v9 (#11967)
  * Backport #10759 to branch/v9 (#11966)
  * Backport #10801 to branch/v9 (#11964)
  * docs: Don't lint external links (#11940) (#11996)
  * Prepare five guides for Cloud users (#11982)
  * Document Okta OIDC provider workaround
  * Extract tabbed Prerequisites into a partial (#11960)
  * Backport #11801 to branch/v9 (#11965)
  * Fix Okta OIDC (#11718)
  * Remove references to authentication type 'false' from docs (#11621) (#11924)
  * (v9) Delete app sessions on logout (#11956)
  * helm: Set default second factor to "otp" in values (#11034) (#11923)
  * helm: Add support for mounting existing TLS secrets with optional root CA (#11295) (#11922)
  * Bump Go to 1.17.9 (#11932)
  * Fix race condition in (*sess). broadcastResult() (#11851)
  * Mention scoped Admonitions (#11900)
  * Edit four docs guides for Cloud users (#11971)
  * Edit four Access Controls guides for Cloud users (#11977)
  * Update upcoming-releases.mdx
  * Update upcoming-releases.mdx
  * [v9] Add audit logging for more MySQL commands (#11914) (#11949)
  * [auto] Update webassets in branch/v9 (#11951)
  * Return error message if supplied auth connector name doesn't match registered names. (#11800) (#11884)
  * change bash blocks to code to fix copy/paste and consistency (#11912)
  * Updated Getting Started Machine ID Guide.
  * Updated Ansible Machine ID Guide.
  * Updated Jenkins Machine ID Guide.
  * Update teleport-plugin guides to reference docker images for downloads (#11617) (#11934)
  * SQL Backend Documentation (#11897)
  * Move Cloud download binaries into tables (#11839)
  * [v9] Rollup bugfix backport (#11890)
  * NO_PROXY port support + special case for proxying via localhost (#11403)
  * [v9] Replace session upload grace period with session tracker (#11853)
  * Edit Database Access guides for Cloud users (#11846)
  * [v9] Release pipeline improvements (#10707) (#11833)
  * [v9] Make relogin attempts use the strongest auth method (#11781) (#11847)
  * Mention Teleport is deployable in k8s (#11874)
  * update golang version in docs config to 1.17 (#11869)
  * [v9] helm: Backports (#11728)
  * [v9] Access Control, K8s Cluster docs set scope and AWS first (#11761)
  * Add client cert in insecure mode (#11758)
  * Backport #11725 #11249 #11799 to branch/v9 (#11795)
  * Add auth'd tunnel mode to tsh proxy db command (#11720) (#11808)
  * [v9] Moderated Sessions rollup backport (#11803)
  * Fix session leave + termination deadlock
  * Backport #10880 to branch/v9 (#11442)
  * Add grpc server and client metrics to Teleport (#11773)
  * Fix key principals not being used when identity files are being used (#11793)
  * update 9 release version to 9.0.4 (#11789)
  * Document limitations with the Google OIDC connector and transitive group memberships (#11422)

-------------------------------------------------------------------
Thu Apr 14 19:37:37 UTC 2022 - kastl@b1-systems.de

- Update to version 9.0.4:
  * Release 9.0.4 (#11785)
  * Add Cloud instructions to five guides (#11742)
  * [v9] Add hint when the user receives an error about an "unknown certificate authority" (#11550) (#11751)
  * Added Machine ID to examples.
  * Backport SQL Backend to v9 (#11667)
  * [v9] Install script changes and sudo command updates for Teleport install and configure (#11750)
  * Support proxy protocol v2 (#11684) (#11722)
  * Clean up remoteSites with no active tunnels (#11435) (#11707)
  * update cloud-config to fix install errors (#11732)
  * update teleport 9 and cloud versions in docs (#11726)
  * Spread out `UploadCompleter` load (#11590) (#11698)
  * Split Redis docs (#11702)
  * [v9] Kube agent instructions on matching to server version (#11711)
  * Change client dialOpts append order (#11322) (#11624)
  * Added admonition about TLS Routing and Machine ID.
  * Added Jenkins Machine ID diagram.
  * Add support for backward compatible API Client behavior (#11567) (#11663)
  * [v9] Backport: fix tsh config test (#11657)
  * Avoid nil dereferencing when tlsConfig is nil. (#11614)
  * Updates minimum terraform version to 1.0 (#11651)
  * Add documentation for ssh key extensions with github (#11656)
  * docs: Add Helm docs for tls.existingSecretName (#11306)
  * minor edits (#11641)
  * Fix docs UI reference (#11635)
  * Edit two guides for Cloud users (#11642)
  * Remove misleading information about tctl for Cloud (#11632)
  * Update repo in docs contribution guide (#11638)
  * Fixes console player ctrl+C and ctrl+D functionality (#11559)
  * Fix tsh player issues (#11491)
  * docs: add note about user CA rotation + desktop access (#11586)
  * fix loggers not respecting json config (#10808) (#11655)
  * Add metric to track number ssh connect attempts (#11240) (#11629)
  * [v9] backport #11386 #11387 (in-memory cache and sqlite sync) (#11658)
  * Update IsValidLabelKey to include ':' (#11563)

-------------------------------------------------------------------
Thu Apr 14 19:35:08 UTC 2022 - kastl@b1-systems.de

- Update to version 9.0.3:
  * Release 9.0.3 (#11649)
  * Fix `ad-keytab-file` flag on sqlserver docs (#11581) (#11605)
  * Split the Helm chart reference (#11437)
  * helm: Add support for separate Postgres/Mongo listeners in teleport-cluster chart (#10858) (#11434)
  * [Docs] Add teleport.yaml docs for x11 forwarding (#10561) (#11429)
  * Edit three guides for Cloud users (#11362)
  * Fix 32-bit arm deb and 64-bit arm rpm packages (#11318) (#11568)
  * Add missing quotes in GCB triggers (#11608)
  * tctl: respect TELEPORT_HOME variable when reading profiles (#11561)
  * Use first available auth server (#11229) (#11598)
  * [auto] Update webassets in branch/v9 (#11582)
  * updated /signup to aboslute url (#11580)
  * Remove potentially confusing EOF line from snippet (#11438)
  * Split the AWS Node Joining guide (#11440)
  * 03/30 Upcoming Released Update
  * Backport #10620 to branch/v9 (#11542)
  * Add missing doc link for predicate language (#11466) (#11541)
  * [branch/v9] Backport #11388 (#11537)
  * tsh: ignore empty or non-existing config files (#11495) (#11571)
  * [docs/v9] Remove mention of x509 certs for Machine ID as they're not yet available (#11548)
  * error message improvement on teleport start file permissions (#11502)
  * [branch/v9] Rollup backport of session fixes (#11494)
  * Don't respect HTTP_PROXY env in k8 forwarder (#11257) (#11462)
  * [v9] Makes a common login error troubleshooting for sso docs (#11488)
  * [v9] Backport: "helm: Add details on AWS ACM to AWS guide (#10857)" (#11414)
  * Fix relative signup path
  * Fix TLS Routing jumphost flow (#11282) (#11496)
  * Assign EmitAuditEvent to err for subsequent check. (#11501) (#11505)
  * Added Jenkins tile to documentation.
  * Add Teleport Cloud downloads page.
  * Added Machine ID Jenkins Guide.
  * Update Machine ID icon to chip icon.
  * [auto] Update webassets in branch/v9 (#11473)

-------------------------------------------------------------------
Sat Mar 26 14:53:54 UTC 2022 - kastl@b1-systems.de

- Update to version 9.0.2:
  * Release 9.0.2.
  * Updated CHANGELOG.md.
  * update enterprise (#11408)
  * Reexec with `/proc/self/exe` on Linux (#11283) (#11453)
  * Add version string to terraform role ref (#11407)
  * [v9] Add HTTPS_PROXY for tsh (#11397)
  * Add tests for motd fixes
  * Fix MOTD not showing up on tsh login with certain arguments
  * Fix panic in getWebConfig (#11389) (#11413)
  * Update cargo deps (#11400) (#11416)
  * Reslove comments, move all occurences of teleport.dev to use a constant
  * Add configurable verbosity to `tctl get roles`
  * Resolve comments
  * Add verbosity to tctl * ls commands and resource get.
  * Move 'MakeTableWithTruncatedColumn' to asciitable and truncate labels
  * ls consistency: add support for tctl desktop ls
  * ls consistency: add tctl kube ls command
  * ls consistency: make tctl db ls output consistent
  * ls consistency: make tctl apps ls output consistent
  * ls consistency: Make tctl nodes ls output consistent, support yaml
  * Add a .tsh/config file and add support for configuring custom http headers
  * [v9] Backport: "helm: Adds missing namespaces to ConfigMap (#11032)" (#11343)
  * add copy/paste mention (#11377)
  * Edit Helm installation instructions (#11303)
  * Situate the Installation guide more clearly (#11300)
  * Edit four Kubernetes Access guides for Cloud users (#11354)
  * Teleport cloud license info and other info update (#11376)
  * add all token types (#11375)
  * Update Redis links in docs (#11393)
  * [v9] Add endpoint to webapi to generate DB join token (#10914) (#11256)
  * Fix certificate extension not being included in `tctl auth sign`
  * Show usage on invalid command line invocation. (#11174) (#11333)
  * Remove the v5 Kubernetes migration guide (#11297)
  * Add Cloud-specific instructions to two guides (#11314)
  * Add notes about wildcard certificates (#11310)
  * Fix broken link in the ADFS guide (#11307)
  * update e module (#11341)
  * [v9] helm: Backport chart changes from unit test addition (#11336)
  * Added Machine ID CLI and configuration references.
  * Update 'tctl apps/db/nodes ls' to accept filter flags (#11003) (#11076)
  * docs: add desktop session recording and clipboard sharing (#11005) (#11252)
  * Mention Cloud compatibility in three guides (#11234)
  * Updates `tsh ls` for node/app/db/kube to accept new filter flags (#10980) (#11016)
  * Add doc for filter support for CLI tools (#11012) (#11258)
  * Support role bootstrapping in OSS (#11175) (#11247)
  * corrects some powershell examples and put in code for linux commands (#11225)
  * docs: clarify /healthz and /readyz (#11085) (#11231)
  * Keep multiple per-node remoteConns in localSite (#11074) (#11184)
  * Fix TLS multiplexing for the kubernetes_service in the teleport-cluster helm chart (#10002) (#11212)
  * Update upcoming-releases.mdx
  * Improve `tsh` error message if mysql client is missing (#11215)
  * helm: Adds extraArgs and extraEnv to teleport-kube-agent (#11155) (#11237)
  * helm: include static_labels in database example (#10414) (#11214)
  * Revert "Only allow access request deletion through static roles' permissions (#9540)" (#11221)
  * Address problems in concurrent sqlite access (#10706) (#11190)

-------------------------------------------------------------------
Thu Mar 17 10:28:30 UTC 2022 - kastl@b1-systems.de

- Update to version 9.0.1:
  * Release 9.0.1 (#11208)
  * Fix outdated CLI help for `tbot init --owner` (#11158) (#11167)
  * Fix improper default value check in tbot's `FromCLIConf()` (#11169) (#11206)
  * [branch/v9] Backport #10665 (#11064)
  * Fix quit on ctrlc, race panic, atomic load align in session IO (#11112) (#11188)
  * Refactored Ansible guide to work with Machine ID.
  * Cleanup of Machine ID Getting Started Guide.
  * Remove mention of max ttl for tctl tokens command (#11148) (#11164)
  * Silence false positive lints from staticcheck in tbot/init.go (#11084) (#11128)
  * docs: add desktops to per-session-mfa page
  * Update docs for FIPS users
  * Automatically calculate `public_addr` field for dynamic apps (#10941). (#10943) (#11139)
  * Fix DeleteRange when the backend sanitizer is used (#11124) (#11131)
  * Fix `tsh aws ecr` Internal Server Error (#10475) (#11108)
  * correct db connect (#11097)
  * 03/11 Upcoming Releases Update.
  * 9.0 post-release 4 (#11089)
  * 9.0 post-release 1: update docs versions (#11082)

-------------------------------------------------------------------
Sat Mar 12 20:35:40 UTC 2022 - kastl@b1-systems.de

- Update to version 9.0.0:
  * Release 9.0.0 (#11067)
  * Add Redis docs (#11073)
  * Fix NLB Mongo/Postgres errors spam (#11059)
  * [auto] Update webassets in branch/v9 (#11055)
  * Added Machine ID docs.
  * Release 9.0.0-rc.2 (#11038)
  * UX improvements for tbot (#10833) (#11046)
  * Moderated Sessions improvements (#10991) (#11051)
  * Fix meaning of `bot_name` in bot join tokens (#11039) (#11047)
  * Backport of #10289 (#11030)
  * Better Semaphore Lease Contention Handling (#10666) (#10877)
  * V9 backport 10871 (#11031)
  * Prevent panic caused by nil session recorder (#10792) (#10874)
  * (v9) Missing v9 backports (#11033)
  * Fixed incorrectly named RPMs (#11029)
  * Fix quadratic complexity in Reconciler.Reconcile(). (#10989) (#11023)
  * Fix ACME instructions in start-auth-proxy.mdx (#11013)
  * Update suggested systemctl command (#10733) (#11025)
  * Switch to warning in case of resource origin clash. (#10947) (#11024)
  * Regenerate server identity if APIDomain not present (#10944)
  * Release 9.0.0-rc.1 (#11018)
  * Fix RPMs using a too-new version of glibc (#11008)
  * [v9] Disable automatic updating of API import path (#11010)
  * Update database guides with database configurator. (#10451) (#10995)
  * Add MariaDB to AWS RDS auto discovery (#10994)
  * Update go-mysql package (#10997)
  * Enable desktop access in Web UI in Cloud clusters (#10970)
  * Handle case where display is itself a unix socket #10719 (#10985)
  * [auto] Update webassets in branch/v9 (#10988)
  * Release v9.0.0-beta.2 (#10982)
  * (v9) Update e (#10964)
  * flaky test: TestDatabaseAccessMongoConnectionCount (#10869) (#10955)
  * skip databases that are not available during auto discovery (#10699) (#10870)
  * feat(app): consider reverse tunnel errors in apps HA mechanism (#10734) (#10906)
  * [v9] backport 10915 (memory leak) (#10927)
  * Default to `https` scheme for `--proxy` argument in `tctl auth sign` (#10844) (#10911)
  * Open parts files one at a time
  * Fix Windows session uploads
  * Complete empty uploads
  * [v9] backport  #10765 and #10766 (#10855)
  * Include tbot binary in Teleport packages and installs (#10646) (#10802)
  * Add desktop access to front page (#10894)
  * Add sorting for kube cluster (#10702) (#10921)
  * Add `KindWindowsDesktops` to `ListResources` (#10769) (#10912)
  * Fix missing identity in certs logic (#10822)
  * Fix DynamoDB getAllRecords logic when 1MB query limit is reached (#10726) (#10845)
  * Fix panic in MSSQL when Login7 package is invalid (#10709)
  * Add support for more Redis Cluster commands (#10760)
  * Backport #9470 to branch/v9 (#10823)
  * Backport #9556 to branch/v9 (#10824)
  * Update dronegen to fix build-darwin-amd64-pkg-tsh artifacts path (#10862)
  * Fix panic in MongoDB message reader (#10710)
  * Backport #9969 to branch/v9 (#10826)
  * Backport #10061 to branch/v9 (#10827)
  * Fix large clipboard copy/paste (#10670)
  * Backport #10621 to branch/v9 (#10829)
  * [v9] Sanitize leaf cluster CA (#10742)
  * Fix ALPN panic on empty db handler (#10662)
  * Do not block apt publishing if there is a more current pre-release (#10805)
  * Restore docs deploy hook (#10838)
  * Fix V5 role in getting started guide. (#10837)
  * Tweaks in getting started guides. (#10780)
  * docs: update CA rotation page (#10419)
  * Improve HA behavior of database agents in leaf clusters (#10641) (#10771)
  * Partial revert of session.connect event
  * Print proxy server on instructions on nodes add command for cloud (#10750)
  * Display correct error message when host is missing in `tctl auth sign` (#10739)
  * [v9] Fix Mongo topology resource release (#10731)
  * [v9] Backport #10460 to branch/v9 (#10616)
  * Fix desktop session playback RBAC (#10570) (#10679)
  * TF provider configuration environment variables (#10417) (#10548)
  * Update CI to teleport9 buildbox (#10715)
  * IAM join method support for tbot (#10535) (#10685)
  * Add documentation for static windows hosts
  * [auto] Update webassets in branch/v9 (#10712)
  * Tag buildbox and upgrade to go1.17.7 (#10605)
  * Change get resources webapi response (#10598) (#10683)
  * Return filtered total count with ListResources (#10573) (#10682)
  * Fix crash when AWS Redshift does not have Endpoint info (#10597) (#10675)
  * helm: Fix enabled clause for db_service when using awsDatabases only (#10644)
  * Disable BPF tests in CI (#10654) (#10691)
  * [Docs update] Mention unsupported scenarios for IAM join method (#10530) (#10652)
  * helm: Fix indenting on database autodiscovery (#10624)
  * Update desktop access docs for 9.0 (#10406) (#10545)
  * Fix artifacts path for build-darwin-amd64-pkg-tsh drone pipeline (#10600)
  * docs: fix code block (#10495) (#10555)
  * Restore teleport-private deb/rpm gating (#10536)
  * [v9] Backport "helm: Revert PodSecurityPolicy change" (#10565)
  * Release 9.0.0-beta.1 (#10508)
  * Update e (#10505)
  * [auto] Update AMI IDs for 8.3.1
  * Certificate renewal bot (#10099)
  * [auto] Update webassets in master (#10482)
  * CertAuthority watcher filtering (#10020)
  * Adds a `DesktopSessionRecording` flag to the ACL (#10365)
  * Add SQL Server guide (#10293)
  * Update x11 sshserver test to test concurrent sessions and requests. (#10470)
  * Add MFA for Windows Desktop web access (#10271)
  * Reduce concurrent connections in TestRedisTransaction (#10472)
  * feat: aws database configurator (#9145)
  * Add missing action VerbRead to ListResources (#10422)
  * Re-sign .drone.yml (#10469)
  * Remove drone step to publish centos6 buildbox (#10432)
  * Fix server compare to check expiry last (#10380)
  * Add teleport_audit_emit_event prometheus metric (#9134)
  * Use tdr in Dronegen (#10453)
  * helm: Add AWS database auto-discovery to teleport-kube-agent (#10344)
  * Add support for windows desktop services proxying different desktops (#10101)
  * Address Cloud users in guides (#9962)
  * Mention Teleport Cloud in some of our guides (#9989)
  * docs: Updated path to tctl/tsh for Enterprise binaries (#10428)
  * Add a Cloud compatibility warning to Helm guides (#10023)
  * Add a prominent warning to the config reference (#9558)
  * [auto] Update webassets in master (#10427)
  * IAM Joining Docs: Set join_method in token.yaml (#10433)
  * Clear terminal when auth server is in FIPS mode (#10095)
  * Update version thresholds (#10426)
  * Add support for configurable ssh key extensions
  * Fix HSM flaky integration tests (#10390)
  * Install gcloud in /opt, so it can be accessed by non root (#10400)
  * add where option with sessions so Access role by default can see their own session recordings (#10376)
  * Add SQL Server support for database access (#10097)
  * [auto] Update webassets in master (#10409)
  * Switch shell to golang for latest version detection (#10295)
  * Add a command to query the latest release
  * Switch to testify
  * Exclude draft releases from latest version logic
  * Fix release sorting
  * Add an lexicographic test case
  * Integrate version-check into build.assets/tooling
  * Implement resource sorter for server, appserver, dbserver (#10243)
  * Check for shell user's home directory as that user (#10321)
  * Update e submodule. (#10413)
  * add teleport_connected_resources metric (#9603)
  * MySQL prepared statement support (#10283)
  * Fix TestHandleConnection directory not empty error (#10407)
  * Add Redis integration (#10053)
  * Only request CF_OEMTEXT clipboard data
  * Add audit events for desktop clipboard access
  * Increase GCB UT timeout (#10398)
  * Remove the legacy JSON API for requesting host certs
  * Remove CentOS 6 builds for Teleport 9
  * docs: add warning about auditor role (#10258)
  * Label active directory domain controllers (#10334)
  * Fix Reverse Tunnels Not Properly reconnecting (#10368)
  * Add TestModules (#10369)
  * Ensure docs nav titles use title case consistently (#10353)
  * Deflake TestFnCacheSanity (#10250)
  * Clarify Kubernetes Getting Started guide (#9580)
  * Fix db configure (#10349)
  * Migrate the joined-tokens code to the OSS release. (#10288)
  * Implement Moderated Sessions (#8563)
  * Fix tctl insecure flag when TLS Routing is enabled (#10297)
  * DigitalOcean 1-click Droplet and Kubernetes getting started guides (#8773)
  * Return desktop events in SearchSessionEvents (#10325)
  * Save unit test logs (#10076)
  * Fix TestProcessKubeCSR (#10355)
  * Implement global SessionData storage (#10287)
  * Don't open clipboard static channel when clipboard is disabled (#10348)
  * Synch Teleport preview updates (#10318)
  * Replace /tmp with os.TempDir(). (#10322)
  * Generate/validate a PIN for our virtual smartcard (#9919)
  * Add passwordless-related information to protos (#10281)
  * Expose reverse tunnel address to web ui (#10133)
  * Fix fake streamer implementation to match the real one (#10330)
  * Desktop session recording/playback (#9583)
  * RFD 48: Desktop Session Recording (#9864)
  * Ensure clipboard data is shared in the format Windows expects (#10284)
  * Add docs for IAM join method (#8899)
  * Add Prometheus metrics cache events and stale events (#9826)
  * Add Teleport Cloud instructions to 3 guides (#9681)
  * RFD 52/53/54: Passwordless (#9296)
  * Add documentation for moderated sessions (#9425)
  * Don't return `nil, nil` in (*AuditWriter).tryResumeStream (#10254)
  * Trusted clusters doc: Use wildcard for spec.allow.cluster_labels.env
  * Improve node labels example in roles docs (#9385)
  * Fix interpolation example in role templates docs (#9382)
  * Add missing DatabasesReady event to DB proxy (#10152)
  * active node inventory cleanup
  * Authentication options doc: wrap `on` in quotes
  * Add keepalive heartbeat to kubernetes service (#9584)
  * commit forgotten "make grpc" (#10280)
  * feat: add create database config command (#9618)
  * Convert auth test from gocheck to standard lib
  * Document desktop role options for Teleport 9 (#10227)
  * Replace testify/assert with testify/require (#9925)
  * Adds Application certificate path to profile (#10043)
  * [auto] Update AMI IDs for 8.2.0
  * IAM Join Method (gRPC service) (#10087)
  * Make our docs guidance discoverable (#10155)
  * Use an apt-key alternative in install instructions (#10084)
  * docs: add steps for joining w_d_s to a cloud cluster (#10219)
  * Clean up desktop session error logging (#10232)
  * [auto] Update webassets in master (#10235)
  * Use buildbox images from quay.io (#10179)
  * Remove Teleport DB Users only message for tctl users ls that is incorrect (#10181)
  * Cleaned up NewClient in integration tests.
  * Fixed TestSessionStartContainsAccessRequest.
  * Fixed TestDisconnection
  * Expand cloud in production usage faq question (#10218)
  * Update the PR description for auto webassets udpates (#10212)
  * IAM Join Method (backend implementation) (#10085)
  * adds cliipboard to userACL (#10207)
  * Add the `cert.create` event (#9822)
  * [auto] Update AMI IDs for 8.1.5
  * Reconnect broken LDAP connections (#10183)
  * Enable map key sorting in `utils.FastMarshal` (#10070)
  * Clarify `tsh config` usage docs on Windows (#8409)
  * Update MariaDB docs (#10113)
  * Add additional filters to ListResources (#10180)
  * Desktop Access: clipboard support (#9976)
  * Add more lint coverage (#10049)
  * Add desktop_clipboard role option (#10165)
  * update `github.com/gravitational/trace` to `v1.1.17` (#10079)
  * [auto] Update webassets in master (#10161)
  * x11 forwarding (#9897)
  * Document docs labels (#9537)
  * Update Docker image tags in docs (#9400)
  * Modified FedRamp to FedRAMP in docs for proper acronym (#10114)
  * Implement resource boolean expression parser (#10008)
  * Add xauth binary to buildbox for X11 forwarding. (#10164)
  * docs: Add extra commands and reference for AWS Managed AD to Desktop Access docs (#9669)
  * Add role option for record_desktop_session (#9523)
  * Fixes DocTest CI (#10117)
  * [auto] Update AMI IDs for 8.1.3 (#10144)
  * Update Documentation for GCP Cloud SQL Client Authentication (#10092)
  * Update version-check paths (#10118)
  * Fix.
  * Removed `TestProxyReverseTunnel`.
  * RFD 49: desktop access clipboard (#9868)
  * Backward compatible kubernetes_labels behaviour for v3 and v4 roles (#10122)
  * RFD 51: X11 forwarding (#10009)
  * Remove broken links to /admin-guide/#public-addr (#10057)
  * Use correct unmarshaller for json durations (#10124)
  * Dynamically resolve reverse tunnel address (#9958)
  * Updated assign and check logic for Cloud.
  * fix tests - forwarder is not set during cluster session init anymore
  * remove unnecessary file
  * unfix test case
  * tests
  * address comments
  * clean import
  * diable http2 for kube streaming endpoints
  * Update S3 canned ACL docs (#10072)
  * Add teleport_reverse_tunnels_connected Prometheus metric (#9698)
  * Log when App Service fails due to empty `proxy_service.public_addr` (#10056)
  * Add metric tracking number of Teleport agents joined to cluster (#9749)
  * Modify verbiage on AWS CLI (#10029)
  * Fix docker-compose Getting Started guide issues (#9709)
  * Add guide for Azure Postgres/MySQL database access (#9729)
  * Refactor database engines registration (#10074)
  * Add backporting tool. (#9568)
  * Clarify token.file usage in server access getting started guide. (#10060)
  * Updated the description of the location of the built binaries (#9885)
  * Documentation update for Redshift auto discovery support (#9990)
  * RFD 50: Cluster Join Methods and Endpoints (#9871)
  * Client Certificate Authentication for GCP Cloud SQL (#9991)
  * Fix tsh tctl do not load all CAS (#9357)
  * Use SDK Cloud script to install gcloud (#9941)
  * RFD 55: WebUI server-side paginating and filtering (#9633)
  * Add teleport proxy addr to the kubeconfig exec args when specified (#9899)
  * Add MatchSearch to resources for fuzzy search (#9892)
  * Removes diagnosis address from being hidden (#9975)
  * Update to Rust 1.58.1 (#9985)
  * Update golang.org/x/crypto to v0.0.0-20220126234351-aa10faf2a1f8 (#9984)
  * Respect errors from UserInfo (#9951)
  * support for redshift auto discovery (#9851)
  * add desktop and tip on assigned ports for networking ref (#9957)
  * Add a Cargo workspace (#9960)
  * Update teleport-agent readme links (#9963)
  * add extra checks to avoid getSigninToken failure (#9792)
  * Properly cleanup the connection monitor for desktop sessions (#9913)
  * Fix k8 access - respect kube service labels (#9759)
  * Updated docs for the improved Google OIDC connector (#9907)
  * Include uid in session.start & upload events (#9791)
  * Ignore artifact failures in remaining pipelines (#9932)
  * Add diag addr, web idle timeout, token clarification (#8489)
  * add ping oidc workaround documentation (#8486)
  * Add access requests to audit events (#9758)
  * Ignore failures for artifact registration step (#9921)
  * feat: add KubeService and Node to ListResources (#9613)
  * Add access request locks to the docs (#9866)
  * Auto discovery aurora reader and custom endpoints (#9668)
  * Access request locks (#9478)
  * make protoc generation compatible with api v2+ (#9673)
  * update RDS and Redshift CA URL (#9890)
  * Add github teams to available traits
  * Fix TLS Router serverName 'kube.' prefix based routing logic (#9777)
  * Put note about skipping TLS verification in a <Details> box
  * Check if the legacy password_file config field is set
  * Run LDAP initialization in a retry loop
  * Remove mention of LDAP password from docs
  * authenticate to LDAP with client certificates
  * Fix docs typo
  * Add email parameter to example (#9850)
  * Improved Google OIDC connector (#9697)
  * Reject TDP ClientUsername messages that are too long
  * [Breaking] Default to mongosh when connecting to MongoDB. (#8472) (#9754)
  * Fix docs and config newline outputs
  * Fix inclusion of non-existant gcp-credentials secret and credentialsPath when credentialSecretName is empty
  * [auto] Update webassets in master (#9870)
  * Update e-ref (#9843)
  * Cleanup of minor bot issues.
  * Remove devbox - build box now supports AMR64. (#9847)
  * use google/uuid instead of pborman/uuid (#9793)
  * Replace cluster periodics with watchers (#9609)
  * Tweak the PNG encoder (#9817)
  * make the switch in dynamic.go easier to read (#9836)
  * Retry with re-login ignores TELEPORT_HOME. (#9436)
  * Database auto discovery to be more tolerable to find as many as it can (#9426)
  * Treat EC2 Node IDs as UUIDs (#9722)
  * fix: removing new line convergance (#9579)
  * Add an Error message to TDP (#9586)
  * helm: Allow setting issuer group for certificate in teleport-cluster (#9138)
  * helm: Add logging configuration to teleport-kube-agent chart (#9632)
  * [docs] Add region and use of SSM decryption to Terraform docs (#8907)
  * Allow impersonation of roles without users (#9561)
  * Fix first desktop discovery reconcile loop (#9654)
  * Naji/force http2 kubernetes (#9294)
  * fix nindent of `service.spec` in teleport-cluster chart (#9645)
  * Conditionally publish deb packages (#9496)
  * docs: recommend a highly available LDAP endpoint. (#9744)
  * Clean up system role parsing (#9756)
  * Emit event when connecting to non-Teleport server (#9370)
  * feat: app server requests failover (#9288)
  * Don't shell out to `go list` when not needed (#9776)
  * Fix reverse tunnel dialing for Windows Desktops
  * omit invalid aws tags in rds autodiscovery (#9742)
  * Covert password_test.go from gocheck to std test
  * Run gpg in batch mode (#9728)
  * Use teleport logger instead of gravitational/trace (#9738)
  * Revert bot changes for `vendor/` (#9743)
  * Add the `access_request.delete` event (#9552)
  * Add support for MariaDB (#9409)
  * Add Videos to Teleport Desktop Access (#9373)
  * Update `google.golang.org/grpc` to v1.43.0 (#9656)
  * Upgrade from `go.etcd.io/etcd` v3.4.14 to `go.etcd.io/etcd/{api,client}/v3` v3.5.1 (#9607)
  * Add "limiter" support to database service (#9087)
  * Fix log file location for vendorless (#9689)
  * Move GOMODCACHE out of workspace
  * Disable make target update-api-module-path.
  * Mark RFD 47 as implemented
  * Remove vendor
  * Sign rpm repo metadata (#9027)
  * Update e-ref (#9682)
  * do not register Aurora serverless db clusters (#9386)
  * truncate Labels for tsh db ls (#9671)
  * Disable RDP client on ARM 32 bit (#9667)
  * Adds Desktops to license (#9576)
  * Remove unused context from sqlite backend (#9658)
  * Update Postgres audit events (#9435)
  * Add note about TLS routing backwards compatibility (#9630)
  * Clean up dynamicLabels ssh server goroutines when server is closed
  * Restrores CI lint for non-go files (#9663)
  * Close all SQL statements (#9614)
  * Fix race condition in multiplexer tests (#9660)
  * Fall back to "/" when home directory doesn't exist for `tsh ssh` (#9413)
  * Add teleport_build_info Prometheus metric to Teleport (#9595)
  * Add note about testing local dependency changes
  * RFD 47 - remove the vendor directory from source control
  * bot: label PRs that touch lib/events with "audit-log"
  * Fix Flaky Retry Tests (#9516)
  * Specify level of TLS verification for database connections (#9197)
  * Truncate label output in tsh ls and tsh app ls commands
  * Dead code removal + extra commentry & logging in build script (#9509)
  * Attempts to make CI integration test logs more useful (#9626)
  * Log when connecting to potentially incompatiable authservers
  * Only allow access request deletion through static roles' permissions (#9540)
  * Upload release binaries to new release infrastructure (#8722)
  * Add access requests to TLS certificates (#9501)
  * Update API client: dial auth service with TLS Routing (#9498)
  * Improve TestTwoClustersTunnel troubleshooting
  * Remove utils.BroadcastWriter
  * Use require.Eventually to avoid flakiness in TestAPILOckedOut
  * fix dynamo error types
  * fixes mdx comment style (#9599)
  * Forward TELEPORT_HOME to kubeconfig (#9546)
  * Adds the windows_desktop_service section to the meta teleport.yaml (#9573)
  * Add ARM64 support for buildbox docker image (#9572)
  * Emit the correct session ID for SessionLeave events
  * Update locking guide to include Windows Desktops
  * Allow locking a desktop
  * Fixed missing reviewers issue.
  * Added support for automatic labeling of PRs.
  * Fix goroutine/socket leak in multiplexer (#9507)
  * tweak test timeout
  * fix typed nil panic
  * fallback to calling origin if rc is missing from cache
  * docs: update cloud roadmap and faq (#9479)
  * Fix tsh db connect mongo dbuser logic (#9196)
  * Restart teleport-kube-agent can't join cluster.
  * add TLS routing support to helm chart
  * Added log configuration to teleport-cluster chart.
  * Added support for service.spec.loadBalancerIP.
  * updted Helm install guide in installation page. -  link to getting started with kubernetes access page to refer Helm which is more up to date guide - removed  which shows deprecated warning
  * Fix the UI to correctly determine if a user has access to a resource (#9473)
  * Update rdp-rs (#9344)
  * removes experimental note from example config (#9195)
  * Skip tests on a docs-only PR (#9416)
  * Update aws-console.mdx (#9477)
  * [auto] Update webassets in master (#9504)
  * Fix initKube: broadcast KubeReady event (#9418)
  * Session locking tweaks
  * Deduplicate access request IDs before signing certificates (#9453)
  * Fix devbox on AMD64 (#9462)
  * Clean up `make grpc` and .pb.go generation (#9432)
  * Add jitter and backoff to prevent thundering herd on auth (#9133)
  * Escape access request and access resolution reasons in tctl (#9381)
  * Prevent Linear Retry from converging on Max (#9393)
  * Allow loadtest teleport image to be configurable (#9398)
  * tool/tsh: support ID for `tsh play -f json`
  * Exclude Jitter from logging
  * Update README.md (#9378)
  * Fix flaky TestWebsocketPingLoop test (#9326)
  * Split dev tools into a seperate docker container (#9410)
  * update doc examples to change from admin role to editor,access (#9334)
  * Do not parse MySQL server packets (#9423)
  * feat: ListResources gRPC rpc (#9096)
  * Clarify the Linux Getting Started guide (#9346)
  * Create a blast radius reduction guide (#9189)
  * Fix NO_PROXY addr logic (#9287)
  * Port fixes from v8 (#9397)
  * Fixed IsInternal issue in Check workflow.
  * Updated checking logic for code owners.
  * Enable canned ACL for S3 (#9042)
  * Doc update mongo postgres separate listeners (#9340)
  * Allow a configurable event TTL in DynamoDB (#8840)
  * Add ability to run Mongo proxy on separate listener (#9194)
  * Include --insecure options for teleport {db|app}
  * Fix app server goroutine leak (#9332)
  * Add ability to run Postgres proxy on separate listener (#8323)
  * Ensure we don't miss the resolution of an access request (#9193)
  * Run tsh play requests with correct CLI context
  * Delete extra % sign
  * [auto] Update webassets in master
  * Update example username desktop service to single quotes
  * Correct Dismiss function spelling.
  * Tweak LDAPS troubleshooting docs
  * Improve error message when TOPT is not valid
  * fix racy test
  * bump nginx1.12 to nginx1
  * Use in-memory cache for autoscale HA cluster
  * Add PDB to teleport-kube-agent chart
  * Optionally allow cluster_name to override public_address being used for cluster_name
  * Disable drone triggers (#9313)
  * Check If HEAD Branch Is A Fork (#9302)
  * Fix the CRL distribution point in Windows certs (#9299)
  * improve lock tests
  * improve Cache.ListNodes perf
  * improve concurrent watcher registration perf
  * bump backend limit
  * Remove uploadCtx/uploadDone as these are automatically reflected with uploadLoopDoneCh
  * Do not use the server's context to complete the stream - it might have been already cancelled. Proto stream to make sure the streams have been completely written before exiting from Close.
  * Fix CryptoRandomHex function (#9186)
  * Fix panic running TestIntegration/RotateChangeSigningAlg (#9316)
  * Add `--cluster` flag to all `tsh db` subcommands, Add "--diag_addr" flag to `teleport db/app start` (#9220)
  * tool/tctl: Log when requested ttl isnt granted for a cert
  * Replace "loose" with "lose" (#9284)
  * Avoid "Entering/Leaving directory" output in Make (#9246)
  * Update docker-compose.yml
  * Add thredUP case study to adopters page
  * Fix confusing port example in standalone docs
  * Add scopes description to the docs
  * Remove duplicate YouTube link
  * Add missing parenthesis in README
  * remove sudo from yum install
  * Update check.yaml
  * Improve docs for per-session MFA
  * Check if PR is from a fork before dismissing runs. (#9300)
  * Add Security and UX sections to the canonical RFD (#9251)
  * Fix CheckAndSetDefaults for UserTokenSecretsV3 (#9290)
  * Trigger Assign workflow on opened and ready_for_review events. (#9272)
  * Fix custom tsh home dir for some tsh commands. (#9240)
  * simplify desktop access getting started guide (#9100)
  * Prevent infinite dialing to Auth (#9254)
  * Added more log lines to dismiss workflow.
  * Add Teleport loadtest infrastructure and grafana dashboard (#9023)
  * Fix sessions endpoint and remove namespaces (#9217)
  * Fix make grpc (#9252)
  * Add support for configurable KMS CMK keys for S3 SSE (#8354)
  * Fix tsh ssh proxy for openssh client (#9219)
  * `tsh db connect` do not respect TELEPORT_HOME (#9226)
  * Fix incorrect paths in docker/Dockerfile. (#9164)
  * Fixed error in assignment logic.
  * Added extra logging to bot assignment.
  * Bump x/crypto (#9205)
  * Updated logic to find workflow by path.
  * Updated code review assignment logic.
  * Clear web terminal when session ends (#8850)
  * Do not prompt for hardware MFA using `tsh` on Windows (#9081)
  * Update e ref
  * Create separate builds for CentOS7 (+fips)
  * simplify connection establishment (#9098)
  * Enhance LDAP desktop discovery (#9152)
  * Add Azure access token auth support for Postgres/MySQL (#8951)
  * docs: Fixes for pam_exec user creation script (#9001)
  * Use t.Setenv in tests (#9154)
  * Fix MySQL proxy handshake (#9161)
  * Update fluentd.mdx
  * Forwarding Access Logs using FluentD Video
  * Google CloudBuild support (#9090)
  * RFD 42 - S3 KMS Encryption (#8344)
  * Fix misspelling
  * Resolve potential data race (#9118)
  * Resolve race in db tests (#9117)
  * Clean up temp dir after app tests (#9119)
  * Make the `tctl users update` command visible (#9080)
  * Add public docs for active and recorded sessions "where" (#9084)
  * Don't Dismiss Dismissed Reviews (#9094)
  * Add Bot Logging (#9099)
  * Refresh getting started guide to use TLS routing (#8988)
  * Update docs for TLS routing (#9048)
  * Keep Valid Reviews For External Contributors  (#9067)
  * Make Teleport startup resilient to invalid roles (#9062)
  * docs: LDAP service account setup (#8875)
  * teleport configure: generate web_listen_addr (#9066)
  * Implement where conditions for active sessions (#9040)
  * add --publid-addr --cert-file --key-file for teleport configure (#9033)
  * Update reviewers (#9050)
  * Update vendor
  * Bump e (#9022)
  * Expose endpoint for fetching single desktop (#9041)
  * Add app metatada to app audit events (#8930)
  * Updated Docker Quickstart/Labs.
  * Request keypair from pool rather than directly.
  * Move unimplemented client methods out of the api client. (#8972)
  * Re-Request Reviews When Approvals Are Invalidated (#9037)
  * Fixed Helm publishing.
  * Updated Drone pipeline to build Teleport 8 images.
  * Clean up DB integration test output
  * [auto] Update AMI IDs for 8.0.0 (#9025)
  * make update-vendor (#9017)
  * Restart entire node on tunnel collapse (#8102)
  * update gosaml2 dep (#8937)
  * Fix dialing kube trusted cluser in v2 telport config (#8993)
  * teleport.cluster.local cleanup (#7922)
  * role labels use key instead of name
  * update docs to reflect terraform provider changes
  * Fix tunnel address for TLS routing if public tunnel address is present (#8961)
  * [pr-buddy] helm: Add support for annotation on secrets generated by cert-manager (#8872)
  * Updated build-darwin-* pipeline.
  * Remove explicit "deny" from preset "auditor" role, make preset roles V4 (#8959)
  * Update CODEOWNERS
  * replace dgrijalva/jwt-go with golang-jwt/jwt (#8939)
  * Prevent system roles from being created by a user (#8924)
  * RFD 43: Database access configurator (#8896)
  * Fix KUBECONFIG server name (#8940)
  * [auto] Update webassets in master (#8963)
  * Update username (#8968)
  * windows ldaps port (#8932)
  * RFD 45: RBAC where conditions for active sessions list/read (#8962)
  * Assign Doc Reviewers to Pull Requests with Changes to `docs/` (#8938)
  * Merge 'config-proxy' and 'proxy ssh' commands logic (#8920)
  * Add brief TLS routing description
  * Update CHANGELOG.md
  * Bypass required reviewers  (#8901)
  * Add meta redirect for some routes (#8293)
  * tctl: allow issuing app access certificates via `tctl auth sign` (#8717)
  * Update check.go
  * Use Hardcoded Map to Get Reviewers for Authors (#8928)
  * Add user-facing documentation for WebAuthn (#8479)
  * Improve SSH agent forwarding error message in proxy mode (#8829)
  * Do Not Dismiss Commented Pull Request Reviews (#8912)
  * Add space between reviewer usernames (#8905)
  * remove checking if users exist
  * RFD 44: RBAC `where` conditions for session recordings list/read (#8084)
  * [auto] Update webassets in master (#8909)
  * Fix race condition in integration tests. (#8888)
  * Link libatomic on Linux
  * RFD 9 (Locking): Update with latest developments (#7860)
  * Update test plan (#8897)
  * Fix the buildbox (again) (#8892)
  * Fix ACME strict ALPN (#8869)
  * Add RFD 43: Kubernetes Access Multiparty Sessions (#8510)
  * Don't allow running Desktop Access in FIPS mode.
  * Fix Rust buildbox (#8881)
  * Rust & Desktop Access fixes (#8822)
  * Use cgo.Handle for passing client refs between Rust/Go
  * clarifying facet examples (#8705)
  * Fix heartbeat for LDAP hosts
  * Disable desktop access in Web UI in Cloud clusters (#8858)
  * Fix tsh ssh proxy (#8826)
  * Fix MFA for DB Access (#8796)
  * Add dynamic registration and discovery guides (#8694)
  * integration: name our subtests
  * Fix typo in error check. (#8810)
  * output of config is being included in copy/paste (#8855)
  * Split auth.AccessPoint into variant specific interfaces (#8471)
  * Update workflow files to run workflows in the context of master (#8728)
  * Bring back previous u2f challenge response for web terminal (#8830)
  * Update Go badge to 1.17 (#8841)
  * Fix the client idle disconnect audit event for desktops
  * Fix trailing whitespace
  * Adds a test for scroll wheel
  * updates keyboard test plan
  * Include desktop access in test plan
  * Fix mongo access with mfa and add tests (#8799)
  * Fix reverse tunnel web ping call log severity (#8775)
  * Update e-ref (#8819)
  * Remove checking for error from session end in web terminal (#8797)
  * Update rdp-rs to fix horizontal scroll + extended keys
  * update to syntax change in terraform provider (#8782)
  * [helm] Change path -> mountPath under extraVolumeMounts (#8806)
  * [ami] Get wildcard DNS cert when using certbot/Letsencrypt with Terraform AMI (#8792)
  * URL-encode Postgres username in connection string (#8771)
  * Return created date with new recovery codes (#8777)
  * [auto] Update AMI IDs for 7.3.2
  * Update mac builds
  * Update test plan (#8794)
  * Set user verification to "discouraged" for WebAuthn (#8759)
  * Add '+' to key sanitizer whitelist (#8396)
  * flips struct ordering to match with tdp spec (#8753)
  * Fix error message when direct dial fails (#8678)
  * set packer version
  * API release automation with go script (#8484)
  * Fix race condition in PipeNetCon (#8643)
  * Update e
  * Ensure that Rust libraries are cleaned
  * Update and mark WebAuthn RFD as implemented (#8751)
  * Update TLS routing test plan scenarios (#8731)
  * Make RegisterUsingTokenRequest a Protobuf type (#8690)
  * Stop linking lcrypto and lssl
  * Update e
  * Add Rust to buildbox
  * Add link to Teleport Changelog in helm chart repository site. (#8734)
  * Include package-level failures in formatted test output (#8698)
  * Fix event code duplication for PrivilegeTokenCreateCode (#8733)
  * Update AWS CLI application access docs ref (#8634)
  * Update docs per-connection MFA DB access (#8682)
  * Add RFD 38 (#7769)
  * RFD 31: Dynamic registration for apps and databases (#6787)

-------------------------------------------------------------------
Sat Mar 05 13:06:11 UTC 2022 - kastl@b1-systems.de

- Update to version 8.3.4:
  * Release 8.3.4 (#10859)
  * Backport #9556 to branch/v8 (#10825)
  * Fix DynamoDB getAllRecords logic when 1MB query limit is reached (#10726) (#10847)
  * Backport #10061 to branch/v8 (#10828)
  * Open parts files one at a time
  * Complete empty uploads
  * Restore docs deply hook (#10839)
  * Do not block apt publishing if there is a more current pre-release (#10806)
  * Improve HA behavior of database agents in leaf clusters (#10641) (#10770)
  * docs: update CA rotation page (#10419)
  * Backport #10460 to branch/v8 (#10617)
  * Print proxy server on instructions on nodes add command for cloud (#10749)
  * Fix broken link
  * Fix nindent of `service.spec` in teleport-cluster chart
  * Update upcoming-releases.mdx
  * TF provider configuration environment variables (#10417) (#10547)

-------------------------------------------------------------------
Thu Mar 03 08:20:49 UTC 2022 - kastl@b1-systems.de

- skip non-existing release 8.3.2
- Update to version 8.3.3:
  * Release 8.3.3 (#10756)
  * Clear terminal when auth server is in FIPS mode (#10095)
  * Fix x11 server config issues (#10471) (#10758)
  * [v8] Fix Mongo topology resource release (#10730)
  * [v8] Sanitize leaf cluster CA (#10743)
  * Fix artifacts path for build-darwin-amd64-pkg-tsh drone pipeline (#10601)
  * Backport fixes to apt publishing logic (#10436)
  * Add missing read verb to ListResources (#10421)
  * [auto] Update webassets in branch/v8 (#10490)
  * Add documentation for static windows hosts
  * Disable BPF tests in CI (#10654) (#10680)
  * [Docs update] Mention unsupported scenarios for IAM join method (#10530) (#10651)
  * backport severity (#10667)
  * update enterprise getting started (#10606)
  * helm: Fix indenting on database autodiscovery (#10623)
  * Update x11 sshserver test to test concurrent sessions and requests. (#10473)
  * Add a Cloud compatibility warning to Helm guides (#10525)
  * Restore teleport-private deb/rpm gating (#10537)
  * Add a prominent warning to the config reference (#10524)
  * Mention Teleport Cloud in some of our guides (#10526)
  * [v8] Backport "helm: Revert PodSecurityPolicy change" (#10564)
  * Ensure docs nav titles use title case consistently (#10353) (#10523)
  * Address Cloud users in guides (#10527)
  * docs: fix code block (#10495) (#10556)
  * add teleport_connected_resources metric (#9603) (#10461)
  * Add teleport_audit_emit_event prometheus metric (#9134) (#10462)
  * helm: Add AWS database auto-discovery to teleport-kube-agent (#10344) (#10544)
  * Expose tunnel public addr to config.js (#10514)
  * Update config.json
  * Fix server compare to check expiry last (#10464)
  * Add PDB to teleport-kube-agent chart

-------------------------------------------------------------------
Sat Feb 19 21:00:05 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- add webassets, change %build section to build with flags and include webassets

-------------------------------------------------------------------
Fri Feb 18 07:37:52 UTC 2022 - kastl@b1-systems.de

- Update to version 8.3.1:
  * Release 8.3.1.
  * Updated CHANGLOG.md.
  * Revert "Add list,read for session to access role preset (#10382)"
  * Add missing DatabasesReady event to DB proxy (#10152) (#10306)
  * docs: Updated path to tctl/tsh for Enterprise binaries (#10429)
  * [Backport v8] IAM Joining Docs: Set join_method in token.yaml (#10435)
  * Update teleport docs to use 8.3.0 version (#10437)
  * docs: add warning about auditor role (#10258) (#10395)
  * Check for home dir as user. (#10418)
  * Add Prometheus metrics cache events and stale events (#9826) (#10312)
  * [v8] Revert Moderated Sessions docs (#10399)
  * Update upcoming-releases.mdx
  * Add list,read for session to access role preset (#10382)

-------------------------------------------------------------------
Wed Feb 16 08:03:42 UTC 2022 - kastl@b1-systems.de

- switch to 8.x.x line of releases
- Update to version 8.3.0:
  * Release 8.3.0.
  * Updated CHANGELOG.md.
  * [v8] Desktop backports for 8.3.0 (#10357)
  * backport #10368 to branch/v8 (#10377)
  * Add Teleport Cloud instructions to 3 guides (#10308)
  * Fix docker-compose Getting Started guide issues (#9709) (#10167)
  * Fix tctl insecure flag when TLS Routing is enabled (#10361)
  * improve lock tests
  * improve Cache.ListNodes perf
  * improve concurrent watcher registration perf
  * bump backend limit
  * Set role examples to v4 and add detail warnings (#10345)
  * Sync cloud preview plans (#10317)
  * Add the `cert.create` event (#9822) (#10222)
  * [auto] Update webassets in branch/v8 (#10303)
  * Add documentation for moderated sessions (#9425) (#10302)
  * Add docs for IAM join method (#8899) (#10310)
  * Don't return nil, nil in (*AuditWriter).tryResumeStream (#10298)
  * Use an apt-key alternative in install instructions (#10276)
  * Make our docs guidance discoverable (#10278)
  * Document docs labels
  * [Backport v8] IAM Join Method (#10263)
  * Truncate label output in tsh ls and tsh app ls commands
  * Add github teams to available traits
  * Update config.json
  * Update Docker image tags in docs (#9402)
  * Update upcoming-releases.mdx
  * Remove Teleport DB Users only message for tctl users ls (#10240)
  * Modified FedRamp to FedRAMP in docs for proper acronym (#10116)
  * Fix Doctests CI (#10117) (#10149)
  * Release 8.2.0.
  * Updated CHANGELOG.md.
  * Removed `TestProxyReverseTunnel`.
  * x11 forwarding (#9897)
  * Cleaned up NewClient in integration tests.
  * Fixed TestSessionStartContainsAccessRequest.
  * Fixed TestDisconnection
  * Add teleport_reverse_tunnels_connected Prometheus metric (#9698) (#10224)
  * Expand cloud in production usage (#10221)
  * Clarify `tsh config` usage docs on Windows (#10208)
  * Restore DEVBOX in build.assets/Makefile (#10220)
  * [v8] Use buildbox image from quay.io (#10178)
  * Restore root user in CI buildbox (#10215)
  * Tag build images with teleport8 instead of go version (#10211)
  * (v8) Update config.json for 8.1.5 (#10200)
  * Add metric tracking number of Teleport agents joined to cluster (#9749) (#10162)
  * Backport #9907 to branch/v8 (#10198)
  * Release 8.1.5 (#10194)
  * Add xauth binary to buildbox for X11 forwarding. (#10164) (#10174)
  * [v8] Update Documentation for GCP Cloud SQL Client Authentication (#10140)
  * Release 8.1.4 (#10157)
  * Dynamically resolve reverse tunnel address (#9958) (#10139)
  * Revert "Emit event when connecting to non-Teleport server (#9370)" (#10156)
  * Add teleport_build_info Prometheus metric to Teleport (#9595) (#10135)
  * Update config.json (#10145)
  * Backport #10124 (#10125)
  * Release 8.1.3 (#10120)
  * Backward compatible kubernetes_labels behaviour for v3 and v4 roles (#10127)
  * helm: Allow setting issuer group for certificate in teleport-cluster (#9138) (#9812)
  * Fix panic running TestIntegration/RotateChangeSigningAlg (#10048)
  * Update version-check paths (#10119)
  * Release 8.1.2.
  * Updated CHANGELOG.md.
  * fix tests - forwarder is not set during cluster session init anymore
  * Turned http2 off for kube streaming endpoints.
  * backport aws guide changes (#10106)
  * Add guide for Azure Postgres/MySQL database access (#9729) (#10096)
  * Respect errors from UserInfo (#9951)
  * Enable canned ACL for S3 (#9042)
  * [v8] Client Certificate Authentication for GCP Cloud SQL (#10059)
  * Replace cluster periodics with watchers (#9609) (#9998)
  * Make diag-addr in teleport help start unhidden (#9981)
  * Update golang.org/x/crypto to v0.0.0-20220126234351-aa10faf2a1f8 (#9984) (#10015)
  * Emit event when connecting to non-Teleport server (#9370)
  * [v8] backport #9758 (access requests in audit log) (#9933)
  * Add access request locks to the docs (#9983)
  * [v8] backport #9697 (improved Google OIDC)  (#9926)
  * add extra checks to avoid getSigninToken failure (#9792) (#9964)
  * backport #9133 to branch/v8 (#9867)
  * Access request locks (#9478) (#9930)
  * Fix k8 access - respect kube service labels (#9759) (#9955)
  * [v8] Auto discovery aurora reader and custom endpoints (#9668) (#9965)
  * tip  on cloud and getting ports, added desktop port (#9971)
  * [v8] backport #9501 (access requests in TLS certs) (#9922)
  * Update upcoming-releases.mdx
  * helm: Add logging configuration to teleport-kube-agent chart (#9632) (#9814)
  * do not register Aurora serverless db clusters (#9386) (#9934)
  * Fix TLS Router serverName 'kube.' prefix based routing logic (#9777) (#9902)
  * Ignore artifact failures in remaining pipelines (#9932) (#9940)
  * [auto] Update webassets in zmb3/v8-backports (#9906)
  * Tweak the PNG encoder (#9817)
  * Add an Error message to TDP (#9586)
  * Reject TDP ClientUsername messages that are too long
  * Fix first desktop discovery reconcile loop (#9654)
  * docs: recommend a highly available LDAP endpoint. (#9744)
  * Clean up system role parsing (#9756)
  * Fix reverse tunnel dialing for Windows Desktops
  * Ignore failures for artifact registration step (#9921) (#9927)
  * Database auto discovery to be more tolerable to find as many as it can (#9426) (#9903)
  * update RDS and Redshift CA URL (#9890) (#9904)
  * feat: app server requests failover (#9288) (#9819)
  * omit invalid aws tags in rds autodiscovery (#9742) (#9766)
  * [auto] Update webassets in branch/v8 (#9872)
  * Release 8.1.1.
  * Updated CHANGELOG.md.
  * Conditionally publish deb packages (#9783)
  * [auto] Update webassets in branch/v8
  * fix: removing new line convergance (#9579) (#9816)
  * [docs] Add region and use of SSM decryption to Terraform docs (#8907) (#9813)
  * Upload release binaries to new release infrastructure (#8722) (#9615)
  * Add the `access_request.delete` event (#9552) (#9787)
  * Fall back to "/" when home directory doesn't exist for `tsh ssh` (#9413) (#9662)
  * [Backport V8] Treat EC2 Node IDs as UUIDs (#9833)
  * Add info about upcoming databases to previews page (#9832)
  * Forward TELEPORT_HOME to kubeconfig (#9760)
  * [backport v8] force http2 kubernetes #9294 (#9796)
  * fix dynamo error types
  * [v8] Restores linting of non-go files in CI (#9664)
  * backport #9656 to branch/v8 (#9746)
  * backport terraform provider syntax changes to v8 (#9541)
  * Run gpg in batch mode (#9730)
  * [v8] backport #9607 (upgrade `go.etcd.io/etcd`) (#9733)
  * Release 8.1.0 (#9675)
  * Update e ref
  * Update previews page (#9670)
  * [v8]: Desktop Access backports for 8.1.0 (#9678)
  * Sign rpm repo metadata (#9623)
  * (v8) Add note about TLS routing backwards compatibility (#9631)
  * Specify level of TLS verification for database connections (#9197) (#9659)
  * Exclude Jitter from logging
  * [branch/v8] update doc examples to change from admin role to editor,access (#9335)
  * Update API client: dial auth service with TLS Routing (#9578)
  * removes experimental note from example config (#9195) (#9526)
  * Sign dronefile
  * [v8] Disable drone triggers (#9313) (#9532)
  * Add `--cluster` flag to all `tsh db` subcommands, Add "--diag_addr" flag to `teleport db/app start` (#9220) (#9518)
  * Fix the UI to correctly determine if a user has access to a resource (#9473) (#9525)
  * Fix tsh db connect mongo dbuser logic (#9445)
  * Update config.json
  * [v8] Skip tests on a docs-only PR (#9416) (#9510)
  * Prevent Linear Retry from converging on Max (#9449)
  * [v8] Use t.Setenv in tests (#9154) (#9428)
  * Escape access request and access resolution reasons in tctl (#9381) (#9455)
  * Release 8.0.7.
  * Updated CHANGELOG.md.
  * [helm] Re-add space after type in service definition (#9503)
  * Fix initKube: broadcast KubeReady event (#9444)
  * tool/tsh: support ID for `tsh play -f json`
  * Added 12/17 Release Update.
  * Restart teleport-kube-agent can't join cluster.
  * add TLS routing support to helm chart
  * Added log configuration to teleport-cluster chart.
  * Added support for service.spec.loadBalancerIP.
  * updted Helm install guide in installation page. -  link to getting started with kubernetes access page to refer Helm which is more up to date guide - removed  which shows deprecated warning
  * Remove dronegen from Teleport 8.
  * Update Drone pipeline to fix CentOS 7 repository.
  * Added support for buildings CentOS 7 RPMs.
  * Updated Enterprise reference.
  * Update aws-console.mdx (#9480)
  * simplify desktop access getting started guide (#9100) (#9467)
  * Fix CryptoRandomHex function (#9186) (#9433)
  * Fix app server goroutine leak (#9332) (#9459)
  * feat: ListResources gRPC rpc (#9096) (#9458)
  * [branch/v8] Backport #8840 (#9395)
  * [Backport v8] Create a blast radius reduction guide (#9430)
  * Clarify the Linux Getting Started guide (#9429)
  * Avoid "Entering/Leaving directory" output in Make (#9246) (#9424)
  * Add Videos to Teleport Desktop Access (#9374)
  * [v8] Prevent infinite dialing to Auth (#9403)
  * Do not parse MySQL server packets (#9411)
  * Fix NO_PROXY addr logic (#9287) (#9394)
  * Change invalid TOTP message
  * Clear web terminal when session ends (#8850)
  * Add synchronize event
  * Trigger on ready_for_review event
  * Don't run workflows on draft PRs
  * Update which pull request events to trigger workflow on
  * Fix confusing port example in standalone docs
  * Release 8.0.6.
  * Updated CHANGELOG.md.
  * Update AWS CLI application access docs ref (#8634) (#9396)
  * [auto] Update webassets in branch/v8
  * Add WebAuthn and Active Session docs (#9390)
  * [v8] Add ability to run Postgres and Mongo proxy on separate listeners (#9341)
  * Post Release 1/4 (#9005)
  * Ensure we don't miss the resolution of an access request (#9193) (#9338)
  * Release 8.0.5
  * Fix the CRL distribution point in Windows certs (#9299)
  * Drone fix (#84)
  * Release 8.0.4 (#9368)
  * Add support for configurable KMS CMK keys for S3 SSE (#8354) (#9262)
  * [backport v8] Fix sessions endpoint and remove namespaces (#9360)
  * Fix tsh ssh proxy for openssh client (#9249)
  * Release 8.0.1 (#9223)
  * [v8]: desktop access backports (#9201)
  * Do not prompt for hardware MFA using `tsh` on Windows (#9081) (#9198)
  * Bump x/crypto (#9203)
  * Update Workflow Config Files (#9207)
  * Add Azure access token auth support for Postgres/MySQL (#9185)
  * [Backport] Google CloudBuild support (#9090) (#9165)
  * Fix MySQL proxy handshake (#9162)
  * Refresh getting started guide to use TLS routing (#8988) (#9101)
  * Add '+' to key sanitizer whitelist (#8396)
  * Implement where conditions for active sessions (#9040) (#9076)
  * Make Teleport startup resilient to invalid roles (#9062) (#9105)
  * Update docs for TLS routing (#9097)
  * Add app metatada to app audit events (#9056)
  * Update CODEOWNERS (#9058)
  * Restart entire node on tunnel collapse (#8102) (#9043)
  * teleport configure: generate web_listen_addr (#9071)
  * Add --public-addr --cert-file --key-file for teleport configure (#9049)
  * Add meta redirect (#8980)
  * Updated Docker Quickstart/Labs.
  * Fixed Helm publishing.
  * [pr-buddy] helm: Add support for annotation on secrets generated by cert-manager (#8872) (#9013)
  * Release 8.0.0.
  * Release 8.0.0-rc.3.
  * Fix dialing kube trusted cluser in v2 telport config (#8996)
  * Fix tunnel address for TLS routing if public tunnel address is present (#8995)
  * Updated build-darwin-* pipeline.
  * Remove explicit "deny" from preset "auditor" role, make preset roles V4 (#8959) (#8998)
  * Release 8.0.0-rc.2.
  * Updated CHANGELOG.md.
  * backport bot improvements
  * Merge 'config-proxy' and 'proxy ssh' commands logic (#8920) (#8958)
  * Fix KUBECONFIG server name (#8940) (#8971)
  * [auto] Update webassets in branch/v8 (#8965)
  * windows ldaps port (#8932)
  * tctl: allow issuing app access certificates via `tctl auth sign` (#8717) (#8941)
  * Update e-ref (#8927)
  * Improve SSH agent forwarding error message in proxy mode (#8832)
  * [auto] Update webassets in branch/v8 (#8911)
  * Link libatomic on Linux
  * Fix the buildbox (again) (#8892)
  * fix buildbox
  * remove roletester toolchain
  * Rust & Desktop Access fixes (#8822)
  * Use cgo.Handle for passing client refs between Rust/Go
  * Fix heartbeat for LDAP hosts
  * Fix the client idle disconnect audit event for desktops
  * Return created date with new recovery codes (#8777) (#8903)
  * Release 8.0.0-rc.1.
  * Fix ACME strict ALPN (#8869) (#8889)
  * Don't allow running Desktop Access in FIPS mode.
  * Fix tsh ssh proxy (#8826) (#8871)
  * Fix MFA for DB Access (#8796) (#8870)
  * Disable desktop access in Web UI in Cloud clusters (#8858) (#8873)
  * Split auth.AccessPoint into variant specific interfaces (#8471) (#8859)
  * Release 8.0.0-beta.3.
  * Update Enterprise reference.
  * Updated Go to 1.17.3.
  * Add dynamic registration and discovery guides (#8862)
  * comment out teleport configure output example (#8856)
  * flips struct ordering to match with tdp spec (#8753) (#8814)
  * Bring back previous u2f challenge response for web terminal (#8830) (#8844)
  * Fix mongo access with mfa and add tests (#8800)
  * Update rdp-rs to fix horizontal scroll + extended keys
  * [helm] Change path -> mountPath under extraVolumeMounts (#8806) (#8825)
  * [ami] Get wildcard DNS cert when using certbot/Letsencrypt with Terraform AMI (#8792) (#8809)
  * Set user verification to "discouraged" for WebAuthn (#8759) (#8801)
  * Fix reverse tunnel web ping call log severity (#8776)
  * Remove checking for error from session end in web terminal (#8797) (#8816)
  * Update mac builds
  * Add link to Teleport Changelog in helm chart repository site. (#8780)
  * URL-encode Postgres username in connection string (#8772)
  * Release 8.0.0-beta.2.
  * Update e
  * Ensure that Rust libraries are cleaned
  * Release 8.0.0-dev.33
  * Update e to match branch/v8
  * Stop linking lcrypto and lssl
  * Add Rust to buildbox
  * Fix event code duplication for PrivilegeTokenCreateCode (#8733) (#8743)
  * Release 8.0.0-beta.1.
  * Pin Packer version to 1.7.6
  * Updated webassets reference.
  * Update GH Actions Workflow Commands (#8724)
  * Development Workflow Automation (#8116)
  * Update app and database access test plan scenarios (#8718)
  * Add missing aws certs (#8704)
  * Fixed CentOS 6 builds.
  * Add priority class name (#8669)
  * add routing_strategy to config docs
  * use RoutingStrategy enum instead of boolean flag
  * Route to the most recently heartbeated node when there are duplicates
  * improve tests
  * fix nits
  * remove OnlyRecent behavior
  * ttl-based fallback caching
  * server-side filtering
  * Updated go.mod and re-vendored.
  * Update Enterprise reference.
  * Updated Go to 1.17.2.
  * Make LDAP desktop discovery disabled by default
  * Add timeout for RDP connections
  * Fix missing webauthn json field (#8701)
  * Align SNI routing logic (#8689)
  * Align the user message printed during the 'tsh proxy db' command (#8681)
  * [auto] Update webassets in master (#8697)
  * Enable the Rust logger at the same level as the Go logger
  * Ensure there are no '.' characters in dynamic desktop names
  * Add Proxy listener mode and proxy v2 configuration (#8511)
  * update certification link for boring crypto (#8676)
  * Correct terraform guide example (#8630)
  * Set expiry on LDAP-discovered desktops
  * Allow tctl admin user to delete windows desktops
  * Use a consistent, human-readable convention for static hosts
  * Return obscured user locked error message (#8596)
  * Fix port for listen_addr (#8624)
  * userACL (#8560)
  * Ensure that teleport start --roles=windowsdesktop works
  * Fix mysql log spam (#8654)
  * kubectl exec and port-forward requests use the right dialer (#8601)
  * Fix ALPN SNI Proxy errors logs (#8506)
  * Replace golint with revive (#8613)
  * Fix ALPN protocol routing (#8526)
  * Cleanup lint targets
  * docs: updates for desktop access
  * fix web_listen_addr example (#8650)
  * AWS CLI access (#8151)
  * Add constants for Windows-related timeouts
  * Include RDP port for desktops discovered via LDAP
  * Increase heartbeat period for Windows Desktops
  * Label Windows Desktops correctly
  * Label Windows hosts with teleport.dev/origin
  * Implement AD host discovery
  * Revert "Adds Rust 1.55.0 to CI buildbox (#8606)" (#8652)
  * Add KindAuthConnector permission to editor role.
  * Remove webassets before Enterprise images.
  * Adds Rust 1.55.0 to CI buildbox (#8606)
  * Add webauthn support for web terminal mfa prompt (#8642)
  * Add agent support to Teleport AMIs for use with Terraform (#8387)
  * Add CockroachDB guide (#8554)
  * Added metrics for missing SSH tunnels.
  * Automatically import RDS databases (#8481)
  * fileconf: change LDAP config from password to password_file
  * Use a separate event code for desktop session start failure
  * Make unit tests write JSON test logs (#8351)
  * Fix race condition in LoadBalancer (#8608)
  * Include event type filter in Firestore query (#8403)
  * Updated slack plugin instructions to allow for Teleport Cloud (#8540)
  * tctl: allow comma-separated --windows-logins
  * Misc desktop access cleanup
  * Fix ExtractConditionForIdentifier handling of verbs, empty where (#8552)
  * desktop access: add session start/end audit events
  * Consistent webauthn JSON field naming for web (#8559)
  * add watcher event metrics to docs and sort metrics alphabetically (#8491)
  * Support traits for Windows Logins (#8585)
  * Add CockroachDB support (#8505)
  * Add RBAC for Windows desktop access (#8520)
  * [auto] Update AMI IDs for 7.3.0
  * fixed link, renamed img (#8573)
  * Added joining nodes in AWS documentation.
  * Desktop Access Beta documentation (#8504)
  * Throttle DynamoDB event migration based on provisioned capacity (#8468)
  * Desktop Access notes and comments (#8530)
  * Refresh locking article (#8542)
  * [auto] Update AMI IDs for 7.2.1
  * Allow second_factor 'on' and 'optional' without U2F (#8498)
  * Do careful nil handling on Webauthn proto conversions (#8501)
  * Implement Simplified Node Joining (#8250)
  * Implement where conditions for session recordings list/read (#8289)
  * Expose SearchSessionEvents via proxy webapi (#8445)
  * ALPN DB Proxy fix insecure flag (#8440)
  * Notice on requiring kubernetes access enabled for agent (#8369)
  * TDP: add mouse scroll support
  * Publish Teleport CA to NTAuth store over LDAP (#8438)
  * add IDs to upload events (#8453)
  * Kube Proxy Forwarder handles kube services with same name (#8362)
  * Add support for MFA for DB access (#8270)
  * use aws sdk withcontext variants where possible (#8355)
  * Fix GenerateHostCerts http fallback with LegacyCerts. (#8469)
  * Adjust tsh language in regards to Webauthn (#8451)
  * teleport-kube-agent: postgresql -> postgres in README (#8496)
  * Update testplan for WebAuthn (#8480)
  * Remove pre-v7 device migration logic (#8448)
  * Remove 'deny' directive in example impersonation role. (#8399)
  * Accept multiple SANs in tctl auth sign for databases (#8449)
  * Release 8.0.0-alpha.1.
  * Remove RoleConditions type alias from lib/services. (#8441)
  * Adds OIDC logic for Ping Provider (#8308)
  * Wire Webauthn disabled flag into yaml config (#8452)
  * Auto-configure IAM for Redshift databases (#8348)
  * Bug fix: Get user from logged in context (#8460)
  * [auto] Update webassets in master (#8457)
  * PIV authentication for RDP (#8408)
  * Return preferred MFA method on ping endpoints (#8439)
  * Auto-configure IAM for RDS databases (#8339)
  * Update e-ref (#8446)
  * Remove extra Audit records entry. (#8426)
  * k8s misspelling (#8430)
  * Update U2F App ID guidance in documentation (#8434)
  * Specify platform when building our buildbox (#8429)
  * Unify RBAC checking functions (#8407)
  * Disable firestore tests by default (#8322)
  * correct app name example (#8422)
  * Implement attestation for Webauthn (#8392)
  * Test Webauthn global disable flag (#8393)
  * Migrate DynamoDB events to store fields as map type (#8292)
  * [auto] Update AMI IDs for 7.2.0
  * Set flush interval when forwarding application http requests (#8359)
  * Update video to reflect RBAC changes and updates in Teleport 7 (#8301)
  * Rename VerifyAccountRecovery and token ID proto fields (#8395)
  * Watcher System Metrics (#8338)
  * Reduce the number of tests that run in parallel.
  * Revert e-ref (#8391)
  * Require enterprise license for HSM support (#8370)
  * Add additional context for Teleport Cloud users on how they can add the impersonator role to the user. (#8364)
  * HSM Docs (#8000)
  * Implement AddMFADeviceSync and GetAccountRecoveryCodes (#8287)
  * Unify creating u2f, totp, and webauthn MFA register challenges (#8342)
  * Fix ALPN SNI Proxy TLS termination for DB connections (#8303)
  * Remove ClusterConfig resource (#8150)
  * Add Webauthn support to ChangePassword and Ping (#8337)
  * Bump version to 8.0.0-dev
  * Update version.mk to set Helm chart versions.
  * [forward-port] Teleport lab - open 3024 port in and copy changes.
  * Implement User Privilege Token (#8076)
  * RDPDR virtual channel implementation for smartcards (#8282)
  * Add the DeviceType proto to Auth Service (#8336)
  * Simplify MFA testing and favor Webauthn over U2F (#8334)
  * Add a toy Webauthn web interface (#8326)
  * Replace `log` with `logrus` in Webclient (#8328)
  * move production and user manuals (#8341)
  * improve graceful restart behavior
  * [auto] Update AMI IDs for 7.1.3
  * Add Webauthn devices via tsh mfa add (#8310)
  * Splits admin guide into setup sections (#8324)
  * Add app resource watcher/reconciler (#8228)
  * Add API and CLI for managing application resources (#8185)
  * ignore concurrent updates during tc load
  * add .idea to .gitignore for jetbrains (#8311)
  * fix double-init and buffer overflows
  * Fixes for cert checker and Postgres config builder (#8251)
  * host certs: pass the remote address along in the request (#8299)
  * Tidy up Webauthn login and registration (#8283)
  * Allow login over plain http in restricted situations (#7835)
  * Creates ansible guide. (#8297) (#8298)
  * Add support for `tsh ssh` on Windows (#7790)
  * Disable colorized error formatting on Windows (#8227)
  * Fix ConnectionMonitor DisconnectExpiredCert (#8288)
  * Return unique error message (#8284)
  * Support registration of Webauthn devices (#8278)
  * Improve performance, reliability of firestore backend (#8241)
  * RFD 41: Simplified Node Joining for AWS (#7292)
  * Update role-templates.mdx (#8280)
  * Improve FirestoreDB/KeepAlive test failure message (#8273)
  * Add mysql port to config and service in Teleport Cluster Helm Chart (#8183)
  * Fix node registration backwards compatibility (#8256)
  * Avoid watching for new Locks with empty LockTarget (#8253)
  * Update markdown table for kubeClusterName. (#8236)
  * Removes line break (#8267)
  * Fix linker flags in datalog CGO wrapper
  * Export hasBuiltinRole and clusterFeature to use in e repo (#8261)
  * Support custom paths for AWS roles in console access (#8224)
  * Allow getting MFA authenticate challenge with recovery token (#8231)
  * Add documentation for the nowait flag. (#8220)
  * Allow deleting/listing MFA devices with recovery tokens (#8197)
  * Add PublicAddr fix for kube service; Test that GetServerInfo gets kube public addr. (#8178)
  * Implement Webauthn registration (#8226)
  * correct role mapping in auth connector (#8242)
  * Rotate Mac signing certificates (#8230)
  * Introduce WebauthnDevice proto and registration messages (#8201)
  * seo updates (#8247)
  * Fix firestore (#8181)
  * Convert GenerateServerKeys to GRPC (#8193)
  * Add more context to the firestore backend test failure (#8223)
  * Skip etcd prefix test if disabled (#8202)
  * moves sso, labels and nodes to setup (#8216)
  * Fix linter: remove unused code (#8214)
  * Fix interactive sessions always exiting with code 0 (#8081)
  * RFD 39: SNI and ALPN telepot proxy routing (#7280)
  * ALPN SNI Proxy (#7524)
  * Adds SOC2 guide from Travis and ports EC2 tags guide (#7788)
  * Add VS Code guide and update docs for tsh on Windows (#8195)
  * fix broken links in api client readme (#8125)
  * Update the index.mdx file for Access Controls (#8129)
  * New video banners for BPF work (#8130)
  * Db access gui client improvements (#7950)
  * correct license file name in k8s cluster getting started(#8188)
  * Modified auth server example to only have one auth server (#8199)
  * Add a global disable flag for Webauthn (#8191)
  * Port backend tests to testify / fix racy tests (#8170)
  * Expand error message on tctl enterprise usage (#8093)
  * Expanded AWS Console examples (#8127)
  * Account Recovery Token Getter and Create New Codes (#8177)
  * Introduce app server and app resources (#8140)
  * Pick a number for the Webauthn RFD (#8187)
  * Support Webauthn challenges in tsh login (#8176)
  * RFD: WebAuthn Support (#7808)
  * LoadIdentityFileFromString (#8132)
  * Implement CompleteAccountRecovery, Step 3 in Account Recovery (#8103)
  * Implement ApproveAccountRecovery, Step 2 in Account Recovery (#8100)
  * support empty string ca_pin (#8154)
  * webclient: use the provided context (#7801)
  * New videos for MongoDB Atlas and PostgreSQL (#8097)
  * Require that public TLS and SSH keys are provided to register via token (#8135)
  * correct port number example (#8168)
  * Stop using ; as a separator in URL query strings (#8143)
  * Unparallel racy test (#8142)
  * Make TestLockWatcherStale more robust (#8134)
  * Do not attempt to sign Windows builds on push (#8137)
  * Sign tsh.exe on tag builds (#7897)
  * Generate Windows-compatible OpenSSH config in `tsh config` (#7848)
  * Wire Webauthn to login endpoints (#8094)
  * Fix session URL displayed by `teleport status` (#8072)
  * Correctly validate JWT CA on bootstrap (#8119)
  * Dynamically register/unregister database resources (#7957)
  * Implement StartAccountRecovery, Step 1 in Account Recovery (#8095)
  * auth: remove DataDir from RegisterParams (#8110)
  * Mask token in logs (#7955)
  * Update Architecture Docs link in Readme (#8107)
  * Cleanup docs on users and roles (#8098) (#8099)
  * Access & Review request docs (#7791)
  * Add kube-cluster env for tsh (#7867)
  * Adapt lib/auth/webauthn to Identity and type changes (#8082)
  * API workflows example (#6827)
  * Connect proxy <-> windows_desktop_service <-> RDP server (#7990)
  * Move newly-added Webauthn tests out of gocheck (#8074)
  * Lint and fix missing license headers (#8075)
  * [RC 2] Extend GetMFADevices to accept tokenID (#8036)
  * Implement Account Recovery Codes (#8034)
  * Update e (#8073)
  * Add the WebAuthn user ID to LocalAuthSecrets (#8013)
  * Implement WebAuthn login (#8009)
  * Add support for WebAuthn configuration (#7949)
  * Move and expand troubleshooting section (#8052)
  * RFD 32: Datalog based role tester (#6818)
  * Update e-ref for access tester (#8068)
  * Datalog based access tester (#7543)
  * Repeatable test naming (#8018)
  * [auto] Update AMI IDs for 7.1.0
  * Update impersonation docs (#8053)
  * update e-ref
  * adding environment variables (#7954)
  * Add support for a profile specific kubeconfig file. (#7840)
  * Add docs for the locking feature (#7967)
  * update e-ref
  * disable build determinism in centos6
  * Exclude tar flags for non-Linux platforms.
  * pipefail in make shell
  * Add Webauthn SessionData persistence to Identity (#8012)
  * RDP client implementation (#7824)
  * Add link to Access Requests page (#8021)
  * Switch bash to code component (#8019) (#8029)
  * Removed 443/3080 port from tsh login examples (#8016)
  * Ensure that test-root is marked as a PHONY target (#7847)
  * helm: Set correct fsGroup in teleport-kube-agent chart when using persistent storage (#7804)
  * Add imagePullSecrets in kube-agent chart (#6941)
  * helm: Make auth type configurable (#7508)
  * Add abilty to configure postStart handler for teleport-cluster chart (#7168)
  * allow  websocket connections to the same host (csp) (#7929)
  * Update docs codeowners (#7998)
  * Sasha/fwd user (#7996)
  * Teleport Database Video Banners (#7977)
  * fix agent forwarding test on macOS (#7784)
  * fix parent shard tracking
  * Add WebAuthn protocol buffers (#7923)
  * Fix windows_desktop_service keepalives (#7987)
  * Fix make update-vendor on macOS (#7910)
  * Add support for PDB with the teleport-cluster helm chart (#7138)
  * Allow teleport-cluster-agent chart to use an existing volume for the data directory (#7096)
  * Add file configuration for HSMs (#7959)
  * Add support for HSM CA rotation (#7862)
  * Add support for multiple CA pins (#7905)
  * Add support for nowait on requests. (#7895)
  * Split UpsertWindowsDesktop into Create/Update
  * Address review comments, batch 1
  * Windows desktop service boilerplate
  * [auto] Update webassets in master (#7917)
  * RFD 34: clarify windows host discovery
  * add conversion code for billing information update events
  * Fix incorrect zero value setting for web idle timeout (#7926)
  * Port Darwin CI pipelines to Dronegen  (#7688)
  * Add MongoDB Atlas guide (#7864) (#7951)
  * Vendor our logrus fork to fix data race (#7940)
  * Don't log warning for all remoteSite.periodicUpdateLocks failures (#7908)
  * Allow custom webassets path if debug mode is on (#7925)
  * Make TestAuthorizeWithLocks* more robust (#7909)
  * correct tsh proxy alias (#7902)
  * fix race in etcd test
  * Make srv.TestMonitorStaleLocks more robust (#7877)
  * Emit audit events on lock upsert/delete (#7752)
  * Introduce `tctl lock` command (#7809)
  * Send web idle timeout with new web session response (#7839)
  * Update protobuf compiler release link
  * Update Drone pipeline for Teleport 7.
  * [auto] Update AMI IDs for 7.0.2
  * Reject cert generation requests for locked-out users/hosts (#7746)
  * Sasha/fwd fixes (#7881)
  * API client tunnel address discovery fix (#7533)
  * Check out code to use for building Teleport lab image (#7879)
  * Remove initial 'v' from Teleport version tag (#7878)
  * Re-add GetLock methods for auth server cache (#7861)
  * Add curl for teleport-lab image build step (#7876)
  * Dead code removal (#7851)
  * Rename ResetPasswordToken to UserToken for general use (#7681)
  * Handle stale lock views with strict/best-effort modes (#7798)
  * Various fixes to SAML encryption key handling for SSO (#6767)
  * Update Enterprise reference.
  * Reduced shared library dependencies.
  * Updated CHANGELOG.md.
  * Do not exit teleport when unable to enumerate k8s cluster (#7523)
  * Replicate locks to remote clusters (#7737)
  * ClusterConfig fallback (#7702)
  * Adding database resource API and tctl commands (#7792)
  * Fix soundness issues in uacc (#7785)
  * fix stale event logging
  * fix memory backend mirror behavior
  * Added Admonition for postgres sql and tls (#7777)
  * Decouple database server from database (#7771)
  * Fix client.New race condition (#7774)
  * Do not deny logins in `isMFARequired` (#7739)
  * Update download query param filter for mac (#7778)
  * Fix CHANGELOG header indentation (#7789)
  * Ensure defaults are set for DB integration tests (#7787)
  * Use KeyStore instead of raw keys with CAs (#7615)
  * Fix tctl db resource UT (#7760)
  * Move session recording section to RFD 33
  * Small tweaks based on review feedback
  * RFD 33-37: Windows desktop access
  * Update SSO guides (#7671)
  * Reference docs for AuthPreference (#7503)
  * Add Restricted Session docs (#7673)
  * Update docs/pages/includes/permission-warning.mdx
  * be more explicit about non-root user
  * Update PAM page (#7719)
  * Update DNS instructions in the AWS+EKS+Helm guide (#7672)
  * rollback - Upgrade api version. (#7751)
  * Add hsmKeyStore implementation (#7614)
  * Reset event checkpoint key property for non sub-page breaks (#7638)
  * RFD 9: Locking (#7286)
  * Mount teleport-tls to the init container for the teleport-cluster helm chart (#7166)
  * Add support for tctl get/rm DB resource (#7558)
  * mtls metrics service (#7079)
  * Updated Enterprise reference.
  * Updated BPF asset embedding.
  * Improved build determinism.
  * [auto] Update webassets in master (#7732)
  * Upgrade api version. (#7609)
  * Add missing kubeClusterName value in teleport-cluster helm chart (#7620)
  * Update the GCP+GKE+Helm guide (#7720)
  * config: Change mentions of kubeconfig_path -> kubeconfig_file (#7646)
  * clarity around ansible config for teleport (#6418)
  * Update test plan (#7639)
  * Enforce locks in auth.Authorize (#7625)
  * [auto] Update webassets in master (#7716)
  * ImplicitRole doesn't have wildcard labels (#7645)
  * Add KeyStore interface with rawKeyStore implementation (#7613)
  * Mark RFD 28 (ClusterConfig reorg) as implemented (#7706)
  * Fix ClusterConfig caching with pre-v7 remote clusters (#7698)
  * aws: Add s3:ListBucketMultipartUploads permissions to IAM policies (#7664)
  * docker: Automatically build teleport-lab image nightly based on latest Teleport version (#7692)
  * Add AWS console guide (#7640)
  * Try mini-diagrams and update launchpad titles (#7684)
  * AWS console access (#7590)
  * Add MongoDB Compass GUI guide (#7658)
  * Replace GenerateSelfSignedCAWithPrivateKey with GenerateSelfSignedCAWithSigner (#7612)
  * Apply locks to connections tracked by srv.Monitor (#7506)
  * Replace make tag with updated make update-tag. (#7627)
  * Fixed performance issues with the Web UI.
  * Tweaks, update and k8s agent getting started (#7656)
  * [auto] Update webassets in master (#7653)
  * fix init event emission
  * improve shard iteration
  * Removes double quotes from acme examples in docs (#7642)
  * Add `tsh config` helper to generate OpenSSH client configuration (#7437)
  * Tweak and add a few instructions regarding Audit Log testing (#7643)
  * add support for running agent helm chart on persistent volume (#7123)
  * Update test plan (#7617)
  * improve etcd event processing
  * concurrent queue
  * [auto] Update webassets in master (#7621)
  * Use web listener for web server (#7619)
  * Remove GetLock methods from Cache/ReadAccessPoint (#7593)
  * Tidy up trait application in `Role`. (#7562)
  * Fix profile credential loader known_hosts (#7532)
  * API Client UX fixes (#7521)
  * Adds WebClientTimeout to config (#7497)
  * Fall back to old CA schema when retrieving keys and certs (#7603)
  * Fix RBAC verbs checked for SetSessionRecordingConfig (#7466)
  * Adds Message of the Day (#7396)
  * Updated Enterprise reference.
  * Updated Makefile to fix FIPS BPF issues.
  * Include O in MongoDB certs and improve some errors (#7575)
  * set cluster name in lab (#7579)
  * Update cloud and add U2f guide (#7585)
  * Add restricted session
  * [auto] Update webassets in master (#7580)
  * Update upcoming-releases.mdx (#7584)
  * Make reference deployments more visible (#7583)
  * ListNodes limit exceeded test timeout fix (#7464)
  * Make commands more obvious (#7510)
  * Adds Teleport lab. (#7480)
  * RFD 27: mtls metrics (#6469)
  * Use descending order as default in webapi (#7550)
  * [auto] Update webassets in master (#7551)
  * Address security design review. (#6769)
  * docker: Add libelf1 as a dependency for building Teleport container images
  * Fixed vendoring issue.
  * Update ssh-pam.mdx (#7536)
  * libbpfgo has been moved out of tracee
  * Better handling of database access IAM errors (#7525)
  * Fix potential infinite loop in GetTrustedCertsPEM (#7540)
  * Implement an API for exporting session events (#7360)
  * aws: Add updates to AMIs for database access (#7487)
  * allow overrides of the AWS config for the service in the helm chart (#7287)
  * Update CODEOWNERS.
  * Allow querying for audit events in either an ascending or descending order (#7425)
  * Add MongoDB guide, MySQL Cloud SQL guide and other 7.0 docs updates (#7350)
  * integration: Add teletest namespace and instructions for Kubernetes tests (#7447)
  * [firestore] Set the cursor to empty when the end is reached (#7448)
  * Generalize ProxyWatcher to monitor other resources (#7489)
  * Release 7.0.0-beta.1.
  * Remove unnecessary sudo commands (#7505)
  * Add event handler (#7470) (#7485)
  * Update CODEOWNERS
  * Disable nonlocal SetClusterAuditConfig calls (#7465)
  * Introduce Lock resource (#7430)
  * Fixes racy backend test suite (#7481)
  * Use ssh.Signer instead of raw private keys (#7438)
  * Fixed issue that could cause commands to hang.
  * Paginated rpcs - Replace GetNodes with ListNodes (#7415)
  * [v7.0] docs: port of edit pass 7/9 (#7401)
  * docs: port of 7321 (#7399)
  * [v7.0] docs: update steps 2 (#7394)
  * docs: port to 7.0 (#7373)
  * [v7.0] docs: readme fixes (#7393)
  * enable json logging in the config (#6964)
  * Remove AWS OSS Guide Page (#6150)
  * Update API RFD. (#6764)
  * Configure env for teleport-cluster chart (#7167)
  * Allow setting diagnostics address via config file (#6865)
  * aws: Update reference deployments to handle timesearchV2 format (#7435)
  * docs: Fix typo in MacOS Terraform provider instructions (#7426) (#7440)
  * add support for dynamodb backups in helm chart (#7288)
  * Reduce Flakiness in TestAgentForward (#7236)
  * Bump e ref (#7434)
  * Add Video guide to server access page (#7429)
  * bpf: Add build support to FIPS Dockerfile (#7407)
  * Fixes racey tests in `tsh` (#7416)
  * Update tsh join (#7319)
  * drone: Disable CentOS 6 FIPS builds for Teleport 7.0+ (#7408)
  * Adds custom timeout message to SSH sessions (#7120)
  * Automatically download Cloud SQL root certs (#7397)
  * Make CSP more strict (#7390)
  * Fix ping endpoint when proxy has multiple public addrs (#7368)
  * Parse AWS info from RDS/Redshift endpoint (#7385)
  * Update codeowners (#7398)
  * licensed message check changed for application access
  * Fixed error check
  * Update kube.go
  * Update db.go
  * Update db.go
  * db license message
  * app access license message
  * Update kube.go
  * Modify language to say license instead of supports for features
  * hsm: fix CA migration for trusted clusters (#7348)
  * docs: readme updated (#6976)
  * Fix occasional data race when testing dynamically configurable resources (#7374)
  * Add MongoDB database access support (#7213)
  * [auto] Update webassets in master (#7381)
  * drone: Resign pipeline for drone.teleport.dev (#7367)
  * Update e ref. (#7364)
  * Relax ClusterName validation to allow ClusterID migration (#7363)
  * docs: port to 7 (#7361)
  * Add Cloud SQL MySQL support (#7302)
  * CheckAndSetDefaults sets all defaults. (#6846)
  * API version generated file (#7157)
  * Remove SetTTL methods in favor of SetExpiry. (#7234)
  * gRPC conversions - Auth Preference (#7220)
  * Move ClusterID field from ClusterConfig to ClusterName (#7050)
  * Perform event name filtering inside the database in the DynamoDB driver (#7231)
  * Cleans up and moves session recording section (#7341)
  * Add docs section on `provider` field in SSO connectors (#7339)
  * Adds per-node ability to disable ssh TCP forwarding (#6989)
  * Updated OIDC connector to return not found.
  * tsh play --format (#7331)
  * hsm: migrate CA storage schema (#7245)
  * Add workaround for Ping SAML auth requiring signing headers (#7297)
  * Limit event search responses sizes to not exceed gRPC limits (#7266)
  * remove no rbac in oss admonition (#7322)
  * [v7.0] docs: port of edit pass 2/9 (#7173)
  * [v7.0] docs: port of edit pass 3/9 (#7187)
  * [auto] Update webassets in master (#7237)
  * [v7.0] docs: port of edit pass 5/9 (#7316)
  * [v7.0] docs: port of edit pass 1/9 (#7158)
  * Better handle database access HA scenario (#7293)
  * Add gRPC conversion support for BillingCard events (#7303)
  * docs: port from 6.2 (#7300)
  * Downgrade V4 roles to V3 at webapi endpoints (#7289)
  * Turn AuditConfig into a standalone resource (#6997)
  * drone: GOCACHE and `docker:dind` fix, round 2 (#7281)
  * Terraform reference (#7291)
  * Update Teleport Cloud -> Teleport Pro (#7282)
  * define diag ports in helm (#7212)
  * grpc: call trail.ToGRPC from gRPC interceptors (#7217)
  * Add V4 Roles (#7118)
  * Add regexp.replace support in role templates (#7152)
  * teleport-kube-agent: Support multiple installations in a single cluster (#7057)
  * [v7.0] docs: fix dot (#7095)
  * Get startKey from query params and return startKey for clusterSearchEvents (#7228)
  * drone: Add missing GOCACHE path for `make image-ci` (#7206)
  * Remove remaining API aliases (#7137)
  * Make SessionRecordingConfig resource dynamically configurable (#7054)
  * Moves SSH tests to testify/testing package (#7119)
  * Update profile credential loader to work with tsh v6.0. (#7142)
  * [backport 7.0] Correct reference to helm chart in teleport kube agent install (#7209)
  * Move ClusterConfig auth fields into ClusterAuthPreference (#6876)
  * Introduce modules.ValidateResource for Cloud-specific validation (#7092)
  * Update terraform-provider.mdx (#7192)
  * docker-compose: Update default images used to version 6 (#7055)
  * OSS vs Enterprise (#7169) (#7175)
  * Pin dind version and remove GOCACHE from push pipelines (#7193)
  * Added GOCACHE to push pipelines.
  * Remove API aliases (#6983)
  * docs: port of 6871 (#7091)
  * Make ClusterNetworkingConfig resource dynamically configurable (#7013)
  * Emit backward compatible ClusterConfig events (#6836)
  * Skip the app.session.request event from AuditEvent (#7011)
  * Add support to configure `tsh` directory for data  (#7035)
  * Remove the need for `--proxy` for session playback  (#7052)
  * Expand client tests with mock server (#7004)
  * makefile: explicitly set SHELL to /bin/bash
  * Improve Access Request Events  (#6863)
  * Add delay in TestRootLeafIdleTimeout test (#7116)
  * Buddy: https://github.com/gravitational/teleport/pull/6250 (#7165)
  *  Fix file event driver inconsistencies (#7073)
  * Initial terraform guide (#7136) (#7149)
  * Fix flaky DB UT (#7139)
  * Updated Enterprise reference.
  * bpf: Disable failing builds
  * docs: port api changes (#7031)
  * docs: links for gsuite (#7070)
  * Couple app/db access docs updates (#7128)
  * [backport v7] Describe usage of TELEPORT_CONFIG_FILE in faq and cli page for remote tctl usage #6866 (#7067)
  * buddy:  scp Is Not Parsing user@node Properly (#6927)
  * Remove JSON schema validation (#6685)
  * Fix variable shadowing error causing migration slowdown (#7097)
  * rpm: Don't include build-id artifacts in packages (#7080)
  * Support disconnect_expired_cert for database access (#6857)
  * Updated vendoring of tracee/libbpfgo.
  * Move from BCC to libbpf with CO-RE.
  * docs: Update post-release checklist (#7056)
  * Teleport Server Access Intro Video (#7087)
  * docs: Improve label documentation for db_service via teleport-kube-agent (#7077)
  * Improve RFD 24 Dynamo migration efficiency and performance (#7012)
  * keypaths package (#6848)
  * [v7.0] Port of 6.2 Server Access Section (#6936)
  * Ports some integration tests to Testify/Subtests (#6884)
  * Add Demo video to dual-auth and per session mfa (#7063)
  * [auto] Update webassets in master (#6977)
  * teleport-kube-agent: Add support for annotations.serviceAccount (#7060)
  * Updating teleport-quickstart.yml to latest release (#6970)
  * Update AMI IDs for 6.2.0 (#7037)
  * Make utmp support best-effort
  * Stop registering a Kubernetes cluster named after the Teleport cluster (#6786)
  * Allow users impersonating database service generate database certs (#7024)
  * helm: Don't package/update old teleport chart (#6902)
  * Log traits to role mapping warnings on case-insensitive matches (#6209)
  * docker: Restore Firestore emulator (#6901)
  * changelog: add a note about DynamoDB migration performance in 6.2.0
  * Return unique kube cluster names when retrieving for ui display (#7002)
  * Resolve test issues and event driver bugs (#6990)
  * Variable exporting fix on AWS Terraform Guide (#6973)
  * docs: delay 6.2 release on upcoming releases page
  * Fixed IBM Cloud AppID SSO integration.
  * Fix tclt --auth-servers flag panic. (#6980)
  * Update tctl docs to include new global flags and remote functionality. (#6771)
  * Updated CHANGELOG.md.
  * mfa: user server instead of log context.Context for audit events
  * docs: improve best practices (#6809)
  * RFD 28: Cluster configuration related resources (#6472)
  * Add event handler for access request review event (#6966)
  * helm: Fix antiAffinity in teleport-cluster (#6944)
  * [v7.0] docs: update certbot section (#6697)
  * [v7.0] docs: update version in install and getting started guides #6810 (#6853)
  * docs: port make language consistent for versions (#6854)
  * docker: Override GOMODCACHE to always use a writable location (#6899)
  * Update test plan (#6934)
  * Applying suggestion
  * Re-enables `--k8s-users` & `--k8s-groups` in tctl users add
  * Buddy: Exit non-zero on tsh status for scripting. (#6957)
  * Update test plan (#6947)
  * docs: Update docker tags to use latest 7.x version tag (#6911)
  * mfa: strip trailing newline when reading TOTP codes (#6948)
  * Handle UserUpdatedEvent in event deserialization code (#6949)
  * Introduce SessionRecordingConfig extracting fields from ClusterConfig (#6708)
  * [auto] Update webassets in master (#6921)
  *  etcd: use a separate connection to check peer versions (#6905)
  * Add `tctl rm cap` for resetting cluster auth preference to defaults (#6801)
  * lazy init of prometheus collectors (#6561)
  * AuditLog/grpc server data race (#6170)
  * Application and database access documentation updates (#6932)
  * Bump e-ref (#6925)
  * Add kube/db ui testing steps to test plan (#6926)
  * make update-vendor: run 'go mod tidy' in api/
  * Add CheckAndSetDefaults call to UnmarshalAuthPreference (#6898)
  * Add missing database cli flags (#6739)
  * Update e ref to master (#6906)
  * Implement RFD 19: Event Iteration API (#6731)
  * tsh: Return more descriptive error on unimplemented grpc server method (#6812)
  * Fix typo in trusted clusters docs (#6904)
  * helm: Fixes for Linux/Mac interoperability (#6891)
  * Don't pull docsbox image if it's already present (#6228)
  * Remove http.NoBody check for web renew token endpoint (#6893)
  * RFD 21 (Cluster Routing): Mark as implemented (#6835)
  * helm: Adds 'aws', 'gcp', 'standalone' and ‘custom’ modes to `teleport-cluster` chart (#6344)
  * docs: Add Helm guides (#6390)
  * Update lib/client/api.go
  * Review feedback
  * More review additions
  * Review feedback
  * Doc fix
  * Addressing review feedback
  * Addressing review feedback
  * Address review feedback
  * Adds concurrent default-port selection to `tsh`
  * Add sudo to systemd example commands (#6603)
  * Add `session_recording` field to session start and end event (#6664)
  * Forbids use of --insecure in FIPS mode (#6191)
  * Move CheckAndSetDefaults definition to types.Resource (#6825)
  * Revert TLS cert usage for database certs
  * client: set TLS certificate usage for k8s/app/db certs (#6824)
  * Update admin-guide.mdx Teleport Upgrade section for clarity around the 4.4.x to 5.x transition (#6841) (#6842)
  * Making log lines proper sentences. (#6772)
  * YAML formatting (#5817)
  * Update CODEOWNERS
  * Update CODEOWNERS
  * Update locks.tf (#6798)
  * Gives inline info for Google Service account for SSO (#6728)
  * mfa: fix startup crash when SSO users with MFA expire (#6779)
  * Generate MinClientVersion based on server Version (#6018)
  * docs: update merge-kubeconfigs.sh reference to master
  * Emit session end event when completer finishes upload  (#6756)
  * Align atomics to prevent segmentation faults on ARMv7 (#6711)
  * Stop changing kube context by default on tsh login (#6721)
  * Introduce ClusterNetworkingConfig extracting fields from ClusterConfig (#6638)
  * Add GetNode endpoint. (#6539)
  * Implements RFD-0022 - OpenSSH-compatible Agent Forwarding (#6525)
  * Remove whitespace
  * Add configure u2f for mfa test and add switchback test
  * Edits
  * Edits
  * Update test plan for access request and mfa
  * Handle missing IdP trait in PAM interpolation. (#6558)
  * Use cmp.Equal instead of manual Equals methods (#5828)
  * Add app access headers rewrite (#6601)
  * RFD 12: clarify that the versioning scheme is not strict (#6518)
  * Fix error in docs (#6070)
  * Implement RFD 24 for alternative DynamoDB event indexing (#6583)
  * Delete user k8s, etc. certificates on re-issue (#6492)
  * Clarify node connection debug logs. (#6722)
  * Check cloud feature before setting billing access for web (#6537)
  * Create GET db and kube list web handlers (#6672)
  * Updated CHANGELOG.md.
  * [auto] Update webassets in master (#6723)
  * ami: Update InfluxDB version to 1.8.5 (#6741)
  * Updated TLS handshake timeout.
  * Fix non-interactive ssh output in teleport log
  * Remove webassets.zip file before builds in Makefile (#6595)
  * Upgrade api's trace dependency to 1.1.15 (#6341)
  * mfa: only reject last device deletion of correct type (#6656)
  * Update README.md (#6712)
  * Delete unused RoleWeb
  * Fix missing quotes in CLI Adoption Survey (#6648)
  * docs: renamed (#6624)
  * docs: correct tables (#6618)
  * Draft account lifecycle (#6473)
  * Proxy line support for mysql (#6594)
  * kube: handle large number of trusted clusters in mTLS handshake (#6519)
  * docs: add a version disclaimer to per-session MFA guide (#6626)
  * Switch to tiles (#6611) (#6660)
  * docs: bump 6.2 release date to May 21st (#6652)
  * mfa: cancel TOTP prompt if U2F was used (#6542)
  * k8s: add merge-kubeconfigs.sh script (#5677)
  * Propagate external traits to leaf clusters (#6540)
  * Teleport opt-in adoption survey (#5505)
  * gRPC conversions - Nodes (#6535)
  * [auto] Update webassets in master (#6646)
  * Add additional Prometheus Metrics (#6511)
  * docs: reword (#6629)
  * mfa: prevent the user from deleting the last MFA device (#6585)
  * mfa: better OTP registration flow on CLI (#6567)
  * Fix test requiring gcp credentials (#6608)
  * Handle `tctl get`'s input ref more strictly (#5818)
  * RFD 16: Specify RBAC verbs needed for the tctl operations (#6463)
  * Update descriptions for labels and diag-addr parameters for Teleport (#5762)
  * Fix doc comment for Rule.HasVerb (#6598)
  * [v7.0] Merge style guide into docs (#6577)
  * Provide a dedicated API endpoint for app FQDN resolving (#6449)
  * Add redshift auth support to database access (#6479)
  * Add `tctl create cap` for dynamically configuring cluster auth preference (#5635)
  * Create SECURITY.md
  * Revert "Node session race (#6195)"
  * Improve error message for timeout errors (#6343)
  * forward-port 6.1.2 CHANGELOG (#6553)
  * Node session race (#6195)
  * [v7.0] Backport of editorial changes from v6.1 (#6564)
  * Update Go version requirement in README (#6555)
  * Adds releases preview (#6533)
  * [v6.1] Editorial Pass/Review - Home (#6544)
  * [auto] Update webassets in master (#6532)
  * Adding postgres_public_addr and mysql_public_addr (#6426)
  * docs: fix typos in sample roles in MFA guide
  * Enforce strict teleport.yaml validation (#6520)
  * Update Dockerfile (#6499)
  * Update per-session-mfa.mdx (#6531)
  * correct dir reference in build instrs for slack plugin (#6527)
  * Misspelling (#6503)
  * Teleport Slackbot for latest slackbot (#6522)
  * Improve process connection error handling and logging (#6471)
  * Refactor api package and docs to use pkg.go.dev effectively. (#6388)
  * Remove teleconsole reference in README (#6509)
  * Convert types.AuthPreference into a proto definition (#6510)
  * Wait for key agent to stop between key agent tests to improve reentrancy (#5342)
  * RFD-0022: Key Agent Forwarding (#6168)
  * [web] Add ability to switchback to default roles/expiry (#6373)
  * Revert "[web] Check for cloud feature before setting billing access (#6465)" (#6500)
  * oidc: allow non-GSuite OIDC providers from Google (#5820)
  * Update Terraform examples provider (#6332)
  * set correct auditlog instead of discard (#6431)
  * Update region list for AWS AMI publishing (#6282)
  * RFD 0: elaborate the deprecated state (#6468)
  * RFD 25: Hardware security module (HSM) support
  * Fix missing $ in token example (#6482)
  * [v7] cloud getting started updates (#6481)
  * [web] Check for cloud feature before setting billing access (#6465)
  * remove grafana pass var repeat
  * Always generate user certificates with RouteToCluster (#6115)
  * Implement alternative reverse tunnel address support and add a test case. (#6056)
  * Update README.md
  * Update README.md
  * Update README.md
  * Update README.md
  * Update README.md
  * Update README.md
  * Update README.md
  * Phrase review the main README.md file
  * Update go-client to user new API client with tsh profile loader. (#6310)
  * Moves license_file to the correct section and adds unit test (#6420)
  * tctl: Return error if profile key is not for the root cluster (#6450)
  * Move introductions to the appropriate sections (#6456)
  * Fix infinite recursion in client.Config.WebProxyHostPort
  * Test flakes: use ordering tests for keep alives (#5358)
  * Capture postgres extended protocol messages in audit log (#6303)
  * [auto] Update webassets in master (#6436)
  * Added reverse tunnel port info to teleport-kube-agent readme (#5621)
  * RFD 0026 - Custom Approval Conditions (#5071)
  * Update docs on oidc prompt logic for 6.1+. (#6427)
  * RFD 24: DynamoDB Audit Event Overflow Handling (#6359)
  * Forward-port 6.1.1 CHANGELOG (#6417)
  * RFD 16: Reserve the `origin` label for system use (#6157)
  * drone: allow ARM builds in reprepro config (#6392)
  * Set status of RFD 18 to implemented. (#6358)
  * Add new syntax description to the docs (#6384)
  * Rename images to match logical pixels (#6381)
  * Add OpenSSH Video (#6371)
  * Documents dual authz with Mattermost (#6400)
  * Updated CHANGELOG.md. (#6345)
  * Update some variables and links (#6367)
  * Documents impersonation (#6293) (#6365)
  * Added Cloud Billing FAQ (#6363)
  * docs: document per-session MFA feature (#6285)
  * client: load all SSH certs when connecting to proxy
  * helm: Improve linting and add log level override (#6330)
  * improve cert rotation periodics
  * Add DialOpts and CallOpts to API client. (#6301)
  * Fix tctl profile loading logic by adding WithSSHCerts certOption. (#6336)
  * Always set an AuditLog (#6326)
  * Propogate user not found error from authenticater. (#6304)
  * web: fix AccessRequest loading on user cert reissue (#6264)
  * v7.0 syntax update (#6314)
  * [auto] Update webassets in master (#6324)
  * Update Google Workspace and Okta Docs (#6267)
  * [auto] Update AMI IDs for 6.0.2 (#6283)
  * add fix
  * Remove unused * from Roles output.  This was a leftover from a old message about roles and enterprise version. (#6258)
  * Close leaky direct client. (#6297)
  * tsh: handle missing cluster name in profile (#6257)
  * Don't use OpaqueAccessDenied with CheckAccessToRule (#6246)
  * Make authToken optional if secret exists (#6273)
  * Revert "darwin fips builds (#5866)" (#6265)
  * Delete obsolete stored keys in LocalKeyAgent.AddKey (#6251)
  * Fix regression bug for DynamoDB scaling policy names  (#6259)
  * Adds encrypted token docs (#6266) (#6269)
  * dronegen: add buildboxes (#6197)
  * GitLab Instructions for SSO (#6190) (#6262)
  * Ensure webassets are present when running 'make full' on a fresh clone (#6231)
  * Parse all CAs in CertPoolFromCertAuthorities
  * Refactor ssh.ClientConfig used by tctl and API clients to use the first valid principal as User.
  * Update Architecture Overview With Link To User Roles (#6224)
  * Add `lint-api` target and fix lint errors (#6169)
  * ssh: fix relogin with jumphosts (#6213)
  * drone: use emptyDir for /var/lib/docker filesystem and prevent repetitive docker pulls (#6145)
  * Remove ARM64 FIPS builds (#6236)
  * tsh Profile SSH certs fix (#6214)
  * mfa: fix gRPC unimplemented check in cert reissue
  * Open Sources Access Controls Docs (#6188) (#6217)
  * add PAM environment with interpolation support
  *  Cache per-cluster SSH certificates under ~/.tsh (#5938)
  * add special resource type for access plugin data
  * Enable DynamoDB autoscaling on global secondary indices (#6112)
  * darwin fips builds (#5866)
  * kube: add kubernetes_labels to role JSON schema
  * mfa: send username instead of SSH login name in MFA cert request
  * fix nil slice bug
  * RFD 16: Add a section on `tctl rm` resetting resources back to defaults (#5673)
  * Update application access docs (#6055) (#6137)
  * Bump linux FIPS builds to use go1.16.2b7 release (#6143)
  * [auto] Update webassets in master (#6185)
  * Convert Token CRUD endpoints to gRPC. (#6105)
  * Convert Trusted Cluster CRUD endpoints to gRPC. (#6103)
  * [auto] Update webassets in master (#6135)
  * Embed webassets natively into teleport instead of attaching to the binary (#5935)
  * gRPC conversions - GithubConnector (#6101)
  * Test PR. (#6182)
  * gRPC conversions - SAMLConnector (#6100)
  * gRPC conversions - OIDCConnector (#6067)
  * ignore dangling tunnel conns
  * Added RFD for Cluster Routing. (#5566)
  * Remove duplicate sshutils package from merge failure. (#6165)
  * Profile credentials dialer fix (#6122)
  * Combine common crud proto messages into generic messages in types.proto. (#6058)
  * Allow file argument with tsh play  (#5984)
  * Make SSO login failure event emit more specific errors (#6108)
  * mfa: per-session U2F challenge for web SSH (#6098)
  * Add Kubernetes follow along video  (#6134)
  * Move usage of predicate package out of api. (#6136)
  * Set suggested reviewers field to the UI user context struct (#5467)
  * custom approval conditions
  * mfa: don't check MFA for teleport services in UpsertKubeService (#6129)
  * Skip enumerating keys when cluster name is empty (#5942)
  * Pass context through new gRPC converted endpoints. (#6118)
  * Define cloud billing event types and codes (#6037)
  * Add Credential loader support for tsh profiles. (#5993)
  * u2f: add optional attestation cert validation (#6057)
  * drone: Add ARM/ARM64 package builds (#6106)
  * API client connection overhaul (#5625)
  * dronegen: drone config generator (#6071)
  * Add Postgres Cloud SQL support (#5941)
  * App access cli flow (#5918)
  * Fix app access websockets support (#6072)
  * Properly marks k8s stream complete on error exit (#6068)
  * Fix an issue with impersonating SSO users (#6076)
  * Enforce valid UTF8 keys on all backends.
  * Adds controls for impersonation requests. (#6009) (#6073)
  * Move linter config to .golangci.yml and remove surplus Makefile lines (#6052)
  * Remove .bash suffix from bats includes to enable compatibility with older versions (#6053)
  * Updated with 6.0 video (#6065)
  * Edits to getting started guide (#6038)
  * updating the reference yaml for clarity and completeness (#6040)
  * mfa: handle older servers during IsMFARequired RPC from tsh (#6039)
  * Address review feedback
  * Avoid data race in audit writer test by syncing close with shutdown of event processing goroutine
  * Augment checking stream/streamer and AuditWriter with cluster name detail to automatically populate the field upon event emission.
  * mfa: add cluster-level require_session_mfa option (#5939)
  * added rfd 19 add example query to rfd 19
  * implement rfd 18
  * Optimize images (#6019)
  * Add support for building ARM/ARM64 RPM/DEB packages (#5937)
  * Added benches for GetNodes and GetClusterDetails.
  * Add unit tests to teleport-generate-config AMI script (#5682)
  * Add empty token check for 2fa optional type for web logins(#5995)
  * Fix unit-tests by updating ceritificates in fixtures (#6012)
  * Format logs and remove timestamp from default log format (#5979)
  * Update README.md (#5901)
  * Getting started with Kubernetes (#5981)
  * Updated to highlight default port for the plugin. (#5985)
  * Update README.md (#5989)
  * Updates starter-cluster to Terraform 0.14 (#5535)
  * Update Teleport Access Workflows Docs (#5930)
  * Update Helm charts to use Teleport 6 by default (#5983)
  * Adding keepalive parameters to configuration file (#5910)
  * Update mysql self hosted docs (#5912)
  * Creates preset roles (#5960)
  * Add google_service_account inline field option for Google Workspace/GSuite OIDC (#5563)
  * Update VERSION on master to v7.0.0-dev (#5931)
  * Address review comments
  * Remove proto-based ServerV2 implementation of DeepCopy in favor of the manual implementation to avoid issues with proto-based type merge panics.
  * Format Logs and add timestamp to logging output option  (#5898)
  * add support for encrypted saml assertions with a seperate x509 pair
  * log agent forwarding failure at warn (#5907)
  * Fix broken link to video in docs (#5955)
  * [auto] Update webassets in master (#5957)
  * Add version header check in Marshalers (#5768)
  * Move redirects to docs config (#5950)
  * Update application-access.mdx (#5944)
  * mfa: unhide 'tsh mfa' commands and add docs (#5932)
  * Add Features and PublicAddrs to PingResponse (#5742)
  * Convert Role endpoints to gRPC. (#5458)
  * mfa: per-session MFA certs for SSH and Kubernetes (#5564)
  * Add Billing Access to default admin role (#5925)
  * Add teleport:6 nightly Docker image (#5896)
  * Update release table to 6.0.0 (#5851)
  * Update Kubernetes Access docs (#5865) (#5933)
  * grpc: use the regular buildbox and bump gogoproto version (#5879)
  * Add 'make update-webassets' script (#5853)
  * RFD 12: add git branching details (#5888)
  * mfa: reuse the same challenge for all U2F devices (#5837)
  * Run next linter on docs PRs (#5908)
  * Fix --insecure-no-tls flag (#5924)
  * Moves loadCredsFromProfile to OSS (#5891)
  * Update getting started to 6.0.1 (#5890) (#5914)
  * [auto] Update AMI IDs for 6.0.1 (#5894)
  * Lint markdown files syntax for master with the new linter (#5881)
  * Publish teleport-cluster Helm chart (#5895)
  * Fixes ACME default configuration (#5839) (#5877)
  * Fix ADFS provider and add debug message.
  * Sasha/ev readme (#5884)
  * mfa: add WithMFA to session-related audit events (#5833)
  * docs: add homebrew version compatibility note (#5613)
  * Run firestore tests as part of build.assets test target (#5830)
  * [auto] Update webassets in master (#5850)
  * mfa: audit events for adding/removing devices (#5665)
  * Update docs structure (#5849)
  * update e (#5786)
  * Remove args as these can be deduced automatically
  * Quote the address arguments to avoid issues with formats that use symbols that require escaping
  * Use non-greedy Mkdir variant and add a test-case for non-existing remote location with intermediate directories
  * Add more test coverage for sink mode
  * Check whether . is a base directory directly
  * Use correct target directory path. Handle target directory/file renames.
  * Update CHANGELOG.md
  * Fix db server test data race (#5832)
  * Updated CHANGELOG.md.
  * mfa: delete user MFA devices on account reset (#5805)
  * Include CA cert file path in the error message
  * Get rid of unnecessary var declarations
  * Fix support for insecure etcd mode
  * Remove support for migrating from legacy etcd prefix (#5798)
  * Add "billing_information" RBAC resource  (#5676)
  * Fixed build failure for non-Linux platforms. (#5800)
  * fix #5783 utmp regression on macos (#5784)
  * Don't defer Close calls on writable files
  * [auto] Update webassets in andrej/master/security-fixes
  * Prevent AAP login CSRF with OAuth-style state tokens
  * Set cookies with '__Host-' prefix
  * Set stricter HTTP Content-Security-Policy directives
  * Assemble safe FQDN values for AAP redirects
  * Introduce utils.ReadAtMost to prevent resource exhaustion
  * Check CA expiration status when joining a cluster
  * Add obfuscation to diagnostic metrics
  * Fix AAP headers injection
  * Fix CLI content spoofing through access request reason
  * Require initialized TLS config in utils.TLSDial
  * Fix existence leak of label-restricted resources
  * Propagate the mapped local user identity via auth.Context (#5794)
  * fix last output timestamps on some systems
  * docs: clarify why etcd doesn't store audit events
  * Remove categories in favor of using labels instead.
  * Update Issue Templates.
  * Update ssh-kubernetes-fedramp.mdx
  * [tctl] Don't explicitly set value for config path and preserve backwards compatibility (#5731)
  * Fixed a typo in GCP documentation
  * Added RFD 18: Agent loading.
  * Update rfd/0008-application-access.md
  * Update 0008-application-access.md
  * Update old proxy version detection algorithm
  * Sasha/newlines (#5738)
  * Adds public_addr when using ACME (#5734)
  * [auto] Update webassets in master (#5735)
  * Make /lib/web tests more reliable (#5703)
  * testplan: add MFA management tests (#5661)
  * testplan: update EKS/GKE testing steps (#5662)
  * Add database access manual test plan (#5664)
  * utmp fix for symlinked path
  * Downgrades admin OSS role (#5710)
  * add utmp to manual test plan
  * Adds a Slack channel and a forum
  * Hide the k8s cluster defaulting error log on login
  * Update CHANGELOG.md for 6.0.0-rc.1 (#5689)

-------------------------------------------------------------------
Sat Feb 12 20:48:45 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- split up into three packages: teleport aka server/daemon, teleport-tctl and teleport-tsh

-------------------------------------------------------------------
Sat Feb 12 08:10:06 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- new package teleport: Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.