Release 18.2.10

[aadc-dev]

Release 18.2.10

• Fixed a bug where listing members of an access list results in listing members of access lists which have names prefixed with the original access list name. This may lead to RBAC escalations. #60587
• Fixed a startup error EADDRINUSE: address already in use in Teleport Connect on macOS and Linux that could occur with long system usernames. #60576
• Fixed an issue where the eligibility reconsideration flow could continuously reset the Owner’s eligibility status when the Access List contains a dangling reference to a non-existent user. #60575
• Fixed Username AccessList name collision. #60563
• Playback speed can be changed in the new SSH/k8s recording player. #60451
• Adapts EC2 Server auto discovery to send the correct parameters when using the AWS-RunShellScript pre-defined SSM Document. #60434
• Updated tsh debug output to include tsh client version when --debug flag is set. #60407
• Updated LDAP dial timeout from 15 seconds to 30 seconds. #60388
• Fixed a bug that prevented using database role names longer than 30 chars for MySQL auto user provisioning. Now role names as long as 32 chars, which is the MySQL limit, can be used. #60377
• Fixed a bug in Proxy Recording Mode that causes SSH sessions in the WebUI to fail. #60369
• Added extraEnv and extraArgs to the teleport-operator helm chart. #60357
• Fixed issue with inherited roles interfering with auto role provisioning cleanup in Postgres. #60345
• Fixed malformed audit events breaking the audit log. #60334
• Enabled use of schedules within automatic review and notification access_monitoring_rules. #60327
• Fixed an issue that caused Kubernetes debug containers to fail with a “container not valid” error when launched by a user requiring moderated sessions. #60302
• Added tbot start ssh-multiplexer helper to start the SSH multiplexer service without a config file. #60287
• Fixed "The server-side graphics subsystem is in an error state" during connection initialization to Windows Desktop. #60285
• Fixed a bug where SSH host certificates are missing the <hostname>.<clustername> principal, breaking SSH access via third-party clients. #60276
• Reduces the memory usage when processing a session recording by ~80%. #60275
• Fixed AWS CLI access when using the AWS Roles Anywhere integration. #60227
• Fixed an issue in Teleport Connect where Ctrl+D would sometimes not close a terminal tab. #60221
• Updated error messages displayed by tsh ssh when access to hosts is denied and when attempting to connect to a host that is offline or not enrolled in the cluster. #60215
• Added editing bot description to the web UI. #60212
• Added support for PodSecurityContext to tbot helm chart. #60206
• MWI: Add teleport_bot_instances metric. #60196
• The tbot Workload API now logs errors encountered when handling requests. #60193
• Added explicit timeout to tbot when the Trust Bundle Cache is establishing an event watch. #60182
• Fixed a bug where OpenSSH EICE node connections would fail. #60124
• Updated Go to 1.24.9. #60108
• Fixed SFTP audit events breaking the audit log. #60069
• Fixed Access List owners permission inheritance when the nesting depth is one. (Members of an Access List configured as an Owner of another Access List). #60056
• Added support for loading bound keypair joining parameters from the environment. #60031
• Deleting an AWS OIDC integration will remove associated Teleport Discovery Configs and App servers that reference the integration. #60018
• Fixed selinux warning in teleport-update output and error during remove. #59997
• Fixed tsh scp getting stuck in symlink loops. #59994
• Fixed handling of local tsh scp targets that contain a colon. #59981
• Fixed EC2 auto discovery report of failed installations. #59972
• Fixed issue where temporarily unreachable app servers were permanently removed from session cache, causing persistent connection failures: no application servers remaining to connect. #59956
• Fixed the issue with automatic access requests for tsh ssh when spec.allow.request.max_duration is set on the requester role. #59924
• Fixes a bug with the check for a running Teleport process in the install-node.sh script. #59887
• Fixed handling SFTP file transfers when the SSH agent is enforced by SELinux. #59874
• Periods of inactivity in SSH session playback can now be skipped. #59701

[github-actions]

Amplify deployment status

Branch	Commit	Job ID	Status	Preview	Updated (UTC)
release/18.2.10	921ebcb	3	✅SUCCEED	release-18-2-10	2025-10-24 19:21:42

[fheinecke]

Please bump the e ref, and include the changelog for this version in the PR body. I'll update the release docs on Notion to mention this as well.