Skip to main content

Teleport Upcoming Releases

Teleport releases a new major version approximately every 4 months, and provides security-critical support for the current and two previous major versions. With our typical release cadence, we usually support each major version for 12 months.

Teleport

We plan to release the following versions in the coming months:

VersionDate
18.1.0Week of August 4, 2025

We continue to support the following major versions of Teleport:

ReleaseRelease DateEOLMinimum tsh version
v18.xJuly 3, 2025August 2026v17.0.0
v17.xNovember 16, 2024February 2026v16.0.0
v16.xJune 14, 2024October 2025v15.0.0

18.1.0

Encrypted session recordings

Teleport will provide the ability to integrate with Hardware Security Modules (HSMs) in order to encrypt session recordings prior to uploading them to storage.

VNet for SSH

Teleport VNet will add native support for SSH, enabling any SSH client to connect to Teleport SSH servers with zero configuration. Advanced Teleport features like per-session MFA will have first-class support for a seamless user experience.

Identifier-first login

Teleport will add support for identifier-first login flows. When enabled, the initial login screen will contain only a username prompt. Users will be presented with the SSO connectors that apply to them after submitting their username.

Bound keypair joining for Machine ID

The new bound keypair join method for Machine ID is a more secure and user-friendly alternative to token joining in both on-prem environments and cloud providers without a delegated join method. It allows for automatic self-recovery in case of expired client certificates and gives administrators new options to manage and automate bot joining.

Sailpoint SCIM integration

Teleport will support Sailpoint as a SCIM provider allowing to synchronize Sailpoint entitlement groups with Teleport access lists.

Improved access requests UX

Teleport web UI will make a better distinction between just-in-time and long-term access request UX.

Teleport Cloud

The key deliverables for Teleport Cloud in the next quarter:

Week ofDescription
August 11, 2025Teleport 18.1 will begin rollout on Cloud.
August 11, 2025Teleport 18.1 agents will begin rollout to eligible tenants.

Production readiness

Teleport follows semantic versioning for pre-releases and releases.

Pre-releases

Pre-releases of Teleport (versions with suffixes like -alpha, -beta, -rc) should not be run in production environments.

Pre-releases of Teleport are great for testing new features, breaking changes, and backwards incompatibility issues either in development or staging environments.

Major Releases

Major releases look like 18.0.0.

Major releases of Teleport contain many large new features and may contain breaking changes.

Due to the scope and quantity of changes in a major release, we encourage deploying to staging first to verify your usage pattern has not changed.

Minor Releases

Minor releases look like 18.X.0.

Minor releases of Teleport typically contain smaller features and improvements. Minor releases can typically be deployed directly to production.

Most customers upgrade to the next major version of Teleport during the first minor release, such as 18.1.0.

Patch Releases

Patch releases contain small bug fixes and can typically be deployed directly to production.

Version compatibility

Teleport uses Semantic Versioning. Version numbers include a major version, minor version, and patch version, separated by dots. When running multiple teleport binaries within a cluster, the following rules apply:

  • Servers support clients that are one major version behind, but do not support clients that are on a newer major version. For example, an 8.x.x Proxy Service instance is compatible with 7.x.x agents and 7.x.x tsh, but we don't guarantee that a 9.x.x agent will work with an 8.x.x Proxy Service instance. This also means you must not attempt to upgrade from 6.x.x straight to 8.x.x. You must upgrade to 7.x.x first.
  • Proxy Service instances and agents do not support Auth Service instances that are on an older major version, and will fail to connect to older Auth Service instances by default. For example, an 8.x.x Proxy Service or agent is not compatible with an 7.x.x Auth Service.