Teleport Upcoming Releases
Teleport releases a new major version approximately every 4 months, and provides security-critical support for the current and two previous major versions. With our typical release cadence, we usually support each major version for 12 months.
Teleport
We plan to release the following versions in the coming months:
| Version | Date |
|---|---|
| 18.1.0 | Week of August 4, 2025 |
We continue to support the following major versions of Teleport:
| Release | Release Date | EOL | Minimum tsh version |
|---|---|---|---|
| v18.x | July 3, 2025 | August 2026 | v17.0.0 |
| v17.x | November 16, 2024 | February 2026 | v16.0.0 |
| v16.x | June 14, 2024 | October 2025 | v15.0.0 |
18.1.0
Encrypted session recordings
Teleport will provide the ability to integrate with Hardware Security Modules (HSMs) in order to encrypt session recordings prior to uploading them to storage.
VNet for SSH
Teleport VNet will add native support for SSH, enabling any SSH client to connect to Teleport SSH servers with zero configuration. Advanced Teleport features like per-session MFA will have first-class support for a seamless user experience.
Identifier-first login
Teleport will add support for identifier-first login flows. When enabled, the initial login screen will contain only a username prompt. Users will be presented with the SSO connectors that apply to them after submitting their username.
Bound keypair joining for Machine ID
The new bound keypair join method for Machine ID is a more secure and user-friendly alternative to token joining in both on-prem environments and cloud providers without a delegated join method. It allows for automatic self-recovery in case of expired client certificates and gives administrators new options to manage and automate bot joining.
Sailpoint SCIM integration
Teleport will support Sailpoint as a SCIM provider allowing to synchronize Sailpoint entitlement groups with Teleport access lists.
Improved access requests UX
Teleport web UI will make a better distinction between just-in-time and long-term access request UX.
Teleport Cloud
The key deliverables for Teleport Cloud in the next quarter:
| Week of | Description |
|---|---|
| August 11, 2025 | Teleport 18.1 will begin rollout on Cloud. |
| August 11, 2025 | Teleport 18.1 agents will begin rollout to eligible tenants. |
Production readiness
Teleport follows semantic versioning for pre-releases and releases.
Pre-releases
Pre-releases of Teleport (versions with suffixes like -alpha, -beta, -rc)
should not be run in production environments.
Pre-releases of Teleport are great for testing new features, breaking changes, and backwards incompatibility issues either in development or staging environments.
Major Releases
Major releases look like 18.0.0.
Major releases of Teleport contain many large new features and may contain breaking changes.
Due to the scope and quantity of changes in a major release, we encourage deploying to staging first to verify your usage pattern has not changed.
Minor Releases
Minor releases look like 18.X.0.
Minor releases of Teleport typically contain smaller features and improvements. Minor releases can typically be deployed directly to production.
Most customers upgrade to the next major version of Teleport during the first minor release, such as 18.1.0.
Patch Releases
Patch releases contain small bug fixes and can typically be deployed directly to production.
Version compatibility
Teleport uses Semantic Versioning. Version numbers
include a major version, minor version, and patch version, separated by dots.
When running multiple teleport binaries within a cluster, the following rules
apply:
- Servers support clients that are one major version behind, but do not support
clients that are on a newer major version. For example, an 8.x.x Proxy Service
instance is compatible with 7.x.x agents and 7.x.x
tsh, but we don't guarantee that a 9.x.x agent will work with an 8.x.x Proxy Service instance. This also means you must not attempt to upgrade from 6.x.x straight to 8.x.x. You must upgrade to 7.x.x first. - Proxy Service instances and agents do not support Auth Service instances that are on an older major version, and will fail to connect to older Auth Service instances by default. For example, an 8.x.x Proxy Service or agent is not compatible with an 7.x.x Auth Service.