Apache Traffic Control - Current Release



Apache Traffic Control 6.0.1 - November 8th, 2021

Apache Traffic Control 6.0.1 is available here:

Release Notes

Traffic Ops

Added
  • #2770 Added validation for httpBypassFqdn as hostname in Traffic Ops

Fixed
  • #6125 - Fix /cdns/{name}/federations?id=# to search for CDN.
  • #6285 - The Traffic Ops Postinstall script will work in CentOS 7, even if Python 3 is installed
  • #5373 - Traffic Monitor logs not consistent
  • #6197 - TO /deliveryservices/:id/routing makes requests to all TRs instead of by CDN.
  • Traffic Ops: Sanitize username before executing LDAP query

Changed
  • #5927 Updated CDN-in-a-Box to not run a Riak container by default but instead only run it if the optional flag is provided.
  • Changed the DNSSEC refresh Traffic Ops API to only create a new change log entry if any keys were actually refreshed or an error occurred (in order to reduce changelog noise)

Signing Keys

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the `ASC` signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using:


% pgpk -a KEYS % pgpv apache-trafficcontrol-4.1.0.tar.gz.asc

or

% pgp -ka KEYS
% pgp apache-trafficcontrol-4.1.0.tar.gz.asc

or

% gpg --import KEYS
% gpg --verify apache-trafficcontrol-4.1.0.tar.gz.asc apache-trafficcontrol-4.1.0.tar.gz
 

$ gpg --verify apache-trafficcontrol-4.1.0.tar.gz.asc apache-trafficcontrol-4.1.0.tar.gz
gpg: Signature made Tue Feb 11 09:38:30 2020 MST
gpg:                using RSA key BF4A8D7307B8EEC7BFB4D8CB8A0712500C70C06E
gpg: Good signature from "Rawlin Peters (apache signing key) <rawlin@apache.org>" [ultimate]

Additionally, you should verify the SHA signature on the files. A unix program called `sha` or `shasum` is included in many unix distributions. It is also available as part of GNU Textutils. An MD5 signature (deprecated) consists of 32 hex characters, and a SHA512 signature consists of 128 hex characters. Ensure your generated signature string matches the signature string published in the files above.


Past Releases

Apache Traffic Control 5.1.4 - November 8th, 2021

Apache Traffic Control 5.1.4 is available here:

Release Notes

Added

  • Traffic Ops: added a feature so that the user can specify maxRequestHeaderBytes on a per delivery service basis
  • Traffic Router: log warnings when requests to Traffic Monitor return a 503 status code
  • #5344 - Add a documentation page that addresses migrating from Traffic Ops API v1 for each endpoint
  • Added API endpoints for ACME accounts
  • Traffic Ops: Added validation to ensure that the cachegroups of a delivery services' assigned ORG servers are present in the topology
  • Traffic Ops: Added validation to ensure that the weight parameter of parent.config is a float
  • Traffic Ops Client: New Login function with more options, including falling back to previous minor versions. See traffic_ops/v3-client documentation for details.
  • #5395 - Added validation to prevent changing the Type any Cache Group that is in use by a Topology
  • Added license files to the RPMs
  • Atscfg: Added a rule to ip_allow.config such that PURGE requests are allowed over localhost

Fixed

  • Traffic Ops: Sanitize username before executing LDAP query
  • #5296 - Fixed a bug where users couldn't update any regex in Traffic Ops/ Traffic Portal
  • Traffic Portal: #5317 - Clicking IP addresses in the servers table no longer navigates to server details page.
  • #5445 - When updating a registered user, ignore updates on registration_sent field.
  • #5335 - Don't create a change log entry if the delivery service primary origin hasn't changed
  • #5333 - Don't create a change log entry for any delivery service consistent hash query params updates
  • #5341 - For a DS with existing SSLKeys, fixed HTTP status code from 403 to 400 when updating CDN and Routing Name (in TO) and made CDN and Routing Name fields immutable (in TP).
  • #5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
  • #5284 - Fixed error message when creating a server with non-existent profile
  • #5287 - Fixed error message when creating a Cache Group with no typeId
  • #5382 - Fixed API documentation and TP helptext for "Max DNS Answers" field with respect to DNS, HTTP, Steering Delivery Service
  • #5396 - Return the correct error type if user tries to update the root tenant
  • #5378 - Updating a non existent DS should return a 404, instead of a 500
  • Fixed a potential Traffic Router race condition that could cause erroneous 503s for CLIENT_STEERING delivery services when loading new steering changes
  • #5195 - Correctly show CDN ID in Changelog during Snap
  • #5438 - Correctly specify nodejs version requirements in traffic_portal.spec
  • Fixed Traffic Router logging unnecessary warnings for IPv6-only caches
  • #5294 - TP ag grid tables now properly persist column filters on page refresh.
  • #5295 - TP types/servers table now clears all filters instead of just column filters
  • #5407 - Make sure that you cannot add two servers with identical content
  • #2881 - Some API endpoints have incorrect Content-Types
  • #5364 - Cascade server deletes to delete corresponding IP addresses and interfaces
  • #5390 - Improve the way TO deals with delivery service server assignments
  • #5339 - Ensure Changelog entries for SSL key changes
  • #5461 - Fixed steering endpoint to be ordered consistently
  • Fixed an issue with 2020082700000000_server_id_primary_key.sql trying to create multiple primary keys when there are multiple schemas.
  • Fix for public schema in 2020062923101648_add_deleted_tables.sql
  • Moved move_lets_encrypt_to_acme.sql, add_max_request_header_size_delivery_service.sql, and server_interface_ip_address_cascade.sql past last migration in 5.0.0
  • #5505 - Make parent_reval_pending for servers in a Flexible Topology CDN-specific on GET /servers/{{name}}/update_status
  • #5565 - TO GET /caches/stats panic converting string to uint64
  • #5558 - Fixed `TM UI` and `/api/cache-statuses` to report aggregate `bandwidth_kbps` correctly.
  • Fix for config gen missing max_origin_connections on mids in certain scenarios
  • #5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
  • Fixed Invalid TS logrotate configuration permissions causing TS logs to be ignored by logrotate.
  • #5604 - traffic_monitor.log is no longer truncated when restarting Traffic Monitor
  • #1624 - Fixed ORT to reload Traffic Server if LUA scripts are added or changed.
  • #5554 - TM UI overflows screen width and hides table data
  • Fixed the return error for GET api `cdns/routing` to avoid incorrect success response
  • #5712 - Ensure that 5.x Traffic Stats is compatible with 5.x Traffic Monitor and 5.x Traffic Ops, and that it doesn't log all 0's for cache_stats
  • Fixed ORT being unable to update URLSIG keys for Delivery Services
  • Fixed ORT service category header rewrite for mids and topologies
  • Fixed an issue where Traffic Ops becoming unavailable caused Traffic Monitor to segfault and crash
  • #5754 - Ensure Health Threshold Parameters use legacy format for legacy Monitoring Config handler
  • #5695 - Ensure vitals are calculated only against monitored interfaces
  • Fixed Traffic Monitor to report ONLINE caches as available
  • #5744 - Sort TM Delivery Service States page by DS name
  • #5724 - Set XMPPID to hostname if the server had none, don't error on server update when XMPPID is empty
  • #5739 - Prevent looping in case of a failed login attempt
  • Customer names in payloads sent to the /deliveryservices/request Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, \*, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.

Changed

  • #5311 - Better TO log messages when failures calling TM CacheStats
  • Refactored the Traffic Ops Go client internals so that all public methods have a consistent behavior/implementation
  • Pinned external actions used by Documentation Build and TR Unit Tests workflows to commit SHA-1 and the Docker image used by the Weasel workflow to a SHA-256 digest
  • Set Traffic Router to only accept TLSv1.1 and TLSv1.2 protocols in server.xml
  • Updated Apache Tomcat from 8.5.57 to 8.5.63
  • Updated Apache Tomcat Native from 1.2.16 to 1.2.23
  • Traffic Portal: #5394 - Converts the tenant table to a tenant tree for usability
  • Traffic Portal: upgraded delivery service UI tables to use more powerful/performant ag-grid component