Apache Traffic Control - Current Release

Apache Traffic Control 7.0.1 - August 25th, 2022

Apache Traffic Control 7.0.1 is available here:

Release Notes


  • Added SOA (Service Oriented Architecture) capability to CDN-In-A-Box.
  • Added a Traffic Ops endpoint and Traffic Portal page to view all CDNi configuration update requests and approve or deny.
  • Added a Traffic Ops endpoints to PUT a requested configuration change for a full configuration or per host and an endpoint to approve or deny the request.
  • Added a new Traffic Ops endpoint to GET capacity and telemetry data for CDNi integration.
  • Added back to the health-client the status field logging with the addition of the filed to publish/CrStates
  • Added functionality for CDN locks, so that they can be shared amongst a list of specified usernames.
  • Added functionality for login to provide a Bearer token and for that token to be later used for authorization.
  • Added layered profile feature to 4.0 for GET /deliveryservices/{id}/servers/ and /deliveryservices/{id}/servers/eligible.
  • Added layered profile feature to 4.0 for GET /servers/, POST /servers/, PUT /servers/{id} and DELETE /servers/{id}.
  • Added support for a new Traffic Ops GLOBAL profile parameter -- tm_query_status_override -- to override which status of Traffic Monitors to query (default: ONLINE).
  • Change to t3c diff to flag a config file for replacement if owner/group settings are not ats #6879.
  • Change to t3c regex_revalidate so that STALE is no longer explicitly added for default revalidate rule for ATS version backwards compatibility.
  • Replaces all Traffic Portal Tenant select boxes with a novel tree select box #6427.
  • Traffic Monitor config option distributed_polling which enables the ability for Traffic Monitor to poll a subset of the CDN and divide into "local peer groups" and "distributed peer groups". Traffic Monitors in the same group are local peers, while Traffic Monitors in other groups are distibuted peers. Each TM group polls the same set of cachegroups and gets availability data for the other cachegroups from other TM groups. This allows each TM to be responsible for polling a subset of the CDN while still having a full view of CDN availability. In order to use this, stat_polling must be disabled.
  • Traffic Monitor: Add support for access.log to TM.
  • Traffic Ops: added new cdn.conf option -- server_update_status_cache_refresh_interval_sec -- which enables an in-memory server update status cache to improve performance. Default: 0 (disabled).
  • Traffic Ops: added new cdn.conf option -- user_cache_refresh_interval_sec -- which enables an in-memory users cache to improve performance. Default: 0 (disabled).
  • Traffic Router: Add support for file-protocol URLs for the geolocation.polling.url for the Geolocation database.
  • Added status and lastPoll fields to the publish/CrStates endpoint of Traffic Monitor (TM) #6448.
  • [Traffic Ops | Traffic Go Clients | T3C] Add additional timestamp fields to server for queuing and dequeueing config and revalidate updates.
  • [Traffic Ops] Added support for backend configurations so that Traffic Ops can act as a reverse proxy for these services #6754.
  • [Traffic Portal] Added Layered Profile feature to /servers/
  • [Traffic Portal] Added the ability for users to view Delivery Service Requests corresponding to individual Delivery Services in TP.


  • Correction where using the placeholder __HOSTNAME__ in "unknown" files (others than the defaults ones), was being replaced by the full FQDN instead of the shot hostname.
  • Fixed TO API GET /deliveryservicesserver causing error when an IMS request is made with the cdn and maxRevalDurationDays parameters set.
  • Fixed TO API PUT /servers/:id/status to only queue updates on the same CDN as the updated server
  • Fixed TO to default route ID to 0, if it is not present in the request context.
  • Fixed Traffic Ops ignoring the configured database port value, which was prohibiting the use of anything other than port 5432 (the PostgreSQL default)
  • Fixed Traffic Router to handle aggressive NSEC correctly.
  • Fixed a cdn-in-a-box build issue when using RHEL_VERSION=7
  • Fixed an issue in Traffic Portal where the Profile > View Delivery Services table was not filtering correctly.
  • Fixed searching of the ds parameter merge_parent_groups slice.
  • Only operations and admin roles should have the DELIVERY-SERVICE:UPDATE permission.
  • Traffic Router: fixed a null pointer exception that caused snapshots to be rejected if a topology cachegroup did not have any online/reported/admin_down caches
  • Update traffic_portal dependencies to mitigate npm audit issues.
  • #6271 api/{{version}/deliveryservices/{id}/health returns no info if the delivery service uses a topology.
  • #6291 Prevent Traffic Ops from modifying and/or deleting reserved statuses.
  • #6299 User representations don't match
  • #6368 Fixed validation response message from /acme_accounts
  • #6369 Fixed /acme_accounts endpoint to validate email and URL fields
  • #6370 Fixed docs for POST and response code for PUT to /acme_accounts endpoint
  • #6538 Fixed the incorrect use of secure.port on TrafficRouter and corrected to the httpsPort value from the TR server configuration.
  • #6549 Fixed internal server error while deleting a delivery service created from a DSR (Traffic Ops).
  • #6562 Fixed incorrect template in Ansible dataset loader role when fallbackToClosest is defined.
  • #6580 Fixed cache config generation remap.config targets for MID-type servers in a Topology with other caches as parents and HTTPS origins.
  • #6590 Python client: Corrected parameter name in decorator for get_parameters_by_profile_id
  • #6603 Fixed users with "admin" "Priv Level" not having Permission to view or delete DNSSEC keys.
  • #6626 Fixed t3c Capabilities request failure issue which could result in malformed config.
  • #6712 - Fixed error when loading the Traffic Vault schema from create_tables.sql more than once.
  • #6776 User properties only required sometimes
  • #6780 Fixed t3c to use secondary parents when there are no primary parents available.
  • #6792 Remove extraneous field from Topologies and Server Capability POST/PUT.
  • #6795 Removed an unnecessary response wrapper object from being returned in a POST to the federation resolvers endpoint.
  • #6800 Fixed incorrect error message for /server/details associated with query parameters.
  • #6806 t3c calculates max_origin_connections incorrectly for topology-based delivery services
  • #6834 - In API 4.0, fixed GET for /servers to display all profiles irrespective of the index position. Also, replaced query param profileId with profileName.
  • #6883 Fix t3c cache to invalidate on version change
  • #6896 Fixed the POST api/cachegroups/id/queue_updates endpoint so that it doesn't give an internal server error anymore.
  • #6907 Fixed Traffic Ops to return the correct server structure (based on the API version) upon a server deletion.
  • #6933 Fixed tc-health-client to handle credentials files with special characters in variables
  • #6944 Fixed cache config generation for ATS 9 sni.yaml from disable_h2 to http2 directive. ATS 9 documents disable_h2, but it doesn't seem to work.
  • dequeueing server updates should not require checking for cdn locks.
  • t3c-generate fix for combining remapconfig and cachekeyconfig parameters for MakeRemapDotConfig call.


  • Dropped CentOS 8 support
  • Remove Traffic Ops API version 2
  • Remove client.steering.forced.diversity feature flag(profile parameter) from Traffic Router (TR). Client steering responses now have cache diversity by default.
  • Remove traffic_portal dependencies to mitigate npm audit issues, specifically grunt-concurrent, grunt-contrib-concat, grunt-contrib-cssmin, grunt-contrib-jsmin, grunt-contrib-uglify, grunt-contrib-htmlmin, grunt-newer, and grunt-wiredep
  • Removed the Traffic Monitor peer_polling_protocol option. Traffic Monitor now just uses hostnames to request peer states, which can be handled via IPv4 or IPv6 depending on the underlying IP version in use.
  • Replace forever with pm2 for process management of the traffic portal node server to remediate security issues.
  • The /servers/details endpoint of the Traffic Ops API has been dropped in version 4.0, and marked deprecated in earlier versions.


  • Added Rocky Linux 8 support
  • Added new fields to the monitoring.json snapshot and made Traffic Monitor prefer data in monitoring.json to the CRConfig snapshot
  • Added permissions to the role form in traffic portal
  • Adds updates to the trafficcontrol-health-client to, use new ATS Host status formats, detect and use proper traffic_ctl commands, and adds new markup-poll-threshold config.
  • Changed the Traffic Ops user last_authenticated update query to only update once per minute to avoid row-locking when the same user logs in frequently.
  • Changed the default Traffic Ops API version requsted by Traffic Router from 2.0 to 3.1
  • Removed the unused deliveryservice_tmuser table from Traffic Ops database
  • Traffic Monitor now defaults to 100 historical "CRConfig" Snapshots stored internally if not specified in configuration (previous default was 20,000)
  • Traffic Monitors now peer with other Traffic Monitors of the same status (e.g. ONLINE with ONLINE, OFFLINE with OFFLINE), instead of all peering with ONLINE.
  • Updated Ansible Roles to use Traffic Ops API v3
  • Updated Go version to 1.18
  • Updated Grove to use the TO API v3 client library
  • Updated Traffic Router dependencies:
    • async-http-client: 2.12.1 -> 2.12.3
    • commons-codec: 1.6 -> 1.15
    • commons-io: 2.0.1 -> 2.11.0
    • guava: 18.0 -> 31.1-jre
    • spring: 5.2.20.RELEASE -> 5.3.20
  • Updated the CDNs Traffic Portal page to use a more performant AG-Grid-based table.
  • Updated the Cache Stats Traffic Portal page to use a more performant AG-Grid-based table.
  • Updated the Profiles Traffic Portal page to use a more performant AG-Grid-based table.
  • #4351 Updated message to an informative one when deleting a delivery service.
  • #6654 Traffic Monitor now uses the TO API 4.0 by default and falls back to 3.1
  • #6694 Traffic Stats now uses the TO API 3.0
  • TRAFFIC_ROUTER-type Profiles no longer need to have names that match any kind of pattern (e.g. CCR_.*)

Signing Keys

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the `ASC` signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using:

% pgpk -a KEYS % pgpv apache-trafficcontrol-7.0.1.tar.gz.asc


% pgp -ka KEYS
% pgp apache-trafficcontrol-7.0.1.tar.gz.asc


% gpg --import KEYS
% gpg --verify apache-trafficcontrol-7.0.1.tar.gz.asc apache-trafficcontrol-7.0.1.tar.gz

$ gpg --verify apache-trafficcontrol-7.0.1.tar.gz.asc apache-trafficcontrol-7.0.1.tar.gz
gpg: Signature made Wed 17 Aug 2022 10:45:29 AM MDT
gpg:                using RSA key 8333C682D9DAFE30825B61D47278621C4AE46B6B
gpg: Good signature from "Steve Hamrick <shamrick@apache.org>" [ultimate]

Additionally, you should verify the SHA signature on the files. A unix program called `sha` or `shasum` is included in many unix distributions. It is also available as part of GNU Textutils. An MD5 signature (deprecated) consists of 32 hex characters, and a SHA512 signature consists of 128 hex characters. Ensure your generated signature string matches the signature string published in the files above.

Past Releases

Apache Traffic Control 6.1.0 - February 4th, 2022

Apache Traffic Control 6.1.0 is available here:

Release Notes

Traffic Ops

  • Added permission based roles for better access control.
  • #5674 Added new query parameters cdn and maxRevalDurationDays to the GET /api/x/jobs Traffic Ops API to filter by CDN name and within the start_time window defined by the maxRevalDurationDays GLOBAL profile parameter, respectively.
  • Added a new Traffic Ops cdn.conf option -- disable_auto_cert_deletion -- in order to optionally prevent the automatic deletion of certificates for delivery services that no longer exist whenever a CDN snapshot is taken.
  • #6034 Added new query parameter cdn to the GET /api/x/deliveryserviceserver Traffic Ops API to filter by CDN name
  • SANs information to the SSL key endpoint and Traffic Portal page.
  • Added Traffic Vault Postgres columns, a Traffic Ops API endpoint, and Traffic Portal page to show SSL certificate expiration information.

  • #5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.
  • #6378 - Cannot update or delete Cache Groups with null latitude and longitude.
  • Fixed broken GET /cdns/routing Traffic Ops API
  • #6392 - Traffic Ops prevents assigning ORG servers to topology-based delivery services (as well as a number of other valid operations being prohibited by "last server assigned to DS" validations which don't apply to topology-based delivery services)
  • #6457 - Fix broken user registration and password reset, due to the last_authenticated value being null.
  • #6367 - Fix PUT user/current to work with v4 User Roles and Permissions
  • #6266 - Removed postgresql13-devel requirement for traffic_ops

  • #6179 Updated the Traffic Ops rpm to include the ToDnssecRefresh binary and make the trafops_dnssec_refresh cron job use it
    - Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.
  • The admin Role is now always guaranteed to exist, and can't be deleted or modified.
  • Updated Golang dependencies

  • Deprecated the endpoints and docs associated with /api_capability and /capabilities.

  • Removed the user_role table.
  • The traffic_ops.sh shell profile no longer sets GOPATH or adds its bin folder to the PATH
  • /capabilities removed from Traffic Ops API version 4.

Traffic Portal

  • A new Traffic Portal server command-line option -c to specify a configuration file, and the ability to set log: null to log to stdout (consult documentation for details).
  • SANs information to the SSL key endpoint and Traffic Portal page.
    - Added Invalidation Type (REFRESH or REFETCH) for invalidating content to Traffic Portal.
  • IMS warnings to Content Invalidation requests in Traffic Portal and documentation.

  • #6411 Removes invalid 'ALL cdn' options from TP
  • #6255 - Unreadable Prod Mode CDN Notifications in Traffic Portal
  • #6259 - Traffic Portal No Longer Allows Spaces in Server Object "Router Port Name"

  • Traffic Portal no longer uses ruby compass to compile sass and now uses dart-sass.
    - Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.

Traffic Monitor

  • Added a new Traffic Monitor configuration option -- short_hostname_override -- to traffic_monitor.cfg to allow overriding the system hostname that Traffic Monitor uses.
  • Added a new Traffic Monitor configuration option -- stat_polling (default: true) -- to traffic_monitor.cfg to disable stat polling.
  • Added definition for heartbeat.polling.interval for CDN Traffic Monitor config in API documentation.

Traffic Stats

  • Updated Golang dependencies

  • The use of a seelog configuration file to configure Traffic Stats logging is deprecated, and logging configuration should instead be present in the logs property of the Traffic Stats configuration file (refer to documentation for details).

  • Fixed Traffic Monitor parsing stats_over_http output so that multiple stats for the same underlying delivery service (when the delivery service has more than 1 regex) are properly summed together. This makes the resulting data more accurate in addition to fixing the "new stat is lower than last stat" warnings.

  • #6376 Updated TO/TM so that TM doesn't overwrite monitoring snapshot data with CR config snapshot data.
  • Updated Golang dependencies

Traffic Router

  • Fixed Traffic Router crs/stats to prevent overflow and to correctly record the time used in averages.
  • #6446 - Revert Traffic Router rollover file pattern to the one previously used in log4j.properties with Log4j 1.2
  • Changed the maxConnections value on Traffic Router, to prevent the thundering herd problem (TR).

  • #6209 Updated Traffic Router to use Java 11 to compile and run
  • #6506 - Updated jackson-databind and jackson-annotations Traffic Router dependencies to version 2.13.1

Cache Config

  • cache config t3c-apply retrying when another t3c-apply is running.
  • #6032 Add t3c setting mode 0600 for secure files
  • #6405 Added cache config version to all t3c apps and config file headers


- Updated t3c to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops
- Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.

  • Updated t3c-apply to reduce mutable state in TrafficOpsReq struct.
  • Updated Golang dependencies


  • New pkg script options, -h, -s, -S, and -L.
  • Traffic Vault: Added additional flag to TV Riak (Deprecated) Util