Apache Traffic Control - Current Release

Apache Traffic Control 6.1.0 - February 4th, 2022

Apache Traffic Control 6.1.0 is available here:

Release Notes

Traffic Ops

  • Added permission based roles for better access control.
  • #5674 Added new query parameters cdn and maxRevalDurationDays to the GET /api/x/jobs Traffic Ops API to filter by CDN name and within the start_time window defined by the maxRevalDurationDays GLOBAL profile parameter, respectively.
  • Added a new Traffic Ops cdn.conf option -- disable_auto_cert_deletion -- in order to optionally prevent the automatic deletion of certificates for delivery services that no longer exist whenever a CDN snapshot is taken.
  • #6034 Added new query parameter cdn to the GET /api/x/deliveryserviceserver Traffic Ops API to filter by CDN name
  • SANs information to the SSL key endpoint and Traffic Portal page.
  • Added Traffic Vault Postgres columns, a Traffic Ops API endpoint, and Traffic Portal page to show SSL certificate expiration information.

  • #5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.
  • #6378 - Cannot update or delete Cache Groups with null latitude and longitude.
  • Fixed broken GET /cdns/routing Traffic Ops API
  • #6392 - Traffic Ops prevents assigning ORG servers to topology-based delivery services (as well as a number of other valid operations being prohibited by "last server assigned to DS" validations which don't apply to topology-based delivery services)
  • #6457 - Fix broken user registration and password reset, due to the last_authenticated value being null.
  • #6367 - Fix PUT user/current to work with v4 User Roles and Permissions
  • #6266 - Removed postgresql13-devel requirement for traffic_ops

  • #6179 Updated the Traffic Ops rpm to include the ToDnssecRefresh binary and make the trafops_dnssec_refresh cron job use it
    - Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.
  • The admin Role is now always guaranteed to exist, and can't be deleted or modified.
  • Updated Golang dependencies

  • Deprecated the endpoints and docs associated with /api_capability and /capabilities.

  • Removed the user_role table.
  • The traffic_ops.sh shell profile no longer sets GOPATH or adds its bin folder to the PATH
  • /capabilities removed from Traffic Ops API version 4.

Traffic Portal

  • A new Traffic Portal server command-line option -c to specify a configuration file, and the ability to set log: null to log to stdout (consult documentation for details).
  • SANs information to the SSL key endpoint and Traffic Portal page.
    - Added Invalidation Type (REFRESH or REFETCH) for invalidating content to Traffic Portal.
  • IMS warnings to Content Invalidation requests in Traffic Portal and documentation.

  • #6411 Removes invalid 'ALL cdn' options from TP
  • #6255 - Unreadable Prod Mode CDN Notifications in Traffic Portal
  • #6259 - Traffic Portal No Longer Allows Spaces in Server Object "Router Port Name"

  • Traffic Portal no longer uses ruby compass to compile sass and now uses dart-sass.
    - Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.

Traffic Monitor

  • Added a new Traffic Monitor configuration option -- short_hostname_override -- to traffic_monitor.cfg to allow overriding the system hostname that Traffic Monitor uses.
  • Added a new Traffic Monitor configuration option -- stat_polling (default: true) -- to traffic_monitor.cfg to disable stat polling.
  • Added definition for heartbeat.polling.interval for CDN Traffic Monitor config in API documentation.

Traffic Stats

  • Updated Golang dependencies

  • The use of a seelog configuration file to configure Traffic Stats logging is deprecated, and logging configuration should instead be present in the logs property of the Traffic Stats configuration file (refer to documentation for details).

  • Fixed Traffic Monitor parsing stats_over_http output so that multiple stats for the same underlying delivery service (when the delivery service has more than 1 regex) are properly summed together. This makes the resulting data more accurate in addition to fixing the "new stat is lower than last stat" warnings.

  • #6376 Updated TO/TM so that TM doesn't overwrite monitoring snapshot data with CR config snapshot data.
  • Updated Golang dependencies

Traffic Router

  • Fixed Traffic Router crs/stats to prevent overflow and to correctly record the time used in averages.
  • #6446 - Revert Traffic Router rollover file pattern to the one previously used in log4j.properties with Log4j 1.2
  • Changed the maxConnections value on Traffic Router, to prevent the thundering herd problem (TR).

  • #6209 Updated Traffic Router to use Java 11 to compile and run
  • #6506 - Updated jackson-databind and jackson-annotations Traffic Router dependencies to version 2.13.1

Cache Config

  • cache config t3c-apply retrying when another t3c-apply is running.
  • #6032 Add t3c setting mode 0600 for secure files
  • #6405 Added cache config version to all t3c apps and config file headers


- Updated t3c to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops
- Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.

  • Updated t3c-apply to reduce mutable state in TrafficOpsReq struct.
  • Updated Golang dependencies


  • New pkg script options, -h, -s, -S, and -L.
  • Traffic Vault: Added additional flag to TV Riak (Deprecated) Util

Signing Keys

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the `ASC` signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using:

% pgpk -a KEYS % pgpv apache-trafficcontrol-6.1.0.tar.gz.asc


% pgp -ka KEYS
% pgp apache-trafficcontrol-6.1.0.tar.gz.asc


% gpg --import KEYS
% gpg --verify apache-trafficcontrol-6.1.0.tar.gz.asc apache-trafficcontrol-6.1.0.tar.gz

$ gpg --verify apache-trafficcontrol-6.1.0.tar.gz.asc apache-trafficcontrol-6.1.0.tar.gz
gpg: Signature made Mon 20 Dec 2021 11:30:29 AM MST
gpg:                using RSA key F12D1112EAF1CE16575CD8A4C7EA2D46A15CDAE6
gpg: Good signature from "Zach Hoffman <zrhoffman@apache.org>" [ultimate]

Additionally, you should verify the SHA signature on the files. A unix program called `sha` or `shasum` is included in many unix distributions. It is also available as part of GNU Textutils. An MD5 signature (deprecated) consists of 32 hex characters, and a SHA512 signature consists of 128 hex characters. Ensure your generated signature string matches the signature string published in the files above.

Past Releases

Apache Traffic Control 5.1.6 - February 4th, 2022

Apache Traffic Control 5.1.6 is available here:

Release Notes


  • Traffic Ops: added a feature so that the user can specify maxRequestHeaderBytes on a per delivery service basis
  • Traffic Router: log warnings when requests to Traffic Monitor return a 503 status code
  • #5344 - Add a documentation page that addresses migrating from Traffic Ops API v1 for each endpoint
  • Added API endpoints for ACME accounts
  • Traffic Ops: Added validation to ensure that the cachegroups of a delivery services' assigned ORG servers are present in the topology
  • Traffic Ops: Added validation to ensure that the weight parameter of parent.config is a float
  • Traffic Ops Client: New Login function with more options, including falling back to previous minor versions. See traffic_ops/v3-client documentation for details.
  • #5395 - Added validation to prevent changing the Type any Cache Group that is in use by a Topology
  • Added license files to the RPMs
  • Atscfg: Added a rule to ip_allow.config such that PURGE requests are allowed over localhost


  • Traffic Ops: Sanitize username before executing LDAP query
  • #5296 - Fixed a bug where users couldn't update any regex in Traffic Ops/ Traffic Portal
  • Traffic Portal: #5317 - Clicking IP addresses in the servers table no longer navigates to server details page.
  • #5445 - When updating a registered user, ignore updates on registration_sent field.
  • #5335 - Don't create a change log entry if the delivery service primary origin hasn't changed
  • #5333 - Don't create a change log entry for any delivery service consistent hash query params updates
  • #5341 - For a DS with existing SSLKeys, fixed HTTP status code from 403 to 400 when updating CDN and Routing Name (in TO) and made CDN and Routing Name fields immutable (in TP).
  • #5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
  • #5284 - Fixed error message when creating a server with non-existent profile
  • #5287 - Fixed error message when creating a Cache Group with no typeId
  • #5382 - Fixed API documentation and TP helptext for "Max DNS Answers" field with respect to DNS, HTTP, Steering Delivery Service
  • #5396 - Return the correct error type if user tries to update the root tenant
  • #5378 - Updating a non existent DS should return a 404, instead of a 500
  • Fixed a potential Traffic Router race condition that could cause erroneous 503s for CLIENT_STEERING delivery services when loading new steering changes
  • #5195 - Correctly show CDN ID in Changelog during Snap
  • #5438 - Correctly specify nodejs version requirements in traffic_portal.spec
  • Fixed Traffic Router logging unnecessary warnings for IPv6-only caches
  • #5294 - TP ag grid tables now properly persist column filters on page refresh.
  • #5295 - TP types/servers table now clears all filters instead of just column filters
  • #5407 - Make sure that you cannot add two servers with identical content
  • #2881 - Some API endpoints have incorrect Content-Types
  • #5364 - Cascade server deletes to delete corresponding IP addresses and interfaces
  • #5390 - Improve the way TO deals with delivery service server assignments
  • #5339 - Ensure Changelog entries for SSL key changes
  • #5461 - Fixed steering endpoint to be ordered consistently
  • Fixed an issue with 2020082700000000_server_id_primary_key.sql trying to create multiple primary keys when there are multiple schemas.
  • Fix for public schema in 2020062923101648_add_deleted_tables.sql
  • Moved move_lets_encrypt_to_acme.sql, add_max_request_header_size_delivery_service.sql, and server_interface_ip_address_cascade.sql past last migration in 5.0.0
  • #5505 - Make parent_reval_pending for servers in a Flexible Topology CDN-specific on GET /servers/{{name}}/update_status
  • #5565 - TO GET /caches/stats panic converting string to uint64
  • #5558 - Fixed `TM UI` and `/api/cache-statuses` to report aggregate `bandwidth_kbps` correctly.
  • Fix for config gen missing max_origin_connections on mids in certain scenarios
  • #5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
  • Fixed Invalid TS logrotate configuration permissions causing TS logs to be ignored by logrotate.
  • #5604 - traffic_monitor.log is no longer truncated when restarting Traffic Monitor
  • #1624 - Fixed ORT to reload Traffic Server if LUA scripts are added or changed.
  • #5554 - TM UI overflows screen width and hides table data
  • Fixed the return error for GET api `cdns/routing` to avoid incorrect success response
  • #5712 - Ensure that 5.x Traffic Stats is compatible with 5.x Traffic Monitor and 5.x Traffic Ops, and that it doesn't log all 0's for cache_stats
  • Fixed ORT being unable to update URLSIG keys for Delivery Services
  • Fixed ORT service category header rewrite for mids and topologies
  • Fixed an issue where Traffic Ops becoming unavailable caused Traffic Monitor to segfault and crash
  • #5754 - Ensure Health Threshold Parameters use legacy format for legacy Monitoring Config handler
  • #5695 - Ensure vitals are calculated only against monitored interfaces
  • Fixed Traffic Monitor to report ONLINE caches as available
  • #5744 - Sort TM Delivery Service States page by DS name
  • #5724 - Set XMPPID to hostname if the server had none, don't error on server update when XMPPID is empty
  • #5739 - Prevent looping in case of a failed login attempt
  • Customer names in payloads sent to the /deliveryservices/request Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, \*, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.


  • #5311 - Better TO log messages when failures calling TM CacheStats
  • Refactored the Traffic Ops Go client internals so that all public methods have a consistent behavior/implementation
  • Pinned external actions used by Documentation Build and TR Unit Tests workflows to commit SHA-1 and the Docker image used by the Weasel workflow to a SHA-256 digest
  • Set Traffic Router to only accept TLSv1.1 and TLSv1.2 protocols in server.xml
  • Updated Apache Tomcat from 8.5.57 to 8.5.63
  • Updated Apache Tomcat Native from 1.2.16 to 1.2.23
  • Traffic Portal: #5394 - Converts the tenant table to a tenant tree for usability
  • Traffic Portal: upgraded delivery service UI tables to use more powerful/performant ag-grid component
  • Updated log4j module in Traffic Router from version 1.2.17 to 2.17.0
  • #6446 - Revert Traffic Router rollover file pattern to the one previously used in log4j.properties with Log4j 1.2
  • #6506 - Updated jackson-databind and jackson-annotations Traffic Router dependencies to version 2.13.1