You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2012/03/22 04:03:56 UTC
svn commit: r1303640 - in /trafficserver/site/trunk/content: downloads.en.mdtext index.html

Author: zwoop
Date: Thu Mar 22 03:03:56 2012
New Revision: 1303640

URL: http://svn.apache.org/viewvc?rev=1303640&view=rev
Log:
New releases

Modified:
    trafficserver/site/trunk/content/downloads.en.mdtext
    trafficserver/site/trunk/content/index.html

Modified: trafficserver/site/trunk/content/downloads.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/downloads.en.mdtext?rev=1303640&r1=1303639&r2=1303640&view=diff
==============================================================================
--- trafficserver/site/trunk/content/downloads.en.mdtext (original)
+++ trafficserver/site/trunk/content/downloads.en.mdtext Thu Mar 22 03:03:56 2012
@@ -30,137 +30,106 @@ compatible signature. You can also 
 and checksum signatures. 
 
 
-# Current (stable) Release -- 3.0.2 # {#3.0.2}
+# Current (stable) Release -- 3.0.4 # {#3.0.4}
 
- Apache Traffic Server 3.0.1 was released on December 07, 2011.
- [[PGP](http://www.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.asc)]
- [[MD5](http://www.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.md5)]
- [[SHA1](http://www.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.sha1)] 
- [[SRC](http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.0.2.tar.bz2)] 
+ Apache Traffic Server 3.0.4 was released on March 21, 2012.
+ [[PGP](http://www.apache.org/dist/trafficserver/trafficserver-3.0.4.tar.bz2.asc)]
+ [[MD5](http://www.apache.org/dist/trafficserver/trafficserver-3.0.4.tar.bz2.md5)]
+ [[SHA1](http://www.apache.org/dist/trafficserver/trafficserver-3.0.4.tar.bz2.sha1)] 
+ [[SRC](http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.0.4.tar.bz2)] 
 
+##  Important Security Fixes  ## {#3.0.4Security}
 
-##  Bugs  ## {#3.0.2Bugs}
+This release fixes vulnerability, [CVE-2012-0256](https://www.cert.fi/en/reports/2012/vulnerability612884.html),
+where a large Host: headers can potentially crash the server.
+All users of all stable releases are urged to upgrade to 3.0.4. This includes all 2.0.x and 3.0.x releases prior
+to v3.0.4
 
-* [[TS-859](https://issues.apache.org/jira/browse/TS-859)] - ATS requesting to origin instead to the parent server 
-* [[TS-867](https://issues.apache.org/jira/browse/TS-867)] - PluginVC crashes with TSFetchURL 
-* [[TS-882](https://issues.apache.org/jira/browse/TS-882)] - traffic_logstats dies when printing log 
-* [[TS-883](https://issues.apache.org/jira/browse/TS-883)] - traffic_logstats provides conflicting help 
-* [[TS-888](https://issues.apache.org/jira/browse/TS-888)] - SSL connections working with 2.1.5 fail with 3.0.1 and FireFox 
-* [[TS-901](https://issues.apache.org/jira/browse/TS-901)] - Valgrind found minor leaks and uninitialized variables 
-* [[TS-906](https://issues.apache.org/jira/browse/TS-906)] - ATS doesn't read proxy.config.http.forward.proxy_auth_to_parent 
-* [[TS-916](https://issues.apache.org/jira/browse/TS-916)] - TSHttpIsInternalRequest() crashes if client connection is terminated prematurely 
-* [[TS-927](https://issues.apache.org/jira/browse/TS-927)] - patch: dont use malloc.h 
-* [[TS-944](https://issues.apache.org/jira/browse/TS-944)] - ssl.server.cert.path & ssl.server.private_key.path do not work as expected 
-* [[TS-967](https://issues.apache.org/jira/browse/TS-967)] - Traffic Server unconditionally sets compiler optimizing flags (with patch) 
-* [[TS-969](https://issues.apache.org/jira/browse/TS-969)] - make check failing on Debian Sid and Solaris 
-* [[TS-1030](https://issues.apache.org/jira/browse/TS-1030)] - hash collation in hdrtoken_hash
+##  Bugs  ## {#3.0.4Bugs}
 
+* [[TS-880](https://issues.apache.org/jira/browse/TS-880)] - Major performance problem with second request on same keep-alive connection
+* [[TS-1065](https://issues.apache.org/jira/browse/TS-1065)] - traffic_cop segment fault when enable TRACE_LOG_COP
+* [[TS-1110](https://issues.apache.org/jira/browse/TS-1110)] - logstats incorrectly bucketizes all status codes greater than 599 as 5xx
 
-##  Improvement  ## {#3.0.2Improvement}
+##  Improvement  ## {#3.0.4Improvement}
 
-* [[TS-730](https://issues.apache.org/jira/browse/TS-730)] - SSL needs CipherSuite control in negotiation
+* [[TS-948](https://issues.apache.org/jira/browse/TS-948)] - do not reload bad remap.config
 
+##  New Feature  ## {#3.0.4NewFeature}
 
-##  New Feature  ## {#3.0.2NewFeature}
+There are no new features in this release.
 
-* [[TS-1013](https://issues.apache.org/jira/browse/TS-1013)] - Allow ssl_multicert.config to support CA chains per host
+More details are also in the [CHANGES log](https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blob;f=CHANGES;h=9fe84e12fbc75f8f5c2e56fda089622443c1fa74;hb=0f57f149b0a42798ca09e0f3ce77393a6acb0ec2). 
 
+<div class="dl">
+  <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.0.4.tar.bz2">Download Source</a>
+</div>
 
-The full change log is located in [/trafficserver/traffic/branches/3.0.x/CHANGES](http://svn.apache.org/viewvc/trafficserver/traffic/branches/3.0.x/CHANGES?view=markup). 
 
+# Current (developer, unstable) Release -- 3.1.3 # {#3.1.3}
 
-<div class="dl">
-  <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.0.2.tar.bz2">Download Source</a>
-</div>
+ Apache Traffic Server 3.1.3 was released on March 21, 2012.
+ [[PGP](http://www.apache.org/dist/trafficserver/trafficserver-3.1.3-unstable.tar.bz2.asc)]
+ [[MD5](http://www.apache.org/dist/trafficserver/trafficserver-3.1.3-unstable.tar.bz2.md5)]
+ [[SHA1](http://www.apache.org/dist/trafficserver/trafficserver-3.1.3-unstable.tar.bz2.sha1)]
+ [[SRC](http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.1.3-unstable.tar.bz2)]
 
+##  Important Security Fixes  ## {#3.1.3Security}
 
-# Current (developer, unstable) Release -- 3.1.2 # {#3.1.2}
+This release fixes vulnerability, [CVE-2012-0256](https://www.cert.fi/en/reports/2012/vulnerability612884.html),
+where a large Host: headers can potentially crash the server.
+All users of all unstable development releases are urged to upgrade to 3.0.4. This includes all 2..x and 3.1.x releases prior
+to v3.1.3.
 
- Apache Traffic Server 3.1.2 was released on February 8, 2011.
- [[PGP](http://www.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.asc)]
- [[MD5](http://www.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.md5)]
- [[SHA1](http://www.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.sha1)]
- [[SRC](http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.1.2-unstable.tar.bz2)]
+##  Bugs  ## {#3.1.3Bugs}
 
+* [[TS-937](https://issues.apache.org/jira/browse/TS-937)] - EThread::execute still processing cancelled event
+* [[TS-978](https://issues.apache.org/jira/browse/TS-978)] - A third cache evacuate issue
+* [[TS-1102](https://issues.apache.org/jira/browse/TS-1102)] - Cleanup obsolete debugging code
+* [[TS-1104](https://issues.apache.org/jira/browse/TS-1104)] - Build problem on solaris
+* [[TS-1109](https://issues.apache.org/jira/browse/TS-1109)] - stack dump may crash too
+* [[TS-1110](https://issues.apache.org/jira/browse/TS-1110)] - logstats incorrectly bucketizes all status codes greater than 599 as 5xx
+* [[TS-1111](https://issues.apache.org/jira/browse/TS-1111)] - crash in RangeTransform::handle_event
+* [[TS-1115](https://issues.apache.org/jira/browse/TS-1115)] - Fix build issues with Intel ICC
+* [[TS-1117](https://issues.apache.org/jira/browse/TS-1117)] - Remove TS_HAS_PURIFY macro
+* [[TS-1123](https://issues.apache.org/jira/browse/TS-1123)] - Problems building with editline/readline on OSX
+* [[TS-1126](https://issues.apache.org/jira/browse/TS-1126)] - traffic_server is unable to bind 127.0.0.1:8084 (the default mgmt port) on OSX
+* [[TS-1138](https://issues.apache.org/jira/browse/TS-1138)] - IpMap::fill does not handle singleton, then range correctly.
+* [[TS-1144](https://issues.apache.org/jira/browse/TS-1144)] - fix out of tree builds
+* [[TS-1145](https://issues.apache.org/jira/browse/TS-1145)] - clang build fixes
 
-##  Bugs  ## {#3.1.2Bugs}
+##  Improvements  ## {#3.1.3Improvements}
 
-* [[TS-57](https://issues.apache.org/jira/browse/TS-57)] - Logging:  IP's being logged in text mode when binary mode enabled for logging
-* [[TS-912](https://issues.apache.org/jira/browse/TS-912)] - TSFetchURL - poor performance
-* [[TS-944](https://issues.apache.org/jira/browse/TS-944)] - ssl.server.cert.path & ssl.server.private_key.path do not work as expected
-* [[TS-949](https://issues.apache.org/jira/browse/TS-949)] - key->volume hash table is not consistent when a disk is marked as bad or removed due to failure
-* [[TS-996](https://issues.apache.org/jira/browse/TS-996)] - HTTPHdr::m_host goes stale if HdrHeap::evacuate_from_str_heaps is called
-* [[TS-1008](https://issues.apache.org/jira/browse/TS-1008)] - TCP connection data isn't available from TSHttpSsn Object
-* [[TS-1014](https://issues.apache.org/jira/browse/TS-1014)] - slow log can not print logs well on 32-bit system, I changed the %d to RPI64
-* [[TS-1021](https://issues.apache.org/jira/browse/TS-1021)] - traffic_logstats fails on zwoop's machine
-* [[TS-1022](https://issues.apache.org/jira/browse/TS-1022)] - LogEntryHeader is a serialized structure but uses vague types.
-* [[TS-1028](https://issues.apache.org/jira/browse/TS-1028)] - Assert when enabling "shared origin connections" with a setting of "2"
-* [[TS-1029](https://issues.apache.org/jira/browse/TS-1029)] - DNS crash if we free the memory into system
-* [[TS-1030](https://issues.apache.org/jira/browse/TS-1030)] - hash collation in hdrtoken_hash
-* [[TS-1032](https://issues.apache.org/jira/browse/TS-1032)] - Assertion when upstream connection is established (with event handled by thread A) and immediately disconnected (handled by thread B)
-* [[TS-1035](https://issues.apache.org/jira/browse/TS-1035)] - EventProcessor::spawn_thread doesn't check that there is enough event threads and segfaults
-* [[TS-1037](https://issues.apache.org/jira/browse/TS-1037)] - Machine.cc doesn't recognize IPs properly
-* [[TS-1038](https://issues.apache.org/jira/browse/TS-1038)] - TSHttpTxnErrorBodySet() can leak memory (pt 2)
-* [[TS-1042](https://issues.apache.org/jira/browse/TS-1042)] - PATCH: correct debug message in FetchSM
-* [[TS-1044](https://issues.apache.org/jira/browse/TS-1044)] - PATCH: Fix TSVConn{Read,Write}VIOGet in UnixNetVConnection.
-* [[TS-1047](https://issues.apache.org/jira/browse/TS-1047)] - Several spelling fixes in strings
-* [[TS-1049](https://issues.apache.org/jira/browse/TS-1049)] - TS hangs (dead lock) on HTTPS POST requests
-* [[TS-1052](https://issues.apache.org/jira/browse/TS-1052)] - trafficserver restart does not work (needs to let old process die)
-* [[TS-1055](https://issues.apache.org/jira/browse/TS-1055)] - Wrong implementation of TSHttpSsnArgGet
-* [[TS-1056](https://issues.apache.org/jira/browse/TS-1056)] - Lost UA connections can show up as "400 ERR_INVALID_REQ" in logs
-* [[TS-1057](https://issues.apache.org/jira/browse/TS-1057)] - Expose internal Base64 Encoding / Decoding
-* [[TS-1061](https://issues.apache.org/jira/browse/TS-1061)] - TSHttpTxnServerReqHdrBytesGet in ./proxy/InkAPI.cc has an extra parameter (int *bytes) from the prototype in ./proxy/api/ts/ts.h.  The extra parameter needs to be removed as it is not used.
-* [[TS-1065](https://issues.apache.org/jira/browse/TS-1065)] - traffic_cop segment fault when enable TRACE_LOG_COP
-* [[TS-1071](https://issues.apache.org/jira/browse/TS-1071)] - Debug statement in FetchSM broken
-* [[TS-1073](https://issues.apache.org/jira/browse/TS-1073)] - no_dns_just_forward_to_parent configuration parameter is ignored/not used.
-* [[TS-1074](https://issues.apache.org/jira/browse/TS-1074)] - PluginVC should schedule to the local queue instead of the external queue.
-* [[TS-1082](https://issues.apache.org/jira/browse/TS-1082)] - configure always clobbers optimiser flags
-* [[TS-1091](https://issues.apache.org/jira/browse/TS-1091)] - `./configure CFLAGS=-w` causes configure script to wrongly guess style of `gethostbyname_r` on OS X (and probably other BSDs)
-* [[TS-1094](https://issues.apache.org/jira/browse/TS-1094)] - TS hangs after repeated requests from the same kept-alive connection
-* [[TS-1101](https://issues.apache.org/jira/browse/TS-1101)] - traffic_line -x doesn't seem to work
-
-
-##  Improvements  ## {#3.1.2Improvements}
-
-* [[TS-992](https://issues.apache.org/jira/browse/TS-992)] - Generic portability fixes.
-* [[TS-999](https://issues.apache.org/jira/browse/TS-999)] - Deprecate TSUrlDestroy ?
-* [[TS-1039](https://issues.apache.org/jira/browse/TS-1039)] - PATCH: use pcre-config to find libpcre
-* [[TS-1040](https://issues.apache.org/jira/browse/TS-1040)] - PATCH: teach TSHostLookup to use const
-* [[TS-1041](https://issues.apache.org/jira/browse/TS-1041)] - PATCH: guarantee to populate sockaddr length for TSHostLookupResultAddrGet
-* [[TS-1046](https://issues.apache.org/jira/browse/TS-1046)] - Add possibility to extend tsxs command line for -Iincludes
-* [[TS-1077](https://issues.apache.org/jira/browse/TS-1077)] - HTTP ports cannot be configured for IPv6 and transparency.
-* [[TS-1081](https://issues.apache.org/jira/browse/TS-1081)] - Eliminate the additional internal copy of the "pristine" URL string
-* [[TS-1083](https://issues.apache.org/jira/browse/TS-1083)] - initial SSL next protocol negotiation support
-* [[TS-1096](https://issues.apache.org/jira/browse/TS-1096)] - readline support for traffic_shell
-* [[TS-1097](https://issues.apache.org/jira/browse/TS-1097)] - online help for traffic_shell
-* [[TS-1098](https://issues.apache.org/jira/browse/TS-1098)] - Make RC script support Amazon EC2 Linux AMI
-
-
-##  New Features  ## {#3.1.2NewFeatures}
-
-* [[TS-254](https://issues.apache.org/jira/browse/TS-254)] - Add TSEscapifyString() and TSUnescapifyString() 
-* [[TS-1048](https://issues.apache.org/jira/browse/TS-1048)] - Add TS API to enable plugins to use traffic server configuration infrastructure 
-* [[TS-1088](https://issues.apache.org/jira/browse/TS-1088)] - Allow Per-transaction Transparency (TProxy) Override
-* [[TS-1089](https://issues.apache.org/jira/browse/TS-1089)] - Allow Plugins to create transparent internal http connections
+* [[TS-821](https://issues.apache.org/jira/browse/TS-821)] - memcached_remap plugin
+* [[TS-995](https://issues.apache.org/jira/browse/TS-995)] - Change IPv6 support function names to be clearer and more compliant.
+* [[TS-1116](https://issues.apache.org/jira/browse/TS-1116)] - Fix build issues with clang (particularly on OSX)
+* [[TS-1122](https://issues.apache.org/jira/browse/TS-1122)] - Make regex_remap plugin understand redirect directives
+* [[TS-1133](https://issues.apache.org/jira/browse/TS-1133)] - Make remap max-host length configure.ac configurable
+
+##  New Features  ## {#3.1.3NewFeatures}
 
+* [[TS-841](https://issues.apache.org/jira/browse/TS-841)] - support TLS NextProtocol negotiation
+* [[TS-1002](https://issues.apache.org/jira/browse/TS-1002)] - log unmapped HOST when pristine_host_hdr disabled
+* [[TS-1124](https://issues.apache.org/jira/browse/TS-1124)] - Move a few plugins into main repo.
 
-The full change log is located in [/trafficserver/traffic/trunk/CHANGES](http://svn.apache.org/viewvc/trafficserver/traffic/trunk/CHANGES?revision=1160602&view=markup). 
-The Jira release notes are also [available](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310963&version=12316496). 
+
+More details are also in the [CHANGES log](https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blob;f=CHANGES;h=9fe84e12fbc75f8f5c2e56fda089622443c1fa74;hb=0f57f149b0a42798ca09e0f3ce77393a6acb0ec2). 
+The Jira release notes are also [available](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310963&version=12317969). 
  
 
 <div class="dl">
- <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.1.2-unstable.tar.bz2">Download Source</a>
+ <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-3.1.3-unstable.tar.bz2">Download Source</a>
 </div>
 
-# Archived (stable) Release -- 3.0.1 # {#3.0.0}
+# Archived (stable) Release -- 3.0.2 # {#3.0.2}
 
- Apache Traffic Server 3.0.1 was released on July 19, 2011.
- [[PGP](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.1.tar.bz2.asc)]
- [[MD5](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.1.tar.bz2.md5)]
- [[SHA1](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.1.tar.bz2.sha1)]
- [[SRC](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.1.tar.bz2)]
+ Apache Traffic Server 3.0.2 was released on December 07, 2011.
+ [[PGP](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.asc)]
+ [[MD5](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.md5)]
+ [[SHA1](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2.sha1)]
+ [[SRC](http://archive.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2)]
 
-The full change log is located in [/trafficserver/traffic/branches/3.0.x/CHANGES](http://svn.apache.org/viewvc/trafficserver/traffic/branches/3.0.x/CHANGES?view=markup). 
+More details are also in the [CHANGES log]().
 For details on the fixes since v2.0.0, please refer to the [bug list](v2tov3bugs.html). 
 
 
@@ -170,7 +139,7 @@ new records.config configuration file. Y
 and `etc/trafficserver/internal/hostdb.config`).
 
 <div class="dl">
-<a href="http://archive.apache.org/dist/trafficserver/trafficserver-3.0.0.tar.bz2">Download Source</a>
+<a href="http://archive.apache.org/dist/trafficserver/trafficserver-3.0.2.tar.bz2">Download Source</a>
 </div>
 			
 
@@ -191,6 +160,21 @@ and `etc/trafficserver/internal/hostdb.c
 </div>
 			
 
+# Archived (developer, unstable) Release -- 3.1.2 # {#3.1.2}
+
+ Apache Traffic Server 3.1.2 was released on February 8, 2012.
+ [[PGP](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.asc)]
+ [[MD5](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.md5)]
+ [[SHA1](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2.sha1)]
+ [[SRC](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2)]
+
+More details are also in the [CHANGES log](https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blob;f=CHANGES;h=b601cc7b8de241b7413006d50b31274f662c309b;hb=458454806b2e18230ec2a77d235e91d8682f651f).
+The Jira release notes are also [available](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310963&version=12316496).
+
+<div class="dl">
+<a href="http://archive.apache.org/dist/trafficserver/trafficserver-3.1.2-unstable.tar.bz2">Download Source</a>
+</div>
+
 # Archived (developer, unstable) Release -- 3.1.1 # {#3.1.1}
 
  Apache Traffic Server 3.1.1 was released on Novemeber 18, 2011.
@@ -199,7 +183,7 @@ and `etc/trafficserver/internal/hostdb.c
  [[SHA1](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.1-unstable.tar.bz2.sha1)]
  [[SRC](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.1-unstable.tar.bz2)]
 
-The full change log is located in [/trafficserver/traffic/trunk/CHANGES](http://svn.apache.org/viewvc/trafficserver/traffic/trunk/CHANGES?revision=1160602&view=markup). 
+More details are also in the [CHANGES log](https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blob;f=CHANGES;h=b9f3bb5a460334a44589b4346321510e5cf3f225;hb=54a0686ee2961cf4f3d55d63810c077fc902ef7c).
 
 <div class="dl">
 <a href="http://archive.apache.org/dist/trafficserver/trafficserver-3.1.1-unstable.tar.bz2">Download Source</a>
@@ -213,7 +197,7 @@ The full change log is located in [/traf
  [[SHA1](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.0-unstable.tar.bz2.sha1)]
  [[SRC](http://archive.apache.org/dist/trafficserver/trafficserver-3.1.0-unstable.tar.bz2)]
 
-The full change log is located in [/trafficserver/traffic/trunk/CHANGES](http://svn.apache.org/viewvc/trafficserver/traffic/trunk/CHANGES?revision=1160602&view=markup). 
+More details are also in the [CHANGES log](https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blob;f=CHANGES;h=1bcde89481a6527e85c448781aa84b311e34aea1;hb=6a6a94f5668160fba6118ca08cd2dc5cdb37c542).
 
 <div class="dl">
 <a href="http://archive.apache.org/dist/trafficserver/trafficserver-3.1.0-unstable.tar.bz2">Download Source</a>

Modified: trafficserver/site/trunk/content/index.html
URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/index.html?rev=1303640&r1=1303639&r2=1303640&view=diff
==============================================================================
--- trafficserver/site/trunk/content/index.html (original)
+++ trafficserver/site/trunk/content/index.html Thu Mar 22 03:03:56 2012
@@ -39,7 +39,7 @@
       <a href="http://trafficserver.apache.org/">Home</a>
       <a href="downloads">Downloads</a>
       <a href="docs">Documentation</a>
-      <a href="https://cwiki.apache.org/confluence/display/TS/Traffic+Server">Wiki</a>
+      <a href="https://cwiki.apache.org/confluence/display/TS/Apache+Traffic+Server">Wiki</a>
       <a href="https://issues.apache.org/jira/browse/TS">Issues</a>
     </div>
     <div class="fourcol last right">
@@ -57,6 +57,11 @@
         Foundation, and it is now an Apache TLP. Here's a <a href=
           "http://ostatic.com/blog/guest-post-yahoos-cloud-team-open-sources-traffic-server">Traffic
           Server overview</a>.</p>
+        <P><b>Important security announcement<b>: All versions of Traffic Server prior to v3.0.4 and
+            v3.1.3 have a vulnerability where a large Host: header can crash the server under
+            certain conditions. Everyone is encouraged to upgrade as soon as possible. For more
+            details, see <a href="https://www.cert.fi/en/reports/2012/vulnerability612884.html">CVE-2012-0256</href>.
+            New releases addressing this issue are available on the <a href="downloads">Download page</a>.
       </div> 
     </div>
     <div class="fourcol right last" id="download">
@@ -231,6 +236,8 @@
     <div class="twelvecol">
       <div id="blurbbox">
         <ul>
+          <li><b>March 21, 2012:</b> The Apache Traffic Server v3.0.4 and v3.1.3-unstable is now available on the <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/">Apache mirrors</a>. These releases both address a vulnerability discovered in all previous Apache Traffic Server versions. Users of ATS are encouraged to upgrade to one of the two releases as soon as possible. For more details, see <a href="https://www.cert.fi/en/reports/2012/vulnerability612884.html">CVE-2012-0256</href>.</li>
+          <li><b>February 8, 2012:</b> The Apache Traffic Server 3.1.2-unstable is now available on the <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/">Apache mirrors</a>.</li>
           <li><b>January 27, 2012:</b> The Apache Traffic community welcomes our three new committers: James Peach, Brian Geffon and Bart Wyatt!</li>
           <li><b>December 07, 2011:</b> The Apache Traffic Server 3.0.2 is now available on the <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/">Apache mirrors</a>.</li>
           <li><b>November 18, 2011:</b> The Apache Traffic Server 3.1.1-unstable is now available on the <a href="http://www.apache.org/dyn/closer.cgi/trafficserver/">Apache mirrors</a>.</li>