You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Phil Sorber <so...@apache.org> on 2015/06/30 06:56:36 UTC
[VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Hello All,
I've prepared a release for v5.3.1 (RC0) which is the latest stable release
in the 5.3.x series. This is the second release in our Long Term Support
(LTS) version as detailed in our Release Management document:
https://cwiki.apache.org/confluence/display/TS/Release+Management
Changes since 5.3.0:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
experimental feature in Apache Traffic Server 5.3.0. They are both DOS
attacks and can be avoided by simply disabling HTTP/2 or upgrading.
A summary of the new features in 5.3.x are here:
https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
Information about upgrading to this release from previous ones is available
at:
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
The cache in this release is compatible with the previous 5.x and 4.x
releases.
The artifacts are available for download at:
http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
This corresponds to git:
Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
Tag: 5.3.1-rc0
Which can be verified with the following:
git tag -v 5.3.1-rc0
My code signing key is available here:
http://people.apache.org/~sorber/gpg-code-signing-key.asc
Make sure you refresh from a key server to get all relevant signatures.
The vote is open until Jul 2nd 2015. This is shorter than normal because it
is a bug fix/security release and the holiday weekend.
Thanks All!
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Mohd Akhbar <my...@gmail.com>.
+1 on Centos 7
On Sat, Jul 4, 2015 at 12:06 AM, Phil Sorber <so...@apache.org> wrote:
> Calling this vote with 3 binding +1's.
>
> I'll be making a release announcement soon. Thanks to everyone who
> participated.
>
>
> On Fri, Jul 3, 2015 at 10:03 AM Phil Sorber <so...@apache.org> wrote:
>>
>> +1 Tested on CentOS 6.5
>>
>>
>> On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bc...@apache.org> wrote:
>>>
>>> +1
>>>
>>> Tested on Fedora 22. Signatures and regression passed.
>>>
>>> -Bryan
>>>
>>>
>>> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
>>> >
>>> > Hello All,
>>> >
>>> > I've prepared a release for v5.3.1 (RC0) which is the latest stable
>>> > release
>>> > in the 5.3.x series. This is the second release in our Long Term
>>> > Support
>>> > (LTS) version as detailed in our Release Management document:
>>> >
>>> > https://cwiki.apache.org/confluence/display/TS/Release+Management
>>> >
>>> > Changes since 5.3.0:
>>> >
>>> >
>>> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>>> >
>>> > Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
>>> > experimental feature in Apache Traffic Server 5.3.0. They are both DOS
>>> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>>> >
>>> > A summary of the new features in 5.3.x are here:
>>> >
>>> > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>>> >
>>> > Information about upgrading to this release from previous ones is
>>> > available
>>> > at:
>>> >
>>> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>>> >
>>> > The cache in this release is compatible with the previous 5.x and 4.x
>>> > releases.
>>> >
>>> > The artifacts are available for download at:
>>> >
>>> > http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>>> >
>>> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
>>> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>>> >
>>> > This corresponds to git:
>>> >
>>> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
>>> > Tag: 5.3.1-rc0
>>> >
>>> > Which can be verified with the following:
>>> >
>>> > git tag -v 5.3.1-rc0
>>> >
>>> > My code signing key is available here:
>>> >
>>> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
>>> >
>>> > Make sure you refresh from a key server to get all relevant signatures.
>>> >
>>> > The vote is open until Jul 2nd 2015. This is shorter than normal
>>> > because it
>>> > is a bug fix/security release and the holiday weekend.
>>> >
>>> > Thanks All!
>>>
>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Phil Sorber <so...@apache.org>.
Calling this vote with 3 binding +1's.
I'll be making a release announcement soon. Thanks to everyone who
participated.
On Fri, Jul 3, 2015 at 10:03 AM Phil Sorber <so...@apache.org> wrote:
> +1 Tested on CentOS 6.5
>
>
> On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bc...@apache.org> wrote:
>
>> +1
>>
>> Tested on Fedora 22. Signatures and regression passed.
>>
>> -Bryan
>>
>>
>> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
>> >
>> > Hello All,
>> >
>> > I've prepared a release for v5.3.1 (RC0) which is the latest stable
>> release
>> > in the 5.3.x series. This is the second release in our Long Term Support
>> > (LTS) version as detailed in our Release Management document:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/Release+Management
>> >
>> > Changes since 5.3.0:
>> >
>> >
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>> >
>> > Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
>> > experimental feature in Apache Traffic Server 5.3.0. They are both DOS
>> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>> >
>> > A summary of the new features in 5.3.x are here:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>> >
>> > Information about upgrading to this release from previous ones is
>> available
>> > at:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>> >
>> > The cache in this release is compatible with the previous 5.x and 4.x
>> > releases.
>> >
>> > The artifacts are available for download at:
>> >
>> > http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>> >
>> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
>> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>> >
>> > This corresponds to git:
>> >
>> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
>> > Tag: 5.3.1-rc0
>> >
>> > Which can be verified with the following:
>> >
>> > git tag -v 5.3.1-rc0
>> >
>> > My code signing key is available here:
>> >
>> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
>> >
>> > Make sure you refresh from a key server to get all relevant signatures.
>> >
>> > The vote is open until Jul 2nd 2015. This is shorter than normal
>> because it
>> > is a bug fix/security release and the holiday weekend.
>> >
>> > Thanks All!
>>
>>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Susan Hinrichs <sh...@network-geographics.com>.
+1 also tested on CentOS 6.5.
On 7/3/2015 11:03 AM, Phil Sorber wrote:
> +1 Tested on CentOS 6.5
>
> On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bcall@apache.org
> <ma...@apache.org>> wrote:
>
> +1
>
> Tested on Fedora 22. Signatures and regression passed.
>
> -Bryan
>
>
> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <sorber@apache.org
> <ma...@apache.org>> wrote:
> >
> > Hello All,
> >
> > I've prepared a release for v5.3.1 (RC0) which is the latest
> stable release
> > in the 5.3.x series. This is the second release in our Long Term
> Support
> > (LTS) version as detailed in our Release Management document:
> >
> > https://cwiki.apache.org/confluence/display/TS/Release+Management
> >
> > Changes since 5.3.0:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
> >
> > Of special note are two fixes for CVE-2015-3249 that effect the
> HTTP/2
> > experimental feature in Apache Traffic Server 5.3.0. They are
> both DOS
> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
> >
> > A summary of the new features in 5.3.x are here:
> >
> >
> https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
> >
> > Information about upgrading to this release from previous ones
> is available
> > at:
> >
> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
> >
> > The cache in this release is compatible with the previous 5.x
> and 4.x
> > releases.
> >
> > The artifacts are available for download at:
> >
> >
> http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
> <http://people.apache.org/%7Esorber/releases/trafficserver/5.3.1-rc0/>
> >
> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
> >
> > This corresponds to git:
> >
> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> > Tag: 5.3.1-rc0
> >
> > Which can be verified with the following:
> >
> > git tag -v 5.3.1-rc0
> >
> > My code signing key is available here:
> >
> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
> <http://people.apache.org/%7Esorber/gpg-code-signing-key.asc>
> >
> > Make sure you refresh from a key server to get all relevant
> signatures.
> >
> > The vote is open until Jul 2nd 2015. This is shorter than normal
> because it
> > is a bug fix/security release and the holiday weekend.
> >
> > Thanks All!
>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Phil Sorber <so...@apache.org>.
Calling this vote with 3 binding +1's.
I'll be making a release announcement soon. Thanks to everyone who
participated.
On Fri, Jul 3, 2015 at 10:03 AM Phil Sorber <so...@apache.org> wrote:
> +1 Tested on CentOS 6.5
>
>
> On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bc...@apache.org> wrote:
>
>> +1
>>
>> Tested on Fedora 22. Signatures and regression passed.
>>
>> -Bryan
>>
>>
>> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
>> >
>> > Hello All,
>> >
>> > I've prepared a release for v5.3.1 (RC0) which is the latest stable
>> release
>> > in the 5.3.x series. This is the second release in our Long Term Support
>> > (LTS) version as detailed in our Release Management document:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/Release+Management
>> >
>> > Changes since 5.3.0:
>> >
>> >
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>> >
>> > Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
>> > experimental feature in Apache Traffic Server 5.3.0. They are both DOS
>> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>> >
>> > A summary of the new features in 5.3.x are here:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>> >
>> > Information about upgrading to this release from previous ones is
>> available
>> > at:
>> >
>> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>> >
>> > The cache in this release is compatible with the previous 5.x and 4.x
>> > releases.
>> >
>> > The artifacts are available for download at:
>> >
>> > http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>> >
>> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
>> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>> >
>> > This corresponds to git:
>> >
>> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
>> > Tag: 5.3.1-rc0
>> >
>> > Which can be verified with the following:
>> >
>> > git tag -v 5.3.1-rc0
>> >
>> > My code signing key is available here:
>> >
>> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
>> >
>> > Make sure you refresh from a key server to get all relevant signatures.
>> >
>> > The vote is open until Jul 2nd 2015. This is shorter than normal
>> because it
>> > is a bug fix/security release and the holiday weekend.
>> >
>> > Thanks All!
>>
>>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Phil Sorber <so...@apache.org>.
+1 Tested on CentOS 6.5
On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bc...@apache.org> wrote:
> +1
>
> Tested on Fedora 22. Signatures and regression passed.
>
> -Bryan
>
>
> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
> >
> > Hello All,
> >
> > I've prepared a release for v5.3.1 (RC0) which is the latest stable
> release
> > in the 5.3.x series. This is the second release in our Long Term Support
> > (LTS) version as detailed in our Release Management document:
> >
> > https://cwiki.apache.org/confluence/display/TS/Release+Management
> >
> > Changes since 5.3.0:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
> >
> > Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> > experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
> >
> > A summary of the new features in 5.3.x are here:
> >
> > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
> >
> > Information about upgrading to this release from previous ones is
> available
> > at:
> >
> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
> >
> > The cache in this release is compatible with the previous 5.x and 4.x
> > releases.
> >
> > The artifacts are available for download at:
> >
> > http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
> >
> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
> >
> > This corresponds to git:
> >
> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> > Tag: 5.3.1-rc0
> >
> > Which can be verified with the following:
> >
> > git tag -v 5.3.1-rc0
> >
> > My code signing key is available here:
> >
> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
> >
> > Make sure you refresh from a key server to get all relevant signatures.
> >
> > The vote is open until Jul 2nd 2015. This is shorter than normal because
> it
> > is a bug fix/security release and the holiday weekend.
> >
> > Thanks All!
>
>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Phil Sorber <so...@apache.org>.
+1 Tested on CentOS 6.5
On Thu, Jul 2, 2015 at 4:09 PM Bryan Call <bc...@apache.org> wrote:
> +1
>
> Tested on Fedora 22. Signatures and regression passed.
>
> -Bryan
>
>
> > On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
> >
> > Hello All,
> >
> > I've prepared a release for v5.3.1 (RC0) which is the latest stable
> release
> > in the 5.3.x series. This is the second release in our Long Term Support
> > (LTS) version as detailed in our Release Management document:
> >
> > https://cwiki.apache.org/confluence/display/TS/Release+Management
> >
> > Changes since 5.3.0:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
> >
> > Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> > experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> > attacks and can be avoided by simply disabling HTTP/2 or upgrading.
> >
> > A summary of the new features in 5.3.x are here:
> >
> > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
> >
> > Information about upgrading to this release from previous ones is
> available
> > at:
> >
> > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
> >
> > The cache in this release is compatible with the previous 5.x and 4.x
> > releases.
> >
> > The artifacts are available for download at:
> >
> > http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
> >
> > MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> > SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
> >
> > This corresponds to git:
> >
> > Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> > Tag: 5.3.1-rc0
> >
> > Which can be verified with the following:
> >
> > git tag -v 5.3.1-rc0
> >
> > My code signing key is available here:
> >
> > http://people.apache.org/~sorber/gpg-code-signing-key.asc
> >
> > Make sure you refresh from a key server to get all relevant signatures.
> >
> > The vote is open until Jul 2nd 2015. This is shorter than normal because
> it
> > is a bug fix/security release and the holiday weekend.
> >
> > Thanks All!
>
>
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Bryan Call <bc...@apache.org>.
+1
Tested on Fedora 22. Signatures and regression passed.
-Bryan
> On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
>
> Hello All,
>
> I've prepared a release for v5.3.1 (RC0) which is the latest stable release
> in the 5.3.x series. This is the second release in our Long Term Support
> (LTS) version as detailed in our Release Management document:
>
> https://cwiki.apache.org/confluence/display/TS/Release+Management
>
> Changes since 5.3.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>
> A summary of the new features in 5.3.x are here:
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>
> Information about upgrading to this release from previous ones is available
> at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>
> The cache in this release is compatible with the previous 5.x and 4.x
> releases.
>
> The artifacts are available for download at:
>
> http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>
> MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>
> This corresponds to git:
>
> Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> Tag: 5.3.1-rc0
>
> Which can be verified with the following:
>
> git tag -v 5.3.1-rc0
>
> My code signing key is available here:
>
> http://people.apache.org/~sorber/gpg-code-signing-key.asc
>
> Make sure you refresh from a key server to get all relevant signatures.
>
> The vote is open until Jul 2nd 2015. This is shorter than normal because it
> is a bug fix/security release and the holiday weekend.
>
> Thanks All!
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Reindl Harald <h....@thelounge.net>.
hopefully TLS is working again with 5.3.1 because it was *totally*
broken with 5.3.0 meaning after a ssl-test no longer responding and
firefox saying "no common cipher" while after downgrade it works as all
the months before
honestly TLS offloading is the weakest part of ATS all the time :-8
Am 30.06.2015 um 06:56 schrieb Phil Sorber:
> Hello All,
>
> I've prepared a release for v5.3.1 (RC0) which is the latest stable
> release in the 5.3.x series. This is the second release in our Long Term
> Support (LTS) version as detailed in our Release Management document:
>
> https://cwiki.apache.org/confluence/display/TS/Release+Management
>
> Changes since 5.3.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>
> A summary of the new features in 5.3.x are here:
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>
> Information about upgrading to this release from previous ones is
> available at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>
> The cache in this release is compatible with the previous 5.x and 4.x
> releases.
>
> The artifacts are available for download at:
>
> http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>
> MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>
> This corresponds to git:
>
> Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> Tag: 5.3.1-rc0
>
> Which can be verified with the following:
>
> git tag -v 5.3.1-rc0
>
> My code signing key is available here:
>
> http://people.apache.org/~sorber/gpg-code-signing-key.asc
>
> Make sure you refresh from a key server to get all relevant signatures.
>
> The vote is open until Jul 2nd 2015. This is shorter than normal because
> it is a bug fix/security release and the holiday weekend.
>
> Thanks All!
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Bryan Call <bc...@apache.org>.
+1
Tested on Fedora 22. Signatures and regression passed.
-Bryan
> On Jun 29, 2015, at 9:56 PM, Phil Sorber <so...@apache.org> wrote:
>
> Hello All,
>
> I've prepared a release for v5.3.1 (RC0) which is the latest stable release
> in the 5.3.x series. This is the second release in our Long Term Support
> (LTS) version as detailed in our Release Management document:
>
> https://cwiki.apache.org/confluence/display/TS/Release+Management
>
> Changes since 5.3.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.
>
> A summary of the new features in 5.3.x are here:
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.3.x
>
> Information about upgrading to this release from previous ones is available
> at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>
> The cache in this release is compatible with the previous 5.x and 4.x
> releases.
>
> The artifacts are available for download at:
>
> http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
>
> MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
> SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f
>
> This corresponds to git:
>
> Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
> Tag: 5.3.1-rc0
>
> Which can be verified with the following:
>
> git tag -v 5.3.1-rc0
>
> My code signing key is available here:
>
> http://people.apache.org/~sorber/gpg-code-signing-key.asc
>
> Make sure you refresh from a key server to get all relevant signatures.
>
> The vote is open until Jul 2nd 2015. This is shorter than normal because it
> is a bug fix/security release and the holiday weekend.
>
> Thanks All!
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Leif Hedstrom <zw...@apache.org>.
> On Jun 29, 2015, at 10:56 PM, Phil Sorber <so...@apache.org> wrote:
>
> Hello All,
>
> I've prepared a release for v5.3.1 (RC0) which is the latest stable release
> in the 5.3.x series. This is the second release in our Long Term Support
> (LTS) version as detailed in our Release Management document:
>
> https://cwiki.apache.org/confluence/display/TS/Release+Management
>
> Changes since 5.3.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.
Tested on CentOS7 and Fedora 20. Signatures validates.
+1.
— Leif
Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)
Posted by Leif Hedstrom <zw...@apache.org>.
> On Jun 29, 2015, at 10:56 PM, Phil Sorber <so...@apache.org> wrote:
>
> Hello All,
>
> I've prepared a release for v5.3.1 (RC0) which is the latest stable release
> in the 5.3.x series. This is the second release in our Long Term Support
> (LTS) version as detailed in our Release Management document:
>
> https://cwiki.apache.org/confluence/display/TS/Release+Management
>
> Changes since 5.3.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.
Tested on CentOS7 and Fedora 20. Signatures validates.
+1.
— Leif