You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by Phil Sorber <so...@apache.org> on 2015/07/04 18:08:18 UTC
[ANNOUNCE] Apache Traffic Server 5.3.1 is released!
Apache Traffic Server v5.3.1 Released
The Apache Software Foundation and the Apache Traffic Server project
are pleased to announce the release of Apache Traffic Server v5.3.1!
This is our second stable release in the 5.3.x LTS branch, and is
immediately available for download at:
http://trafficserver.apache.org/downloads
Upgrading from 5.x should be seamless. Upgrading from the previous
releases, 3.2.0 and later, to v5.3.1 should preserve the cache and not
require it to be cleared. More details are available at:
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
This release is primarily bug fixes. For a list of what’s changed in this
release, please see
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x
For a list of all JIRA’s for this release, please see
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
experimental feature in Apache Traffic Server 5.3.0. They are both DOS
attacks and can be avoided by simply disabling HTTP/2 or upgrading to this
release.
5.3.x will be the last minor version in the 5.x release and is a Long Term
Support (LTS) release.
Sincerely,
-- The Apache Traffic Server community
Re: [ANNOUNCE] Apache Traffic Server 5.3.1 is released!
Posted by Reindl Harald <h....@thelounge.net>.
thanks!
TLS is fixed compared to 5.3.0 and no longer responding after testing
with ssllabs (no shared ciphers error in FF), older TLS issues are still
present
* https://www.ssllabs.com/ssltest/
Session resumption (tickets) Yes
*why* when ssl_ticket_enabled=0 in each line
of /etc/trafficserver/ssl_multicert.config
* still no "ab" benchmarking possible wich is *really* odd
and as said multiple times that has nothing to do with
SSL2/SSL3 enabled, it's disabled on httpd too and ab
works just fine
SSL handshake failed (1).
140694896433120:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c
Am 04.07.2015 um 18:08 schrieb Phil Sorber:
> Apache Traffic Server v5.3.1 Released
>
> The Apache Software Foundation and the Apache Traffic Server project
> are pleased to announce the release of Apache Traffic Server v5.3.1!
> This is our second stable release in the 5.3.x LTS branch, and is
> immediately available for download at:
>
> http://trafficserver.apache.org/downloads
>
> Upgrading from 5.x should be seamless. Upgrading from the previous
> releases, 3.2.0 and later, to v5.3.1 should preserve the cache and not
> require it to be cleared. More details are available at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>
> This release is primarily bug fixes. For a list of what’s changed in
> this release, please see
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x
>
> For a list of all JIRA’s for this release, please see
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading to
> this release.
>
> 5.3.x will be the last minor version in the 5.x release and is a Long
> Term Support (LTS) release.
>
> Sincerely,
>
> -- The Apache Traffic Server community