You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Leif Hedstrom <zw...@apache.org> on 2015/07/02 20:45:22 UTC

Re: [VOTE] Release Apache Traffic Server 5.3.1 (RC0)

> On Jun 29, 2015, at 10:56 PM, Phil Sorber <so...@apache.org> wrote:
> 
> Hello All,
> 
> I've prepared a release for v5.3.1 (RC0) which is the latest stable release
> in the 5.3.x series. This is the second release in our Long Term Support
> (LTS) version as detailed in our Release Management document:
> 
> https://cwiki.apache.org/confluence/display/TS/Release+Management
> 
> Changes since 5.3.0:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
> 
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading.



Tested on CentOS7 and Fedora 20. Signatures validates.

+1.

— Leif