09 Nov 16:54

ocket8888

Apache Traffic Control 5.1.4

Released November 8^th, 2021

Downloads

Apache Traffic Control 5.1.4 is available here:

Release Notes

Fixed

Traffic Ops: Sanitize username before executing LDAP query

Assets 12

11 Oct 22:55

zrhoffman

Apache Traffic Control 6.0.0

Traffic Ops

Added

#4982 Added the ability to support queueing updates by server type and profile
#5412 Added last authenticated time to user API's (GET /user/current, GET /users, GET /user?id=) response payload
#5451 Added change log count to user API's response payload and query param (username) to logs API
CDN Locks: An Operations-level user can now lock a CDN to prevent other users from trying to modify it at the same time.
Postgres Traffic Vault backend: Traffic Ops now supports a Postgres Traffic Vault backend with the option to fetch the Traffic Vault secret key from HashiCorp Vault
Python client: #5611 Added server_detail endpoint
Ported the Postinstall script to Python. The Perl version has been moved to install/bin/_postinstall.pl and has been deprecated, pending removal in a future release.
CDN-in-a-Box: Generate config files using the Postinstall script
Traffic Ops/Traffic Portal: #5479 - Added the ability to change a server capability name
Traffic Ops: #3577 - Added a query param (server host_name or ID) for servercheck API
#5316 - Add router host names and ports on a per interface basis, rather than a per server basis.
Traffic Ops: Adds API endpoints to fetch (GET), create (POST) or delete (DELETE) a cdn notification. Create and delete are limited to users with operations or admin role.
Added ACME certificate renewals and ACME account registration using external account binding
Added functionality to automatically renew ACME certificates.
Traffic Ops: #6069 - prevent unassigning all ONLINE ORG servers from an MSO-enabled delivery service
Added an endpoint for statuses on asynchronous jobs and applied it to the ACME renewal endpoint.
Added two new cdn.conf options to make Traffic Vault configuration more backend-agnostic: traffic_vault_backend and traffic_vault_config
Traffic Ops API version 4.0 - This version is unstable meaning that breaking changes can occur at any time - use at your own peril!
GET request method for /deliveryservices/{{ID}}/assign
GET request method for /deliveryservices/{{ID}}/status
Added integration to use ACME to generate new SSL certificates.
Added GetServersByDeliveryService method to the TO Go client
Added asynchronous status to ACME certificate generation.
Added per Delivery Service HTTP/2 and TLS Versions support, via ssl_server_name.yaml and sni.yaml. See overview/delivery_services and t3c docs.
Added headers to Traffic Portal, Traffic Ops, and Traffic Monitor to opt out of tracking users via Google FLoC.
Add logging scope for logging.yaml generation for ATS 9 support
DELETE request method for deliveryservices/xmlId/{name}/urlkeys and deliveryservices/{id}/urlkeys.
Added traffic_ops/app/db/traffic_vault_migrate to help with migrating Traffic Ops Traffic Vault backends
Added a tool at /traffic_ops/app/db/reencrypt to re-encrypt the data in the Postgres Traffic Vault with a new key.
Added a new field to Delivery Services - tlsVersions - that explicitly lists the TLS versions that may be used to retrieve their content from Cache Servers.

Fixed

CVE-2021-42009: Customer names in payloads sent to the /deliveryservices/request Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.
#2471 - A PR check to ensure added db migration file is the latest.
#5609 - Fixed GET /servercheck filter for an extra query param.
#5954 - Traffic Ops HTTP response write errors are ignored
#6104 - PUT /api/x/federations only respects first item in request payload
#5288 - Fixed the ability to create and update a server with MTU value >= 1280.
#5284 - Fixed error message when creating a server with non-existent profile
#5739 - Prevent looping in case of a failed login attempt
#5407 - Make sure that you cannot add two servers with identical content
#2881 - Some API endpoints have incorrect Content-Types
#5405 - Prevent Tenant update from choosing child as new parent
#5548 - Don't return a 403 Forbidden when the user tries to get servers of a non-existent DS using GET /servers?dsId={{nonexistent DS ID}}
#5732 - TO API POST /cdns/dnsseckeys/generate times out with large numbers of delivery services
#5902 - Fixed issue where the TO API wouldn't properly query all SSL certificates from Riak.
Fixed server creation through legacy API versions to default monitor to true.
#5965 - Fixed Traffic Ops /deliveryserviceservers If-Modified-Since requests.
#5981 - /deliveryservices/{{ID}}/safe returns incorrect response for the requested API version
#5984 - /servers/{{ID}}/deliveryservices returns incorrect response for the requested API version
#6027 - Collapsed DB migrations
#6066 - Fixed missing/incorrect indices on some tables
#5576 - Inconsistent Profile Name restrictions
Fixed Federations IMS so TR federations watcher will get updates.
#6093 - Fixed Let's Encrypt to work for delivery services where the domain does not contain the XMLID.
#5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.

Changed

Updated the Traffic Ops Python client to 3.0
apache/trafficcontrol is now a Go module
Updated Traffic Ops supported database version from PostgreSQL 9.6 to 13.2
#3342 - Updated the db/admin tool to use Migrate instead of Goose and converted the migrations to Migrate format (split up/down for each migration into separate files)
Refactored the Traffic Ops - Traffic Vault integration to more easily support the development of new Traffic Vault backends
Improved the DNSSEC refresh Traffic Ops API (/cdns/dnsseckeys/refresh). As of TO API v4, its method is PUT instead of GET, its response format was changed to return an alert instead of a string-based response, it returns a 202 instead of a 200, and it now works with the async_status API in order for the client to check the status of the async job: #3054
Delivery Service Requests now keep a record of the changes they make.
Changed the goose provider to the maintained fork github.com/kevinburke/goose
The format of the /servers/{{host name}}/update_status Traffic Ops API endpoint has been changed to use a top-level response property, in keeping with (most of) the rest of the API.
The API v4 Traffic Ops Go client has been overhauled compared to its predecessors to have a consistent call signature that allows passing query string parameters and HTTP headers to any client method.
Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.
#6179 Updated the Traffic Ops rpm to include the ToDnssecRefresh binary and make the trafops_dnssec_refresh cron job use it

Deprecated

The Riak Traffic Vault backend is now deprecated and its support may be removed in a future release. It is highly recommended to use the new PostgreSQL backend instead.
The riak.conf config file and its corresponding --riakcfg option in traffic_ops_golang have been deprecated. Please use "traffic_vault_backend": "riak" and "traffic_vault_config" (with the existing contents of riak.conf) instead.
The Traffic Ops API route GET /api/{version}/vault/bucket/{bucket}/key/{key}/values has been deprecated and will no longer be available as of Traffic Ops API v4
The Traffic Ops API route POST /api/{version}/deliveryservices/request has been deprecated and will no longer be available as of Traffic Ops API v4
The Traffic Ops API routes GET /api/{version}/cachegroupparameters, POST /api/{version}/cachegroupparameters, GET /api/{version}/cachegroups/{id}/parameters, and `DELETE /api/{ve...

Read more

Assets 18

12 Oct 01:15

ocket8888

Apach Traffic Control 5.1.3

Apache Traffic Control 5.1.3

Released October 11^th, 2021

Downloads

Apache Traffic Control 5.1.3 is available here:

Release Notes

Changed

Customer names in payloads sent to the /deliveryservices/request Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.

Assets 12

18 May 13:24

ocket8888

Apache Traffic Control 5.1.2

Apache Traffic Control 5.1.2

Released May 17^th, 2021

Downloads

Apache Traffic Control 5.1.2 is available here:

Release Notes

Fixed

Fixed the return error for GET api cdns/routing to avoid incorrect success response.
#5712 - Ensure that 5.x Traffic Stats is compatible with 5.x Traffic Monitor and 5.x Traffic Ops, and that it doesn't log all 0's for cache_stats
Fixed ORT being unable to update URLSIG keys for Delivery Services
Fixed ORT service category header rewrite for mids and topologies.
Fixed an issue where Traffic Ops becoming unavailable caused Traffic Monitor to segfault and crash
#5754 - Ensure Health Threshold Parameters use legacy format for legacy Monitoring Config handler
#5695 - Ensure vitals are calculated only against monitored interfaces
Fixed Traffic Monitor to report ONLINE caches as available.
#5744 - Sort TM Delivery Service States page by DS name
#5724 - Set XMPPID to hostname if the server had none, don't error on server update when XMPPID is empty
#5739 - Prevent looping in case of a failed login attempt

Assets 12

01 Apr 19:51

ocket8888

Apache Traffic Control 5.1.1

Apache Traffic Control 5.1.1

Released April 1^st, 2021

Downloads

Apache Traffic Control 5.1.1 is available here:

Release Notes

Added

Atscfg: Added a rule to ip_allow such that PURGE requests are allowed over localhost

Fixed

#5565 - TO GET /caches/stats panic converting string to uint64
#5558 - Fixed TM UI and /api/cache-statuses to report aggregate bandwidth_kbps correctly.
Fix for config gen missing max_origin_connections on mids in certain scenarios
#5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
Fixed Invalid TS logrotate configuration permissions causing TS logs to be ignored by logrotate.
#5604 - traffic_monitor.log is no longer truncated when restarting Traffic Monitor
#1624 - Fixed ORT to reload Traffic Server if LUA scripts are added or changed.
#5554 - TM UI overflows screen width and hides table data

Assets 12

12 Mar 00:20

ocket8888

v5.1.0

Apache Traffic Control 5.1.0

Released March 11^th, 2021

Downloads

Apache Traffic Control 5.1.0 is available here:

Release Notes

Added

Traffic Portal: #5394 - Converts the tenant table to a tenant tree for usability
Traffic Portal: #5317 - Clicking IP addresses in the servers table no longer navigates to server details page.
Traffic Portal: upgraded delivery service UI tables to use more powerful/performant ag-grid component
Traffic Ops: added a feature so that the user can specify maxRequestHeaderBytes on a per delivery service basis
Traffic Router: log warnings when requests to Traffic Monitor return a 503 status code
#5344 - Add a page that addresses migrating from Traffic Ops API v1 for each endpoint
#5296 - Fixed a bug where users couldn't update any regex in Traffic Ops/ Traffic Portal
Added API endpoints for ACME accounts
Traffic Ops: Added validation to ensure that the cachegroups of a delivery services' assigned ORG servers are present in the topology
Traffic Ops: Added validation to ensure that the weight parameter of parent.config is a float
Traffic Ops Client: New Login function with more options, including falling back to previous minor versions. See traffic_ops/v3-client documentation for details.
Added license files to the RPMs

Fixed

#5445 - When updating a registered user, ignore updates on registration_sent field.
#5335 - Don't create a change log entry if the delivery service primary origin hasn't changed
#5333 - Don't create a change log entry for any delivery service consistent hash query params updates
#5341 - For a DS with existing SSLKeys, fixed HTTP status code from 403 to 400 when updating CDN and Routing Name (in TO) and made CDN and Routing Name fields immutable (in TP).
#5192 - Fixed TO log warnings when generating snapshots for topology-based delivery services.
#5284 - Fixed error message when creating a server with non-existent profile
#5287 - Fixed error message when creating a Cache Group with no typeId
#5382 - Fixed API documentation and TP helptext for "Max DNS Answers" field with respect to DNS, HTTP, Steering Delivery Service
#5396 - Return the correct error type if user tries to update the root tenant
#5378 - Updating a non existent DS should return a 404, instead of a 500
Fixed a potential Traffic Router race condition that could cause erroneous 503s for CLIENT_STEERING delivery services when loading new steering changes
#5195 - Correctly show CDN ID in Changelog during Snap
#5438 - Correctly specify nodejs version requirements in traffic_portal.spec
Fixed Traffic Router logging unnecessary warnings for IPv6-only caches
#5294 - TP ag grid tables now properly persist column filters
on page refresh.
#5295 - TP types/servers table now clears all filters instead
of just column filters
#5407 - Make sure that you cannot add two servers with identical content
#2881 - Some API endpoints have incorrect Content-Types
#5311 - Better TO log messages when failures calling TM CacheStats
#5364 - Cascade server deletes to delete corresponding IP addresses and interfaces
#5390 - Improve the way TO deals with delivery service server assignments
#5339 - Ensure Changelog entries for SSL key changes
#5461 - Fixed steering endpoint to be ordered consistently
#5395 - Added validation to prevent changing the Type any Cache Group that is in use by a Topology
Fixed an issue with 2020082700000000_server_id_primary_key.sql trying to create multiple primary keys when there are multiple schemas.
Fix for public schema in 2020062923101648_add_deleted_tables.sql
Moved move_lets_encrypt_to_acme.sql, add_max_request_header_size_delivery_service.sql, and server_interface_ip_address_cascade.sql past last migration in 5.0.0
#5505 - Make parent_reval_pending for servers in a Flexible Topology CDN-specific on GET /servers/{name}/update_status

Changed

Refactored the Traffic Ops Go client internals so that all public methods have a consistent behavior/implementation
Pinned external actions used by Documentation Build and TR Unit Tests workflows to commit SHA-1 and the Docker image used by the Weasel workflow to a SHA-256 digest
Set Traffic Router to only accept TLSv1.1 and TLSv1.2 protocols in server.xml
Updated Apache Tomcat from 8.5.57 to 8.5.63
Updated Apache Tomcat Native from 1.2.16 to 1.2.23

Assets 20

22 Jan 00:04

ocket8888

Apache Traffic Control 5.0.0

Apache Traffic Control 5.0.0

Released January 21^st, 2021

Downloads

Apache Traffic Control 5.0.0 is available here:

Release Notes

Added

A transliteration of the traffic_ops_ort.pl Perl script to the Go language. See traffic_ops_ort/t3c/README.md
Traffic Ops API v3
Flexible Topologies

For full details, refer tothe blueprint.
- Added a Traffic Ops API v3.0 endpoint: /topologies, to create, read, update and delete flexible topologies
- Added the ability to queue or dequeue updates for all servers assigned to the Cachegroups in a given Topology
- Added new "Topology" property to Delivery Services as an alternative to direct server assignments
- Added "Topology" section to CDN Snapshot Comparison page
- The CiaB default Delivery Service is now "Topology-based"
Edge Traffic Routing - a feature which allows Traffic Router to localize more DNS record types than just the routing name for DNS Delivery Services
Traffic Portal table performance improvements

We've begun the process of shifting away from jQuery-plugin-based "data tables" to the much more performant AG-Grid table system.

So far the following tables have been improved:
- Servers - including when viewing the servers assigned to a Delivery Service etc.
- The API Change Log table
- DSRs
astats_over_http plugin CSV support

The astats_over_http plugin for ATS now supports outputting data in CSV format when
given the text/csv MIME-Type in the Accept header. Traffic Monitor is capable of requesting this new format (which
is faster to parse than the JSON format) in its Profile's http_polling_format Parameter.

As 5.0.0 also adds support to Traffic Monitor for the more standard stats_over_http plugin, CSV format using that

health.polling.format value is also supported - but note that one must also install the system_stats plugin to
provide all of the data necessary for Traffic Monitor's evaluations. Note also that this usage requires ATS version 9 or higher.
Multi-Interface Servers

Servers are now allowed to have multiple network interfaces specified. For full details, refer to the blueprint.
- Traffic Portal allows editing of a server's interfaces
- Traffic Ops exposes server interface data in response payloads
- Traffic Monitor is capable of evaluating a set of network interfaces, optionally with some limited thresholds set on any, all, or none of them
The ability to view Hash ID field (aka xmppId) on Traffic Portals' server summary page
The ability to delete invalidation requests, accessible in Traffic Portal
A UI indiciator to the Traffic Monitor when using a disk backup of configuration from Traffic Ops.
Support for the If-Match and If-Unmodified-Since HTTP headers to Traffic Ops and its native Go client
The "Status Last Updated" field to servers, which makes visible the time when the last status change took place for a server
TR using the default miss location of a Delivery Service in case the location (for the client's IP address) returned was the default location for the country
Traffic Ops, Traffic Ops ORT, Traffic Monitor, Traffic Stats, and Grove are now compiled using Go version 1.15
User-Agent string to Traffic Router log output
locationByDeepCoverageZone to the crs/stats/ip/{{ip}} endpoint in the Traffic Router API
The number of days of API change logs to fetch is now configurable in traffic_portal_properties.json (default is 7 days) and can be overridden by the user in Traffic Portal
Support for building RPMs that target CentOS version 8

Fixed

#3455 - Alphabetically sorting CDN Read API call
#5010 - Fixed Reference urls for Cache Config on Delivery service pages (HTTP, DNS) in Traffic Portal
#5147 - GET /servers?dsId={id} should only return mid servers (in addition to edge servers) for the CDN of the Delivery Service if the mid-tier is employed
#4981 - Cannot create routing regular expression with a blank pattern param in Delivery Service
#4979 - Returns a Bad Request error during server creation with missing profileId
#4237 - Do not return an internal server error when Delivery Service's capacity is zero.
#2712 - Invalid TM logrotate configuration permissions causing TM logs to be ignored by logrotate
#3400 - Allow "0" as a TTL value for Static DNS entries
#5050 - Allows the TP administrator to name a TP instance (production, staging, etc) and flag whether it is production or not in traffic_portal_properties.json
#4743 - Validate absolute DNS name requirement on Static DNS entry for CNAME type
#4848 - GET /api/x/cdns/capacity gives back 500, with the message capacity was zero
#2156 - Renaming a host in TC, does not impact xmpp_id and thereby hashid
#3661 - Anonymous Proxy ipv4 whitelist does not work
#1847 - Delivery Service with SSL keys are no longer allowed to be updated when the fields changed are relevant to the SSL Keys validity.
Fixed the /jobs and /jobs/:id Traffic Ops API routes to allow falling back to Perl via the routing blacklist
Fixed ORT config generation not using the coalesce_number_v6 Parameter.
#4735 - Fixed POST deliveryservices/request (designed to simple send an email) regression which erroneously required deep caching type and routing name
Fixed an issue that caused Traffic Monitor to poll caches that did not have the status ONLINE/REPORTED/ADMIN_DOWN
#4740- Fixed /deliveryservice_stats regression restricting metric type to a predefined set of values
#4116- Fixed update procedure of servers, so that if a server is linked to one or more delivery services, you cannot change its CDN
Fixed ORT bug miscalculating Mid Max Origin Connections as all servers, usually resulting in 1
Added Delivery Service Raw Remap __RANGE_DIRECTIVE__ directive to allow inserting the Range Directive after the Raw Remap text. This allows Raw Remaps which manipulate the Range
#4984 - Lets create_tables.sql be run concurrently without issue

Changed

When creating invalidation jobs through TO/TP, if an identical regex is detected that overlaps its time, then warnings will be returned indicating that overlap exists.
Changed Traffic Portal to disable browser caching on GETs until it utilizes the If-Modified-Since functionality that the TO API now provides.
Changed Traffic Portal to use Traffic Ops API v3
Changed ORT to find the local ATS config directory and use it when location Parameters don't exist for many required configs, including all Delivery Service files (Header Rewrites, Regex Remap, URL Sig, URI Signing).
Changed the access logs in Traffic Ops to now show the route ID with every API endpoint call. The Route ID is appended to the end of the access log line.
Changed the format of Traffic Monitor's tmconfig.backup to that of a GET request to /cdns/{{name}}/configs/monitoring instead of a transformed map
Changed Tomcat Java dependency to 8.5.57.
Changed Spring Framework Java dependency to 4.2.5.
Updated CiaB to CentOS 8

Deprecated

Importing Traffic Ops Go clients via the un-versioned github.com/apache/trafficcontrol/traffic_ops/client is now deprecated in favor of versioned import paths e.g. github.com/apache/trafficcontrol/traffic_ops/v3-client.

Removed

Removed deprecated Traffic Ops Go Client methods.
Configuration generation logic in the TO API (v1) for all files and the "meta" route - this means that versions of Traffic Ops ORT earlier than 4.0.0 will not work any longer with versions of Traffic Ops moving forward.
Removed from Traffic Portal the ability to view cache server config files as the contents are no longer reliable through the TO API due to the introduction of atstccfg.

Assets 13

04 Dec 17:49

rawlinp

Apache Traffic Control 4.1.1

Added

Added the ability to set TLS config provided here: https://golang.org/pkg/crypto/tls/#Config in Traffic Ops
Added --traffic_ops_insecure=<0|1> optional option to traffic_ops_ort.pl
Added ORT CentOS 8 support

Fixed

Fixed #5188 - DSR (delivery service request) incorrectly marked as complete and error message not displaying when DSR fulfilled and DS update fails in Traffic Portal. Related Github issues
Fixed #5006 - Traffic Ops now generates the Monitoring on-the-fly if the snapshot doesn't exist, and logs an error. This fixes upgrading to 4.x to not break the CDN until a Snapshot is done.
Fixed #5180 - Global Max Mbps and Tps is not send to TM
Fixed #3528 - Fix Traffic Ops monitoring.json missing DeliveryServices
Fixed #5074 - Traffic Monitor logging "CreateStats not adding availability data for server: not found in DeliveryServices" for MID caches
Fixed #5274 - CDN in a Box's Traffic Vault image failed to build due to Basho's repo responding with 402 Payment Required. The repo has been removed from the image.
Fixed an issue that causes Traffic Router to mistakenly route to caches that had recently been set from ADMIN_DOWN to OFFLINE
Fixed a NullPointerException in Traffic Router that prevented it from properly updating cache health states
Fixed an issue where Traffic Router would erroneously return 503s or NXDOMAINs if the caches in a cachegroup were all unavailable for a client's requested IP version, rather than selecting caches from the next closest available cachegroup.
Traffic Ops Ort: Disabled ntpd verification (ntpd is deprecated in CentOS)
Fixed #5005: Traffic Monitor cannot be upgraded independently of Traffic Ops
Fixed an issue with Traffic Router failing to authenticate if secrets are changed
Fixed #4825 - Traffic Monitor error log spamming "incomparable stat type int"
Fixed #4899 - Traffic Monitor Web UI showing incorrect delivery service availability states
Fixed Traffic Monitor Web UI styling for unavailable caches
Fixed an issue with Traffic Monitor to fix peer polling to work as expected
Fixed #4845 - issue with ATS logging.yaml generation (missing newlines when filters are used)
Fixed ORT atstccfg to use log appending and log rotation
Fixed a bug in ATS remap.config generation that caused a double range directive if there was a __RANGE_DIRECTIVE__ override
Fixed ORT to be backwards compatible with Traffic Ops 3.x

Changed

Changed ORT/atstccfg ATS configuration generation to be deterministic in order to simplify diff checking
Changed ORT to not update ip_allow.config on SYNCDS runs by default

Deprecated

Deprecated the insecure option in traffic_ops_golang in favor of "tls_config": { "InsecureSkipVerify": <bool> }

Assets 2

22 Oct 15:20

ocket8888

RELEASE-5.0.0-RC1

RELEASE-5.0.0-RC1 Pre-release

Pre-release

Release 5.0.0

Assets 11

20 Oct 23:11

ocket8888

RELEASE-5.0.0-RC0

RELEASE-5.0.0-RC0 Pre-release

Pre-release

Release 5.0.0

Assets 11