Apache Traffic Server v5.1.1 Released The Apache Software Foundation and the Apache Traffic Server project are pleased to announce the release of Apache Traffic Server v5.1.1! This is our latest stable release, and is immediately available for download at:
http://trafficserver.apache.org/downloads Upgrading from 5.0.x and 5.1.0 should be seamless. Upgrading from the previous releases, 3.2.0 and later, to v5.1.1 should preserve the cache and not require it to be cleared. More details are available at: https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0 This a security related release and should replace all deployed 5.1.0 instances. The security issues involved are * SSL v3 - a security hole was found. As this is a very old protocol Traffic Server was changed to not enable it by default (TS-3135). It can still be enabled in records.config but this now requires explicit administrator action. This is based on CVE-2014-3566. * An error in the remap logic (TS-2677) which could potentially enable an open relay was fixed. This is CVE-2014-3624. More details are available at: https://cwiki.apache.org/confluence/display/TS/What's+new+in+v5.1.x Sincerely, -- The Apache Traffic Server community