This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new bdbd7f1 Update changelog and security (#5634)
bdbd7f1 is described below
commit bdbd7f1c6f6f565012d4e71640af3d7a86bae3c5
Author: ocket8888 <[email protected]>
AuthorDate: Mon Mar 15 20:44:12 2021 -0600
Update changelog and security (#5634)
* Update CHANGELOG
* Update SECURITY
---
CHANGELOG.md | 70 +++++++++++++++++++++++++++++++++++-------------------------
SECURITY.md | 3 ++-
2 files changed, 43 insertions(+), 30 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2dedd7..8aa09c7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,28 +11,18 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- Traffic Portal:
[#5318](https://github.com/apache/trafficcontrol/issues/5318) - Rename server
columns for IPv4 address fields.
- Traffic Portal:
[#5361](https://github.com/apache/trafficcontrol/issues/5361) - Added the
ability to change the name of a topology.
- Traffic Portal:
[#5340](https://github.com/apache/trafficcontrol/issues/5340) - Added the
ability to resend a user registration from user screen.
-- Traffic Portal:
[#5394](https://github.com/apache/trafficcontrol/issues/5394) - Converts the
tenant table to a tenant tree for usability
-- Traffic Portal:
[#5317](https://github.com/apache/trafficcontrol/issues/5317) - Clicking IP
addresses in the servers table no longer navigates to server details page.
- Traffic Portal: Adds the ability for operations/admin users to create a
CDN-level notification.
- Traffic Portal: upgraded delivery service UI tables to use more
powerful/performant ag-grid component
-- Traffic Ops: added a feature so that the user can specify
`maxRequestHeaderBytes` on a per delivery service basis
-- Traffic Router: log warnings when requests to Traffic Monitor return a 503
status code
- Traffic Router: added new 'dnssec.rrsig.cache.enabled' profile parameter to
enable new DNSSEC RRSIG caching functionality. Enabling this greatly reduces
CPU usage during the DNSSEC signing process.
- [#5316](https://github.com/apache/trafficcontrol/issues/5316) - Add router
host names and ports on a per interface basis, rather than a per server basis.
-- [#5344](https://github.com/apache/trafficcontrol/issues/5344) - Add a page
that addresses migrating from Traffic Ops API v1 for each endpoint
-- [#5296](https://github.com/apache/trafficcontrol/issues/5296) - Fixed a bug
where users couldn't update any regex in Traffic Ops/ Traffic Portal
-- Added API endpoints for ACME accounts
- Traffic Ops: Adds API endpoints to fetch (GET), create (POST) or delete
(DELETE) a cdn notification. Create and delete are limited to users with
operations or admin role.
-- Traffic Ops: Added validation to ensure that the cachegroups of a delivery
services' assigned ORG servers are present in the topology
-- Traffic Ops: Added validation to ensure that the `weight` parameter of
`parent.config` is a float
-- Traffic Ops Client: New Login function with more options, including falling
back to previous minor versions. See traffic_ops/v3-client documentation for
details.
-- Added license files to the RPMs
- Added ACME certificate renewals and ACME account registration using external
account binding
- Added functionality to automatically renew ACME certificates.
- Added an endpoint for statuses on asynchronous jobs and applied it to the
ACME renewal endpoint.
- Traffic Ops API version 4.0
- `GET` request method for `/deliveryservices/{{ID}}/assign`
- `GET` request method for `/deliveryservices/{{ID}}/status`
+- Atscfg: Added a rule to ip_allow such that PURGE requests are allowed over
localhost
- [#5644](https://github.com/apache/trafficcontrol/issues/5644) ORT config
generation: Added ATS9 ip_allow.yaml support, and automatic generation if the
server's package Parameter is 9.*
- ORT config generation: Added a rule to ip_allow such that PURGE requests are
allowed over localhost
@@ -41,6 +31,38 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- [#5565](https://github.com/apache/trafficcontrol/issues/5565) - TO GET
/caches/stats panic converting string to uint64
- [#5558](https://github.com/apache/trafficcontrol/issues/5558) - Fixed `TM
UI` and `/api/cache-statuses` to report aggregate `bandwidth_kbps` correctly.
- [#5288](https://github.com/apache/trafficcontrol/issues/5288) - Fixed the
ability to create and update a server with MTU value >= 1280.
+- [#5284](https://github.com/apache/trafficcontrol/issues/5284) - Fixed error
message when creating a server with non-existent profile
+- Fixed a NullPointerException in TR when a client passes a null SNI hostname
in a TLS request
+- Fixed a logging bug in Traffic Monitor where it wouldn't log errors in
certain cases where a backup file could be used instead. Also, Traffic Monitor
now rejects monitoring snapshots that have no delivery services.
+- [#5407](https://github.com/apache/trafficcontrol/issues/5407) - Make sure
that you cannot add two servers with identical content
+- [#2881](https://github.com/apache/trafficcontrol/issues/2881) - Some API
endpoints have incorrect Content-Types
+- [#5363](https://github.com/apache/trafficcontrol/issues/5363) - Postgresql
version changeable by env variable
+- [#5405](https://github.com/apache/trafficcontrol/issues/5405) - Prevent
Tenant update from choosing child as new parent
+- [#5384](https://github.com/apache/trafficcontrol/issues/5384) - New grids
will now properly remember the current page number.
+
+### Changed
+- Updated the Traffic Ops Python client to 3.0
+- Updated Flot libraries to supported versions
+- [apache/trafficcontrol](https://github.com/apache/trafficcontrol) is now a
Go module
+- Set Traffic Router to also accept TLSv1.3 protocols by default in server.xml
+- Updated Apache Tomcat from 8.5.63 to 9.0.43
+
+### Removed
+- The Perl implementation of Traffic Ops has been stripped out, along with the
Go implementation's "fall-back to Perl" behavior.
+
+## [5.1.0] - 2021-03-11
+### Added
+- Traffic Ops: added a feature so that the user can specify
`maxRequestHeaderBytes` on a per delivery service basis
+- Traffic Router: log warnings when requests to Traffic Monitor return a 503
status code
+- [#5344](https://github.com/apache/trafficcontrol/issues/5344) - Add a page
that addresses migrating from Traffic Ops API v1 for each endpoint
+- [#5296](https://github.com/apache/trafficcontrol/issues/5296) - Fixed a bug
where users couldn't update any regex in Traffic Ops/ Traffic Portal
+- Added API endpoints for ACME accounts
+- Traffic Ops: Added validation to ensure that the cachegroups of a delivery
services' assigned ORG servers are present in the topology
+- Traffic Ops: Added validation to ensure that the `weight` parameter of
`parent.config` is a float
+- Traffic Ops Client: New Login function with more options, including falling
back to previous minor versions. See traffic_ops/v3-client documentation for
details.
+- Added license files to the RPMs
+
+### Fixed
- [#5445](https://github.com/apache/trafficcontrol/issues/5445) - When
updating a registered user, ignore updates on registration_sent field.
- [#5335](https://github.com/apache/trafficcontrol/issues/5335) - Don't create
a change log entry if the delivery service primary origin hasn't changed
- [#5333](https://github.com/apache/trafficcontrol/issues/5333) - Don't create
a change log entry for any delivery service consistent hash query params updates
@@ -51,45 +73,35 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- [#5382](https://github.com/apache/trafficcontrol/issues/5382) - Fixed API
documentation and TP helptext for "Max DNS Answers" field with respect to DNS,
HTTP, Steering Delivery Service
- [#5396](https://github.com/apache/trafficcontrol/issues/5396) - Return the
correct error type if user tries to update the root tenant
- [#5378](https://github.com/apache/trafficcontrol/issues/5378) - Updating a
non existent DS should return a 404, instead of a 500
-- Fixed a NullPointerException in TR when a client passes a null SNI hostname
in a TLS request
- Fixed a potential Traffic Router race condition that could cause erroneous
503s for CLIENT_STEERING delivery services when loading new steering changes
-- Fixed a logging bug in Traffic Monitor where it wouldn't log errors in
certain cases where a backup file could be used instead. Also, Traffic Monitor
now rejects monitoring snapshots that have no delivery services.
- [#5195](https://github.com/apache/trafficcontrol/issues/5195) - Correctly
show CDN ID in Changelog during Snap
- [#5438](https://github.com/apache/trafficcontrol/issues/5438) - Correctly
specify nodejs version requirements in traffic_portal.spec
- Fixed Traffic Router logging unnecessary warnings for IPv6-only caches
-- [#5294](https://github.com/apache/trafficcontrol/issues/5294) - TP ag grid
tables now properly persist column filters
- on page refresh.
-- [#5295](https://github.com/apache/trafficcontrol/issues/5295) - TP
types/servers table now clears all filters instead
- of just column filters
+- [#5294](https://github.com/apache/trafficcontrol/issues/5294) - TP ag grid
tables now properly persist column filters on page refresh.
+- [#5295](https://github.com/apache/trafficcontrol/issues/5295) - TP
types/servers table now clears all filters instead of just column filters
- [#5407](https://github.com/apache/trafficcontrol/issues/5407) - Make sure
that you cannot add two servers with identical content
- [#2881](https://github.com/apache/trafficcontrol/issues/2881) - Some API
endpoints have incorrect Content-Types
- [#5311](https://github.com/apache/trafficcontrol/issues/5311) - Better TO
log messages when failures calling TM CacheStats
-- [#5363](https://github.com/apache/trafficcontrol/issues/5363) - Postgresql
version changeable by env variable
- [#5364](https://github.com/apache/trafficcontrol/issues/5364) - Cascade
server deletes to delete corresponding IP addresses and interfaces
- [#5390](https://github.com/apache/trafficcontrol/issues/5390) - Improve the
way TO deals with delivery service server assignments
- [#5339](https://github.com/apache/trafficcontrol/issues/5339) - Ensure
Changelog entries for SSL key changes
-- [#5405](https://github.com/apache/trafficcontrol/issues/5405) - Prevent
Tenant update from choosing child as new parent
- [#5461](https://github.com/apache/trafficcontrol/issues/5461) - Fixed
steering endpoint to be ordered consistently
- [#5395](https://github.com/apache/trafficcontrol/issues/5395) - Added
validation to prevent changing the Type any Cache Group that is in use by a
Topology
-- [#5384](https://github.com/apache/trafficcontrol/issues/5384) - New grids
will now properly remember the current page number.
+- Fixed an issue with 2020082700000000_server_id_primary_key.sql trying to
create multiple primary keys when there are multiple schemas.
- Fix for public schema in 2020062923101648_add_deleted_tables.sql
- Fix for config gen missing max_origin_connections on mids in certain
scenarios
-- Fixed and issue with 2020082700000000_server_id_primary_key.sql trying to
create multiple primary keys when there are multiple schemas.
- Moved move_lets_encrypt_to_acme.sql,
add_max_request_header_size_delivery_service.sql, and
server_interface_ip_address_cascade.sql past last migration in 5.0.0
- [#5505](https://github.com/apache/trafficcontrol/issues/5505) - Make
`parent_reval_pending` for servers in a Flexible Topology CDN-specific on `GET
/servers/{name}/update_status`
+- [#5317](https://github.com/apache/trafficcontrol/issues/5317) - Clicking IP
addresses in the servers table no longer navigates to server details page.
### Changed
- Refactored the Traffic Ops Go client internals so that all public methods
have a consistent behavior/implementation
- Pinned external actions used by Documentation Build and TR Unit Tests
workflows to commit SHA-1 and the Docker image used by the Weasel workflow to a
SHA-256 digest
-- Updated the Traffic Ops Python client to 3.0
-- Updated Flot libraries to supported versions
-- [apache/trafficcontrol](https://github.com/apache/trafficcontrol) is now a
Go module
-- Set Traffic Router to only accept TLSv1.1, TLSv1.2, and TLSv1.3 protocols by
default in server.xml
-- Updated Apache Tomcat from 8.5.57 to 9.0.43
+- Set Traffic Router to only accept TLSv1.1 and TLSv1.2 protocols in server.xml
+- Updated Apache Tomcat from 8.5.57 to 8.5.63
- Updated Apache Tomcat Native from 1.2.16 to 1.2.23
-
-### Removed
-- The Perl implementation of Traffic Ops has been stripped out, along with the
Go implementation's "fall-back to Perl" behavior.
+- Traffic Portal:
[#5394](https://github.com/apache/trafficcontrol/issues/5394) - Converts the
tenant table to a tenant tree for usability
+- Traffic Portal: upgraded delivery service UI tables to use more
powerful/performant ag-grid component
## [5.0.0] - 2020-10-20
### Added
diff --git a/SECURITY.md b/SECURITY.md
index 5436fac..56f4a8e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,7 +7,8 @@
| < 4.0 | :x: |
| 4.0.x | :x: |
| 4.1.x | :white_check_mark: |
-| 5.0.x | :white_check_mark: |
+| 5.0.x | :x: |
+| 5.1.x | :white_check_mark: |
## Reporting a Vulnerability
Contact the [Apache Software Foundation Security
Team](mailto:[email protected])
