Apache Traffic Server v5.1.1 Released
The Apache Software Foundation and the Apache Traffic Server project are
pleased to announce the release of Apache Traffic Server v5.1.1! This is our
latest stable release, and is immediately available for download at:
http://trafficserver.apache.org/downloads
Upgrading from 5.0.x and 5.1.0 should be seamless. Upgrading from the previous
releases, 3.2.0 and later, to v5.1.1 should preserve the cache and not require
it to be cleared. More details are available at:
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
This a security related release and should replace all deployed 5.1.0
instances. The security issues involved are
* SSL v3 - a security hole was found. As this is a very old protocol
Traffic Server was changed to not enable it by default (TS-3135). It can still
be enabled in records.config but this now requires explicit administrator
action. This is based on CVE-2014-3566.
* An error in the remap logic (TS-2677) which could potentially enable
an open relay was fixed. This is CVE-2014-3624.
More details are available at:
https://cwiki.apache.org/confluence/display/TS/What's+new+in+v5.1.x
Sincerely,
-- The Apache Traffic Server community
