Releases: apache/trafficcontrol
Releases · apache/trafficcontrol
Apache Traffic Control 8.0.2
Fixed the following in:
Traffic Ops
- #8071 Improve validation for the
id
field of thePUT /deliveryservice_request_comments
endpoint.
Others
- #8081 Updates the versions used for actions/artifact-download and actions/artifact-upload.
- #8079 Update Postgres version to 13.16.
- #8056 Remove the
version
key from compose files and usedocker compose
instead ofdocker-compose
.
Downloads
Apache Traffic Control 8.0.2 is also available here:
Apache Traffic Control 8.0.1
Apache Traffic Control 8.0.0
Traffic Ops
- Client Certificate Authentication: The ability for a Traffic Ops (TO) instance to accept TLS certificates from a client request and verify them against specified Root CA’s certificate as a form of login. This is not to be confused with mTLS, albeit a similar design. Should a client not send a TLS certificate as part of the request login functionality will default to standard form authentication.
- Assignment of multiple Server Capabilities to a Server and vice-versa: Previous releases only allowed 1:1 assignment of server to a capability and vice-versa. This release now supports multiple assignments (1:many).
- Simplification of CDN configs by removing hypnotoad section (used in deploying TO locally or in CIAB) was no longer being used.
- Layered Profile: Aggregation of parameters based on profile priority.
- Delivery Services: Regional field added to aid maxOriginConnections
- Permission and Roles: Added new permissions (e.g.: SSL-KEY_EXPIRATION:READ, ACME:READ, etc.) to various roles. Also created a new role (trouter) to monitor Traffic Ops resources. Return empty array when no permission are given for a roles API (PUT, POST)
- Reporting: Added a feature to indicate success and failure during server upgrade.
- OAuth Added OAuth security when using Microsoft Authenticator and an optional field oauth_user_attribute for OAuth login credentials along with usage of ID token instead of Access Token for authentication.
- #7674 Added the ability to indicate if a server failed its revalidate/config update.
- Python Client uses APIv5
- Fixed the following issues/bugs:
- #7891 Created clause to distinguish api versions < 5 when handling 403 in middleware wrappers and updated job routes for v4 and v5.
- #7890 Fixed missing changelog entries to v5 routes.
- #7887 Limit Delivery Services returned for GET /servers/{id}/deliveryservices to ones in the same CDN
- #7878 Fixed the case where TO was failing to assign delivery services to a server, due to a bug in the way the list of preexisting delivery services was being returned.
- #4428 Fixed Internal Server Error with POST to profileparameters when POST body is empty
- #7047 Allow apply_time query parameters on the servers/{id-name}/update when the CDN is locked.
- #7046 API deliveryservices/sslkeys/add now checks that each cert in the chain is related.
- #6340 Fixed alert messages for POST and PUT invalidation job APIs.
- #7519 Fixed TO API /servers/{id}/deliveryservices endpoint to responding with all DS’s on cache that are directly assigned and inherited through topology.
- #7130 Fixed service_categories response to POST API.
- #6229 Fixed error message for assignment of non-existent parameters to a profile.
- #6775 Invalid “orgServerFqdn” in Delivery Service creation/update causes Internal Server Error
- #6385 Fixed reserved consistentHashQueryParameters from causing internal server error to a client error
- #4393 Fixed the error code and alert structure when TO is queried for a delivery service with no ssl keys.
- #7762 Fixed /phys_locations PUT API to remove error related to mismatching region name and ID.
- #7511 Fixed the changelog registration message to include the username instead of duplicate email entry.
- #7441 Fixed the invalidation jobs endpoint to respect CDN locks.
- #7282 Fixed issue with user getting correctly logged when using an access or bearer token authentication.
- #7231 Fixed sharedUserNames display while retrieving CDN locks.
- #7628 Fixed an issue where certificate chain validation failed based on leading or trailing whitespace.
- #7688 Fixed ability to view secured parameters when role has correct permissions.
- #7697 Fixed display of iloPassword and xmppPassword, now based on permissions and instead of priv-level.
Breaking changes:
- Fixed DS “ACTIVE” flag (Blueprint): Previously setting a Delivery Service (DS) to “Inactive” actually only sets it to “not routed”. There is no way to create a Delivery Service (with assigned servers) that will not be distributed to cache server configuration. This fix changes the Active property of Delivery Services from a boolean to an enumerated string constant that can represent three different “Activity States” for a Delivery Service.
- Updated LastUpdated field across multiple APIs to use RFC3339 instead of deprecated time.Time.
- Capabilities are now part of DS structure instead of a separate struct.
Traffic Portal
- Delivery Service (DS):
- Added server capability (removed from DS context menu), lastUpdated fields to the DS forms.
- Added the ability to tell if a DS has the target of another steering DS.
- New config options in traffic_portal_properties.json for DS active flag feature.
- Certs: Added visuals to DS cert expiration grid rows and the the ability to inspect a user provider cert, or the cert chain on DS SSL keys, and to delete a cert. Also added a revert certificate functionality.
- Servers: Improved information about profile priorities with respect to layered profile.
- Change Log: Ability to view entire log message by clicking on it.
- CDN: Added TTLOverride field to allow a quick turnaround time when performing TR maintenance that involves restarts.
- UI Beautification: Added better labels for widgets, simplifying DS button bar by moving DS changes/ DSRs under More menu, obscure sensitive text in raw remap fields, private SSL keys, “Header Rewrite” rules, and ILO interface passwords.
- Dependent on NodeJS version 16 or later
- Fixed the following issues/bugs:
- #7885 Fixed the issue where Compare Profiles page was not being displayed.
- #7879 Fixed broken capability links for delivery service and added required capability as a column in DS table.
- #7049, #7052 Fixed server table’s quick search and filter option for multiple profiles.
- #7080, #6335 Fixed redirect links for server capability.
- #7414 Fixed DSR difference for DS required capability.
- #5557 Moved Fair Queueing Pacing Rate Bps DS field to Cache Configuration Settings section.
- #7216 Fixed sort for Server’s Capabilities Table
- #7179 Fixed search filter for Delivery Service Table
- #7174 Fixed topologies sort (table and Delivery Service’s form)
- #5970 Fixed numeric sort in Delivery Service’s form for DSCP
- #5971 Fixed Max DNS Tool Top link to open in a new page
Traffic Router
- Optimized TR’s logic in zone detection and ability to handle DDOS attack by increasing TTL value.
- Logging improved for a better connection and user experience.
- Removed dnssec.zone.diffing.enabled and dnssec.rrsig.cache.enabled parameters
- #7808 Set SOA minimum field to a custom value defined in the tld.soa.minimum param, and remove the previously added dns.negative.caching.ttl property.
- Fixed the following issues/bugs:
- #7340 Fixed TR logging for the cqhv field when absent.
- #7252 Fixed integer overflow for czCount, by resetting the count to max value when it overflows.
- #7093 Updated Apache Tomcat from 9.0.43 to 9.0.67
- #3965 TR now always includes a Content-Length header in the response.
- #6533 TR should not rename/recreate log files on rollover
Traffic Stats
- Improved logic to handle connection leaks and client requests timeout to Traffic Ops
Traffic Monitor
- Improved logging with respect to ip availability for both, v4 and v6
- Fixed the bandwidth doubling issue per cache.
Traffic Control Cache Config (T3C) (formerly ORT)
- Config Generation: Addition of t3c-apply flag to allow ease of us...
Apache Traffic Control 7.0.1
Apache Traffic Control 7.0.0
Added
- Added SOA (Service Oriented Architecture) capability to CDN-In-A-Box.
- Added a Traffic Ops endpoint and Traffic Portal page to view all CDNi configuration update requests and approve or deny.
- Added a Traffic Ops endpoints to
PUT
a requested configuration change for a full configuration or per host and an endpoint to approve or deny the request. - Added a new Traffic Ops endpoint to
GET
capacity and telemetry data for CDNi integration. - Added back to the health-client the
status
field logging with the addition of the filed topublish/CrStates
- Added functionality for CDN locks, so that they can be shared amongst a list of specified usernames.
- Added functionality for login to provide a Bearer token and for that token to be later used for authorization.
- Added layered profile feature to 4.0 for
GET
/deliveryservices/{id}/servers/ and /deliveryservices/{id}/servers/eligible. - Added layered profile feature to 4.0 for
GET
/servers/,POST
/servers/,PUT
/servers/{id} andDELETE
/servers/{id}. - Added support for a new Traffic Ops GLOBAL profile parameter --
tm_query_status_override
-- to override which status of Traffic Monitors to query (default: ONLINE). - Change to t3c diff to flag a config file for replacement if owner/group settings are not
ats
#6879. - Change to t3c regex_revalidate so that STALE is no longer explicitly added for default revalidate rule for ATS version backwards compatibility.
- Replaces all Traffic Portal Tenant select boxes with a novel tree select box #6427.
- Traffic Monitor config option
distributed_polling
which enables the ability for Traffic Monitor to poll a subset of the CDN and divide into "local peer groups" and "distributed peer groups". Traffic Monitors in the same group are local peers, while Traffic Monitors in other groups are distibuted peers. Each TM group polls the same set of cachegroups and gets availability data for the other cachegroups from other TM groups. This allows each TM to be responsible for polling a subset of the CDN while still having a full view of CDN availability. In order to use this,stat_polling
must be disabled. - Traffic Monitor: Add support for
access.log
to TM. - Traffic Ops: added new
cdn.conf
option --server_update_status_cache_refresh_interval_sec
-- which enables an in-memory server update status cache to improve performance. Default: 0 (disabled). - Traffic Ops: added new
cdn.conf
option --user_cache_refresh_interval_sec
-- which enables an in-memory users cache to improve performance. Default: 0 (disabled). - Traffic Router: Add support for
file
-protocol URLs for thegeolocation.polling.url
for the Geolocation database. - Added
status
andlastPoll
fields to thepublish/CrStates
endpoint of Traffic Monitor (TM) #6448. - [Traffic Ops | Traffic Go Clients | T3C] Add additional timestamp fields to server for queuing and dequeueing config and revalidate updates.
- [Traffic Ops] Added support for backend configurations so that Traffic Ops can act as a reverse proxy for these services #6754.
- [Traffic Portal] Added Layered Profile feature to /servers/
- [Traffic Portal] Added the ability for users to view Delivery Service Requests corresponding to individual Delivery Services in TP.
Fixed
- Correction where using the placeholder
__HOSTNAME__
in "unknown" files (others than the defaults ones), was being replaced by the full FQDN instead of the shot hostname. - Fixed TO API
GET /deliveryservicesserver
causing error when an IMS request is made with thecdn
andmaxRevalDurationDays
parameters set. - Fixed TO API
PUT /servers/:id/status
to only queue updates on the same CDN as the updated server - Fixed TO to default route ID to 0, if it is not present in the request context.
- Fixed Traffic Ops ignoring the configured database port value, which was prohibiting the use of anything other than port 5432 (the PostgreSQL default)
- Fixed Traffic Router to handle aggressive NSEC correctly.
- Fixed a cdn-in-a-box build issue when using
RHEL_VERSION=7
- Fixed searching of the ds parameter merge_parent_groups slice.
- Only
operations
andadmin
roles should have theDELIVERY-SERVICE:UPDATE
permission. - Traffic Router: fixed a null pointer exception that caused snapshots to be rejected if a topology cachegroup did not have any online/reported/admin_down caches
- Update traffic_portal dependencies to mitigate
npm audit
issues. - #6271
api/{{version}/deliveryservices/{id}/health
returns no info if the delivery service uses a topology. - #6291 Prevent Traffic Ops from modifying and/or deleting reserved statuses.
- #6299 User representations don't match
- #6368 Fixed validation response message from
/acme_accounts
- #6369 Fixed
/acme_accounts
endpoint to validate email and URL fields - #6370 Fixed docs for
POST
and response code forPUT
to/acme_accounts
endpoint - #6538 Fixed the incorrect use of secure.port on TrafficRouter and corrected to the httpsPort value from the TR server configuration.
- #6549 Fixed internal server error while deleting a delivery service created from a DSR (Traafic Ops).
- #6562 Fixed incorrect template in Ansible dataset loader role when fallbackToClosest is defined.
- #6580 Fixed cache config generation remap.config targets for MID-type servers in a Topology with other caches as parents and HTTPS origins.
- #6590 Python client: Corrected parameter name in decorator for get_parameters_by_profile_id
- #6603 Fixed users with "admin" "Priv Level" not having Permission to view or delete DNSSEC keys.
- #6626 Fixed t3c Capabilities request failure issue which could result in malformed config.
- #6712 - Fixed error when loading the Traffic Vault schema from
create_tables.sql
more than once. - #6776 User properties only required sometimes
- #6780 Fixed t3c to use secondary parents when there are no primary parents available.
- #6792 Remove extraneous field from Topologies and Server Capability POST/PUT.
- #6795 Removed an unnecessary response wrapper object from being returned in a POST to the federation resolvers endpoint.
- #6800 Fixed incorrect error message for
/server/details
associated with query parameters. - #6806 t3c calculates max_origin_connections incorrectly for topology-based delivery services
- #6834 - In API 4.0, fixed
GET
for/servers
to display all profiles irrespective of the index position. Also, replaced query paramprofileId
withprofileName
. - #6883 Fix t3c cache to invalidate on version change
- #6896 Fixed the
POST api/cachegroups/id/queue_updates
endpoint so that it doesn't give an internal server error anymore. - #6907 Fixed Traffic Ops to return the correct server structure (based on the API version) upon a server deletion.
- #6933 Fixed tc-health-client to handle credentials files with special characters in variables
- #6944 Fixed cache config generation for ATS 9 sni.yaml from disable_h2 to http2 directive. ATS 9 documents disable_h2, but it doesn't seem to work.
dequeueing
server updates should not require checking for cdn locks.- t3c-generate fix for combining remapconfig and cachekeyconfig parameters for MakeRemapDotConfig call.
Removed
- Dropped CentOS 8 support
- Remove Traffic Ops API version 2
- Remove
client.steering.forced.diversity
feature flag(profile parameter) from Traffic Router (TR). Client steering responses now have cache diversity by default. - Remove traffic_portal dependencies to mitigate
npm audit
issues, specificallygrunt-concurrent
,grunt-contrib-concat
,grunt-contrib-cssmin
,grunt-contrib-jsmin
,grunt-contrib-uglify
,grunt-contrib-htmlmin
,grunt-newer
, andgrunt-wiredep
- Removed the Traffic Monitor
peer_polling_protocol
option. Traffic Monitor now just uses hostnames to request peer states, which can be handled via IPv4 or IPv6 depending on the underlying IP version in use. - Replace
forever
withpm2
for process management of the traffic portal node server to remediate security issues. - The
/servers/details
endpoint of the Traffic Ops API has been dropped in version 4.0, and marked deprecated in earlier versions.
Changed
- Added Rocky Linux 8 support
- Added new fields to the monitoring.json snapshot and made Tra...
Apache Traffic Control 6.1.0
Traffic Ops
Added
- Added permission based roles for better access control.
- #5674 Added new query parameters
cdn
andmaxRevalDurationDays
to theGET /api/x/jobs
Traffic Ops API to filter by CDN name and within the start_time window defined by themaxRevalDurationDays
GLOBAL profile parameter, respectively. - Added a new Traffic Ops cdn.conf option --
disable_auto_cert_deletion
-- in order to optionally prevent the automatic deletion of certificates for delivery services that no longer exist whenever a CDN snapshot is taken. - #6034 Added new query parameter
cdn
to theGET /api/x/deliveryserviceserver
Traffic Ops API to filter by CDN name - SANs information to the SSL key endpoint and Traffic Portal page.
- Added Traffic Vault Postgres columns, a Traffic Ops API endpoint, and Traffic Portal page to show SSL certificate expiration information.
Fixed
- #5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.
- #6378 - Cannot update or delete Cache Groups with null latitude and longitude.
- Fixed broken
GET /cdns/routing
Traffic Ops API - #6392 - Traffic Ops prevents assigning ORG servers to topology-based delivery services (as well as a number of other valid operations being prohibited by "last server assigned to DS" validations which don't apply to topology-based delivery services)
- #6457 - Fix broken user registration and password reset, due to the last_authenticated value being null.
- #6367 - Fix PUT
user/current
to work with v4 User Roles and Permissions - #6266 - Removed postgresql13-devel requirement for traffic_ops
Changed
- #6179 Updated the Traffic Ops rpm to include the
ToDnssecRefresh
binary and make thetrafops_dnssec_refresh
cron job use it
- Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources. - The
admin
Role is now always guaranteed to exist, and can't be deleted or modified. - Updated Golang dependencies
Deprecated
- Deprecated the endpoints and docs associated with
/api_capability
and/capabilities
.
Removed
- Removed the
user_role
table. - The
traffic_ops.sh
shell profile no longer setsGOPATH
or adds itsbin
folder to thePATH
/capabilities
removed from Traffic Ops API version 4.
Traffic Portal
Added
- A new Traffic Portal server command-line option
-c
to specify a configuration file, and the ability to setlog: null
to log to stdout (consult documentation for details). - SANs information to the SSL key endpoint and Traffic Portal page.
- AddedInvalidation Type
(REFRESH or REFETCH) for invalidating content to Traffic Portal. - IMS warnings to Content Invalidation requests in Traffic Portal and documentation.
Fixed
- #6411 Removes invalid 'ALL cdn' options from TP
- #6255 - Unreadable Prod Mode CDN Notifications in Traffic Portal
- #6259 - Traffic Portal No Longer Allows Spaces in Server Object "Router Port Name"
Changed
- Traffic Portal no longer uses
ruby compass
to compile sass and now usesdart-sass
.
- Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.
Traffic Monitor
Added
- Added a new Traffic Monitor configuration option --
short_hostname_override
-- to traffic_monitor.cfg to allow overriding the system hostname that Traffic Monitor uses. - Added a new Traffic Monitor configuration option --
stat_polling
(default: true) -- to traffic_monitor.cfg to disable stat polling. - Added definition for
heartbeat.polling.interval
for CDN Traffic Monitor config in API documentation.
Traffic Stats
Changed
- Updated Golang dependencies
Deprecated
- The use of a seelog configuration file to configure Traffic Stats logging is deprecated, and logging configuration should instead be present in the
logs
property of the Traffic Stats configuration file (refer to documentation for details).
Fixed
- Fixed Traffic Monitor parsing stats_over_http output so that multiple stats for the same underlying delivery service (when the delivery service has more than 1 regex) are properly summed together. This makes the resulting data more accurate in addition to fixing the "new stat is lower than last stat" warnings.
Changed
- #6376 Updated TO/TM so that TM doesn't overwrite monitoring snapshot data with CR config snapshot data.
- Updated Golang dependencies
Traffic Router
Fixed
- Fixed Traffic Router crs/stats to prevent overflow and to correctly record the time used in averages.
- #6446 - Revert Traffic Router rollover file pattern to the one previously used in
log4j.properties
with Log4j 1.2 - Changed the
maxConnections
value on Traffic Router, to prevent the thundering herd problem (TR).
Changed
- #6209 Updated Traffic Router to use Java 11 to compile and run
- #6506 - Updated
jackson-databind
andjackson-annotations
Traffic Router dependencies to version 2.13.1
Cache Config
Added
- cache config t3c-apply retrying when another t3c-apply is running.
- #6032 Add t3c setting mode 0600 for secure files
- #6405 Added cache config version to all t3c apps and config file headers
Changed
- Updated t3c
to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops
- Changed Invalidation Jobs throughout (TO, TP, T3C, etc.) to account for the ability to do both REFRESH and REFETCH requests for resources.
- Updated
t3c-apply
to reduce mutable state inTrafficOpsReq
struct. - Updated Golang dependencies
Miscellaneous
Added
- New
pkg
script options,-h
,-s
,-S
, and-L
. - Traffic Vault: Added additional flag to TV Riak (Deprecated) Util
Apache Traffic Control 5.1.6
Released February 4th, 2022
Downloads
Apache Traffic Control 5.1.6 is available here:
Release Notes
Changed
Apache Traffic Control 5.1.5
Released December 23rd, 2021
Downloads
Apache Traffic Control 5.1.5 is available here:
Release Notes
Fixed
- Updated
log4j
module in Traffic Router from version 1.2.17 to 2.17.0
Apache Traffic Control 6.0.2
- Updated
log4j
dependency in Traffic Router from version 1.2.17 to 2.17.0 - Updated github.com/lestrrat-go/jwx Go dependency to v1.2.12
RELEASE-6.0.1
Released November 8 th, 2021
Downloads
Apache Traffic Control 6.0.1 is available here:
Release Notes
Added
- #2770 Added validation for httpBypassFqdn as hostname in Traffic Ops
Fixed
- #6125 - Fix
/cdns/{name}/federations?id=#
to search for CDN. - #6285 - The Traffic Ops Postinstall script will work in CentOS 7, even if Python 3 is installed
- #5373 - Traffic Monitor logs not consistent
- #6197 - TO
/deliveryservices/:id/routing
makes requests to all TRs instead of by CDN. - Traffic Ops: Sanitize username before executing LDAP query (CVE-2021-43350)
Changed
- #5927 Updated CDN-in-a-Box to not run a Riak container by default but instead only run it if the optional flag is provided.
- Changed the DNSSEC refresh Traffic Ops API to only create a new change log entry if any keys were actually refreshed or an error occurred (in order to reduce changelog noise)