github apache/trafficcontrol RELEASE-6.0.0
Apache Traffic Control 6.0.0

latest releases: v8.0.2, RELEASE-8.0.2, v8.0.2-rc0...
3 years ago

Traffic Ops

Added

  • #4982 Added the ability to support queueing updates by server type and profile
  • #5412 Added last authenticated time to user API's (GET /user/current, GET /users, GET /user?id=) response payload
  • #5451 Added change log count to user API's response payload and query param (username) to logs API
  • CDN Locks: An Operations-level user can now lock a CDN to prevent other users from trying to modify it at the same time.
  • Postgres Traffic Vault backend: Traffic Ops now supports a Postgres Traffic Vault backend with the option to fetch the Traffic Vault secret key from HashiCorp Vault
  • Python client: #5611 Added server_detail endpoint
  • Ported the Postinstall script to Python. The Perl version has been moved to install/bin/_postinstall.pl and has been deprecated, pending removal in a future release.
  • CDN-in-a-Box: Generate config files using the Postinstall script
  • Traffic Ops/Traffic Portal: #5479 - Added the ability to change a server capability name
  • Traffic Ops: #3577 - Added a query param (server host_name or ID) for servercheck API
  • #5316 - Add router host names and ports on a per interface basis, rather than a per server basis.
  • Traffic Ops: Adds API endpoints to fetch (GET), create (POST) or delete (DELETE) a cdn notification. Create and delete are limited to users with operations or admin role.
  • Added ACME certificate renewals and ACME account registration using external account binding
  • Added functionality to automatically renew ACME certificates.
  • Traffic Ops: #6069 - prevent unassigning all ONLINE ORG servers from an MSO-enabled delivery service
  • Added an endpoint for statuses on asynchronous jobs and applied it to the ACME renewal endpoint.
  • Added two new cdn.conf options to make Traffic Vault configuration more backend-agnostic: traffic_vault_backend and traffic_vault_config
  • Traffic Ops API version 4.0 - This version is unstable meaning that breaking changes can occur at any time - use at your own peril!
  • GET request method for /deliveryservices/{{ID}}/assign
  • GET request method for /deliveryservices/{{ID}}/status
  • Added integration to use ACME to generate new SSL certificates.
  • Added GetServersByDeliveryService method to the TO Go client
  • Added asynchronous status to ACME certificate generation.
  • Added per Delivery Service HTTP/2 and TLS Versions support, via ssl_server_name.yaml and sni.yaml. See overview/delivery_services and t3c docs.
  • Added headers to Traffic Portal, Traffic Ops, and Traffic Monitor to opt out of tracking users via Google FLoC.
  • Add logging scope for logging.yaml generation for ATS 9 support
  • DELETE request method for deliveryservices/xmlId/{name}/urlkeys and deliveryservices/{id}/urlkeys.
  • Added traffic_ops/app/db/traffic_vault_migrate to help with migrating Traffic Ops Traffic Vault backends
  • Added a tool at /traffic_ops/app/db/reencrypt to re-encrypt the data in the Postgres Traffic Vault with a new key.
  • Added a new field to Delivery Services - tlsVersions - that explicitly lists the TLS versions that may be used to retrieve their content from Cache Servers.

Fixed

  • CVE-2021-42009: Customer names in payloads sent to the /deliveryservices/request Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.
  • #2471 - A PR check to ensure added db migration file is the latest.
  • #5609 - Fixed GET /servercheck filter for an extra query param.
  • #5954 - Traffic Ops HTTP response write errors are ignored
  • #6104 - PUT /api/x/federations only respects first item in request payload
  • #5288 - Fixed the ability to create and update a server with MTU value >= 1280.
  • #5284 - Fixed error message when creating a server with non-existent profile
  • #5739 - Prevent looping in case of a failed login attempt
  • #5407 - Make sure that you cannot add two servers with identical content
  • #2881 - Some API endpoints have incorrect Content-Types
  • #5405 - Prevent Tenant update from choosing child as new parent
  • #5548 - Don't return a 403 Forbidden when the user tries to get servers of a non-existent DS using GET /servers?dsId={{nonexistent DS ID}}
  • #5732 - TO API POST /cdns/dnsseckeys/generate times out with large numbers of delivery services
  • #5902 - Fixed issue where the TO API wouldn't properly query all SSL certificates from Riak.
  • Fixed server creation through legacy API versions to default monitor to true.
  • #5965 - Fixed Traffic Ops /deliveryserviceservers If-Modified-Since requests.
  • #5981 - /deliveryservices/{{ID}}/safe returns incorrect response for the requested API version
  • #5984 - /servers/{{ID}}/deliveryservices returns incorrect response for the requested API version
  • #6027 - Collapsed DB migrations
  • #6066 - Fixed missing/incorrect indices on some tables
  • #5576 - Inconsistent Profile Name restrictions
  • Fixed Federations IMS so TR federations watcher will get updates.
  • #6093 - Fixed Let's Encrypt to work for delivery services where the domain does not contain the XMLID.
  • #5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.

Changed

  • Updated the Traffic Ops Python client to 3.0
  • apache/trafficcontrol is now a Go module
  • Updated Traffic Ops supported database version from PostgreSQL 9.6 to 13.2
  • #3342 - Updated the db/admin tool to use Migrate instead of Goose and converted the migrations to Migrate format (split up/down for each migration into separate files)
  • Refactored the Traffic Ops - Traffic Vault integration to more easily support the development of new Traffic Vault backends
  • Improved the DNSSEC refresh Traffic Ops API (/cdns/dnsseckeys/refresh). As of TO API v4, its method is PUT instead of GET, its response format was changed to return an alert instead of a string-based response, it returns a 202 instead of a 200, and it now works with the async_status API in order for the client to check the status of the async job: #3054
  • Delivery Service Requests now keep a record of the changes they make.
  • Changed the goose provider to the maintained fork github.com/kevinburke/goose
  • The format of the /servers/{{host name}}/update_status Traffic Ops API endpoint has been changed to use a top-level response property, in keeping with (most of) the rest of the API.
  • The API v4 Traffic Ops Go client has been overhauled compared to its predecessors to have a consistent call signature that allows passing query string parameters and HTTP headers to any client method.
  • Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.
  • #6179 Updated the Traffic Ops rpm to include the ToDnssecRefresh binary and make the trafops_dnssec_refresh cron job use it

Deprecated

  • The Riak Traffic Vault backend is now deprecated and its support may be removed in a future release. It is highly recommended to use the new PostgreSQL backend instead.
  • The riak.conf config file and its corresponding --riakcfg option in traffic_ops_golang have been deprecated. Please use "traffic_vault_backend": "riak" and "traffic_vault_config" (with the existing contents of riak.conf) instead.
  • The Traffic Ops API route GET /api/{version}/vault/bucket/{bucket}/key/{key}/values has been deprecated and will no longer be available as of Traffic Ops API v4
  • The Traffic Ops API route POST /api/{version}/deliveryservices/request has been deprecated and will no longer be available as of Traffic Ops API v4
  • The Traffic Ops API routes GET /api/{version}/cachegroupparameters, POST /api/{version}/cachegroupparameters, GET /api/{version}/cachegroups/{id}/parameters, and DELETE /api/{version}/cachegroupparameters/{cachegroupID}/{parameterId} have been deprecated and will no longer be available as of Traffic Ops API v4
  • The riak_port option in cdn.conf is now deprecated. Please use the "port" field in traffic_vault_config instead.
  • With the release of ATC v6.0, major API version 2 is now deprecated, subject to removal with the next ATC major version release, at the earliest.

Removed

  • Removed the unused backend_max_connections option from cdn.conf.
  • Removed the Long Description 2 and Long Description 3 fields of DeliveryService from the UI, and changed the backend so that routes corresponding API 4.0 and above no longer accept or return these fields.
  • The Perl implementation of Traffic Ops has been stripped out, along with the Go implementation's "fall-back to Perl" behavior.
  • Traffic Ops no longer includes an app/public directory, as the static webserver has been removed along with the Perl Traffic Ops implementation. Traffic Ops also no longer attempts to download MaxMind GeoIP City databases when running the Traffic Ops Postinstall script.
  • The compare tool stack has been removed, as it no longer serves a purpose.
  • Removed the Perl-only cdn.conf option geniso.iso_root_path
  • Traffic Ops API version 1

Traffic Portal

Added

  • Traffic Portal: #5318 - Rename server columns for IPv4 address fields.
  • Traffic Portal: #5361 - Added the ability to change the name of a topology.
  • Traffic Portal: #5340 - Added the ability to resend a user registration from user screen.
  • Traffic Portal: Adds the ability for operations/admin users to create a CDN-level notification.
  • Traffic Portal: upgraded delivery service UI tables to use more powerful/performant ag-grid component
  • #5316 - Add router host names and ports on a per interface basis, rather than a per server basis.
  • Added headers to Traffic Portal, Traffic Ops, and Traffic Monitor to opt out of tracking users via Google FLoC.

Fixed

  • #5384 - New grids will now properly remember the current page number.
  • Converted TP Delivery Service Servers Assignment table to ag-grid
  • Converted TP Cache Checks table to ag-grid
  • #5576 - Inconsistent Profile Name restrictions

Changed

  • Migrated completely off of bower in favor of npm
  • Updated Flot libraries to supported versions

Traffic Stats

Fixed

  • #5492 - Traffic Stats does not failover to another Traffic Monitor when one stops responding

Changed

  • apache/trafficcontrol is now a Go module
  • Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.

Traffic Monitor

Added

  • Added headers to Traffic Portal, Traffic Ops, and Traffic Monitor to opt out of tracking users via Google FLoC.
  • Added a Traffic Monitor integration test framework.

Fixed

  • #6129 - Traffic Monitor start doesn't recover when Traffic Ops is unavailable
  • #6048 - TM sometimes sets cachegroups to unavailable even though all caches are online
  • Fixed a logging bug in Traffic Monitor where it wouldn't log errors in certain cases where a backup file could be used instead. Also, Traffic Monitor now rejects monitoring snapshots that have no delivery services.
  • #5863 - Traffic Monitor logs warnings to log_location_info instead of log_location_warning
  • #5129 - Updated TM so that it returns a 404 if the endpoint is not supported.

Changed

  • apache/trafficcontrol is now a Go module
  • Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.

Removed

  • Removed the unused http_poll_no_sleep, max_stat_history, max_health_history, cache_health_polling_interval_ms, cache_stat_polling_interval_ms, and peer_polling_interval_ms Traffic Monitor config options.

Traffic Router

Added

  • Traffic Router: added new 'dnssec.rrsig.cache.enabled' profile parameter to enable new DNSSEC RRSIG caching functionality. Enabling this greatly reduces CPU usage during the DNSSEC signing process.
  • Traffic Router: added new 'strip.special.query.params' profile parameter to enable stripping the 'trred' and 'fakeClientIpAddress' query parameters from responses: #1065
  • Traffic Router: Added svc="..." field to request logging output.

Fixed

  • Fixed a NullPointerException in TR when a client passes a null SNI hostname in a TLS request
  • #5893 - A self signed certificate is created when an HTTPS delivery service is created or an HTTP delivery service is updated to HTTPS.

Changed

  • Set Traffic Router to also accept TLSv1.3 protocols by default in server.xml
  • Changed the Traffic Router package structure from com.comcast.cdn.* to org.apache.*
  • Updated Apache Tomcat from 8.5.63 to 9.0.43
  • Updated BouncyCastle libraries in Traffic Router to v1.68.

Cache Config

Added

  • t3c (Traffic Control Cache Config) has replaced ORT and atstccfg. t3c now uses separate apps, full run syntax changed to t3c apply ..., moved to cache-config and RPM changed to trafficcontrol-cache-config. See cache-config README.md.
  • Added ORT flag to set local.dns bind address from server service addresses
  • #5644 ORT config generation: Added ATS9 ip_allow.yaml support, and automatic generation if the server's package Parameter is 9.*
  • t3c: Added option to track config changes in git.
  • ORT config generation: Added a rule to ip_allow such that PURGE requests are allowed over localhost
  • t3c: bug fix to consider plugin config files for reloading remap.config
  • t3c: add flag to wait for parents in syncds mode
  • t3c: Change syncds so that it only warns on package version mismatch.
  • atstccfg: add ##REFETCH## support to regex_revalidate.config processing.
  • Added t3c caching Traffic Ops data and using If-Modified-Since to avoid unnecessary requests.
  • Added t3c --no-outgoing-ip flags.
  • Enhanced ort integration test for reload states
  • Added support for DS plugin parameters for cachekey, slice, cache_range_requests, background_fetch, url_sig as remap.config parameters.

Fixed

  • Fixed t3c to generate topology parents correctly for parents with the Type MID+ or EDGE+ versus just the literal. Naming cache types to not be exactly 'EDGE' or 'MID' is still discouraged and not guaranteed to work, but it's unfortunately somewhat common, so this fixes it in one particular case.
  • Fixed t3c to create config files and directories as ats.ats
  • Fixed t3c-apply service restart and ats config reload logic.
  • #6091 - Fixed cache config of internal cache communication for https origins
  • #6169 - Fixed t3c-update not updating server status when a fallback to a previous Traffic Ops API version occurred
  • #6174 - Fixed t3c-apply with no hostname failing if the OS hostname returns a full FQDN

Changed

  • apache/trafficcontrol is now a Go module
  • Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.

Deprecated

  • The traffic_ops_ort.pl tool has been deprecated in favor of t3c, and will be removed in the next major version.

Removed

  • t3c dispersion flags. These flags existed in ort.pl and t3c, but the feature has been removed in t3c-apply. The t3c run is fast enough now, there's no value or need in internal logic, operators can easily use shell pipelines to randomly sleep before running if necessary.

Don't miss a new trafficcontrol release

NewReleases is sending notifications on new releases.