Comments

10 Comments
BZ#2242988 trafficserver-9.2.3-rc0 is available
BZ#2243251 [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]
BZ#2243252 [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
BZ#2162640 trafficserver-9.2.0 is available

This will FTI due to missing libbrotli on EL7 -- update pending.

FTI due to missing libbrotli on EL8; part of brotli package instead.

i have this deployed in production with no observed problems.

BZ#2117106 trafficserver-9.1.3 is available
BZ#2117275 CVE-2022-25763 Apache Traffic Server: Improper input validation in HTTP/2 request validation.
BZ#2112282 trafficserver-9.1.2-10.fc37 FTBFS: /usr/include/linux/mount.h:95:6: error: multiple definition of 'enum fsconfig_command'
BZ#2112282 trafficserver-9.1.2-10.fc37 FTBFS: /usr/include/linux/mount.h:95:6: error: multiple definition of 'enum fsconfig_command'
BZ#2106749 The proxy.config.ssl.server.cipher_suite was replaced.