Hello All,

I've prepared a release for v5.3.1 (RC0) which is the latest stable release in the 5.3.x series. This is the second release in our Long Term Support (LTS) version as detailed in our Release Management document:


Changes since 5.3.0:


Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2 experimental feature in Apache Traffic Server 5.3.0. They are both DOS attacks and can be avoided by simply disabling HTTP/2 or upgrading.

A summary of the new features in 5.3.x are here:


Information about upgrading to this release from previous ones is available at:


The cache in this release is compatible with the previous 5.x and 4.x releases.

The artifacts are available for download at:


MD5: 9c0e2450b1dd1bbdd63ebcc344b5a813
SHA1: 771d3fafac6b8e144376fb16398f03b79f39912f

This corresponds to git:

Hash: 38b4113f5e9e6aa6c659c4f5e0eaf7db2f1ff67e
Tag: 5.3.1-rc0

Which can be verified with the following:

git tag -v 5.3.1-rc0

My code signing key is available here:


Make sure you refresh from a key server to get all relevant signatures.

The vote is open until Jul 2nd 2015. This is shorter than normal because it is a bug fix/security release and the holiday weekend.

Thanks All!