Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2 experimental feature in Apache Traffic Server 5.3.0. They are both DOS attacks and can be avoided by simply disabling HTTP/2 or upgrading.
The artifacts are available for download at:http://people.apache.org/~sorber/releases/trafficserver/5.3.1-rc0/
This corresponds to git:
Which can be verified with the following:
git tag -v 5.3.1-rc0
My code signing key is available here:http://people.apache.org/~sorber/gpg-code-signing-key.asc
Make sure you refresh from a key server to get all relevant signatures.
The vote is open until Jul 2nd 2015. This is shorter than normal because it is a bug fix/security release and the holiday weekend.