Traefik + Let's Encrypt
Expose your apps with https certificates from Let's Encrypt
v3.7.6
2026-06-30{"CORS fixes, Kubernetes Gateway API and Ingress-NGINX improvements, and multiple security vulnerability fixes, withLLSmall-scale bug fixes and documentation updates.{"description":"This release addresses several security vulnerabilities (CVEs), includes various bug fixes for Kubernetes, middleware, and TLS, and adds new server configuration options.","breaking_changes":true}
v3.6.22
2026-06-30This release addresses two CVEs, includes numerous bug fixes forS across Kubernetes, middleware, and TLS, and adds configuration options for request headers.
v2.11.51
2026-06-30This release addresses two CVEs, fixes bugs in ACME and authentication middleware, and introduces configurable maximum request header sizes.
v3.7.5
2026-06-10Bug fixes: skip ingress on auth-secret resolution failure; pass endpointslice fencing for ingress-nginx; reject cross-provider backendRefs by namespace; bump go-proxyproto; fix TLS routers with same host but different tlsoptions across entryPoints; fix SNICheck for routers with no hosts.
v3.6.21
2026-06-10Bug fixes: reject cross-provider references in backendRefs.namespace; bump go-proxyproto to v0.12.0; fix TLS routers with same host but different tlsoptions across entryPoints; fix SNICheck for routers with no hosts.
v2.11.50
2026-06-10Bug fixes: TLS routing now correctly handles routers with identical hosts but different TLS options across entryPoints, and fixes SNI check for routers with no hosts.
v3.7.4
2026-06-05Bug fixes across middleware redis timeout, web UI upgrades (react-router/jsdom/axios), Kubernetes GatewayAPI BackendTLS policy status, HTTP/3 quic-go bump, and TLS SNICheck keepalive fix.
v3.6.20
2026-06-05Bug fixes: correct Redis write timeout config; web UI upgrades (react-router, jsdom) and axios bump; Kubernetes GatewayAPI BackendTLSPolicy status update; HTTP/3 quic-go to v0.59.1; TLS SNICheck keepalive fix.
v2.11.49
2026-06-05Bug fixes: update quic-go to v0.59.1 for http3, update axios to v1.17.0 for web UI, and fix TLS snicheck behavior with keepalive.
v3.7.3
2026-06-04This release fixes TLS model resolution, dashboard router service, header/log escaping, ingress/gatewayapi edge cases, file provider symlinks, auth build errors, path normalization, and related server/middleware improvements, plus various Kubernetes and docs updates.
v3.6.19
2026-06-04Contains bug fixes for TLS option resolution, log escaping, Kubernetes GatewayAPI and ingress paths, access log query handling, file/symlink behavior, auth build errors, plus minor docs polish and a maintainer update.
v2.11.48
2026-06-04Bug fixes: correct TLS options resolution, error on empty basic-auth users, prevent ingress path injection, move snicheck to context, reject mismatched StripPrefix normalization, and update Go/x/net and x/crypto to newer versions.
v3.7.1
2026-05-11Addresses CVE-2026-44774; fixes Kubernetes issues including adding CrossProviderNamespaces option for k8s components and correcting cross-provider ref checks for the Kubernetes CRD provider.
v3.6.17
2026-05-11Addresses CVE-2026-44774; adds CrossProviderNamespaces option for k8s/ingress, k8s/crd, k8s/gatewayapi; fixes cross-provider ref check for Kubernetes CRD provider.
v2.11.46
2026-05-11Traefik fixes CVE-2026-44774 and adds CrossProviderNamespaces for k8s (ingress, crd, gatewayapi), plus fixes cross-provider ref checks for Kubernetes CRD provider.
v3.7.0
2026-05-05Release adds dynamic config metamodel for ingress-nginx, numerous annotations and gateway improvements, new TLS/middleware features, web UI enhancements, broader k8s/provider support, plus bug fixes and docs updates.
v3.6.16
2026-05-05Bug fixes include removing cross-provider sanitization for Kubernetes service loading, correcting default CORS header typo in ingress-nginx, updating OTEL, and migrating Docker/EC2 to the moby/moby modules.
v2.11.45
2026-05-05Bug fixes: Kubernetes service loading no longer sanitizes across providers; Docker and ECS now migrate to the github.com/moby/moby modules.
v3.6.15
2026-04-29Bug fixes include upgrading lego to v4.35.2/4.35.1, adding errorRequestHeaders option in Errors middleware, allowing ExternalName services without a port, and bumping oxy to v2.1.0; misc: make FLAGS variable usable.
v2.11.44
2026-04-29Adds errorRequestHeaders option to Errors middleware, bumps lego to v4.35.2 for ACME, and makes FLAGS Make variable usable.
v3.6.14
2026-04-22Bug fixes across ACME, Docker, middleware, Kubernetes CRD/core, and UI, with improvements like case-insensitive SameSite cookies, URL sanitization after prefix, trustForwardHeader repairs, ForwardAuth.TrustForwardHeader deprecation, and updated docs.
v2.11.43
2026-04-22Bug fixes include: authentication middleware fixes for notFoundSecret and trustForwardHeader, consistent ForwardAuth logs, removal of untrusted headers with underscores, URL sanitization after prefix stripping, and honoring allowCrossNamespace for chain middleware CRD in Kubernetes.
v3.6.13
2026-04-07Bug fix: update compress v1.18.4 for middleware and fix tests; Docs: correct docker-compose path, clarify service discovery scope, add OVHcloud IP management, clarify IngressClass logic, add redirects for getting started and deleted pages, and fix default http.sanitizePath.
v3.6.12
2026-03-26Bug fixes across ingress-nginx auth headers, ACME lego v4, server routing allocations, TLS STARTTLS, API path validation, GRPC, and middleware header handling; plus docs clarifications for ACME, ingress-nginx banners, and namespace watch behavior.
v2.11.42
2026-03-26Bug fixes: bump grpc to v1.79.3; prevent duplicate user headers in basic/digest auth middleware; fix StripPrefix and StripPrefixRegex slicing using encoded prefix length.
v3.6.11
2026-03-19Bug fixes: add OTel trace context to logs; fix k8s listener-route hostname matching; fix ingress rule; remove AGPL license; fix proxy-ssl-verify; add HTTP maxResponseBodySize
v2.11.41
2026-03-18Bug fixes: add maxResponseBodySize on HTTP provider, support fragmented TLS client hello, and make basic auth timing constant; Documentation: bump mkdocs-traefiklabs to consent mode.
v3.6.10
2026-03-06Bug fixes across Docker, FastHTTP, healthcheck/grpc, k8s Gateway API, middleware headers, OpenTelemetry, server, and web UI; plus docs updates for Digest auth, TOML/table names, entrypoints examples, and API basepath.
v2.11.40
2026-03-06Bug fixes: Bump Docker and OpenTelemetry dependencies and update server to golang.org/x/net v0.51.0.
v3.6.9
2026-02-23Bug fixes: upgrade lego to v4.32.0; fix x-forwarded header case, handle empty User-Agent, add forwardAuth maxResponseBodySize, fix TLS handshake; plus docs updates for Docker, Kubernetes label casing, NGINX annotations note, and formatting.
v2.11.38
2026-02-23Fixes include case-sensitive handling of x-forwarded headers for Connection, addition of maxResponseBodySize for forwardAuth, and improved TLS handshake error handling.
v3.6.8
2026-02-11Addresses CVE-2026-25949 and closes multiple bugs (ACME key handling, TLS renewal, healthcheck path, HTTP/3, observability defaults, TLS/Server behavior, tracing, web UI), plus doc updates and v2/v3 merges.
v2.11.37
2026-02-11Bug fixes: validate healthcheck path configuration and cap TLS record length to the RFC 8446 limit during ClientHello peeking.
v2.11.36
2026-02-02Fix recursion with services, update webui/docs dependencies, and remove stray dots in the migration guide.
v3.6.7
2026-01-14This hotfix makes the CVE-2026-22045 fix opt-in (breaking vs v3.6.4) while restoring default pre-hotfix behavior, and includes numerous bug fixes, docs updates, and branch merges across ACME, Kubernetes, webui, server, and more.
v2.11.35
2026-01-14This hotfix introduces an opt-in breaking change that restores pre-hotfix behavior by default, fixes CVE-2026-22045, and adds an ACME-TLS/1 handshake timeout plus opt-in encoded character options.
v3.6.6
2025-12-29Bug fixes bump lego to v4.30.1, quic-go to v0.58.0, fix Redis verification and encoded chars; docs updates for Kubernetes ingress, RBAC, multi-tenancy, header, and menu naming; and merging v2.11 into v3.6.
v2.11.34
2025-12-29Bug fix: server now correctly handles denied encoded characters (fixes #12457 by rtribotte).
v2.11.33
2025-12-17Bug fix: server now prints access logs for rejected requests and warns about new behavior; documentation updates clarify encoded characters rejection and fix related entryPoint/option documentation.
v3.6.5
2025-12-16Bug fixes: fix NGINX sslredirect annotation support; print access logs for rejected requests with a warning about the new behavior. Documentation: add auth-signin to unsupported nginx annotations; add a breaking change note; fix encodedCharacters entryPoint option docs.
v3.6.4
2025-12-05CVE fixes (including a breaking change with migration guide) plus numerous bug fixes (server, plugins, http3, k8s-ingress, middleware), docs updates, and merges from v2.11 into v3.6.
v2.11.32
2025-12-04Fixes CVE-2025-66490 with a breaking change; follow the migration guide; bug fixes: reject suspicious encoded chars, validate plugin module names, update quic-go to v0.57.1/0.57.0, bump golang.org/x/crypto to v0.45.0; docs: SECURITY.md updates.
v3.6.2
2025-11-18Bug fix: Deprecate the Kubernetes Ingress NGINX provider experimental flag under k8s/ingress-nginx; follow migration guide.
v3.6.1
2025-11-13This release fixes Docker API auto-negotiation, multi-layer server routing, UDP readLoop allocations, and Safari web UI navigation; restores the remote Hub upgrade button, plus Kubernetes docs fixes for Nginx provider and Gateway API/version features.
v2.11.31
2025-11-13Bug fix: Traefik now auto-negotiates the Docker API version for Docker and Docker Swarm, resolving compatibility issues.
v3.6.0
2025-11-07This release adds numerous enhancements including cert resolvers, health checks, Kubernetes gateway-api updates, multi-layer routing, new providers and load-balancing options, plus a bug fix for provider namespace calculation and various docs fixes.
v3.5.6
2025-11-07Bug fixes: update lego to v4.28.0 and improve the deprecation loader by filtering unknown nodes; Documentation: add missing ACME options, clarify compress middleware encodings, and refresh the Configuration Overview page.
v3.5.4
2025-10-28Critical fixes across ACME, HTTP/3, logging and OTEL (lego, quic-go, etc.), plus documentation polish and branch merges.
v2.11.30
2025-10-28Bug fixes include dependency updates: quic-go to v0.55.0, golang.org/x/net to v0.46.0, dd-trace-go.v1 to v1.74.6, and a fix to the KV key name used to check if a connection is alive.
v3.5.3
2025-09-26Bug fixes: Kubernetes CRD, plugins refactor, server header proxy, web UI; Documentation updates including broken links, CRD docs, IngressRouteTCP fix, typos, governance, entrypoint examples, menu reorganizations, and a new Secure section.
v3.5.2
2025-09-09Introduces bug fixes for access logs, custom errors, proxy header handling, and UI, plus documentation updates for corrected paths, examples, and migration guidance.
v3.5.1
2025-08-27Bug fixes cover OTEL log body, Lego v4 bump, gateway-api app protocol case-insensitive, tracing header canonicalization and root span naming, proxyproto update, silent on SIGTERM, plus docs and UI dependency updates.
v2.11.29
2025-08-26Bug fixes: update lego to v4.25.2 and docker to v28.3.3; Docs: fix invalid links and update releases docs for v3.5.
v3.5.0
2025-07-23This release adds OCSP stapling, ACME timing controls, healthcheck options, Kubernetes/Ingress updates, new TLS X25519MLKEM768, React-based UI, plus numerous bug fixes and documentation improvements.
v3.4.5
2025-07-23Bug fixes: upgraded http3 quic-go to v0.54.0; Documentation: typo fixed on the entrypoints page; Misc: merged v2.11 into v3.4 branches.
v2.11.28
2025-07-23Bug fixes: redact install config in logs, fix zip-slip file access during archive extraction, and disable MPTCP by default. Documentation: remove mentions of TLSOption CurvePreferences ordering.
v3.4.4
2025-07-11Bug fixes: respect nativeLB annotation and fix concurrent balancer status access; docs add expose/setup guides and OTLP logging references, swarm label fix, Traefik Platform page update; and merge v2.11 into v3.4.
v2.11.27
2025-07-11Bug fix: update github.com/go-viper/mapstructure/v2 to v2.3.0 to address issues (PR #11880 by kevinpollet).
v3.5.0-rc1
2025-06-26This release adds ACME improvements (OCSP stapling, delays, HTTP timeout), healthcheck options, Kubernetes provider upgrades, Ingress prefix behavior, NGINX Ingress provider, ForwardAuth cancellation handling, Yaegi unsafe in plugins, post-quantum TLS, React UI, and merge updates.
v3.4.3
2025-06-26Bug fix: update http3 by bumping quic-go to v0.49.0 (PR #11848).
v3.4.2
2025-06-26Documentation updates include new notes on certificatesDuration, Ingress Backend support, updated Getting Started tutorials, refreshed EntryPoints and Observe guides, circuit breaker cleanup, mirroring default percent clarification, and a new WebSocket guide; misc branches merged into v3.4.
v2.11.26
2025-06-26Bug fix: middleware no longer logs Redis Sentinel credentials; docs: correct KV reference rendering, fix redirect middleware typo, and update supported versions.
v3.4.1
2025-05-27Fixed CVE-2025-47952; notable fixes include docker network warning, Kubernetes CRD RootCA CEL validation, scoped rate limit counters by source/middleware, v3 routing matchers, thread-safe P2C, UI/doc tweaks, and several merge-pull updates.
v2.11.25
2025-05-27This release fixes CVE-2025-47952, patches a k8s ingress panic and server path normalization, and updates docs with multi-tenant TLS guidance, a note on disabling backend connection reuse, a doc link fix, and path-sanitization migration version update.
v3.4.0
2025-05-05This release adds ACME profile/emailAddresses, label-configured server URLs, extensive K8s CRD validation/behavior tweaks, TLSRoute priority, Ingress status, forwardAuth method preservation, error-page status rewrite, Redis rate limiter, p2c LB, sticky cookies, root CA via ConfigMap
v3.3.7
2025-05-05Bug fix: accessLogs now include SpanID and TraceID fields for logs, middleware, and accesslogs only when tracing is enabled.
v3.3.6
2025-04-18Fixed three CVEs (CVE-2025-32431, -22868, -22871); incoming request paths are sanitized (../, ./, duplicate slashes) before routing since v3.3.6—see migration guide; plus docs updates and v2.11 merges.
v2.11.24
2025-04-18Fixes: three CVEs addressed; request-path sanitization added (collapses /../, /./, and duplicates) per v2.11.24 with migration guide; bug fixes across ACME, metrics, middleware, server; several dependency bumps and documentation updates.
v3.3.5
2025-03-31Bug fixes: enforce https scheme for k8s GatewayAPI BackendTLSPolicy; restore v2 compress middleware priority; avoid abort on malformed content-type; compress on flush when not started. Docs: add forwarded headers FAQ and new routing reference. Misc: merge v2.11 into v3.3 branches.
v2.11.22
2025-03-31This release fixes TLS error logging, HostSNI underscore support, and updates numerous dependencies (AWS SDK v2, oxy v2.0.3, golang.org/x/net, jwt, redis, jose) plus Redis dynamic config tips in docs.
v3.3.4
2025-02-25Release notes: fastproxy fixes (headers, Content-Length handling, dependency bump), metrics unit now seconds, sticky cookie hash fix, tracing changes and panic fix; ACME/docs updates; merge of v2.11 into v3.3.
v2.11.21
2025-02-24Bug fixes: enable retry middleware in the proxy; ensure retries send headers on Write; update dependencies to lego v4.22.2 and paerser v0.2.2.
v3.3.3
2025-01-31Bug fixes: stop creating default observability model; fix content-length header validation and handling of responses without length; add missing headerField in Middleware CRD; reintroduce TraceID/SpanID in access logs. Misc: merge v2.11 into v3.3.
v2.11.20
2025-01-31Bug fix: ACME JSON write now shuts down gracefully; Documentation updates rename docker-compose to docker compose.
v2.11.19
2025-01-29Bug fixes include debug-level log when cert is missing, avoid per-proxy logger creation, and fix web UI auto-refresh on unmount; documentation now removes awesome.traefik.io reference.
v3.3.2
2025-01-14Bug fixes: don’t read HEAD response bodies; correct observability config on EntryPoints; set webui content-type. Documentation: fix acme dnsChallenge propagation logging and add trailing s to propagation.delayBeforeCheck. Misc: merge v2.11 into v3.3.
v3.3.1
2025-01-07Disables the HTTP/2 connect setting for WebSocket by default, improving server behavior and stability.
v3.2.5
2025-01-07Bug fix: websocket and server now disable the HTTP/2 connect setting by default to improve websocket stability.
v2.11.18
2025-01-07Bug fix: Disable the HTTP/2 connect setting for WebSocket by default (server/websocket), aligning default behavior and improving stability.
v3.3.0
2025-01-06Heads up: websocket upgrade bug workaround via GODEBUG=http2xconnect=0; enhances ACME checks, API dump, HTTP Host header, optional IngressRoute, OTLP logs, observable scope, forward-auth improvements, plugin abort option, sticky cookies path, and UI base path.
v3.2.4
2025-01-06v2.11.17
2025-01-06Bug fixes: acme update to lego v4.21.0, basicauth typo fix, ReverseProxy ErrorLog config, x/net v0.33.0; Docs adjust allowACMEByPass and 2025 copyright. Note: use GODEBUG=http2xconnect=
v3.2.3
2024-12-16Documentation updated with the current chart default; v2.11 was merged into v3.2 twice.
v2.11.16
2024-12-16Bug fix: server component updates golang.org/x dependencies to address related issues.
v3.2.2
2024-12-10Addresses CVE-2024-53259; bug fixes rename traefik.docker.* to traefik.swarm.*, update gateway-api to v1.2.1, fix WASM plugin settings, and improve default rule model; docs updated for entrypoint footer, v3 migrations, and new Install Reference.
v2.11.15
2024-12-10CVE-2024-53259 advisory; bug fixes include updating go-acme/lego to v4.20.4 and quic-go (http3) to v0.48.2.
v3.2.1
2024-11-20v2.11.14
2024-11-20CVE-2024-45410 addressed; fixes include lego v4.20.2, DEBUG-level first-byte peeking log, drop of untrusted X-Forwarded-Prefix, h2c keepalive config, and corrected ServiceBuilder; plus numerous docs improvements and migration-guide updates.
v3.2.0
2024-10-28Release adds ACME improvements, Docker HTTP BasicAuth, extensive Kubernetes Gateway API v1.2.0 support and fixes, plus metrics, middleware, Nomad watching, improved server performance, and assorted docs/migration updates.
v3.1.7
2024-10-28Bug fix: preserve HTTPRoute filters order; Documentation: fix broken Kubernetes Gateway provider links; Misc: merge v2.11 into v3.1 (two merges).
v2.11.13
2024-10-28Bug fix: prevents panic on aborted requests by properly closing connections (middleware/service); Documentation: updates to business callouts.
v3.1.6
2024-10-09Bug fixes: reuse compression writers, fix default Accept-Encoding weight, close wasm middleware to prevent memory leak. Misc: merged v2.11 into v3.1 (two merges).
v2.11.12
2024-10-09Bug fixes include middleware compress bump, web UI updates (Node 22.9, yarn lock, port layout for entrypoints), and docs clarifying access-log redaction is only for header fields plus a business callout update.
v3.1.5
2024-10-02Bug fixes: disable IngressClass lookup when disableClusterScopeResources is on; adjust server timeout logging to avoid logs; Misc: merged v2.11 into v3.1 (two merges).
v2.11.11
2024-10-02Bug fixes: default CN in cert, forward auth header cleanup, compress bump, don’t log on timeout, remove unused webui boot files; Documentation: default access log format and API pagination.
v3.1.4
2024-09-19Bug fix: infer Datadog socket type when unix prefix; Documentation: add v3 note to readme; Misc: merged v2.11 into v3.1.
v2.11.10
2024-09-19Bug fixes: update QUIC library to v0.47.0 and fix server by ensuring the ACME certificate resolver is not nil.
v3.1.3
2024-09-16Bug fixes: Kubernetes Ingress rule syntax/config, empty Ingress config, middleware service capture, and plugin initialization; Documentation updates: remove APIVersion, required Kubernetes permissions, tracing/OTLP notes; Misc: merge v2.11 into v3.1.
v2.11.9
2024-09-16Addresses CVE-2024-45410; bug fixes include ACME/lego update to v4.18.0, custom ACME router support, case-insensitive accessLog fields, proper logs for aborted streams, header cleanup, plugin/parser update, TCP WRR empty pool fix, WebUI deps, and docs tweaks.
v3.1.2
2024-08-06Bug fixes include: compare Gateway status addresses; allow disabling Kubernetes resource discovery scope; redirect logs from stderr to stdout; fix Grafana dashboard for scrape intervals >15s. Documentation updates plus branch merges.
v2.11.8
2024-08-06Bug fixes: update docker to v27.1.1 and refresh webui dependencies; Documentation: fix embedded YouTube video and update index.md to include the video.
v3.1.1
2024-07-30v2.11.7
2024-07-30Bug fixes include more accurate new-version log and enforced default TLS cipher suites; docs updated for certificatesDuration, API exposure, sensitive data in labels, router-service linking, Docker port selection, v3.1 versions table, and PR approval workflow.
v3.1.0
2024-07-15This release adds extensive Kubernetes Gateway API improvements (v1.1.0, non-experimental provider, route/status handling, redirects, matches, references), broader k8s/crd upgrades, plugin enhancements, and several stability fixes.
v3.0.4
2024-07-02CVE-2024-39321 advisory; documentation link fixes and updated maintainers; plus three merges to integrate v2.11 into v3.0.
v2.11.6
2024-07-02Addresses CVE-2024-39321 with fixes for ECS OIDC/IRSA, HTTP/3 QUIC 0-RTT disabled, and IPv6 interface-name removal; plus documentation typo fixes and updater/maintainer notes.
v3.1.0-rc2
2024-06-28Major Kubernetes Gateway API upgrades (GA, v1.1, route/status, redirects, HTTPRoute matches) with broader enhancements, bug fixes (OpenTelemetry, health checks), plugin updates, and systemd socket activation.
v3.0.3
2024-06-18Addresses CVE-2024-35255 (GHSA-rvj4-q8q5-8grf) with a fix; and merges v2.11 into v3.0 to consolidate releases.
v2.11.5
2024-06-18Fixes CVE-2024-35255, updates go-acme/lego to v4.17.4, and refreshes the supported-versions information in the documentation.
v3.0.2
2024-06-10Patch addressing GHSA-7jmw-8259-q9jx/CVE-2024-24790 with bug fixes: upgrade OTel, append logs, fix Grafana service label, correct status code when Brotli is off, support Accept-Encoding weights; docs migration update; merge v2.11 into v3.0.
v2.11.4
2024-06-10Addresses CVE-2024-24790; fixes include updating acme to go-acme/lego v4.17.3, plus docs updates clarifying domain examples, Ratelimit header behavior when missing, getting-started guide link, and removal of deprecated Helm repo warning.
v3.0.1
2024-05-22Addresses CVE-2024-24788; fixes Kubernetes/TCP rule syntax, PostgreSQL deadlines, empty OpenTelemetry config, and adds IP allowlist UI; plus docs updates for http3 config, logs, metrics, middleware, and rules.
v2.11.3
2024-05-21Security: patch for CVE-2024-24788; Bug fixes: remove deadlines for non-TLS connections, UI CSP display, UI provider icon size; Docs: Kubernetes CRD migration note, GatewayAPI HTTPRoute fixes, improved Kubernetes mirroring, CLI capitalization, and migration sentence fix.
v3.0.0
2024-04-29Traefik v3 brings extensive enhancements (Consul strict checks, docker split, ECS healthy tasks, HTTP/3, k8s gatewayapi upgrades, new healthchecks, middleware improvements, and deprecated option removals) plus targeted bug fixes and docs updates.
v2.11.2
2024-04-11Migration guide linked; fixes address CVEs GHSA-7f4j-64p6-5h5v and CVE-2024-28869; server changes revert LingeringTimeout and set default ReadTimeout to 60s.
v2.11.1
2024-04-10Release fixes several ACME/TLS issues, updates core deps (lego v4.16.1, quic-go v0.42.0, Yaegi), improves ECS/DNS label config, fixes logs, dashboard, and middleware behaviors, and polishes docs/webui.
v2.11.0
2024-02-12Deprecate IPWhiteList in favor of IPAllowList; add Redis Sentinel support; new KeepAliveMaxTime and KeepAliveMaxRequests on entrypoints; sticky-session WRR cookies; plus various bug fixes and documentation updates in this release.
v2.10.7
2023-12-06Bug fix: Datadog logs now emit proper JSON format; fixes the logs JSON formatting issue (PR #10233 by sssash18).
v2.10.6
2023-11-28Addresses CVEs 2023-45283, 45284, 47106, 47633; fixes including http3/quic-go v0.39.1, removing http challenge backoff, correcting stripPrefix on retries, denying recursive/fragment URL requests, removing deprecated Datadog tracing code, and governance/docs updates.
v2.10.5
2023-10-11Release fixes and updates: correct access logs origin fields and preflight handling; upgrade ACME library (lego) and quic-go; fix KV error handling, forward-auth, CNAME logging, and X-Forwarded-For delete; plus server/webui and docs tweaks.
v2.10.4
2023-07-24Bug fixes: lego updates to v4.13.2/v4.13.0, avoid panic on resource backends, and middleware plugin traceability; docs: maintainers guidelines and release notes; misc: web UI hub tooltip refresh with an option to disable Hub button.
v2.10.3
2023-06-19Bug fix: update the acme provider by upgrading go-acme/lego to v4.12.2.
v2.10.2
2023-06-19Bug fixes: latest lego upgrades (4.11–4.12.x), wildcard checks tweak, k8s/crd/subsets, Hub cleanup, middleware refinements, metrics cleanup, plugin error messages, and tracing; plus docs updates (TLS FAQ, access logs, typos, logos).
v2.10.1
2023-04-27Bug fix: update vulcand/oxy to be5cf38 in middleware/oxy; Documentation: fix v2.10 migration guide.
v2.10.0
2023-04-24Traefik v2.10 adds Kubernetes CRD API group and native service load-balancing, exposes Docker ContainerName, enhances metrics and tracing (Unix socket), Nomad namespaces, UI tweaks, plus migration steps for Kubernetes CRDs/RBAC, bug fixes, and docs updates.
v2.9.10
2023-04-06Security update patches CVE-2023-29013 (related to CVE-2023-24534); applies fixes and recommends upgrading per the release notes.
v2.9.9
2023-03-21Bug fixes: dependency updates (lego 4.10.2, quic-go 0.33.0, vulcand/oxy), Nomad defaults and TLS fixes, remove User-Agent header, metrics now include default cert for traefik_tls_certs_not_after, plus docs clarifications for ratelimit and TCP Router.
v2.9.8
2023-02-15Bug fix: server updates golang.org/x/net to v0.7.0 to address CVE-2022-41724.
v2.9.7
2023-02-14Bug fixes across acme/lego, ECS networking, file config resilience, enhanced logging and middleware stability, plugin updates, TLS/QUIC improvements, IPv6 hostSNI support; plus assorted doc updates.
v2.9.6
2022-12-07Mitigates three CVEs and patches bugs: acme lego to v4.9.1, allowEmptyServices support, request logs removal, longer plugin download timeout, TLS fixes, x/net update, Datadog tracing v1.43.1, and middleware TLS serialNumber pass.
v2.9.5
2022-11-17Fix: create a separate capture instance per request for logs/middleware; docs: update Helm repo, improve building-testing wording, add link descriptions, and remove the experimental tag from Traefik Hub header.