Traefik + Let's Encrypt
Expose your apps with https certificates from Let's Encrypt
About
Versions (103)
v2.11.24
2025-04-18CVE’s fixed:
- CVE-2025-32431 (Advisory GHSA-6p68-w45g-48j7)
- CVE-2025-22868 (Advisory GHSA-3wqc-mwfx-672p)
- CVE-2025-22871 (Advisory GHSA-5423-jcjm-2gpv)
Important:
Since v2.11.24, the incoming request path is now cleaned before being used to match the router rules and sent to the backends. Any /../, /./ or duplicate slash segments in the request path is interpreted and/or collapsed.
Please read the migration guide.
Bug fixes:
- [acme] Bump github.com/go-acme/lego/v4 to v4.23.1 (#11690 by ldez)
- [metrics] Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.72.2 (#11693 by kevinpollet)
- [middleware] Add Content-Length header to preflight response (#11682 by lbenguigui)
- [server] Sanitize request path (#11684 by rtribotte)
- Bump github.com/redis/go-redis/v9 to v9.7.3 (#11695 by kevinpollet)
- Bump golang.org/x/net to v0.38.0 (#11691 by kevinpollet)
- Bump golang.org/x/oauth2 to v0.28.0 (#11689 by rtribotte)
Documentation:
- [middleware] Add content-length best practice documentation (#11697 by sheddy-traefik)
- Typo fix on the Explanation Section for User Guide HTTP Challenge. (#11676 by YapWC)