Traefik + Let's Encrypt
Expose your apps with https certificates from Let's Encrypt
About
Versions (131)
v3.7.6
2026-06-30Important: Please read the migration guide.
CVE fixed:
- CVE-2026-54763 (Advisory GHSA-x677-9fxg-v5c5)
- CVE-2026-54764 (Advisory GHSA-3q9r-p662-5j8m)
- CVE-2026-54765 (Advisory GHSA-6p8f-p8j2-rqmv)
Bug fixes:
- [acme, logs] Bump github.com/go-acme/lego/v5 (#13154 @ldez)
- [acme] Bump github.com/go-acme/lego/v5 (#13359 @juliens)
- [k8s, k8s/ingress-nginx] Fix ingress-nginx ssl passthrough status updates (#13212 @nickmnt)
- [k8s/gatewayapi] Add missing Gateway API features in conformance tests (#13356 @AnatoleLucet)
- [k8s/gatewayapi] Avoid collisions for Gateway API services names (#13367 @rtribotte)
- [k8s/gatewayapi] Ignore other gateways parentRefs and update route parent statuses only for managed gateways (#13397 @rtribotte)
- [k8s/ingress-nginx] Configure retry according to buffering configuration (#13039 @rtribotte)
- [k8s/ingress-nginx] Fix force-ssl-redirect routing 418 when TLS is terminated upstream (#13386 @carloslima)
- [k8s] Detect EndpointSlice condition changes (#13405 @kevinpollet)
- [k8s] Index Kubernetes EndpointSlice by service name (#13395 @kevinpollet)
- [k8s] Sort endpointslices to keep backend IPs consistent across rebuilds (#13406 @kevinpollet)
- [kv] Bump kvtools/redis to v1.2.1 (#13403 @ldez)
- [middleware, authentication] Fix x-forwarded-port in forward-auth (#13344 @juliens)
- [middleware, k8s/gatewayapi] Fix Gateway API redirect missing statuses (#13360 @AnatoleLucet)
- [middleware, k8s/gatewayapi] Fix Host header not being modified by RequestHeaderModifier (#12805 @mihuross)
- [middleware, k8s/gatewayapi] Fix request scheme derivation when Gateway API RequestRedirect omits scheme (#13347 @gndz07)
- [middleware] Fix CORS Max-Age set to 0 by default (#13371 @AnatoleLucet)
- [middleware] Fix CORS wildcard when allow-credentials is true (#13368 @AnatoleLucet)
- [server] Add an option to remove request headers with underscores (#13262 @youkoulayley)
- [server] Configurable max request header size (#13353 @juliens)
- [tls] Fix nondeterministic TLS certificate selection on shared SAN (#13348 @rtribotte)
- [webui] Bump axios to v1.18.0 (#13380 @gndz07)
- [websocket] Fix connection upgrades when backend server is using h2c scheme (#12967 @stffabi)
Documentation:
- [k8s/crd] Fix broken CRD reference links in IngressRoute page (#13375 @s3onghyun)
- [k8s/gatewayapi] Remove experimental note for Gateway API/TLSRoute documentation (#13392 @jnoordsij)
- [k8s/ingress-nginx] Add Kubernetes Ingress NGINX to the providers list (#13372 @nmengin)
- [k8s] Align Helm chart documented values with chart v41 (#13366 @mloiseleur)
- [middleware, authentication, k8s/ingress-nginx] Clarify intentional auth-response-headers gating and absence of stripping incoming X-Forwarded-* headers (#13342 @rtribotte)
- [middleware] Clarify entryPoint middleware reference format (#13364 @mloiseleur)
- [security] Add HTTP/2 header memory exhaustion security documentation (#13381 @emilevauge)
- Adds documentations on maxHeaderBytes (#13363 @juliens)
- Fix inaccuracies in reference documentation (#13304 @sheddy-traefik)