Traefik + Let's Encrypt logo

Traefik + Let's Encrypt

Expose your apps with https certificates from Let's Encrypt


About Versions (131)

v3.7.6

2026-06-30

Important: Please read the migration guide.

CVE fixed:

Bug fixes:

  • [acme, logs] Bump github.com/go-acme/lego/v5 (#13154 @ldez)
  • [acme] Bump github.com/go-acme/lego/v5 (#13359 @juliens)
  • [k8s, k8s/ingress-nginx] Fix ingress-nginx ssl passthrough status updates (#13212 @nickmnt)
  • [k8s/gatewayapi] Add missing Gateway API features in conformance tests (#13356 @AnatoleLucet)
  • [k8s/gatewayapi] Avoid collisions for Gateway API services names (#13367 @rtribotte)
  • [k8s/gatewayapi] Ignore other gateways parentRefs and update route parent statuses only for managed gateways (#13397 @rtribotte)
  • [k8s/ingress-nginx] Configure retry according to buffering configuration (#13039 @rtribotte)
  • [k8s/ingress-nginx] Fix force-ssl-redirect routing 418 when TLS is terminated upstream (#13386 @carloslima)
  • [k8s] Detect EndpointSlice condition changes (#13405 @kevinpollet)
  • [k8s] Index Kubernetes EndpointSlice by service name (#13395 @kevinpollet)
  • [k8s] Sort endpointslices to keep backend IPs consistent across rebuilds (#13406 @kevinpollet)
  • [kv] Bump kvtools/redis to v1.2.1 (#13403 @ldez)
  • [middleware, authentication] Fix x-forwarded-port in forward-auth (#13344 @juliens)
  • [middleware, k8s/gatewayapi] Fix Gateway API redirect missing statuses (#13360 @AnatoleLucet)
  • [middleware, k8s/gatewayapi] Fix Host header not being modified by RequestHeaderModifier (#12805 @mihuross)
  • [middleware, k8s/gatewayapi] Fix request scheme derivation when Gateway API RequestRedirect omits scheme (#13347 @gndz07)
  • [middleware] Fix CORS Max-Age set to 0 by default (#13371 @AnatoleLucet)
  • [middleware] Fix CORS wildcard when allow-credentials is true (#13368 @AnatoleLucet)
  • [server] Add an option to remove request headers with underscores (#13262 @youkoulayley)
  • [server] Configurable max request header size (#13353 @juliens)
  • [tls] Fix nondeterministic TLS certificate selection on shared SAN (#13348 @rtribotte)
  • [webui] Bump axios to v1.18.0 (#13380 @gndz07)
  • [websocket] Fix connection upgrades when backend server is using h2c scheme (#12967 @stffabi)

Documentation:

  • [k8s/crd] Fix broken CRD reference links in IngressRoute page (#13375 @s3onghyun)
  • [k8s/gatewayapi] Remove experimental note for Gateway API/TLSRoute documentation (#13392 @jnoordsij)
  • [k8s/ingress-nginx] Add Kubernetes Ingress NGINX to the providers list (#13372 @nmengin)
  • [k8s] Align Helm chart documented values with chart v41 (#13366 @mloiseleur)
  • [middleware, authentication, k8s/ingress-nginx] Clarify intentional auth-response-headers gating and absence of stripping incoming X-Forwarded-* headers (#13342 @rtribotte)
  • [middleware] Clarify entryPoint middleware reference format (#13364 @mloiseleur)
  • [security] Add HTTP/2 header memory exhaustion security documentation (#13381 @emilevauge)
  • Adds documentations on maxHeaderBytes (#13363 @juliens)
  • Fix inaccuracies in reference documentation (#13304 @sheddy-traefik)