Caddy | v2.11.4

Caddy v2.11.4 released on 03-06-2026


Caddy v2.11.4 is out now. Operators and administrators get security patches and stability fixes across TLS, reverse proxy and HTTP handling that reduce races and harden request processing.

See the full changelog and download links on the project GitHub: https://github.com/caddyserver/caddy/compare/v2.11.3…v2.11.4

What’s in this release

  • Security and collision fixes: normalize Windows backslashes in the path matcher, ignore header fields with underscores, improve templates’ stripHTML action, and apply a community GHSA patch.
  • TLS and client-auth stability: fix client-auth, address TLS state races and ECH rotation retry behaviour, and improve IDN SNI matching (skip idna.ToASCII for pure ASCII SNI values).
  • Reverse proxy and request-body robustness: wrap request bodies to prevent premature closes, avoid closing bodies on dial errors, and add a regression test for DialInfo network override.

Upgrade notes

  • No breaking changes are noted; Caddyfile implicit TLS issuer semantics are preserved — test TLS and proxy configurations in a staging environment before rolling to production.
  • If you need to revert, the previous release is v2.11.3 (see the compare link in the changelog).

Share your experience after upgrading — report any issues on the project’s GitHub or leave a note in the comments about how the update performed in your environment.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes