Traefik v3.6.12 released on 26-03-2026
Traefik v3.6.12 is out now. It fixes several protocol and server-side issues, addresses important middleware and authentication bugs, and updates ACME and Kubernetes documentation to improve compatibility, stability and header handling for operators.
See the Traefik GitHub release notes and the project documentation for full details and upgrade guidance.
What’s in this release
- Protocol and server fixes: Postgres STARTTLS handling with TLS termination is corrected, google.golang.org/grpc is bumped to v1.79.3, api.basePath validation now allows colons and tildes, and an unnecessary allocation/comment in withRoutingPath was fixed.
- Middleware and authentication fixes: basic and digest authentication middlewares no longer emit duplicate user headers; StripPrefix and StripPrefixRegex now slice using encoded prefix length to handle multibyte/encoded paths correctly; ingress-nginx provider trims whitespace for auth-response-headers.
- ACME and docs: github.com/go-acme/lego/v4 is bumped to v4.33.0 and ACME documentation clarifies CNAME behaviour; Kubernetes docs receive an ingress-nginx migration banner, a note that NGINX Ingress watchNamespace watches only one namespace, and clearer Ingress routing guidance.
Upgrade notes
- No breaking changes are listed in the release notes; operators should read the ACME CNAME clarification before changing ACME configurations.
- If you need to roll back, revert to your previously deployed release using your normal deployment process and report any blockers on the Traefik GitHub repository.
Share your experience or any issues on the Traefik GitHub so maintainers and other operators can follow and help.