Traefik | v3.6.14

Traefik v3.6.14 released on 22-04-2026


Traefik v3.6.14 is out now. It delivers several middleware and authentication fixes, clarifies Kubernetes CRD and sticky-session behaviour, and includes dependency and security updates for ACME and the Web UI.

See the GitHub release notes and the migration guide for full details and upgrade instructions: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v3614

What’s in this release

  • Middleware and authentication fixes: removal of untrusted X-headers with underscores, sanitisation of request URLs after prefix stripping, fixes and consistent logging for ForwardAuth (including trustForwardHeader behaviour and deprecation of ForwardAuth.TrustForwardHeader), and a fix preventing a basic-auth map lookup from leaving notFoundSecret empty.
  • Kubernetes CRD and sticky-session fixes: the chain middleware CRD now honours allowCrossNamespace, SameSite cookie values for sticky sessions are treated case-insensitively, k8s docs and YAML indentation were updated, and watchNamespace is clarified to watch a single namespace.
  • ACME and Web UI dependency/security updates: github.com/go-acme/lego/v4 bumped to v4.34.0 for ACME improvements and the Web UI form-data dependency upgraded (2.5.4, 3.0.4, 4.0.4) to address vulnerabilities.

Upgrade notes

  • ForwardAuth.TrustForwardHeader is deprecated — review and update any configurations that rely on it and follow the migration guide: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v3614
  • If you need to roll back, revert to the previous v3.6.x release and report issues on the Traefik GitHub repository so maintainers can follow up.

Share your experience after upgrading — report bugs or feedback on the project’s GitHub tracker or the Traefik community channels.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes