Traefik | v3.6.14

Traefik v3.6.14 released on 22-04-2026


Traefik v3.6.14 is out now. It delivers several middleware and authentication fixes, clarifies Kubernetes CRD and sticky-session behaviour, and includes dependency and security updates for ACME and the Web UI.

See the GitHub release notes and the migration guide for full details and upgrade instructions: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v3614

What’s in this release

  • Middleware and authentication fixes: removal of untrusted X-headers with underscores, sanitisation of request URLs after prefix stripping, fixes and consistent logging for ForwardAuth (including trustForwardHeader behaviour and deprecation of ForwardAuth.TrustForwardHeader), and a fix preventing a basic-auth map lookup from leaving notFoundSecret empty.
  • Kubernetes CRD and sticky-session fixes: the chain middleware CRD now honours allowCrossNamespace, SameSite cookie values for sticky sessions are treated case-insensitively, k8s docs and YAML indentation were updated, and watchNamespace is clarified to watch a single namespace.
  • ACME and Web UI dependency/security updates: github.com/go-acme/lego/v4 bumped to v4.34.0 for ACME improvements and the Web UI form-data dependency upgraded (2.5.4, 3.0.4, 4.0.4) to address vulnerabilities.

Upgrade notes

  • ForwardAuth.TrustForwardHeader is deprecated — review and update any configurations that rely on it and follow the migration guide: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v3614
  • If you need to roll back, revert to the previous v3.6.x release and report issues on the Traefik GitHub repository so maintainers can follow up.

Share your experience after upgrading — report bugs or feedback on the project’s GitHub tracker or the Traefik community channels.

Related posts

Vector | v0.55.0

Vector v0 55 0: windows event log source, aws s3 Parquet sink, restored azure blob auth, datadog v2, API GraphQL to gRPC, metrics and vector top fixes

Traefik | v3.6.14

Traefik v3 6 14: middleware and auth fixes, k8s CRD and sticky session fixes, ACME and Web UI deps updated, Docker logging and docs cleaned up

Traefik | v3.6.14

Traefik v3 6 14: bug fixes, middleware auth fixes, Kubernetes CRD and Docker corrections, ACME and dependency security updates, follow migration guide