Traefik v3.6.14 released on 22-04-2026
Traefik v3.6.14 is out now. It delivers bug fixes, middleware and authentication improvements, tightened Kubernetes/CRD behaviour and dependency/security updates — important for operators using ACME and CRDs.
Read the v3.6→v3.6.14 migration guidance linked in the release before upgrading and check the project’s GitHub release or official docs for the full details.
What’s in this release
- Bumps github.com/go-acme/lego/v4 to v4.34.0 and upgrades web UI form-data packages to address ACME-related issues and known vulnerabilities.
- Middleware and authentication fixes: SameSite cookie parsing is now case-insensitive for sticky sessions and CRD usage; unsafe X- headers containing underscores are stripped; request URLs are sanitised after prefix stripping; ForwardAuth.TrustForwardHeader handling and logging have been standardised.
- Kubernetes/CRD and Docker corrections: chain middleware CRDs now honour allowCrossNamespace; Docker provider lowers the log level when a container is missing on inspect; documentation and migration-guide ordering clarified.
Upgrade notes
- ForwardAuth.TrustForwardHeader is deprecated — follow the migration guidance linked in the release for required changes before upgrading.
- If you need to roll back, revert to the previous v3.6.x release and consult the migration guide for compatibility notes.
Share your experience with the upgrade or report any issues on the project’s GitHub so others can benefit.
