Traefik | v3.7.1

Traefik v3.7.1 released on 11-05-2026


Traefik v3.7.1 is out now. It includes a security fix for CVE-2026-44774 and changes that affect Kubernetes provider behaviour, so Kubernetes operators and multi-namespace/multi-provider deployments should review the changes.

Read the v3.7→v3.7.1 migration guide at https://doc.traefik.io/traefik/v3.7/migrate/v3/#v371 and the Traefik security advisory (GHSA-96qj-4jj5-wcjc) and NVD entry for the CVE for full details and recommended actions.

What’s in this release

  • Security fix: CVE-2026-44774 addressed — see the Traefik advisory (GHSA-96qj-4jj5-wcjc) and the NVD entry for details and recommended actions.
  • New CrossProviderNamespaces option for Kubernetes providers (k8s/ingress, k8s/crd, k8s/gatewayapi) (PR #13094) which changes how cross-provider namespace references are handled.
  • Bug fix for Kubernetes CRD provider: corrected cross-provider reference checks for CRD-backed resources (PR #13121).

Upgrade notes

  • Important migration step: follow the v3.7→v3.7.1 migration guide at https://doc.traefik.io/traefik/v3.7/migrate/v3/#v371 to understand required configuration or behaviour changes before upgrading.
  • The release notes do not include explicit rollback instructions; consult the project’s documentation and the GitHub advisory if you need assistance reverting or validating changes after an upgrade.

Share comments on your experience upgrading to v3.7.1 — problems, confirmations that the fix worked, or any unexpected behaviour you observe.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes