Traefik v3.7.6 released on 30-06-2026

Traefik v3.7.6 is out now. Operators running Traefik in Kubernetes environments or using the Gateway API will get a range of stability and correctness fixes across provider integrations, middleware and TLS handling.
Read the migration guide before upgrading: https://doc.traefik.io/traefik/v3.7/migrate/v3/#v376. For full details consult the project’s release notes on GitHub.
What’s in this release
- Kubernetes and Gateway API fixes: ingress-nginx SSL passthrough status updates, EndpointSlice detection/indexing and stable sorting to keep backend IP order consistent, and Gateway API fixes to avoid service name collisions and ignore non-managed parentRefs.
- Middleware and request/response handling fixes: forward-auth now preserves X-Forwarded-Port, RequestHeaderModifier correctly updates Host, RequestRedirect derives scheme when omitted, CORS Max-Age and wildcard/allow-credentials behaviour corrected, plus an option to strip request headers with underscores and configurable max request header size.
- TLS, WebSocket and dependencies: nondeterministic certificate selection on shared SANs fixed, WebSocket upgrades for backends using h2c repaired, and dependency bumps (go-acme/lego, kvtools/redis, axios) alongside new security and maxHeaderBytes documentation.
Upgrade notes
- Important: read the migration guide for v3.7 → v3.7.6 before upgrading: migration guide.
- If you need to roll back, follow your deployment’s rollback procedures and check the migration guide for any configuration changes that may affect reversion.
Please share your experience with the upgrade on the project’s GitHub or community channels — reports on regressions or confirmations of fixes are useful to other operators.


