Traefik | v3.7.6

Traefik v3.7.6 released on 30-06-2026


Traefik v3.7.6 is out now. Operators running Traefik in Kubernetes environments or using the Gateway API will get a range of stability and correctness fixes across provider integrations, middleware and TLS handling.

Read the migration guide before upgrading: https://doc.traefik.io/traefik/v3.7/migrate/v3/#v376. For full details consult the project’s release notes on GitHub.

What’s in this release

  • Kubernetes and Gateway API fixes: ingress-nginx SSL passthrough status updates, EndpointSlice detection/indexing and stable sorting to keep backend IP order consistent, and Gateway API fixes to avoid service name collisions and ignore non-managed parentRefs.
  • Middleware and request/response handling fixes: forward-auth now preserves X-Forwarded-Port, RequestHeaderModifier correctly updates Host, RequestRedirect derives scheme when omitted, CORS Max-Age and wildcard/allow-credentials behaviour corrected, plus an option to strip request headers with underscores and configurable max request header size.
  • TLS, WebSocket and dependencies: nondeterministic certificate selection on shared SANs fixed, WebSocket upgrades for backends using h2c repaired, and dependency bumps (go-acme/lego, kvtools/redis, axios) alongside new security and maxHeaderBytes documentation.

Upgrade notes

  • Important: read the migration guide for v3.7 → v3.7.6 before upgrading: migration guide.
  • If you need to roll back, follow your deployment’s rollback procedures and check the migration guide for any configuration changes that may affect reversion.

Please share your experience with the upgrade on the project’s GitHub or community channels — reports on regressions or confirmations of fixes are useful to other operators.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes