Traefik has released v3.7.7, a patch version focused on stability and correctness across multiple areas. This release addresses bugs in middleware, Kubernetes providers, and ACME, along with dependency updates. Developers should update to benefit from these fixes, especially if using Kubernetes ingress or advanced middleware.
Key changes in this release:
- [middleware, k8s/ingress-nginx] Added
app-rootmiddleware with nginx variable interpolation (#13398). This allows dynamic injection of request metadata into redirects, bridging a gap for users migrating from nginx ingress. - [rules] Fixed consistency between
HostSNI()andHost()rules (#13460). Now both evaluate the same condition, preventing routing mismatches in TLS and non-TLS scenarios. - [k8s, k8s/gatewayapi]
ExtensionReffilters onbackendRefsnow resolve against the HTTPRoute namespace (#13462). Previously, cross-namespace references could fail erroneously. - [middleware] Fixed handling of empty unknown-length bodies in mirroring (#13399). This prevents crashes when mirroring requests with certain content-length headers.
- [k8s/crd] Fixed cross-provider reference check for TCP ServersTransport in the Kubernetes CRD provider (#13458). Ensures proper validation across providers.
- [middleware] Sanitized replaced path in
ReplacePathRegexmiddleware (#13466). Prevents path traversal vulnerabilities by cleaning the rewritten path. - [acme] Bumped
software.sslmate.com/src/go-pkcs12to v0.7.3 (#13477). Enhances certificate export compatibility. - [otel] Bumped
go.opentelemetry.io/otelto v1.44.0 (#13478). Improves OpenTelemetry integration stability and performance. - [k8s] Fixed panic when
endpointsliceport value or name isnil(#13481). Prevents crashes caused by malformed endpoint slice objects. - Documentation fixes: version in migration guide corrected (#13434), changelog for v2.11.51 fixed (#13430), v3.7 added to supported versions (#13118), and more.
For developers, this release ensures smoother operation in Kubernetes environments, especially with complex routing and middleware. The HostSNI fix is critical for TLS setups, while the middleware sanitization improves security. Update your Traefik deployment to v3.7.7 to avoid these bugs and benefit from extended compatibility.
Source: https://github.com/traefik/traefik/releases/tag/v3.7.7