Skip to content

traefik

v3.7.2 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 11h Reverse Proxies & Load Balancers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

consul docker etcd go kubernetes letsencrypt
+7 more
load-balancing marathon mesos microservice proxy traefik zookeeper

Affected surfaces

auth breaking_upgrade deps

Summary

AI summary

Broad release touches https://github.com/traefik/traefik/pull/13155, https://github.com/traefik/traefik/pull/13203, https://github.com/traefik/traefik/pull/13180, and https://github.com/traefik/traefik/pull/13201.

Changes in this release

Dependency Low

Bump github.com/moby/spdystream to v0.5.1 in k8s GatewayAPI component.

Bump github.com/moby/spdystream to v0.5.1 in k8s GatewayAPI component.

Source: llm_adapter@2026-06-03

Confidence: high
Dependency Low

Bump github.com/bytedance/sonic to v1.15.1 in server component.

Bump github.com/bytedance/sonic to v1.15.1 in server component.

Source: llm_adapter@2026-06-03

Confidence: high
Dependency Low

Bump golang.org/x/net to v0.55.0 in server component.

Bump golang.org/x/net to v0.55.0 in server component.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Dependency Low

Bump golang.org/x/crypto to v0.52.0 in server component.

Bump golang.org/x/crypto to v0.52.0 in server component.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Bugfix Medium

Fix TCP router service resolution in dashboard flow diagram for webui and tcp components.

Fix TCP router service resolution in dashboard flow diagram for webui and tcp components.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Trim quotes from proxy_set_header header name in k8s Ingress‑NGINX integration.

Trim quotes from proxy_set_header header name in k8s Ingress‑NGINX integration.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Escape double quotes in quoted log fields for access logs.

Escape double quotes in quoted log fields for access logs.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Escape exact gRPC method matches in k8s GatewayAPI integration.

Escape exact gRPC method matches in k8s GatewayAPI integration.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Allow dropping query parameters from RequestPath in access log middleware.

Allow dropping query parameters from RequestPath in access log middleware.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Clear Ssl-Client-* headers when no client certificate is present in k8s Ingress‑NGINX.

Clear Ssl-Client-* headers when no client certificate is present in k8s Ingress‑NGINX.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Improve file provider behavior regarding dangling symlinks.

Improve file provider behavior regarding dangling symlinks.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Add error on basic auth build if users list is empty in middleware/authentication.

Add error on basic auth build if users list is empty in middleware/authentication.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Avoid ingress path matcher injection and backport fix 11d251415 in k8s Ingress integration.

Avoid ingress path matcher injection and backport fix 11d251415 in k8s Ingress integration.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Bugfix Low

Reject requests with mismatched paths after StripPrefix and StripPrefixRegex normalisation in middleware.

Reject requests with mismatched paths after StripPrefix and StripPrefixRegex normalisation in middleware.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Bugfix Low

Change default values and expose QPS/Burst configuration for Kubernetes client in k8s GatewayAPI integration.

Change default values and expose QPS/Burst configuration for Kubernetes client in k8s GatewayAPI integration.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Refactor Low

Move snicheck logic to request context instead of simulated routing.

Move snicheck logic to request context instead of simulated routing.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Full changelog

Important: Please read the migration guide.

Bug fixes:

  • [webui, tcp] Fix TCP router service resolution in dashboard flow diagram (#13155 @aliamerj)
  • [k8s/ingress-nginx] Trim quotes from proxy_set_header header name (#13203 @crisbal)
  • [accesslogs] Escape double quotes in quoted log fields (#13180 @KaanSimsek)
  • [k8s/gatewayapi] Escape exact gRPC method matches (#13201 @nickmnt)
  • [logs, middleware] Allow query parameters to be dropped from RequestPath in access log (#13091 @calinelson)
  • [k8s/ingress-nginx] Clear Ssl-Client-* headers when no client certificate is present (#13260 @gndz07)
  • [k8s/gatewayapi] Bump github.com/moby/spdystream to v0.5.1 (#13252 @kevinpollet)
  • [file] Improve file provider behavior regarding dangling symlinks (#12449 @fh-yuxiao-zeng)
  • [server] Bump github.com/bytedance/sonic to v1.15.1 (#13254 @kevinpollet)
  • [middleware, authentication] Add error on basic auth build if users is empty (#13195 @rtribotte)
  • [k8s/ingress] Avoid ingress path matcher injection and backport 11d251415 (#13227 @rtribotte)
  • [server] Move snicheck to ctx instead of simulated routing (#13214 @juliens)
  • [middleware] Reject requests with different paths after StripPrefix and StripPrefixRegex normalisation (#13215 @rtribotte)
  • [server] Bump golang.org/x/net to v0.55.0 (#13251 @kevinpollet)
  • [k8s/gatewayapi] Change default values and expose configuration for Kubernetes client QPS and Burst (#13277 @kevinpollet)
  • [server] Bump golang.org/x/crypto to v0.52.0 (#13276 @rtribotte)

Documentation:

  • [k8s] Document new chart behavior on Gateway API (#13167 @mloiseleur)
  • [file] Replace generated File routing reference page (#13170 @sheddy-traefik)
  • [k8s/crd] Fix typo in accesslogs field name (#13177 @PlayMTL)
  • [k8s/ingress-nginx] Surface the Ingress status race condition during NGINX coexistence (#13205 @emilevauge)
  • Polish grammar in migration guides (#13174 @quyentonndbs)
  • [middleware] Remove whitespace in HTML tag (#13160 @marbon87)
  • Add @LBF38 as a current maintainer (#13225 @emilevauge)
  • Add ingressClassName to Kubernetes CRD provider migration guide (#13248 @kevinpollet)
  • [k8s/ingress-nginx] Add nginx.ingress.kubernetes.io/enable-global-auth to the list of supported annotations (#13219 @filip2mac)
  • [k8s/ingress-nginx] Capitalize NGINX in kubernetesIngressNGINX (#13236 @smellems)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track traefik

Get notified when new releases ship.

Sign up free

About traefik

The Cloud Native Application Proxy

All releases →

Related context

Beta — feedback welcome: [email protected]