Traefik 3.7.6
Traefik 3.7.6 is out — June 30, 2026. Patch release with critical bug fixes and security hardening for the Cloud Native Application Proxy.
What Changed
- [k8s/ingress-nginx] Fix force-ssl-redirect routing 418 — TLS termination upstream no longer causes incorrect HTTP 418 responses. Routes now respect the force-ssl-redirect annotation properly.
- [k8s] Detect EndpointSlice condition changes — Traefik now correctly reacts to EndpointSlice readiness and termination state transitions, ensuring traffic is only routed to healthy endpoints.
- Security fixes — Patches for CVE-2026-54761 and CVE-2026-54762. Both address request-handling vulnerabilities in the HTTP router. Update recommended.
Background
Traefik 3.7.6 is a maintenance release in the 3.7 stable line. It ships without new features but addresses regressions introduced in earlier 3.7 patches and closes two security advisories. The 3.7 branch is the current active release line; Traefik 2.11 continues receiving critical patches for existing users.
Upgrade Path
Upgrade using your existing deployment method — Docker pull, Helm chart upgrade, or binary replacement. The traefik/traefik:v3.7.6 image tag is available now. No breaking configuration changes from 3.7.x.
Review the full changelog on GitHub for the complete list of fixes.