Change8

v2.11.32

Breaking Changes
📦 traefikView on GitHub →
1 breaking🐛 5 fixes🔧 3 symbols

Summary

This release addresses critical CVEs, introducing a breaking change regarding encoded characters in request paths, and includes several dependency bumps and bug fixes across server, plugins, and HTTP/3 components.

⚠️ Breaking Changes

  • Behavior regarding encoded characters in request paths has changed due to a CVE fix. Consult the migration guide for details on how to fix potential issues: https://doc.traefik.io/traefik/v2.11/migration/v2/#encoded-characters-in-request-path

Migration Steps

  1. Review the migration guide regarding encoded characters in request paths: https://doc.traefik.io/traefik/v2.11/migration/v2/#encoded-characters-in-request-path
  2. Review the specific migration guide for v2.11.32: https://doc.traefik.io/traefik/v2.11/migration/v2/#v21132

🐛 Bug Fixes

  • Rejected suspicious encoded characters in the server component.
  • Validated plugin module names.
  • Updated github.com/quic-go/quic-go to v0.57.1 (HTTP/3 related).
  • Updated github.com/quic-go/quic-go to v0.57.0 (HTTP/3 related).
  • Updated golang.org/x/crypto to v0.45.0.

🔧 Affected Symbols

[server][plugins][http3]