:warning: Breaking change :warning: As explained in the comment left on the CVE-2025-66490 fix, this new hotfix version makes the behavior opt-in. As a result, this release is breaking compared to the previous hotfix versions since v3.6.4, but it restores by default the behavior that existed before that hotfix. Please, read the migration guide to enable the feature.

CVE fixed:

• CVE-2026-22045 (Advisory GHSA-cwjm-3f7h-9hwqj)

Bug fixes:

• [acme] Bump github.com/go-acme/lego/v4 to v4.31.0 (#12529 by ldez)
• [acme] Add missing renew options (#12467 by ldez)
• [acme] Replace hardcoded references to LetsEncrypt in log messages (#12464 by schildbach)
• [k8s/ingress-nginx] Fix use-regex nginx annotation (#12531 by LBF38)
• [k8s/ingress-nginx] Prevent Ingress Nginx provider http router to attach to an entrypoint with TLS (#12528 by )

Documentation:

• [docker/swarm] Update swarm.md traefik version (#12508 by DBouraoui)
• [k8s/ingress-nginx] Fix ingress-nginx annotations documentation (#12510 by nmengin)
• [k8s] Fix Kubernetes reference yml file (#12406 by mmatur)
• Fix code copy button positioning (#12520 by AnuragEkkati)
• Fix typo in kubernetes.md (#12515 by EdwardSalkeld)

Misc:

• Merge branch v2.11 into v3.6 (#12552 by rtribotte)
• Merge branch v2.11 into v3.6 (#12533 by mmatur)
• Merge branch v2.11 into v3.6 (#12497 by mmatur)