Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package traefik for openSUSE:Factory checked in at 2026-06-17 16:18:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/traefik (Old) and /work/SRC/openSUSE:Factory/.traefik.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "traefik" Wed Jun 17 16:18:08 2026 rev:53 rq:1359777 version:3.7.5 Changes: -------- --- /work/SRC/openSUSE:Factory/traefik/traefik.changes 2026-05-18 17:50:59.535683547 +0200 +++ /work/SRC/openSUSE:Factory/.traefik.new.1981/traefik.changes 2026-06-17 16:18:46.740217475 +0200 @@ -1,0 +2,339 @@ +Mon Jun 15 15:32:57 UTC 2026 - Johannes Weberhofer <[email protected]> + +Important: Please read the migration guide. + +- Version 3.7.5 + Bugs fixed + * k8s/gatewayapi + - Reject cross-provider references with backendRefs.namespace + * k8s/ingress-nginx + - Pass endpointslice fencing on ingress-nginx provider + - Skip ingress when auth-secret resolution fails + * server + - Bump to github.com/pires/go-proxyproto v0.12.0 + * tls + - Fix routers with same host, different tlsoptions on different entryPoint + - Fix snicheck for routers with no hosts + +- Version 3.7.4 + Bugs fixed + * http3 + - Bump github.com/quic-go/quic-go to v0.59.1 + * k8s/gatewayapi + - Fix BackendTLSPolicy status update + * middleware + - Fix redis write timeout option configuration + * tls + - Fix snicheck with keepalive + * webui + - Bump axios to v1.17.0 + - Bump react-router and jsdom + +- Version 3.7.3 + CVE fixed + * CVE-2026-48020 (Advisory GHSA-xf64-8mw2-4gr2) + * CVE-2026-48491 (Advisory GHSA-5r4w-85f3-pw66) + * CVE-2026-53622 (Advisory GHSA-9cr8-q42q-g8m7) + + Bugs fixed + * accesslogs + - Escape double quotes in quoted log fields + * file + - Improve file provider behavior regarding dangling symlinks + * k8s/gatewayapi + - Bump github.com/moby/spdystream to v0.5.1 + - Change default values and expose configuration for Kubernetes client + QPS and Burst + - Escape exact gRPC method matches + * k8s/ingress + - Avoid ingress path matcher injection and backport 11d2514 + * k8s/ingress-nginx + - Clear Ssl-Client-* headers when no client certificate is present + - Trim quotes from proxy_set_header header name + * logs, middleware + - Allow query parameters to be dropped from RequestPath in access log + * middleware, authentication + - Add error on basic auth build if users is empty + * middleware + - Reject requests with different paths after StripPrefix and + StripPrefixRegex normalisation + * server + - Bump github.com/bytedance/sonic to v1.15.1 + - Bump golang.org/x/crypto to v0.52.0 + - Bump golang.org/x/net to v0.55.0 + - Move snicheck to ctx instead of simulated routing + * tls + - Compute resolved tlsOptions after applying models + * webui, tcp + - Fix TCP router service resolution in dashboard flow diagram + +- Version 3.7.1 + CVE fixed + * CVE-2026-44774 (Advisory GHSA-96qj-4jj5-wcjc) + + Bugs fixed + * k8s/ingress, k8s/crd, k8s/gatewayapi + - Add CrossProviderNamespaces option + * k8s/crd + - Fix cross-provider ref check for Kubernetes CRD provider + +- Version 3.7.0 + Enhancements + * accesslogs, k8s/ingress-nginx, k8s/ingress + - Add Kubernetes Ingress logs fields + * accesslogs, k8s/ingress-nginx + - Support nginx.ingress.kubernetes.io/enable-access-log annotation + * accesslogs, otel + - Allow Stdio access logs alongsige OTLP logging + * acme + - Add CertificateTimeout ACME configuration option + * k8s/crd + - Add ingressClassName field to the CRDs spec + - Service failover support in TraefikService CRD + * k8s/crd, service + - Support cipher suites configuration with ServersTransport + * k8s/gatewayapi + - Add secret support for BackendTLSPolicy caCertificateRefs + - Bump sigs.k8s.io/gateway-api to v1.5.1 + - Support multiple certificateRefs on gateway listeners + * k8s/ingress, middleware, k8s/crd, service, k8s/gatewayapi + - Services middleware and Gateway API filters on HTTP backends + * k8s/ingress-nginx + - Add custom-http-errors and default-backend annotations + - Add limit-burst-multiplier annotation support + - Add limit-connections support + - Add nginx.ingress.kubernetes.io/proxy-connect-timeout annotation + - Add rewrite-target nginx annotations support + - Add support for app-root nginx annotation + - Add support for auth-signin annotation + - Add support for from-to-www-redirect NGINX annotation + - Add support for proxy-read-timeout and proxy-send-timeout NGINX + annotations + - Add support for session-cookie-expires nginx annotation + - Add support for upstream-hash-by NGINX annotation + - Add support for variable interpolation in auth-signin NGINX annotation + - Allow entry points to be specified on Nginx Ingresses + - Implement proxy-http-version annotation + - Implement server-snippet and configuration-snippet annotations + * k8s/ingress-nginx, k8s/ingress, rules + - Add wildcard host in Host and HostSNI matchers + * k8s/ingress-nginx, middleware, authentication + - Add support for auth-snippet + * k8s/ingress-nginx + - Nginx x-forwarded-prefix annotation + - Support auth-tls-pass-certificate-to-upstream annotation + - Support auth-tls-secret and auth-tls-verify-client annotations + - Support limit-rpm annotation for ingress-nginx + - Support limit-rps annotation for Ingress NGINX + - Support NGINX buffering annotations + - Support NGINX canary annotations + - Support NGINX custom-headers annotation + - Support NGINX global auth annotation + - Support nginx.ingress.kubernetes.io/allowlist-source-range + - Support NGINX upstream-vhost annotation + - Support NGINX whitelist-source-range annotation + - Support permanent-redirect and temporal-redirect annotations + - Support proxy-next-upstream* annotations + - Support server-alias annotation for Ingress NGINX + - Support upstream-keepalive-timeout + - Use a metamodel to generate dynamic configuration in ingress-nginx + * k8s/knative + - Support knative v1.20.0 + * metrics + - Support file path for metrics.influxdb2.token option + * middleware + - Add encodedCharacters middleware + * middleware, authentication + - Add authSignInURL in forward auth middleware + * middleware + - Enable retries based on HTTP response status codes, timeout, and + non-idempotent methods + * provider + - Add providers routing precedence configuration + * server + - Add global option to disable X-Forwarded-For appending + - Replace Split in loops with more efficient SplitSeq + * service + - Failover according to response status code + * tls + - Make TLSStore gracefully handle missing secrets + - Use unicode.MaxASCII for clearer ASCII check + * webui + - Add dashboard name configuration + - Details pages UI improvement + - Display server weight in service detail view + * webui, tls + - Add certificates menu and overview + * webui + - Web UI dashboard improvements + + Bug fixes + * acme + - Add missing renew options + - Add timeout to ACME-TLS/1 challenge handshake + - Alter TLS renewal period + - Bump github.com/go-acme/lego/v4 to v4.35.2 + - Remove invalid private key in log + - Replace hardcoded references to LetsEncrypt in log messages + * api + - Fix allow colons and tildes in api.basePath validation + * cli + - Fix health check ping + * docker + - Auto-negotiate Docker API Version + - Bump Docker and OpenTelemetry dependencies + * docker, docker/swarm + - Auto-negotiate Docker API version + * docker + - Downgrade log level for missing container on inspect + * docker, ecs + - Migrate to github.com/moby/moby modules + * fastproxy + - Bump github.com/valyala/fasthttp to v1.69.0 + * grpc + - Bump google.golang.org/grpc to v1.79.3 + * healthcheck, grpc + - Remove path parsing with grpc healthcheck + * healthcheck + - Reject absolute URL in healthcheck path configuration + - Validate healthcheck path configuration + * http3 + - Bump github.com/quic-go/quic-go to v0.59.0 + * http + - Add maxResponseBodySize configuration on HTTP provider + * k8s/crd + - Fix panic with Failover services in Kubernetes + * k8s/crd, k8s + - Honor allowCrossNamespace with chain middleware CRD + * k8s/crd + - Remove cross-provider sanitization for Kubernetes service loading + * k8s + - Fix condition used for serving and fenced endpoints + * k8s/gatewayapi + - Fix Gateway API router's rules + - Fix incorrect hostname matching between listener and route + * k8s/ingress + - Fix ingress router's rule + - Fix panic for empty defaultBackend and defaultBackend without resources + * k8s/ingress-nginx + - Add AllowCrossNamespaceResources and GlobalAllowedResponseHeader + options to control custom headers annotations + - Add ipAllowListStrategy option for allowlist/whitelist annotations + - Avoid 302 redirect when rewrite-target value is not an absolute URL + for ingress-nginx provider + - Deprecate Kubernetes Ingress NGINX provider experimental flag + - Do not require a port for ExternalName services + - Fix auth-response-headers whitespace trimming in ingress-nginx provider + - Fix custom headers annotation with 503 Service Unavailable + - Fix nginx.ingress.kubernetes.io/proxy-ssl-verify annotation support + - Fix nginx rewrite target + - Fix NGINX sslredirect annotation support + - Fix proxy-ssl-verify annotation + - Fix regressions after refacto of the ingress-nginx provider + - Fix rewrite directive in configuration-snippet to trim quotes + - Fix rewrite-target annotation handling with empty path and non-regex + path + - Fix rewrite-target to handle full URL + - Fix service unavailable on ingress-nginx + - Fix SSL redirect behavior for ingress-nginx provider + - Fix SSL redirect to match NGINX behavior + - Fix the service name for ingress-nginx provider + - Fix TLS behavior in ingress-nginx provider + - Fix typo in default CORS allowed headers + - Fix use-regex annotation behavior and add strictValidatePathType + config for ingress-nginx provider + - Fix use-regex nginx annotation + - Handle duplicate server-alias on ingress-nginx provider + - Handle empty rewrite-target like unset rewrite-target + - Prevent Ingress Nginx provider http router to attach to an entrypoint + with TLS + - Use QuoteMeta for cookie name when building canary rules + * k8s, k8s/ingress-nginx + - Add regression test for ingress default backend without rules + * logs, metrics, tracing + - Bump go.opentelemetry.io/otel + * logs, otel + - Add OTel-conformant trace context attributes to access logs + * metrics, tracing, accesslogs + - Fix ObservabilityConfig SetDefaults + * middleware + - Add errorRequestHeaders option to Errors middleware + * middleware, authentication + - Add maxResponseBodySize configuration to forwardAuth middleware + - Change ForwardAuth error log level from DEBUG to ERROR + - Cleanup and make ForwardAuth logs consistent + - Fix trustForwardHeader on forward auth middleware + - Handle empty/missing User-Agent header + - Make basic auth check timing constant + - Prevent duplicate user headers in basic and digest auth middleware + - Remove map lookup making the basic auth notFoundSecret empty + * middleware + - Bump github.com/klauspost/compress v1.18.4 + - Deprecate ForwardAuth.TrustForwardHeader option + - Fix case sensitivity on x-forwarded headers for Connection + - Fix HasSecureHeadersDefined returning false when stsSeconds is 0 + - Fix StripPrefix and StripPrefixRegex to slice the prefix using + encoded prefix length + * middleware, k8s/ingress-nginx + - Fix app-root with query params redirect + - Fix custom error pages behavior for ingress-nginx provider + - Fix rewrite target with full URL and no regex in ingress path + - Preserve request query on absolute-URL redirect + - Resolve NGINX variables in ingress-nginx upstream-vhost annotation + * middleware, k8s, k8s/ingress-nginx + - Fix from to www nginx annotation + * middleware + - Remove untrusted X headers with underscores + - Sanitize the request URL after stripping the prefix + * otel + - Bump go.opentelemetry.io/otel dependencies + * plugins + - Validate plugin module name + * redis + - Fix mutually exclusive verification for Redis + * server + - Bump github.com/vulcand/oxy to v2.1.0 + - Bump golang.org/x/crypto to v0.45.0 + - Bump golang.org/x/net to v0.51.0 ++++ 42 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/traefik/traefik.changes ++++ and /work/SRC/openSUSE:Factory/.traefik.new.1981/traefik.changes Old: ---- traefik-v3.6.17.src.tar.gz New: ---- traefik-v3.7.5.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ traefik.spec ++++++ --- /var/tmp/diff_new_pack.fB5aVN/_old 2026-06-17 16:18:53.004479577 +0200 +++ /var/tmp/diff_new_pack.fB5aVN/_new 2026-06-17 16:18:53.004479577 +0200 @@ -23,7 +23,7 @@ %define buildmode pie %endif Name: traefik -Version: 3.6.17 +Version: 3.7.5 Release: 0 Summary: The Cloud Native Application Proxy License: MIT ++++++ traefik-v3.6.17.src.tar.gz -> traefik-v3.7.5.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik/traefik-v3.6.17.src.tar.gz /work/SRC/openSUSE:Factory/.traefik.new.1981/traefik-v3.7.5.src.tar.gz differ: char 12, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik/vendor.tar.gz /work/SRC/openSUSE:Factory/.traefik.new.1981/vendor.tar.gz differ: char 38, line 1
