Security Policy

You can join our security mailing list to be aware of the latest announcements from our security team. You can subscribe by sending an email to security+subscribe@traefik.io or on the online viewer.

Reported vulnerabilities can be found on cve.mitre.org.

Supported Versions

• We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
• Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
• Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).

Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).

We use Semantic Versioning.

Version	Supported
2.2.x
< 2.2.x
1.7.x
< 1.7.x

Reporting a Vulnerability

We want to keep Traefik safe for everyone. If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, by creating a security advisory.