build(go): bump github.com/traefik/traefik/v3 from 3.4.5 to 3.6.8

[dependabot]

Bumps github.com/traefik/traefik/v3 from 3.4.5 to 3.6.8.

Release notes

Sourced from github.com/traefik/traefik/v3's releases.

v3.6.8

CVE fixed:

• CVE-2026-25949 (Advisory GHSA-89p3-4642-cr2w)

Bug fixes:

• [acme] Remove invalid private key in log (#12574 by juliens)
• [acme] Alter TLS renewal period (#12479 by LtHummus)
• [healthcheck] Reject absolute URL in healthcheck path configuration (#12653 by rtribotte)
• [http3] Bump github.com/quic-go/quic-go to v0.59.0 (#12553 by jnoordsij)
• [metrics,tracing,accesslogs] Fix ObservabilityConfig SetDefaults (#12636 by mmatur)
• [server] Remove conn deadline after STARTTLS negociation (#12639 by rtribotte)
• [tls] Fix verifyServerCertMatchesURI function behavior (#12575 by kevinpollet)
• [tracing,otel] Use ParentBased sampler to respect parent span sampling decision (#12403 by xe-leon)
• [webui] Use url.Parse to validate X-Forwarded-Prefix value (#12643 by kevinpollet)
• [healthcheck] Validate healthcheck path configuration (#12642 by @​rtribotte)
• [tls, server] Cap TLS record length to RFC 8446 limit in ClientHello peeking (#12638 by @​mmatur)
• [service] Avoid recursion with services (#12591 by juliens)
• [webui] Bump dependencies of documentation and webui (#12581 by gndz07)

Documentation:

• [k8s] Fix kubernetes.md with correct http redirections (#12603 by MartenM)
• [middleware,k8s/crd] Fix the errors middleware's document for Kubernetes CRD (#12600 by yuito-it)
• [tls] Clarify SNI selection (#12482 by AnuragEkkati)
• Fix typo on JWT documentation (#12616 by mdevino)
• Add @​gndz07 as a current maintainer (#12594 by emilevauge)
• Remove extraneous dots in migration guide (#12571 by dathbe)
• Document Path matcher placeholder removal in v3 migration guide (#12570 by sheddy-traefik)
• Improve Service Reference page (#12541 by sheddy-traefik)
• Document negative priority support for routers (#12505 by understood-the-assignment)
• Improve the structure of the routing reference pages (#12429 by sheddy-traefik)
• Clean Up Menu Entries & Update Expose Overview (#12405 by sheddy-traefik)
• Split Expose User Guides & Add Multi-Layer Routing Section (#12238 by sheddy-traefik)
• Remove extra dots in migration guide (#12573 by rtribotte)

Misc:

• Merge v2.11 into v3.6 (#12652 by mmatur)
• Merge v2.11 into v3.6 (#12644 by mmatur)
• Merge branch v2.11 into v3.6 (#12617 by mmatur)
• Merge v2.11 into v3.6 (#12605 by mmatur)
• Merge v2.11 into v3.6 (#12601 by mmatur)
• Merge branch v2.11 into v3.6 (#12556 by mmatur)

v3.6.7

⚠️ Breaking change ⚠️ As explained in the comment left on the CVE-2025-66490 fix, this new hotfix version makes the behavior opt-in. As a result, this release is breaking compared to the previous hotfix versions since v3.6.4, but it restores by default the behavior that existed before that hotfix. Please, read the migration guide to enable the feature.

CVE fixed:

• CVE-2026-22045 (Advisory GHSA-cwjm-3f7h-9hwqj)

... (truncated)

Changelog

Sourced from github.com/traefik/traefik/v3's changelog.

v3.6.8 (2026-02-11)

All Commits

Bug fixes:

• [acme] Remove invalid private key in log (#12574 by juliens)
• [acme] Alter TLS renewal period (#12479 by LtHummus)
• [healthcheck] Reject absolute URL in healthcheck path configuration (#12653 by rtribotte)
• [http3] Bump github.com/quic-go/quic-go to v0.59.0 (#12553 by jnoordsij)
• [metrics,tracing,accesslogs] Fix ObservabilityConfig SetDefaults (#12636 by mmatur)
• [server] Remove conn deadline after STARTTLS negociation (#12639 by rtribotte)
• [tls] Fix verifyServerCertMatchesURI function behavior (#12575 by kevinpollet)
• [tracing,otel] Use ParentBased sampler to respect parent span sampling decision (#12403 by xe-leon)
• [webui] Use url.Parse to validate X-Forwarded-Prefix value (#12643 by kevinpollet)
• [healthcheck] Validate healthcheck path configuration (#12642 by @​rtribotte)
• [tls, server] Cap TLS record length to RFC 8446 limit in ClientHello peeking (#12638 by @​mmatur)
• [service] Avoid recursion with services (#12591 by juliens)
• [webui] Bump dependencies of documentation and webui (#12581 by gndz07)

Documentation:

• [k8s] Fix kubernetes.md with correct http redirections (#12603 by MartenM)
• [middleware,k8s/crd] Fix the errors middleware's document for Kubernetes CRD (#12600 by yuito-it)
• [tls] Clarify SNI selection (#12482 by AnuragEkkati)
• Fix typo on JWT documentation (#12616 by mdevino)
• Add @​gndz07 as a current maintainer (#12594 by emilevauge)
• Remove extraneous dots in migration guide (#12571 by dathbe)
• Document Path matcher placeholder removal in v3 migration guide (#12570 by sheddy-traefik)
• Improve Service Reference page (#12541 by sheddy-traefik)
• Document negative priority support for routers (#12505 by understood-the-assignment)
• Improve the structure of the routing reference pages (#12429 by sheddy-traefik)
• Clean Up Menu Entries & Update Expose Overview (#12405 by sheddy-traefik)
• Split Expose User Guides & Add Multi-Layer Routing Section (#12238 by sheddy-traefik)
• Remove extra dots in migration guide (#12573 by rtribotte)

Misc:

• Merge v2.11 into v3.6 (#12652 by mmatur)
• Merge v2.11 into v3.6 (#12644 by mmatur)
• Merge branch v2.11 into v3.6 (#12617 by mmatur)
• Merge v2.11 into v3.6 (#12605 by mmatur)
• Merge v2.11 into v3.6 (#12601 by mmatur)
• Merge branch v2.11 into v3.6 (#12556 by mmatur)

v2.11.37 (2026-02-11)

All Commits

Bug fixes:

• [healthcheck] Validate healthcheck path configuration (#12642 by @​rtribotte)
• [tls, server] Cap TLS record length to RFC 8446 limit in ClientHello peeking (#12638 by @​mmatur)

v2.11.36 (2026-02-02)

All Commits

... (truncated)

Commits

• 2f215ab Prepare release v3.6.8
• f6ce751 Reject absolute URL in healthcheck path configuration
• a28da8a Merge v2.11 into v3.6
• 7747b40 Prepare release v2.11.37
• 31e566e Remove conn deadline after STARTTLS negociation
• 72e2454 Cap TLS record length to RFC 8446 limit in ClientHello peeking
• 256fcbe Merge v2.11 into v3.6
• 0beed10 Validate healthcheck path configuration
• 4b3c971 Use url.Parse to validate X-Forwarded-Prefix value
• d337748 Fix ObservabilityConfig SetDefaults
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Thank you for opening this pull request! 👋🏼

This repository requires pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details

The subject "bump github.com/traefik/traefik/v3 from 3.4.5 to 3.6.8" found in pull request title "build(go): bump github.com/traefik/traefik/v3 from 3.4.5 to 3.6.8" doesn't match the configured pattern "^[A-Z].+[^. ]$".