Merge branch v2.9 into master

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -6,12 +6,14 @@ body:
     attributes:
       label: Welcome!
       description: |
-        The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following:
+        The issue tracker is for reporting bugs and feature requests only.
-        - the Traefik community forum: https://community.traefik.io/
+        For end-user related support questions, please use the [Traefik community forum](https://community.traefik.io/).
 
-        The configurations between 1.X and 2.X are NOT compatible. Please have a look [here](https://doc.traefik.io/traefik/getting-started/configuration-overview/).
+        All new/updated issues are triaged regularly by the maintainers.
+        All issues closed by a bot are subsequently double-checked by the maintainers.
 
         DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
+
       options:
         - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
           required: true

.github/workflows/validate.yaml

@@ -7,8 +7,8 @@ on:
 
 env:
   GO_VERSION: 1.19
-  GOLANGCI_LINT_VERSION: v1.49.0
+  GOLANGCI_LINT_VERSION: v1.50.0
-  MISSSPELL_VERSION: v0.3.4
+  MISSSPELL_VERSION: v0.4.0
   IN_DOCKER: ""
 
 jobs:
@@ -45,7 +45,7 @@ jobs:
         run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
 
       - name: Install missspell ${{ env.MISSSPELL_VERSION }}
-        run: curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
+        run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
 
       - name: Avoid generating webui
         run: touch webui/static/index.html

.golangci.toml

@@ -1,254 +0,0 @@
-[run]
-  timeout = "10m"
-  skip-files = []
-  skip-dirs = [
-    "pkg/provider/kubernetes/crd/generated/",
-  ]
-
-[linters-settings]
-
-  [linters-settings.govet]
-    check-shadowing = false
-
-  [linters-settings.golint]
-    min-confidence = 0.0
-
-  [linters-settings.gocyclo]
-    min-complexity = 14.0
-
-  [linters-settings.goconst]
-    min-len = 3.0
-    min-occurrences = 4.0
-
-  [linters-settings.misspell]
-    locale = "US"
-
-  [linters-settings.funlen]
-    lines = 230 # default 60
-    statements = 120 # default 40
-
-  [linters-settings.forbidigo]
-    forbid = [
-      '^print(ln)?$',
-      '^spew\.Print(f|ln)?$',
-      '^spew\.Dump$',
-    ]
-
-  [linters-settings.depguard]
-    list-type = "blacklist"
-    include-go-root = false
-    packages = ["github.com/pkg/errors"]
-
-  [linters-settings.godox]
-    keywords = ["FIXME"]
-
-  [linters-settings.importas]
-    corev1 = "k8s.io/api/core/v1"
-    networkingv1beta1 = "k8s.io/api/networking/v1beta1"
-    extensionsv1beta1 = "k8s.io/api/extensions/v1beta1"
-    metav1 = "k8s.io/apimachinery/pkg/apis/meta/v1"
-    kubeerror = "k8s.io/apimachinery/pkg/api/errors"
-    composeapi = "github.com/docker/compose/v2/pkg/api"
-
-  [linters-settings.revive]
-    [[linters-settings.revive.rules]]
-      name = "struct-tag"
-    [[linters-settings.rules]]
-      name = "blank-imports"
-    [[linters-settings.rules]]
-      name = "context-as-argument"
-    [[linters-settings.rules]]
-      name = "context-keys-type"
-    [[linters-settings.rules]]
-      name = "dot-imports"
-    [[linters-settings.rules]]
-      name = "error-return"
-    [[linters-settings.rules]]
-      name = "error-strings"
-    [[linters-settings.rules]]
-      name = "error-naming"
-    [[linters-settings.rules]]
-      name = "exported"
-    [[linters-settings.rules]]
-      name = "if-return"
-    [[linters-settings.rules]]
-      name = "increment-decrement"
-    [[linters-settings.rules]]
-      name = "var-naming"
-    [[linters-settings.rules]]
-      name = "var-declaration"
-    [[linters-settings.rules]]
-      name = "package-comments"
-    [[linters-settings.rules]]
-      name = "range"
-    [[linters-settings.rules]]
-      name = "receiver-naming"
-    [[linters-settings.rules]]
-      name = "time-naming"
-    [[linters-settings.rules]]
-      name = "unexported-return"
-    [[linters-settings.rules]]
-      name = "indent-error-flow"
-    [[linters-settings.rules]]
-      name = "errorf"
-    [[linters-settings.rules]]
-      name = "empty-block"
-    [[linters-settings.rules]]
-      name = "superfluous-else"
-    [[linters-settings.rules]]
-      name = "unused-parameter"
-    [[linters-settings.rules]]
-      name = "unreachable-code"
-    [[linters-settings.rules]]
-      name = "redefines-builtin-id"
-
-  [linters-settings.gomoddirectives]
-    replace-allow-list = [
-      "github.com/abbot/go-http-auth",
-      "github.com/go-check/check",
-      "github.com/gorilla/mux",
-      "github.com/mailgun/minheap",
-      "github.com/mailgun/multibuf",
-      "github.com/jaguilar/vt100",
-      "github.com/BurntSushi/toml",
-    ]
-
-[linters]
-  enable-all = true
-  disable = [
-    "scopelint", # Deprecated
-    "interfacer", # Deprecated
-    "maligned", # Deprecated
-    "golint", # Deprecated
-    "exhaustivestruct",# Deprecated
-    "nosnakecase", # Deprecated
-    "ifshort", # Deprecated
-    "structcheck", # Deprecated
-    "varcheck", # Deprecated
-    "deadcode", # Deprecated
-    "execinquery", # Not relevant (SQL)
-    "sqlclosecheck", # Not relevant (SQL)
-    "rowserrcheck", # Not relevant (SQL)
-    "lll", # Not relevant
-    "gocyclo", # FIXME must be fixed
-    "cyclop", # Duplicate of gocyclo
-    "gocognit", # Too strict
-    "nestif", # Too many false-positive.
-    "prealloc", # Too many false-positive.
-    "makezero", # Not relevant
-    "dupl", # Too strict
-    "gosec", # Too strict
-    "gochecknoinits",
-    "gochecknoglobals",
-    "wsl", # Too strict
-    "nlreturn", # Not relevant
-    "gomnd", # Too strict
-    "stylecheck", # skip because report issues related to some generated files.
-    "testpackage", # Too strict
-    "tparallel", # Not relevant
-    "paralleltest", # Not relevant
-    "exhaustive", # Not relevant
-    "exhaustruct", # duplicate of exhaustivestruct
-    "goerr113", # Too strict
-    "wrapcheck", # Too strict
-    "noctx", # Too strict
-    "bodyclose", # Too many false-positive and panics.
-    "forcetypeassert", # Too strict
-    "tagliatelle", # Not compatible with current tags.
-    "varnamelen", # not relevant
-    "nilnil", # not relevant
-    "ireturn", # not relevant
-    "contextcheck", # too many false-positive
-    "containedctx", # too many false-positive
-    "maintidx", # kind of duplicate of gocyclo
-    "nonamedreturns", # not relevant
-  ]
-
-[issues]
-  exclude-use-default = false
-  max-per-linter = 0
-  max-same-issues = 0
-  exclude = [
-    "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked",
-    "should have a package comment, unless it's in another file for this package",
-    "SA1019: http.CloseNotifier has been deprecated",  # FIXME must be fixed
-    "SA1019: cfg.SSLRedirect is deprecated",
-    "SA1019: cfg.SSLTemporaryRedirect is deprecated",
-    "SA1019: cfg.SSLHost is deprecated",
-    "SA1019: cfg.SSLForceHost is deprecated",
-    "SA1019: cfg.FeaturePolicy is deprecated",
-    "SA1019: c.Providers.ConsulCatalog.Namespace is deprecated",
-    "SA1019: c.Providers.Consul.Namespace is deprecated",
-    "SA1019: c.Providers.Nomad.Namespace is deprecated",
-  ]
- [[issues.exclude-rules]]
-    path = "(.+)_test.go"
-    linters = ["goconst", "funlen", "godot", "nosnakecase"]
- [[issues.exclude-rules]]
-    path = "(.+)_test.go"
-    text = " always receives "
-    linters = [ "unparam" ]
- [[issues.exclude-rules]]
-    path = "integration/.+_test.go"
-    text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
- [[issues.exclude-rules]]
-    path = "integration/(consul_catalog_test|constraint_test).go"
-    text = "Error return value of `(s.deregisterService|s.deregisterAgentService)` is not checked"
- [[issues.exclude-rules]]
-    path = "integration/grpc_test.go"
-    text = "Error return value of `closer` is not checked"
- [[issues.exclude-rules]]
-    path = "pkg/h2c/h2c.go"
-    text = "Error return value of `rw.Write` is not checked"
- [[issues.exclude-rules]]
-    path = "pkg/provider/docker/builder_test.go"
-    text = "(U1000: func )?`(.+)` is unused"
- [[issues.exclude-rules]]
-    path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
-    text = "(U1000: func )?`(.+)` is unused"
- [[issues.exclude-rules]]
-    path = "pkg/server/service/bufferpool.go"
-    text = "SA6002: argument should be pointer-like to avoid allocations"
- [[issues.exclude-rules]]
-    path = "cmd/configuration.go"
-    text = "string `traefik` has (\\d) occurrences, make it a constant"
- [[issues.exclude-rules]]
-    path = "pkg/server/middleware/middlewares.go"
-    text = "Function 'buildConstructor' has too many statements"
- [[issues.exclude-rules]]
-    path = "pkg/tracing/haystack/logger.go"
-    linters = ["goprintffuncname"]
- [[issues.exclude-rules]]
-    path = "pkg/tracing/tracing.go"
-    text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
- [[issues.exclude-rules]]
-    path = "pkg/log/deprecated.go"
-    linters = ["godot"]
- [[issues.exclude-rules]]
-    path = "(.+)\\.go"
-    text = "struct-tag: unknown option 'inline' in JSON tag"
- [[issues.exclude-rules]]
-    path = "pkg/server/router/tcp/manager.go"
-    text = "Function 'buildEntryPointHandler' is too long (.+)"
- [[issues.exclude-rules]]
-    path = "pkg/tls/tlsmanager_test.go"
-    text = "SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18"
- [[issues.exclude-rules]]
-    path = "pkg/types/tls_test.go"
-    text = "SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18"
- [[issues.exclude-rules]]
-    path = "pkg/provider/kubernetes/(crd|gateway)/client.go"
-    linters = ["interfacebloat"]
- [[issues.exclude-rules]]
-    path = "pkg/metrics/metrics.go"
-    linters = ["interfacebloat"]
- [[issues.exclude-rules]]
-    path = "pkg/provider/acme/provider.go"
-    text = "\\(\\*Provider\\)\\.resolveCertificate - result 0 \\(\\*github.com/go-acme/lego/v4/certificate.Resource\\) is never used"
- [[issues.exclude-rules]]
-    path = "integration/healthcheck_test.go"
-    text = "Duplicate words \\(wsp2,\\) found"
- [[issues.exclude-rules]]
-    path = "pkg/types/domain_test.go"
-    text = "Duplicate words \\(sub\\) found"
-

.golangci.yml

@@ -0,0 +1,191 @@
+run:
+  timeout: 10m
+  skip-files: []
+  skip-dirs:
+    - pkg/provider/kubernetes/crd/generated/
+
+linters-settings:
+  govet:
+    check-shadowing: false
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 14
+  goconst:
+    min-len: 3
+    min-occurrences: 4
+  misspell:
+    locale: US
+  funlen:
+    lines: -1
+    statements: 120
+  forbidigo:
+    forbid:
+      - ^print(ln)?$
+      - ^spew\.Print(f|ln)?$
+      - ^spew\.Dump$
+  depguard:
+    list-type: denylist
+    include-go-root: false
+    packages:
+      - github.com/pkg/errors
+  godox:
+    keywords:
+      - FIXME
+  importas:
+    corev1: k8s.io/api/core/v1
+    networkingv1beta1: k8s.io/api/networking/v1beta1
+    extensionsv1beta1: k8s.io/api/extensions/v1beta1
+    metav1: k8s.io/apimachinery/pkg/apis/meta/v1
+    kubeerror: k8s.io/apimachinery/pkg/api/errors
+    composeapi: github.com/docker/compose/v2/pkg/api
+  revive:
+    rules:
+      - name: struct-tag
+  rules:
+    - name: blank-imports
+    - name: context-as-argument
+    - name: context-keys-type
+    - name: dot-imports
+    - name: error-return
+    - name: error-strings
+    - name: error-naming
+    - name: exported
+    - name: if-return
+    - name: increment-decrement
+    - name: var-naming
+    - name: var-declaration
+    - name: package-comments
+    - name: range
+    - name: receiver-naming
+    - name: time-naming
+    - name: unexported-return
+    - name: indent-error-flow
+    - name: errorf
+    - name: empty-block
+    - name: superfluous-else
+    - name: unused-parameter
+    - name: unreachable-code
+    - name: redefines-builtin-id
+  gomoddirectives:
+    replace-allow-list:
+      - github.com/abbot/go-http-auth
+      - github.com/go-check/check
+      - github.com/gorilla/mux
+      - github.com/mailgun/minheap
+      - github.com/mailgun/multibuf
+      - github.com/jaguilar/vt100
+      - github.com/BurntSushi/toml
+
+linters:
+  enable-all: true
+  disable:
+    - deadcode # deprecated
+    - exhaustivestruct # deprecated
+    - golint # deprecated
+    - ifshort # deprecated
+    - interfacer # deprecated
+    - maligned # deprecated
+    - nosnakecase # deprecated
+    - scopelint # deprecated
+    - scopelint # deprecated
+    - structcheck # deprecated
+    - varcheck # deprecated
+    - sqlclosecheck # not relevant (SQL)
+    - rowserrcheck # not relevant (SQL)
+    - execinquery # not relevant (SQL)
+    - cyclop # duplicate of gocyclo
+    - lll # Not relevant
+    - gocyclo # FIXME must be fixed
+    - gocognit # Too strict
+    - nestif # Too many false-positive.
+    - prealloc # Too many false-positive.
+    - makezero # Not relevant
+    - dupl # Too strict
+    - gosec # Too strict
+    - gochecknoinits
+    - gochecknoglobals
+    - wsl # Too strict
+    - nlreturn # Not relevant
+    - gomnd # Too strict
+    - stylecheck # skip because report issues related to some generated files.
+    - testpackage # Too strict
+    - tparallel # Not relevant
+    - paralleltest # Not relevant
+    - exhaustive # Not relevant
+    - exhaustruct # Not relevant
+    - goerr113 # Too strict
+    - wrapcheck # Too strict
+    - noctx # Too strict
+    - bodyclose # too many false-positive
+    - forcetypeassert # Too strict
+    - tagliatelle # Too strict
+    - varnamelen # Not relevant
+    - nilnil # Not relevant
+    - ireturn # Not relevant
+    - contextcheck # too many false-positive
+    - containedctx # too many false-positive
+    - maintidx # kind of duplicate of gocyclo
+    - nonamedreturns # Too strict
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 0
+  max-same-issues: 0
+  exclude:
+    - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
+    - "should have a package comment, unless it's in another file for this package"
+    - 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
+    - 'SA1019: cfg.SSLRedirect is deprecated'
+    - 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
+    - 'SA1019: cfg.SSLHost is deprecated'
+    - 'SA1019: cfg.SSLForceHost is deprecated'
+    - 'SA1019: cfg.FeaturePolicy is deprecated'
+    - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
+    - 'SA1019: c.Providers.Consul.Namespace is deprecated'
+    - 'SA1019: c.Providers.Nomad.Namespace is deprecated'
+  exclude-rules:
+    - path: '(.+)_test.go'
+      linters:
+        - goconst
+        - funlen
+        - godot
+    - path: '(.+)_test.go'
+      text: ' always receives '
+      linters:
+        - unparam
+    - path: '(.+)\.go'
+      text: 'struct-tag: unknown option ''inline'' in JSON tag'
+      linters:
+        - revive
+    - path: pkg/server/service/bufferpool.go
+      text: 'SA6002: argument should be pointer-like to avoid allocations'
+    - path: pkg/server/middleware/middlewares.go
+      text: "Function 'buildConstructor' has too many statements"
+      linters:
+        - funlen
+    - path: pkg/tracing/haystack/logger.go
+      linters:
+        - goprintffuncname
+    - path: pkg/tracing/tracing.go
+      text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
+      linters:
+        - goprintffuncname
+    - path: pkg/tls/tlsmanager_test.go
+      text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
+    - path: pkg/types/tls_test.go
+      text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
+    - path: pkg/provider/kubernetes/(crd|gateway)/client.go
+      linters:
+        - interfacebloat
+    - path: pkg/metrics/metrics.go
+      linters:
+        - interfacebloat
+    - path: integration/healthcheck_test.go
+      text: 'Duplicate words \(wsp2,\) found'
+      linters:
+        - dupword
+    - path: pkg/types/domain_test.go
+      text: 'Duplicate words \(sub\) found'
+      linters:
+        - dupword

build.Dockerfile

@@ -16,7 +16,7 @@ RUN mkdir -p /usr/local/bin \
 RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.50.0
 
 # Download misspell binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
+RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
 
 # Download goreleaser binary to bin folder in $GOPATH
 RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh

docs/content/deprecation/releases.md

@@ -6,16 +6,17 @@ Below is a non-exhaustive list of versions and their maintenance status:
 
 | Version | Release Date | Active Support     | Security Support | 
 |---------|--------------|--------------------|------------------|
-| 2.8     | Jun 29, 2022 |      Yes           |       Yes        |
+| 2.9     | Oct 03, 2022 | Yes                | Yes              |
-| 2.7     | May 24, 2022 | Ended Jun 29, 2022 |       No         |
+| 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No               |
-| 2.6     | Jan 24, 2022 | Ended May 24, 2022 |       No         |
+| 2.7     | May 24, 2022 | Ended Jun 29, 2022 | No               |
-| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 |       No         |
+| 2.6     | Jan 24, 2022 | Ended May 24, 2022 | No               |
-| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 |       No         |
+| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 | No               |
-| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 |       No         |
+| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 | No               |
-| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 |       No         |
+| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 | No               |
-| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 |       No         |
+| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 | No               |
-| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 |       No         |
+| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 | No               |
-| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 |  Contact Support |
+| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 | No               |
+| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support  |
 
 ??? example "Active Support / Security Support"
 

docs/content/middlewares/http/passtlsclientcert.md

@@ -16,10 +16,10 @@ PassTLSClientCert adds the selected data from the passed client TLS certificate
 
 ## Configuration Examples
 
-Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 
 ```yaml tab="Docker"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
@@ -35,7 +35,7 @@ spec:
 ```
 
 ```yaml tab="Consul Catalog"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header
 - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 
@@ -46,13 +46,13 @@ spec:
 ```
 
 ```yaml tab="Rancher"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 
 ```yaml tab="File (YAML)"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 http:
   middlewares:
     test-passtlsclientcert:
@@ -61,13 +61,13 @@ http:
 ```
 
 ```toml tab="File (TOML)"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 [http.middlewares]
   [http.middlewares.test-passtlsclientcert.passTLSClientCert]
     pem = true
 ```
 
-??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
+??? example "Pass the pem in the `X-Forwarded-Tls-Client-Cert` header"
 
     ```yaml tab="Docker"
     # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
@@ -254,12 +254,12 @@ http:
 
 PassTLSClientCert can add two headers to the request:
 
-- `X-Forwarded-Tls-Client-Cert` that contains the escaped pem.
+- `X-Forwarded-Tls-Client-Cert` that contains the pem.
 - `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string.
 
 !!! info
 
-    * Each header value is a string that has been escaped in order to be a valid URL query.
+    * `X-Forwarded-Tls-Client-Cert-Info` header value is a string that has been escaped in order to be a valid URL query.
     * These options only work accordingly to the [MutualTLS configuration](../../https/tls.md#client-authentication-mtls).
     That is to say, only the certificates that match the `clientAuth.clientAuthType` policy are passed.
 
@@ -371,7 +371,7 @@ The following example shows a complete certificate and explains each of the midd
 
 ### `pem`
 
-The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escaped certificate.
+The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the certificate.
 
 In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters:
 

docs/content/migration/v2.md

@@ -444,7 +444,7 @@ To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](.
 
 ### Kubernetes Gateway API Provider
 
-In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) of the specification and 
+In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) of the specification and 
 [route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
 Therefore, the [RBAC](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-gateway.md#definitions) definitions must be updated.
 

docs/content/providers/kubernetes-gateway.md

@@ -78,7 +78,7 @@ This provider is proposed as an experimental feature and partially supports the
 
 The Kubernetes Gateway API project provides several guides on how to use the APIs.
 These guides can help you to go further than the example above.
-The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) details how to install the CRDs from their repository.
+The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) details how to install the CRDs from their repository.
 
 !!! note ""
 

docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

@@ -1300,7 +1300,7 @@ spec:
                     type: object
                   pem:
                     description: PEM sets the X-Forwarded-Tls-Client-Cert header with
-                      the escaped certificate.
+                      the certificate.
                     type: boolean
                 type: object
               plugin:

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml

@@ -723,7 +723,7 @@ spec:
                     type: object
                   pem:
                     description: PEM sets the X-Forwarded-Tls-Client-Cert header with
-                      the escaped certificate.
+                      the certificate.
                     type: boolean
                 type: object
               plugin:

go.mod

@@ -36,11 +36,11 @@ require (
 	github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
 	github.com/instana/go-sensor v1.38.3
 	github.com/klauspost/compress v1.14.2
-	github.com/kvtools/consul v1.0.1
+	github.com/kvtools/consul v1.0.2
-	github.com/kvtools/etcdv3 v1.0.1
+	github.com/kvtools/etcdv3 v1.0.2
-	github.com/kvtools/redis v1.0.1
+	github.com/kvtools/redis v1.0.2
 	github.com/kvtools/valkeyrie v1.0.0
-	github.com/kvtools/zookeeper v1.0.1
+	github.com/kvtools/zookeeper v1.0.2
 	github.com/lucas-clemente/quic-go v0.28.1
 	github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
 	github.com/miekg/dns v1.1.50

go.sum

@@ -1305,16 +1305,16 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kvtools/consul v1.0.1 h1:RHwW0qTPL8Gwb+ueH6kpAIZ3fuNnSdAZaydfKjMIr/4=
+github.com/kvtools/consul v1.0.2 h1:ltPgs4Ld09Xaa7zrOJ/TewBYKAsr11/LRFpErdkb8AA=
-github.com/kvtools/consul v1.0.1/go.mod h1:bFnzfGJ5ZIRRXCBGBmwhJlLdEWOlrjOcS1WjyAQzaJA=
+github.com/kvtools/consul v1.0.2/go.mod h1:bFnzfGJ5ZIRRXCBGBmwhJlLdEWOlrjOcS1WjyAQzaJA=
-github.com/kvtools/etcdv3 v1.0.1 h1:Ugr5ryI+FIeZQh0RCmtGFJptgSlbrVGjAnJWk9r//WI=
+github.com/kvtools/etcdv3 v1.0.2 h1:EB0mAtzqe1folE7m7Q6wnCXcGwaOmrYmsVmF3hNsTKI=
-github.com/kvtools/etcdv3 v1.0.1/go.mod h1:Xr6DbwqjuCEcXAIWmXxw0DX+N5BhuvablXgN90XeqMM=
+github.com/kvtools/etcdv3 v1.0.2/go.mod h1:Xr6DbwqjuCEcXAIWmXxw0DX+N5BhuvablXgN90XeqMM=
-github.com/kvtools/redis v1.0.1 h1:vtLE3D3xfMbXfenRGuclDU8pe64OiqcBMmKm2RY4Wuo=
+github.com/kvtools/redis v1.0.2 h1:D3GjGGtssJF2w8mniWtIxcT/YX9YnRc4jNCm0hrVygQ=
-github.com/kvtools/redis v1.0.1/go.mod h1:wuUNwwKOHi2TYxDxj1sGF74Jdg0jywydnatXtnOR3hA=
+github.com/kvtools/redis v1.0.2/go.mod h1:wuUNwwKOHi2TYxDxj1sGF74Jdg0jywydnatXtnOR3hA=
 github.com/kvtools/valkeyrie v1.0.0 h1:LAITop2wPoYCMitR24GZZsW0b57hmI+ePD18VRTtOf0=
 github.com/kvtools/valkeyrie v1.0.0/go.mod h1:bDi/OdhJCSbGPMsCgUQl881yuEweKCSItAtTBI+ZjpU=
-github.com/kvtools/zookeeper v1.0.1 h1:CBKNOuesj4CgW5PisK2jVx1+XP+T51bVgYHrZPQL5OM=
+github.com/kvtools/zookeeper v1.0.2 h1:uK0CzQa+mtKGxDDH+DeqXo2HC1Kx4hWXZ7pX/zS4aTo=
-github.com/kvtools/zookeeper v1.0.1/go.mod h1:6TfxUwJ7IuBk5srgnoe528W0ftanNECHgOiShx/t0Aw=
+github.com/kvtools/zookeeper v1.0.2/go.mod h1:6TfxUwJ7IuBk5srgnoe528W0ftanNECHgOiShx/t0Aw=
 github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPCK0jE6YNBAevnk=

integration/fixtures/k8s/01-traefik-crd.yml

@@ -1300,7 +1300,7 @@ spec:
                     type: object
                   pem:
                     description: PEM sets the X-Forwarded-Tls-Client-Cert header with
-                      the escaped certificate.
+                      the certificate.
                     type: boolean
                 type: object
               plugin:

integration/tls_client_headers_test.go

@@ -65,6 +65,6 @@ func (s *TLSClientHeadersSuite) TestTLSClientHeaders(c *check.C) {
 		},
 	}
 
-	err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA%2BbBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x%2FlhKLlv4amSDHDx8Cmz%2F6blOUM8XOfMRW1xx%2B%2BAgChWN9dx%2Fkf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL%2FaaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V%2BXyVkIPmzfPrRV%2B4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW%2BB80gMhpLdxXD%2BKO0%2FWgc5xpB%2FwLSirNtRQyxAa3%2BEEcIwJv%2Fwdh8EyjlDLSpFm%2F8ghntrKhkOfIOPDFE41M5HNfx%2FFuh5btKEenOL%2FXdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k%2B3QydO1lqB5JJmcrs59BEveTqaJ3eeh%2F0I4OOab6OkTTZ0JNjJp1573oxO%2Bfce%2FbfGud8xHY5gSN9huU7U6RsgvO7Dhmal%2FsDNl8XC8oU90hVDVXZdA7ewh4jjaoIv"))
+	err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA+bBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8Cmz/6blOUM8XOfMRW1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V+XyVkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW+B80gMhpLdxXD+KO0/Wgc5xpB/wLSirNtRQyxAa3+EEcIwJv/wdh8EyjlDLSpFm/8ghntrKhkOfIOPDFE41M5HNfx/Fuh5btKEenOL/XdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k+3QydO1lqB5JJmcrs59BEveTqaJ3eeh/0I4OOab6OkTTZ0JNjJp1573oxO+fce/bfGud8xHY5gSN9huU7U6RsgvO7Dhmal/sDNl8XC8oU90hVDVXZdA7ewh4jjaoIv"))
 	c.Assert(err, checker.IsNil)
 }

pkg/config/dynamic/middlewares.go

@@ -416,7 +416,7 @@ type InFlightReq struct {
 // This middleware adds the selected data from the passed client TLS certificate to a header.
 // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/
 type PassTLSClientCert struct {
-	// PEM sets the X-Forwarded-Tls-Client-Cert header with the escaped certificate.
+	// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
 	PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
 	// Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
 	Info *TLSClientCertificateInfo `json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true"`

pkg/log/deprecated.go

@@ -9,67 +9,67 @@ import (
 )
 
 // Debug logs a message at level Debug on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Debug(...) instead.
 func Debug(args ...interface{}) {
 	mainLogger.Debug(args...)
 }
 
 // Debugf logs a message at level Debug on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Debugf(...) instead.
 func Debugf(format string, args ...interface{}) {
 	mainLogger.Debugf(format, args...)
 }
 
 // Info logs a message at level Info on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Info(...) instead.
 func Info(args ...interface{}) {
 	mainLogger.Info(args...)
 }
 
 // Infof logs a message at level Info on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Infof(...) instead.
 func Infof(format string, args ...interface{}) {
 	mainLogger.Infof(format, args...)
 }
 
 // Warn logs a message at level Warn on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Warn(...) instead.
 func Warn(args ...interface{}) {
 	mainLogger.Warn(args...)
 }
 
 // Warnf logs a message at level Warn on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Warnf(...) instead.
 func Warnf(format string, args ...interface{}) {
 	mainLogger.Warnf(format, args...)
 }
 
 // Error logs a message at level Error on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Error(...) instead.
 func Error(args ...interface{}) {
 	mainLogger.Error(args...)
 }
 
 // Errorf logs a message at level Error on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Errorf(...) instead.
 func Errorf(format string, args ...interface{}) {
 	mainLogger.Errorf(format, args...)
 }
 
 // Panic logs a message at level Panic on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Panic(...) instead.
 func Panic(args ...interface{}) {
 	mainLogger.Panic(args...)
 }
 
 // Fatal logs a message at level Fatal on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Fatal(...) instead.
 func Fatal(args ...interface{}) {
 	mainLogger.Fatal(args...)
 }
 
 // Fatalf logs a message at level Fatal on the standard logger.
-// Deprecated
+// Deprecated: use log.FromContext(ctx).Fatalf(...) instead.
 func Fatalf(format string, args ...interface{}) {
 	mainLogger.Fatalf(format, args...)
 }

pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go

@@ -325,13 +325,11 @@ func writePart(ctx context.Context, content io.StringWriter, entry, prefix strin
 
 // sanitize As we pass the raw certificates, remove the useless data and make it http request compliant.
 func sanitize(cert []byte) string {
-	cleaned := strings.NewReplacer(
+	return strings.NewReplacer(
 		"-----BEGIN CERTIFICATE-----", "",
 		"-----END CERTIFICATE-----", "",
 		"\n", "",
 	).Replace(string(cert))
-
-	return url.QueryEscape(cleaned)
 }
 
 // getCertificates Build a string with the client certificates.

pkg/middlewares/passtlsclientcert/pass_tls_client_cert_test.go

@@ -610,7 +610,7 @@ WqeUSNGYV//RunTeuRDAf5OxehERb1srzBXhRZ3cZdzXbgR/`,
 
 			content := sanitize(test.toSanitize)
 
-			expected := url.QueryEscape(strings.ReplaceAll(test.expected, "\n", ""))
+			expected := strings.ReplaceAll(test.expected, "\n", "")
 			assert.Equal(t, expected, content, "The sanitized certificates should be equal")
 		})
 	}

pkg/provider/docker/builder_test.go

@@ -47,12 +47,6 @@ func nodeIP(ip string) func(*docker.ContainerJSON) {
 	}
 }
 
-func labels(labels map[string]string) func(*docker.ContainerJSON) {
-	return func(c *docker.ContainerJSON) {
-		c.Config.Labels = labels
-	}
-}
-
 func ports(portMap nat.PortMap) func(*docker.ContainerJSON) {
 	return func(c *docker.ContainerJSON) {
 		c.NetworkSettings.NetworkSettingsBase.Ports = portMap

pkg/provider/kv/redis/redis.go

@@ -30,7 +30,7 @@ func (p *Provider) SetDefaults() {
 
 // Init the provider.
 func (p *Provider) Init() error {
-	config := redis.Config{
+	config := &redis.Config{
 		Username: p.Username,
 		Password: p.Password,
 		DB:       p.DB,