Skip to main content

What's new in Traefik Hub?

April 2025

What's New

Multi-Tenant Installation on Kubernetes

Traefik Hub now supports deploying multiple, isolated gateway instances on a single Kubernetes cluster. By configuring specific namespaces for each instance, you can achieve resource isolation, simplify deployments aligned with team structures, and maintain consistent API management across different environments within the same cluster.

Learn more about this feature in the multi-tenancy documentation.

OpenAPI v3.1.x Support

Traefik Hub now supports OpenAPI v3.1.x, in addition to Swagger v2.0 and OpenAPI v3.0.x. Swagger v2 specifications are automatically converted to OpenAPI v3.1 upon processing, ensuring consistency across your API documentation within the Hub.

See the OpenAPI documentation for more details.

March 2025

What's New

New Middleware: Semantic Cache

We introduced a Semantic Cache middleware for the AI Gateway, allowing you to store and retrieve responses based on semantic similarity. If a similar request appears, the middleware returns the cached result immediately instead of calling the AI backend again. This feature helps reduce latency and saves on provider costs.

Learn more about this middleware in it's documentation page.

New Middleware: Content Guard

Content Guard is a middleware that protects sensitive data across both AI and API Gateway environments by blocking or masking content before it reaches any upstream service. It helps ensure that confidential data is safeguarded in all scenarios, whether processing AI-specific traffic or general API requests.

Learn more about this middleware in it's documentation page.

Reference Secrets as Credentials Storage in the AI Gateway

We now allow you to specify tokens in the AIService resource as securely stored credentials in a Kubernetes Secret instead of embedding them directly in YAML (previous token field). This approach improved security and aligns with centralized governance over secret management.

For more details, see our updated AI Gateway documentation and the relevant example manifest changes.

Traefik Hub Integration Now Available on Nutanix NKP

Traefik Proxy is now the default ingress controller in Nutanix Kubernetes Platform (NKP). You can upgrade your NKP cluster to Traefik Hub API Gateway and API Management to unlock advanced enterprise features, including centralized API governance, enhanced security, and dynamic routing. For more details on the upgrade process and benefits, please read our blog post and refer to the Nutanix NKP Installation Guide.

API, APIVersion & APIBundle Resources: New title & description fields

API, APIVersion, and APIBundle resources now support dedicated title and description fields. For API and APIVersion resources, these fields override the values from the OpenAPI specification, allowing you to present tailored content in the API portal. For APIBundle resources, you can now specify a custom title to display a more user-friendly name on the portal.

See the API, APIVersion & APIBundle documentation for more information.

Resource Ownership & Editability in the Dashboard

Traefik Hub now distinguishes between resources created through the Online Dashboard and those managed externally (via GitOps), to prevent accidental modifications and conflicting changes. The following changes have been made:

  • Resources created via the dashboard remain fully editable, while those managed externally become read-only.
  • Visual indicators have been added: read-only resources display a Kubernetes icon, whereas editable resources show a monitor-like icon.

For more details on how resource ownership is handled in the Dashboard now, please refer to the Online Dashboard documentation.

February 2025

What's New

New AI Providers: DeepSeek & QWen

Traefik Hub AI Gateway now supports two additional AI providers:

  • DeepSeek
  • QWen

Both AI providers use the OpenAI API structure with a different base URL and models.

To configure these new AI providers in Traefik Hub, please visit the AIService reference page.

Updated OpenAI Implementation

The OpenAI integration in Traefik Hub AI Gateway has been enhanced with support a custom baseUrl option for OpenAI-compatible AI services.

New Feature: API Mocking for Expanded API Development & Testing

Traefik Hub is evolving beyond API runtime management to support a comprehensive API Development and Testing use case. This enhancement empowers API developers and platform engineers to:

  • Rapidly prototype and test API designs using live API mocks generated via Microcks.
  • Refine gateway settings and security policies in a safe, sandboxed environment.
  • Iterate quickly based on real-world testing feedback before full-scale production deployment.

For a detailed guide on setting up and leveraging these capabilities, please refer to our On-Premises API Mocking guide.

Including an API Plan is Mandatory in Managed Subscription

A Managed Subscription must always include an API Plan. Even unlimited plans must be explicitly defined, there are no more implicit unlimited plans to improve governance and avoid unwanted misconfiguration scenarios. For existing Traefik Hub Kubernetes deployments, upgrade your cluster to version 34.3.0 or later of the Traefik Helm chart and also upgrade your CRDs to the new version that introduces this change.

Please see upgrading instructions for more information.

Compatibility Matrix

This release comes with the following components:

ComponentVersion
Traefik Hubv3.14.1
Helm Chartv34.4.0
Traefik Proxyv3.3.4
Coraza WAFv3.3.2
OWASP CRSv4.7.0
Static Analyzerv1.4.0
Kubernetes Gateway APIv1.2.1
Bug Fixes Timeline

  • 2025-02-11: Traefik Hub v3.11.1 was released with the following fixes:

    • Fixed empty API column in the subscription table on the API portal.
    • Fixed AI gateway panic when using Gemini with OTel.

  • 2025-02-18: Traefik Hub v3.13.0 was released with the following updates:

    • Bump Go version from v1.23.0 to v1.23.6.
    • Add CORS support for API & API version resources.
    • New baseUrl option for the OpenAI provider in the Traefik Hub AI Gateway.
    • New title option for the API Bundle, similar to the API and API Version CRDs.

  • 2025-02-26: Traefik Hub v3.14.1 was released with the following updates:

    • Bump Traefik Proxy to v3.3.4
    • New Windows FIPS 140-2 build with microsoft/go
    • Add search functionality in the available APIs list on the Portal UI.

January 2025

What’s New

New Feature: Self-Service Subscriptions (API Management)

We are excited to introduce Self-Service Subscriptions, which empower API consumers to directly subscribe their applications to APIs—or entire API Bundle—through the API Portal.

Key Highlights:

  • Instant Access: API consumers can subscribe immediately, reducing time-to-integration.
  • Bundle Support: Subscribe to multiple APIs at once via a bundle subscription workflow.
  • Coexistence with Managed Subscriptions: If a self-service subscription coexists with a managed subscription, the self-service plan takes precedence, but unsubscribing reactivates the managed one.
  • Streamlined Portal Subscription Flow: A user-friendly interface in the API Portal lets consumers quickly select an application and confirm a plan, simplifying the overall onboarding process.

For more details, see Self-Service Subscriptions.

New Feature: Block Requests to Undocumented Paths and Methods (API Management)

We’ve introduced a validateRequestMethodAndPath option for both API and APIVersion resources, preventing “zombie” or “shadow” endpoints by blocking requests to paths and methods not defined in your OpenAPI specification. This helps strengthen security and maintain a well documented API surface.

For more information about the validateRequestMethodAndPath feature, see the API & APIVersion documentation.

Bug Fixes

December 2024

What’s New

New Feature: Secure, govern, and observe AI endpoints like APIs

We are excited to announce the new AI gateway feature which allows you to manage and integrate multiple Large Language Model (LLM) providers.

To get started, check out our AI Gateway documentation to learn how to enable & start using it.

New Feature: Managed Subscriptions (API Management)

Introducing managed subscriptions, a powerful way to manage subscriptions between applications and your APIs or API Bundles. With ManagedSubscription, you get the following benefits:

  • Application-level control: With managed subscriptions, you can specify applications that will consume APIs via an application identifier (appId). This allows you to manage API consumption at the application level rather than the user level.
  • Control access: Define which applications can access specific APIs or API Bundles.
  • Enforce API plans: Apply API Plans to subscriptions to enforce rate limits, quotas, and other policies.
  • Claims-based authorization: Use expressions to validate claims in authentication tokens (e.g., JWTs) for fine-grained access control.

For more details, refer to the Managed Subscriptions documentation.

New Feature: APICatalogItem (API Management)

We are excited to announce the addition of the APICatalogItem Custom Resource Definition (CRD) in Traefik Hub API Management.

APICatalogItem is a resource in Traefik Hub that defines which APIs are visible to users in the Developer Portal. It allows API managers to control the visibility of APIs and API Bundles to specific user groups, ensuring that API consumers only see the APIs they are authorized to access.

Key Features of APICatalogItem:

  • Specify which APIs or API Bundles are displayed to specific user groups.
  • Control the visibility of specific operations within APIs.

For more details, refer to the APICatalogItem documentation.

Upgrading your cluster

For existing Traefik Hub Kubernetes deployments, you need to upgrade your cluster to use at least v33.1.0 of the Traefik Helm chart that introduces the AIService, ManagedSubscription & APICatalogItem CRDs, please see upgrading instructions for more information.

Deprecation of APIAccess resource (API Management)

As part of our efforts to simplify and enhance the API management experience, we are deprecating the APIAccess CRD. The functionalities provided by APIAccess are now encompassed by the new ManagedSubscription & APICatalogItem CRDs, offering more visibilty, flexibility and control over API access management.

We recommend transitioning from APIAccess to ManagedSubscription & APICatalogItem to take advantage of the new features and improvements.

Bug Fixes

November 2024

What's New

Support for Managing APIs with HTTPRoute in API Management

Traefik Hub API Management now supports using HTTPRoute to manage APIs.

For more information, check out our Kubernetes Gateway API glossary page & API resource documentation.

October 2024

What's New

Support for Consul Catalog Enterprise

We are excited to announce that Traefik Hub API Gateway now supports Consul Catalog Enterprise as a part of our providers.

To get started, check out our Consul Catalog Enterprise documentation to learn how to enable & configure it.

September 2024

What's New

New Feature: Traffic Debugger

We are excited to announce that Traefik Hub now integrates with Treblle as the Traffic Debugger, enhancing your API observability experience across both API Management and Gateway features.

What does this mean for you?
  • Real-Time API Monitoring: Gain immediate insights into your API traffic, helping you identify and address issues as they happen.
  • Request and Response Debugging: The Traffic Debugger provides detailed insights into individual API calls, allowing you to troubleshoot and resolve problems efficiently.
  • Error Tracking and Performance Metrics: Monitor error rates, response times, and other critical metrics to optimize your APIs.
Why is this important?

With the Treblle integration, you can improve the reliability and performance of your APIs, leading to better user experiences and increased confidence in your API infrastructure.

To get started, check out our Treblle integration guide to learn how to enable this feature and start enhancing your API observability.

New Feature: API Plans (API Management)

Introducing API Plans, a comprehensive solution for API governance that centralizes the management of rate limits and quotas. API Plans replace the previous APIRateLimit feature, providing a more structured and policy-driven approach to controlling API consumption. This ensures fair and efficient resource distribution among your API consumers.

Key Features
  • Centralized Policy Management: Consolidate rate limiting and quota enforcement into a single resource, making it easier to maintain and update policies.
  • Streamlined Access Control: Simplify the association between user groups and APIs through well-defined plans, enhancing access management efficiency.
  • Consistent Governance: Apply standardized API Plans across all APIs to ensure uniform governance and reduce the risk of misconfigurations.

Breaking Change

With the introduction of API Plans, the older APIRateLimit feature is removed. Users are encouraged to transition to API Plans to take advantage of the enhanced governance and management capabilities.

Prerequisites

For creating Plans other than unlimited, ensure that Redis is deployed and configured in your cluster and Traefik deployment to utilize the APIPlan feature. For detailed installation and configuration steps, follow the API Plan documentation.

New Feature: API Bundle (API Management)

We are thrilled to introduce API Bundles, a new feature designed to streamline the management of your APIs. API Bundles allow you to group multiple APIs into a single, cohesive entity, enhancing efficiency and governance.

Key Benefits
  • Unified Management: Group one or more APIs under a single API Bundle, simplifying reference and access across your infrastructure.
  • Centralized Policy Enforcement: Apply API Plans directly to API Bundles, enabling consistent rate limits and quotas across all included APIs.
  • Flexible Inclusion Methods: Add APIs to a bundle by explicitly naming them or using Kubernetes-native label selectors for dynamic and scalable management.

To get started with creating API Bundles, refer to our API Bundle Documentation.

July 2024

What's New

  • Native Coraza WAF integration: Secure APIs with the Coraza Web Application Firewall (endorsed by OWASP). The native WAF integration in Traefik Hub provides more than 23x performance improvement over Traefik Proxy's WASM-based WAF plugin.
  • Distributed ACME on all platforms using Vault: Simplify certificate management and ensure that certificates are always up-to-date by automatically obtaining and renewing TLS certificates with ACME from Certificate Authorities like Let's Encrypt. The Hub-exclusive distributed ACME is more efficient for large-scale or high-availability setups, as it reduces duplication and ensures consistency across all Gateway instances by leveraging HashiCorp Vault as shared secure certificate storage. Now available for all supported installation platforms.
  • Vault Public Key Infrastructure: Create your own private certificate authority (CA) with the HashiCorp Vault PKI secret engine to issue, manage, and revoke digital certificates. Combine it with the gateway's ACME resolvers for automated certificate management, even in a distributed way.
  • LDAP middleware: Secure your APIs by delegating the authentication to an external LDAP server with the LDAP middleware.
  • OPA middleware: The Open Policy Agent middleware restricts access to your APIs and allows you to enrich request headers with data extracted from policies.
  • Cache middleware: Add cache middleware to your routers and improve the performance of your infrastructure by reducing latency, network traffic, and the time needed to interact with an API.
  • FIPS-compliant Docker image: Traefik Hub is now compliant with FIPS 140-2, a U.S. Federal Government security standard used to approve cryptographic modules.
  • Multi-platform install snippets: A newly added platform selector helps you in the new gateway creation wizard to get tailored installation snippets for Kubernetes, Docker Compose, Docker Swarm, HashiCorp Nomad, and Systemd for Linux-based virtual machines, bare-metal hardware or cloud computing instances like AWS EC2.
  • The embedded Traefik Proxy version has been updated to bring the latest open-source improvements for Hub.

API Management-exclusive features

  • Add any third-party Identity Provider with OIDC: User management has never been easier. Secure your API Developer Portals and API Gateways with any third-party Identity Provider you already have, such as Okta or Azure Entra ID, using enterprise-grade OIDC. Check the documentation about how to configure it on the online Hub dashboard.
  • Metrics overview in the online dashboard: The Hub online dashboard gives you an overview of your APIs' overall consumption and health. You can also filter for every API, user, and API Management-enabled gateway. Fine-grained metrics are still available on the gateway with OpenTelemetry.

May 2024

What's New

  • Traefik Hub now embeds all Traefik Proxy v3.0 features (compatible with Traefik v2).
  • Capacity to install Traefik Hub as a drop-in replacement of Traefik Proxy, with additional Enterprise features such as authentication, authorization, distributed rate limit, and more.
  • Traefik Hub provides robust API management capabilities for API publishers and consumers. The features include API versioning, user and fine-grained access management, rate limiting, declarative configuration linting, API developer portals, API observability metrics, and many more.
  • Promote any Ingress or IngressRoute to become a managed API. This means one can now attach any built-in gateway middleware or plugins to APIs, unlocking Traefik's entire network power for APIs.
  • Extend Traefik Hub with your custom WebAssembly (WASM) plugins.
  • Leverage the new Coraza Web Application Firewall, a plugin Traefik Labs supports.
  • OpenTelemetry (OTel) metrics are now available on both ingresses and managed APIs.
  • Operate API Gateways fully offline without reliance on any SaaS platform.

February 2024

What's New

  • We've added a new filtering concept in the APIAccess CRD that enables you to select sets of OpenAPI operations defined on APIs or APIVersions. You can find more information in the API CRD reference.
  • All-new API Portal. We've refreshed the API Portal UI to create a better user experience. New API Portal UI.
  • It is now possible to turn off the generation and usage of traefikhub.io domains for your API Gateways and Portals.
  • Error logs generated by the Traefik Hub agent are now transmitted to the Traefik Hub platform and stored for 24 hours to assist in resolving support requests quickly. You can turn off sending error logs by adjusting the default configuration.
  • We've enhanced the API and the APIVersion CRDs. Both CRDs support now naming of the API Service port service.port.name.

December 2023

What's New

  • You can now publish APIs without an OpenAPI specification. No OAS spec required.
  • We've published a complete Traefik Hub GitOps demo. Follow the tutorial to learn how to deploy and manage APIs on a local Kubernetes cluster with Flux. Example Grafana dashboard.
  • We've updated the dashboard to make it more effortless for you to get an overview about configured access policies and rate limits. This information is now displayed in the API details page, as in the user and groups details pages. Computed values.

November 2023

What's New

  • Traefik Hub now has a direct integration with Okta. IdP-Form.
  • Starting today, you're able to use JWT to secure access to APIs. UI-JWT.
  • We've added support for distributed rate limiting.
  • We've enhanced our OpenTelemetry metrics by adding support for API versions.
  • The dashboard now shows a warning sign when a Traefik Hub agent faces a connectivity issue. Dashboard showing a warning.
  • We've released a new version of the Traefik Hub agent v2.4.2 and of the Helm chart v2.5.1 v2.5.1 Changelog. Please upgrade the Traefik Hub agent to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.

October 2023

What's New

  • In this release, we've added OpenTelemetry support to Traefik Hub.
  • We've added support for adjusting CORS and API header policies through CRDs and via the dashboard. UI.
  • You can now manage workspace roles through the dashboard. UI.

Security

September 2023

What's New

  • You can use Keycloak for Single Sign-On (SSO) or as an identity broker for Traefik Hub.
  • We enhanced workspace management. You can now assign roles to workspace members. Every role, Viewer, Editor and Admin has a different set of permissions.
  • Traefik Hub now supports CORS (Cross-Origin Resource Sharing) configuration via CRDs.

August 2023

What's New

  • We've added support for API versioning through CRDs and via the dashboard.
  • We've published the Traefik Hub Helm Chart on GitHub.
  • We've improved the dashboard to provide a better experience when you select Services. You can now better identify if you use an internal or external (API) Service.
  • The dashboard shows now a warning sign when the user's initial password reset has not been performed yet.
  • We've released a new version of the Traefik Hub Helm chart with an update of the Traefik Hub agent. Please find the changelog for v2.2.0 on GitHub. Please upgrade to version v2.2.0 to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.

Bug Fixes

  • We've fixed a couple of tiny bugs in the user interface (dashboard).

July 2023

What's New

  • The Traefik Hub agent supports now two different installation methods, the Ingress Controller mode and the Sidecar Mode.
  • We've added Emissary (formerly Ambassador, an Envoy-based) Ingress support with Sidecar Mode.
  • We've improved API management, you can now select APIs by name and by Labels. You can combine names and Labels to filter your selections even more.
  • We've added support for rate limiting to the dashboard.
  • We've added support for Swagger v2.

Bug Fixes

  • We've fixed a couple of descriptions in the dashboard.

June 2023

What's New

  • You can now manage external APIs, hosted outside your Kubernetes cluster, for example on Virtual Machines (VMs) or third party APIs.
  • Starting today, you're able to use rate limiting for APIs.
  • We strengthened security. The Traefik Hub token is now provided as a Secret during installation.
  • If you deal with large clusters, we made your life easier with filtering Services by namespace in the dashboard, to quickly find what you look for.
  • The dashboard provide more guidance, with clear indications of which fields are required and more descriptions.
  • We've updated the dashboard to put key information right at your fingertips: information on APIs and API Collections, the API Developer Portal and Users.
    Corresponding screens have been updated for better clarity.
  • We’ve improved the API Developer Portal responsiveness by adding HTTP cache control headers.
  • For you to more quickly see how to perform given tasks, we've restructured the documentation, added more tutorials and improved the content overall.
  • Based on your feedback, we've tinkered with the internal workings and polished some rough edges.

Bug Fixes

  • If your session has expired, you will now be redirected to the login screen.
  • We've fixed a couple of bugs in the dashboard related to pop-ups, selecting Services, user groups and error pages.
  • We've fixed a bug related to TLS termination.
  • There were a few little bugs that caused performances issues, like bugs do. We fixed those, and we’ll fix the next ones too.

May 2023

What's New

  • We've changed the architecture, Hub now supports only K8s, the Agent uses a sidecar, and it is compatible with any Ingress Controller.
  • We've added a new ACP (Access Control Policy) for API Keys.
  • We've added a new OAuth Introspection ACP.
  • Starting today, you're able to use CRDs for APIs, API Collections, API Accesses, API Gateways, and API Portal objects.
  • API consumption is now protected by tokens.
  • We've added API Management, now you can use Hub as a platform for managing, routing, monitoring, and securing APIs.
  • You can use Traefik Hub as IdP (Identity Provider).
  • We've replaced freemium tiers with a new trial mechanism.
  • User deletion is now fully GDPR-compliant, no user data is retained.
  • Traefik Hub supports now team collaboration with workspaces.
  • Traefik Hub is now compatible with Traefik's IngressRoute.
  • We've added support for wildcard domains.
  • We've added the functionality to expose Prometheus compatible metrics from the Traefik Hub agent.
  • Hub errors are now leveraging K8s events.
  • We restructured and updated the documentation.
  • We adjusted the Service page in the dashboard, port numbers are now visible when they exceed more than 3 characters.

Bug Fixes

  • We fixed an issue that prevented some ACPs to be deleted.
  • We improved the process of certificate renewals.
  • We solved an issue with custom domain validation.
Last updated on