community/traefik: security upgrade to 2.11.2
From 2.10.6 to 2.11.2 has the following releases:
-
v2.11.2
- GHSA-7f4j-64p6-5h5v (related to CVE-2023-45288) Solved in Go
- CVE-2024-28869 This MR
- v2.11.1
- v2.11.0
- v2.10.3
Breaking hanges
Consider read full at https://doc.traefik.io/traefik/migration/v2/#v211
v2.11
-
TLS CipherSuites
By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
The following ciphers have been removed from the default list:- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
-
Minimum TLS Version
By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with
config.MinimumVersion
, matching the behavior of crypto/tls clients.