# caddy 2.11.4

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

Snapshot of gominimal/pkgs commit `cd4b09dd2f492c47fba70eb1b8a8c724dabdc7e9` (pushed 2026-07-10T23:16:55.000Z).

## Install

```sh
min add caddy
```

## Direct advisories

| ID | Severity | CVSS | Fix status | Fixed version | Summary |
| --- | --- | --- | --- | --- | --- |
| GHSA-6365-7ppr-5r92 | UNKNOWN | — | fixed | — | Connection created for the wrong upstream for forward_auth + reverse_proxy |

## Transitive advisories

5 advisories inherited through runtime dependencies:

- CVE-2026-4046 (HIGH) via glibc
- CVE-2026-4437 (HIGH) via glibc
- CVE-2026-4438 (MEDIUM) via glibc
- CVE-2026-5450 (CRITICAL) via glibc
- CVE-2026-5928 (HIGH) via glibc

## Dependencies

- Build (3): base, go, toolchain
- Runtime (1): glibc

## Scorecard

| Category | Score | Band |
| --- | --- | --- |
| supply-chain | 92 | good |
| advisories | 10 | low |
| quality | 73 | mid |
| maintenance | 100 | perfect |
| licence | 100 | perfect |

## Links

- Homepage: https://caddyserver.com
- Package page (HTML): https://minimal.dev/pkgs/caddy
- JSON API (floats latest): https://minimal.dev/api/pkgs/caddy.json
- SBOM (CycloneDX 1.5): https://minimal.dev/api/pkgs/caddy/sbom.json
