add release/2.9.0+v2.11.14 file

The default docker swarm endpoint mode (vip) introduces unnecessary
indirection in the communication between services, namely the
docker-proxy and a dynamic haproxy endpoint container. This commit
switches the socket-proxy service to endpoint_mode: dnsrr by default and
the traefik service when using host-mode port publishing.

I would strongly recommend considering switching to host-mode port
publishing by default, especially as most coop-cloud deployments are
single-server.

See: toolshed/organising#648

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.10"
+    image: "traefik:v2.11.14"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,12 +47,14 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
+        - "coop-cloud.${STACK_NAME}.version=2.9.0+v2.11.14"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
+    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls30
+    deploy:
+      endpoint_mode: dnsrr
     environment:
       - ALLOW_START=0
       - ALLOW_STOP=0

release/2.9.0+v2.11.14

@@ -0,0 +1 @@
+Closes Security Issue https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg