1.4.1 (linkerd#1961)

Linkerd 1.4.1 is focused on adding diagnostics and improved behavior in
production environments.

This release features contributions from Strava, Signal, OfferUp, Scalac,
Salesforce, and Buoyant.  A big thank you to:

* [Alex Leong](https://github.com/adleong/)
* [Dan Vulpe](https://github.com/dvulpe)
* [Dennis Adjei](https://github.com/dadjeibaah)
* [J Evans](https://github.com/jayeve)
* [Justin Venus](https://github.com/JustinVenus)
* [Leo Liang](https://github.com/leozc)
* [Matthew Huxtable](https://github.com/mhuxtable)
* [Michał Mrożek](https://github.com/mmrozek)
* [Peter Fich](https://github.com/peterfich)
* [Robert Panzer](https://github.com/robertpanzer)
* [Shakti Das](https://github.com/shakti-das)

Full release notes:

* Diagnostics:
  * Add watch state admin endpoints where you can inspect the current state of Linkerd's watches, including information such as time of last update and last known value.  These can be extremely valuable for debugging communication between Linkerd and other components such as Namerd or Kubernetes.
    * Kubernetes namer watch state: `/namer_state/io.l5d.k8s.json`
    * Namerd interpreter watch state: `/interpreter_state/io.l5d.namerd/<namespace>.json`
    * Namerd mesh interpreter watch state: `/interpreter_state/io.l5d.mesh/<root>.json`
* TLS:
  * Add the `intermediateCertsPath` config setting to client and server TLS.  This allows you to specify a file containing intermediate CA certificates supporting the main certificate.
  * Allow the TLS protocols to be configured which enables the ability to use TLSv1.2 specific ciphers.
* HTTP, HTTP/2:
  * Avoiding upgrading HTTP/1.0 requests to HTTP/1.1.  This prevents servers from sending responses that the client cannot handle (e.g. chunk encoded responses).
  * Fix a bug where Linkerd was not writing the `l5d-ctx-*` headers on HTTP/2 requests..
  * Add support for adding a 'Forwarded' header to HTTP/2 requests.
* Make Linkerd and Namerd honor the shutdown grace period when using the `/admin/shutdown` endpoint.
* Pass stack params to announcer plugins, allowing them to report metrics correctly.
* Add support for extracting substrings in path patterns.  This allows you to, for example, configure TLS commonNames based on substrings of a path segment instead of the entire segment.
* Add a TTL to Namerd's inactive cache so that Namerd will tear down watches on idle services.
* Improve fallback behavior in the io.l5d.marathon namer so that fallback occurs if an app has no replicas.
* Fix an ArrayIndexOutOfBoundsException in ForwardClientCertFilter.

Signed-off-by: Alex Leong <alex@buoyant.io>

1.4.0 (linkerd#1924)

Linkerd 1.4.0 upgrades us to the latest versions of Finagle and Netty and
features lower memory usage for large payloads. Two new configuration options
have been introduced: client connection lifetimes and access log rotation
policy. One breaking change has been introduced around the configuration file
syntax for loggers.  This release features contributions from ThreeComma,
[ScalaConsultants](https://github.com/ScalaConsultants), [Salesforce](https://github.com/salesforce), and [Buoyant](https://github.com/buoyantio).

* **Breaking Change**: Rename the loggers section of the Linkerd config to requestAuthorizers to match the name of the plugin type ([linkerd#1900](linkerd#1900))
* Tune Netty/Finagle settings to reduce direct memory usage ([linkerd#1889](linkerd#1889)). This should dramatically reduce direct memory usage when transferring large payloads.
* Introduce a ClientSession configuration section that provides ways to control client connection lifetime ([linkerd#1903](linkerd#1903)).
* Expose rotation policy configuration for http and http2 access logs ([linkerd#1893](linkerd#1893)).
* Stop logging harmless reader discarded errors in k8s namer ([linkerd#1901](linkerd#1901)).
* Disable autoloading of the default tracer in Namerd ([linkerd#1902](linkerd#1902)). This prevents Namerd from attempting to connect to a Zipkin collector that doesn't exist.
* Upgrade to Finagle 18.4.0.

Signed-off-by: Alex Leong <alex@buoyant.io>

1.4.0-rc1

Signed-off-by: Alex Leong <alex@buoyant.io>

1.3.7 (linkerd#1888)

Linkerd 1.3.7 includes memory leak fixes, tons of improvements for Consul, and more!  This release features contributions from ThreeComma, [NCBI](https://github.com/ncbi), WePay, [Salesforce](https://github.com/salesforce), [Homeaway](https://github.com/homeaway), Prosoft, and [Buoyant](https://github.com/buoyantio).

* Add support for more types of client certificates in the ForwardClientCertFilter ([linkerd#1850](linkerd#1850)).
* Improve documentation on how to override the base Docker image ([linkerd#1867](linkerd#1867)).
* Improve the efficientcy of the dtab delegator UI ([linkerd#1862](linkerd#1862)).
* Add a command line flag for config file validation ([linkerd#1854](linkerd#1854)).
* Fix a bug where the wrong timezone was being used in access logs ([linkerd#1851](linkerd#1851)).
* Add the ability to explicitly disable TLS for specific clients ([linkerd#1856](linkerd#1856)).
* Consul:
  * Add support for TLS-encrypted communication with Consul ([linkerd#1842](linkerd#1842)).
  * Fix a connection leak to Consul ([linkerd#1877](linkerd#1877)).
  * Fix a bug where Linkerd would timeout requests to non-existent Consul datacenters ([linkerd#1863](linkerd#1877)).
* Remove many alarming but harmless error messages from Linkerd and Namerd logs ([linkerd#1871](linkerd#1871), [linkerd#1884](linkerd#1884), [linkerd#1875](linkerd#1875)).
* Fix ByteBuffer memory leaks in HTTP/2 ([linkerd#1879](linkerd#1879), [linkerd#1858](linkerd#1858)).

Signed-off-by: Alex Leong <alex@buoyant.io>

1.3.7-rc1

Signed-off-by: Alex Leong <alex@buoyant.io>

Advance headVersion to 1.3.6 (linkerd#1848)

Signed-off-by: Andrew Seigner <siggy@buoyant.io>

1.3.5 (linkerd#1783)

## 1.3.5 2018-01-17

* 🎓 H2 router and `io.l5d.mesh` Namerd interface are no longer experimental ([linkerd#1782](linkerd#1782))! 🎓
* Add an experimental namer for Rancher service discovery ([linkerd#1740](linkerd#1740)). A huge thank you to [@fangel](https://github.com/fangel) for contributing this namer!
* Kubernetes
  * Fix a bug that could cause the `io.l5d.k8s` namer to get "stuck" and fail to recieve updates from an endpoint ([linkerd#1755](linkerd#1755)). Contributed by [@obeattie](https://github.com/obeattie).
* Admin UI
  * Add `/admin/client_state.json` endpoint to return the current address set of each client ([linkerd#1768](linkerd#1768)).
  * Fix an error when using the admin UI to perform delegations with a dtab stored in Namerd over the `io.l5d.thriftNameInterpreter` interface ([linkerd#1762](linkerd#1762)). Thanks to [@jackkleeman](https://github.com/jackkleeman)!
  * Render an error instead of a blank page for failures on Namerd's dtab playground ([linkerd#1770](linkerd#1770)).
* Namerd
  * Errors parsing dtabs stored in Consul are now surfaced in log messages ([linkerd#1760](linkerd#1760)).
  * Fix an error where Linekrd could sometimes miss updates from Namerd when using the `io.l5d.thriftNameInterpreter` interface ([linkerd#1753](linkerd#1753)). Thanks to [@obeattie](https://github.com/obeattie)!

1.3.4 2017-12-15

----------------

Linkerd 1.3.4 continues the focus on reliability and stability. It includes a bugfix for HTTP/2 and gRPC routers, several improvements to the Consul namer and dtab store, fixes for 4xx responses in the Kubernetes namer, and more.

* Fix an issue where the `io.l5d.path` identifier would consume query parameters from the request URL, preventing them from reaching the downstream service ([linkerd#1734](linkerd#1734)).
* Several minor fixes to documentation and examples.
* Consul
  * Improve handling of invalid namespaces in Namerd's Consul dtab store ([linkerd#1739](linkerd#1739)).
  * Add backoffs to Consul dtab store observation retries ([linkerd#1742](linkerd#1742)).
  * Fix `io.l5d.consul` namer logging large numbers of spurious error messages during normal operation ([linkerd#1738](linkerd#1738)).
* HTTP/2 and gRPC
  * Fix buffer data corruption regression introduced in 1.3.3 ([linkerd#1751](linkerd#1751)). Thanks to [@vadimi](https://github.com/vadimi), who contributed to this fix!
* Kubernetes
  * Improve handling of Kubernetes API watch errors in `io.l5d.k8s` ([linkerd#1744](linkerd#1744), [linkerd#1752](linkerd#1752)).
* Namerd
  * Fix `NoHostsAvailable` exception thrown by `io.l5d.mesh` when Namerd has namers configured with transformers ([linkerd#1729](linkerd#1729)).

PR for 1.3.3 release (linkerd#1720)

* advance head version to 1.3.3

1.3.2 (linkerd#1705)

* advance head version

* adds changelog

* addresses comments in PR