1.4.6 (linkerd#2097)

Linkerd 1.4.6 adds even more watch state endpoints to Linkerd's debugging arsenal, allowing you to 
inspect the state of Linkerd’s watches easily. This release adds watch state endpoints for the 
Kubernetes ConfigMap interpreter as well as the Marathon and filesystem namers.

Full release notes:

* HTTP/1.1 and HTTP/2
  * Allow HTTP/1.1 and HTTP/2 POST requests to be retryable.
  * Fix an issue where the `x-forwarded-client-cert` header was not always cleared on incoming requests.
* Add TLS support for the `io.l5d.etcd` namer client.
* Admin
  * Add new `io.l5d.marathon`, `io.l5d.fs`, and `io.l5d.k8s.configMap` watch state endpoints to allow diagnosis of Linkerd’s various watches.
* Distributed Tracing
  * Add a new `io.l5d.zipkin` trace propagation plugin that writes Zipkin B3 trace headers to outgoing requests. Previously, Zipkin trace headers were ignored by Linkerd in order for Linkerd to not interfere with other tracing systems like Zipkin.
* Namerd
  * Add an experimental `io.l5d.destination` interface which implements the Linkerd [destination API.](https://github.com/linkerd/linkerd2-proxy-api/blob/master/proto/destination.proto)

Signed-off-by: Dennis Adjei-Baah <dennis@buoyant.io>

1.4.5 (linkerd#2067)

Linkerd 1.4.5 contains some minor bugfixes and introduces two much-requested features. First, it is
now possible to selectively disable Linkerd's admin endpoints, e.g., keep the UI functional but to
disable the shutdown endpoint. A huge thanks to [Robert Panzer](https://github.com/robertpanzer) for
all his hard work on this.

Second, we've added experimental support for the [OpenJ9](https://www.eclipse.org/openj9/) JVM.
Preliminary tests with OpenJ9 exhibit a 3x reduction in startup time, a 40% reduction in memory
footprint, and a 3x reduction in p99 latency. You can find a Linkerd+OpenJ9 Docker image at
`buoyantio/linkerd:1.4.5-openj9-experimental` on
[Docker Hub](https://hub.docker.com/r/buoyantio/linkerd/tags/).

Full release notes:

* Add an OpenJ9 configuration for building a Docker image with the OpenJ9 JVM
* Fix a NullPointerException when using the -validate flag
* Fix an error where diagnostic tracing did not work when receiving a chunk encoded response
* Admin
  * Add a `security` section to the admin config that controls which admin endpoints are enabled
* HTTP/2
  * Fix a memory leak when there are a large number of reset streams
  * Allow HTTP/2 response classifiers to be loaded as plugins
* Namerd
  * Fix a memory leak in the the io.l5d.mesh interpreter when idle services are reaped

Signed-off-by: Alex Leong <alex@buoyant.io>

Linkerd 1.4.4 release (linkerd#2048)

Linkerd 1.4.4 continues our focus on diagnostics, performance, and stability. This release features 
several performance and diagnostics improvements, including better handling of HTTP/2 edge cases, 
new watch state introspection for the Consul namer, and better isolation of admin page serving from 
the primary data path. It also features a new, pluggable trace propagation module that allows for 
easier integration with tracing systems like OpenTracing.

This release features contributions from Salesforce, Walmart, WePay, Comcast, ScalaConsultants, 
OfferUp, Buoyant, and more. A big thank you to:

* [Chris Goffinet](https://github.com/chrisgoffinet)
* [Dan Vulpe](https://github.com/dvulpe)
* [Ivano Pagano](https://github.com/ivanopagano)
* [Leo Liang](https://github.com/leozc)
* [Mantas Stoškus](https://github.com/mstoskus)
* [Mohsen Rezaei](https://github.com/mrezaei00) 
* [Nick K](https://github.com/utrack)
* [Priyasmita Bagchi](https://github.com/pbagchi)
* [Robert Panzer](https://github.com/robertpanzer)
* [Ryan Michela](https://github.com/rmichela)
 
Full release notes:

* Distributed Tracing
  * Refactor Linkerd's trace propagation module to be pluggable. This allows better integration with
   tracing systems like OpenTracing and allows users to write Linkerd trace propagation plugins for 
   arbitrary tracing systems.
* TLS
  * Deprecate the  `trustCerts` config field in the client TLS section in favor of 
  `trustCertsBundle`. This allows you to use multiple trust certs in one file and avoids the need 
  for Linkerd to create temporary files.
* HTTP, HTTP/2
  * Fix an issue where Linkerd sometimes interprets HTTP/1.0 response with no Content-Length as a 
  chunked response.
  * Improve error messages by adding contextual routing information to a `ConnectionFailed` 
  exception sent back to a client via Linkerd.
  * Add a gRPC standard-compliant response classifier.
  * Fix an issue where Linkerd doesn't add an `l5d-err` header in an HTTP/2 response.
  * Fix an issue where Linkerd does not handle HTTP/2 requests with invalid HTTP status codes 
  correctly.
* Consul
  * Add new watch state instrumentation feature to the `io.l5d.consul` namer.
  * Fix an issue where the `io.l5d.consul` namer sometimes does not retry `ConnectionRefused` 
  exception.
  * Fix an issue where the `io.l5d.consul` namer returns a single IP for a service node instead of
   multiple IP addresses for a service node.
* Admin
  * Fix an issue where Linkerd may slow down data plane requests when the admin server is under 
  heavy load.
  * Improve performance of the Prometheus telemeter when serving metrics for a high cardinality 
  of services.
  * Fix an issue where the `intepreter_state` endpoint was not available for interpreters that 
  contained a transformer.
  * Fix the `namer_state` endpoint to expose namers that use transformers.
* Namerd
  * Fix an issue where null values were accepted by the Dtab HTTP API.

Signed-off-by: Dennis Adjei-Baah <dennis@buoyant.io>

Linkerd 1.4.3 (linkerd#1987)

This is a follow up release that includes diagnostic tracing for H2 requests.

Full release notes:

* Add diagnostic tracing for H2 requests, allowing Linkerd to add h2 request routing information at
the end of h2 streams to downstream services.
* Pass stack params to announcer plugins, allowing them to report metrics correctly. 

Signed-off-by: Dennis Adjei-Baah <dennis@buoyant.io>

Linkerd 1.4.2 (linkerd#1984)

Linkerd 1.4.2 continues its focus on diagnostics and stability. This release introduces Diagnostic 
Tracing, a feature that helps describe how Linkerd routes requests by displaying detailed routing information from each hop through your application. Stay tuned for a deep dive blog post about this feature coming soon. 

We’re also excited to share improvements to Linkerd’s error handling. Previously, when Linkerd failed to route a request, it could fail with a notoriously confusing `No Hosts Available` error. 
Now, these errors include more useful, informative diagnostic information to help explain the cause 
of the failure.

Full release notes:

* Diagnostics
   * Improve error reporting when receiving `No Hosts Available` exception.  Linkerd returns a less cryptic user-friendly message that includes information such as alternative service name resolutions and dtabs used for name resolution.
   * Add a new diagnostic tracing feature. It allows Linkerd to add routing information to the response of a `TRACE` request forwarded to a service.
* Fixes an issue where underscores in match patterns of `io.l5d.rewrite` no longer work.

Signed-off-by: Dennis Adjei-Baah <dennis@buoyant.io>

1.4.1 (linkerd#1961)

Linkerd 1.4.1 is focused on adding diagnostics and improved behavior in
production environments.

This release features contributions from Strava, Signal, OfferUp, Scalac,
Salesforce, and Buoyant.  A big thank you to:

* [Alex Leong](https://github.com/adleong/)
* [Dan Vulpe](https://github.com/dvulpe)
* [Dennis Adjei](https://github.com/dadjeibaah)
* [J Evans](https://github.com/jayeve)
* [Justin Venus](https://github.com/JustinVenus)
* [Leo Liang](https://github.com/leozc)
* [Matthew Huxtable](https://github.com/mhuxtable)
* [Michał Mrożek](https://github.com/mmrozek)
* [Peter Fich](https://github.com/peterfich)
* [Robert Panzer](https://github.com/robertpanzer)
* [Shakti Das](https://github.com/shakti-das)

Full release notes:

* Diagnostics:
  * Add watch state admin endpoints where you can inspect the current state of Linkerd's watches, including information such as time of last update and last known value.  These can be extremely valuable for debugging communication between Linkerd and other components such as Namerd or Kubernetes.
    * Kubernetes namer watch state: `/namer_state/io.l5d.k8s.json`
    * Namerd interpreter watch state: `/interpreter_state/io.l5d.namerd/<namespace>.json`
    * Namerd mesh interpreter watch state: `/interpreter_state/io.l5d.mesh/<root>.json`
* TLS:
  * Add the `intermediateCertsPath` config setting to client and server TLS.  This allows you to specify a file containing intermediate CA certificates supporting the main certificate.
  * Allow the TLS protocols to be configured which enables the ability to use TLSv1.2 specific ciphers.
* HTTP, HTTP/2:
  * Avoiding upgrading HTTP/1.0 requests to HTTP/1.1.  This prevents servers from sending responses that the client cannot handle (e.g. chunk encoded responses).
  * Fix a bug where Linkerd was not writing the `l5d-ctx-*` headers on HTTP/2 requests..
  * Add support for adding a 'Forwarded' header to HTTP/2 requests.
* Make Linkerd and Namerd honor the shutdown grace period when using the `/admin/shutdown` endpoint.
* Pass stack params to announcer plugins, allowing them to report metrics correctly.
* Add support for extracting substrings in path patterns.  This allows you to, for example, configure TLS commonNames based on substrings of a path segment instead of the entire segment.
* Add a TTL to Namerd's inactive cache so that Namerd will tear down watches on idle services.
* Improve fallback behavior in the io.l5d.marathon namer so that fallback occurs if an app has no replicas.
* Fix an ArrayIndexOutOfBoundsException in ForwardClientCertFilter.

Signed-off-by: Alex Leong <alex@buoyant.io>

1.4.0 (linkerd#1924)

Linkerd 1.4.0 upgrades us to the latest versions of Finagle and Netty and
features lower memory usage for large payloads. Two new configuration options
have been introduced: client connection lifetimes and access log rotation
policy. One breaking change has been introduced around the configuration file
syntax for loggers.  This release features contributions from ThreeComma,
[ScalaConsultants](https://github.com/ScalaConsultants), [Salesforce](https://github.com/salesforce), and [Buoyant](https://github.com/buoyantio).

* **Breaking Change**: Rename the loggers section of the Linkerd config to requestAuthorizers to match the name of the plugin type ([linkerd#1900](linkerd#1900))
* Tune Netty/Finagle settings to reduce direct memory usage ([linkerd#1889](linkerd#1889)). This should dramatically reduce direct memory usage when transferring large payloads.
* Introduce a ClientSession configuration section that provides ways to control client connection lifetime ([linkerd#1903](linkerd#1903)).
* Expose rotation policy configuration for http and http2 access logs ([linkerd#1893](linkerd#1893)).
* Stop logging harmless reader discarded errors in k8s namer ([linkerd#1901](linkerd#1901)).
* Disable autoloading of the default tracer in Namerd ([linkerd#1902](linkerd#1902)). This prevents Namerd from attempting to connect to a Zipkin collector that doesn't exist.
* Upgrade to Finagle 18.4.0.

Signed-off-by: Alex Leong <alex@buoyant.io>

1.4.0-rc1

Signed-off-by: Alex Leong <alex@buoyant.io>

1.3.7 (linkerd#1888)

Linkerd 1.3.7 includes memory leak fixes, tons of improvements for Consul, and more!  This release features contributions from ThreeComma, [NCBI](https://github.com/ncbi), WePay, [Salesforce](https://github.com/salesforce), [Homeaway](https://github.com/homeaway), Prosoft, and [Buoyant](https://github.com/buoyantio).

* Add support for more types of client certificates in the ForwardClientCertFilter ([linkerd#1850](linkerd#1850)).
* Improve documentation on how to override the base Docker image ([linkerd#1867](linkerd#1867)).
* Improve the efficientcy of the dtab delegator UI ([linkerd#1862](linkerd#1862)).
* Add a command line flag for config file validation ([linkerd#1854](linkerd#1854)).
* Fix a bug where the wrong timezone was being used in access logs ([linkerd#1851](linkerd#1851)).
* Add the ability to explicitly disable TLS for specific clients ([linkerd#1856](linkerd#1856)).
* Consul:
  * Add support for TLS-encrypted communication with Consul ([linkerd#1842](linkerd#1842)).
  * Fix a connection leak to Consul ([linkerd#1877](linkerd#1877)).
  * Fix a bug where Linkerd would timeout requests to non-existent Consul datacenters ([linkerd#1863](linkerd#1877)).
* Remove many alarming but harmless error messages from Linkerd and Namerd logs ([linkerd#1871](linkerd#1871), [linkerd#1884](linkerd#1884), [linkerd#1875](linkerd#1875)).
* Fix ByteBuffer memory leaks in HTTP/2 ([linkerd#1879](linkerd#1879), [linkerd#1858](linkerd#1858)).

Signed-off-by: Alex Leong <alex@buoyant.io>

1.3.7-rc1

Signed-off-by: Alex Leong <alex@buoyant.io>