edge-25.5.4

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

This release correctly supports setting pod antiaffinity for the linkerd-multicluster chart.

What's Changed

• build(deps): bump cc from 1.2.21 to 1.2.23 by @dependabot in #14035
• build(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot in #14031
• build(deps): bump github.com/prometheus/common from 0.63.0 to 0.64.0 by @dependabot in #14030
• build(deps): bump bitflags from 2.9.0 to 2.9.1 by @dependabot in #14026
• build(deps): bump tower-http from 0.6.3 to 0.6.4 by @dependabot in #14018
• build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 by @dependabot in #14025
• proxy: v2.297.0 by @l5d-bot in #14024
• chore(readme): trivial copyright date bump by @wmorgan in #14023
• build(deps): bump tj-actions/changed-files from 11fe0a22639570798676000acac7be726130b5ee to 480f49412651059a414a6a5c96887abb1877de8a by @dependabot in #14019
• build(deps): bump rustls-webpki from 0.103.2 to 0.103.3 by @dependabot in #14017
• build(deps): bump the clap group with 2 updates by @dependabot in #14015
• build(deps): bump core-js from 3.41.0 to 3.42.0 in /web/app by @dependabot in #14014
• build(deps): bump @babel/eslint-plugin from 7.27.0 to 7.27.1 in /web/app by @dependabot in #14013
• build(deps-dev): bump webpack from 5.99.7 to 5.99.8 in /web/app by @dependabot in #14012
• chore: Update MAINTAINERS.md by @olix0r in #14044
• proxy: v2.298.0 by @l5d-bot in #14043
• build(deps): bump windows-result from 0.3.2 to 0.3.4 by @dependabot in #14042
• build(deps): bump windows-strings from 0.4.0 to 0.4.2 by @dependabot in #14041
• build(deps): bump errno from 0.3.11 to 0.3.12 by @dependabot in #14040
• build(deps): bump windows-core from 0.61.0 to 0.61.2 by @dependabot in #14039
• build(deps): bump hyper-util from 0.1.11 to 0.1.12 by @dependabot in #14038
• chore(deps): sort and organize dependencies by @cratelyn in #13969
• fix(multicluster): affinities for controllers by @alpeb in #14028
• build(deps): bump DavidAnson/markdownlint-cli2-action from 19.1.0 to 20.0.0 by @dependabot in #14032
• build(deps): bump tj-actions/changed-files from 480f49412651059a414a6a5c96887abb1877de8a to 403a8a6fd188648f8a5adab2047d8eab5c0a4b34 by @dependabot in #14045

Full Changelog: edge-25.5.3...edge-25.5.4

edge-25.5.3

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

This release contains internal improvements, but no new capabilities over edge-25.5.1.

What's Changed

• chore(CLI): Remove unused alpha CLI subcommand by @adleong in #14009

Full Changelog: edge-25.5.2...edge-25.5.3

edge-25.5.2

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

This release contains internal improvements, but no new capabilities over edge-25.5.1.

What's Changed

• build(deps): bump cc from 1.2.20 to 1.2.21 by @dependabot in #13991
• build(deps-dev): bump @babel/core from 7.26.10 to 7.27.1 in /web/app by @dependabot in #13990
• build(deps-dev): bump @babel/runtime from 7.27.0 to 7.27.1 in /web/app by @dependabot in #13988
• build(deps): bump tj-actions/changed-files from 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f to 4168bb487d5b82227665ab4ec90b67ce02691741 by @dependabot in #13986
• build(deps-dev): bump @babel/preset-react from 7.26.3 to 7.27.1 in /web/app by @dependabot in #13989
• build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by @dependabot in #13998
• build(deps): bump rustls-webpki from 0.103.1 to 0.103.2 by @dependabot in #13997
• build(deps): bump rustls from 0.23.26 to 0.23.27 by @dependabot in #13995
• build(deps): bump h2 from 0.4.9 to 0.4.10 by @dependabot in #13996
• proxy: v2.296.0 by @l5d-bot in #14002
• build(deps): bump tokio from 1.44.2 to 1.45.0 by @dependabot in #14001
• build(deps): bump golang.org/x/tools from 0.32.0 to 0.33.0 by @dependabot in #13999
• build(deps): bump tj-actions/changed-files from 4168bb487d5b82227665ab4ec90b67ce02691741 to e7b157b1c4ad44acfc8d9be14b8cd8f5058636e3 by @dependabot in #14003
• build: validate edge version in release workflow by @alpeb in #13993
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #14007
• build(deps): bump tj-actions/changed-files from e7b157b1c4ad44acfc8d9be14b8cd8f5058636e3 to 11fe0a22639570798676000acac7be726130b5ee by @dependabot in #14006
• build(deps): bump tower-http from 0.6.2 to 0.6.3 by @dependabot in #14005
• build(deps): bump rustls-pki-types from 1.11.0 to 1.12.0 by @dependabot in #14004
• build(deps): bump backtrace from 0.3.74 to 0.3.75 by @dependabot in #14000

Full Changelog: edge-25.5.1...edge-25.5.2

edge-25.5.1

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

This edge release adds support for httproute.gateway.networking.k8s.io in an AuthorizationPolicy targetRef.

What's Changed

• build(deps): bump tokio-metrics from 0.4.0 to 0.4.1 by @dependabot in #13960
• build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 by @dependabot in #13959
• build(deps): bump tj-actions/changed-files from c34c1c13a740b06851baff92ab9a653d93ad6ce7 to 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f by @dependabot in #13974
• build(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 by @dependabot in #13973
• build(deps): bump cc from 1.2.19 to 1.2.20 by @dependabot in #13972
• build(deps): bump syn from 2.0.100 to 2.0.101 by @dependabot in #13971
• build(deps-dev): bump webpack from 5.99.6 to 5.99.7 in /web/app by @dependabot in #13970
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot in #13967
• build(deps): bump tokio-util from 0.7.14 to 0.7.15 by @dependabot in #13963
• build(deps): bump getrandom from 0.2.15 to 0.2.16 by @dependabot in #13961
• fix(policy): allow gateway api httproutes as authorizationpolicy target type by @adleong in #13962
• build(deps): bump chrono from 0.4.40 to 0.4.41 by @dependabot in #13977
• build(deps): bump github.com/emicklei/proto from 1.14.0 to 1.14.1 by @dependabot in #13978
• proxy: v2.295.0 by @l5d-bot in #13979
• Create AMBASSADORS.md by @kflynn in #13982
• build(deps): bump sha2 from 0.10.8 to 0.10.9 by @dependabot in #13985
• build(deps): bump openssl-sys from 0.9.107 to 0.9.108 by @dependabot in #13984
• build(deps): bump tokio-metrics from 0.4.1 to 0.4.2 by @dependabot in #13983

Full Changelog: edge-25.4.4...edge-25.5.1

edge-25.4.4

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

With this release, Linkerd 2.18 is complete, and the version-2.18 tag points to edge-25.4.4!

Services with ports using appProtocol: linkerd.io/opaque will now only allow TCPRoutes to be attached to that port, and any unknown appProtocol value will be treated as linkerd.io/opaque. Additionally, both GRPCRoutes and HTTPRoutes may be attached to kubernetes.io/h2c ports, with GRPCRoutes taking precedence if both are present. Finally, the LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS is correctly honored for TLS hostname labels.

What's Changed

• build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 by @dependabot in #13956
• build(deps): bump http-proxy-middleware from 2.0.7 to 2.0.9 in /web/app by @dependabot in #13957
• build(deps): bump the clap group with 2 updates by @dependabot in #13955
• build(deps): bump signal-hook-registry from 1.4.2 to 1.4.5 by @dependabot in #13954
• build(deps-dev): bump webpack from 5.99.5 to 5.99.6 in /web/app by @dependabot in #13952
• build(deps): bump tj-actions/changed-files from 9934ab3fdf63239da75d9e0fbd339c48620c72c4 to c34c1c13a740b06851baff92ab9a653d93ad6ce7 by @dependabot in #13950
• build(deps): bump rand from 0.9.0 to 0.9.1 by @dependabot in #13949
• build(deps): bump proc-macro2 from 1.0.94 to 1.0.95 by @dependabot in #13945
• fix(policy): include TCPRoute policy on opaque appProtocol services by @adleong in #13948
• proxy: v2.294.0 by @l5d-bot in #13958
• build(deps): bump libc from 0.2.171 to 0.2.172 by @dependabot in #13944

Full Changelog: edge-25.4.3...edge-25.4.4

edge-25.4.3

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

This release changes the default port for tracing to the OpenTelemetry port (4317) rather than the OpenCensus port (55678).

Changes

This release tweaks the CLI to make sure that the v1 Gateway API resources we rely on are present, and gives a more specific command to install Gateway API CRDs if they're not found. Additionally, it changes the default port for tracing to the OpenTelemetry port (4317) rather than the OpenCensus port (55678).

What's Changed

• build(deps): bump helm.sh/helm/v3 from 3.17.2 to 3.17.3 by @dependabot in #13921
• build(deps): bump backon from 1.4.1 to 1.5.0 by @dependabot in #13919
• build(deps): bump rustls from 0.23.25 to 0.23.26 by @dependabot in #13928
• test(multicluster): Wait for cluster store to be populated in test by @adleong in #13926
• fix(CLI): Print specific command when prompting to install the Gateway API by @adleong in #13924
• test(CI): move go test timeout to justfile by @adleong in #13927
• build(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 by @dependabot in #13931
• build(deps): bump the clap group with 2 updates by @dependabot in #13932
• build(deps-dev): bump webpack from 5.97.1 to 5.99.5 in /web/app by @dependabot in #13930
• build(deps): bump data-encoding from 2.8.0 to 2.9.0 by @dependabot in #13933
• build(deps): bump anyhow from 1.0.97 to 1.0.98 by @dependabot in #13934
• build(deps): bump tj-actions/changed-files from db731a131ccd81ed52a3d463b6d2a4b2856c7ec9 to 9934ab3fdf63239da75d9e0fbd339c48620c72c4 by @dependabot in #13936
• build(deps): bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 by @dependabot in #13920
• build(deps): bump cc from 1.2.18 to 1.2.19 by @dependabot in #13935
• build(deps): bump h2 from 0.4.8 to 0.4.9 by @dependabot in #13939
• fix(CLI): Check that the Gateway API version includes v1 resources by @adleong in #13938
• build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot in #13941
• proxy: v2.293.0 by @l5d-bot in #13946
• build(deps): bump linkerd-extension-init from 0.1.3 to 0.1.4 by @alpeb in #13943
• feat(tracing): Set correct default port for tracing by @sfleen in #13937

Full Changelog: edge-25.4.2...edge-25.4.3

edge-25.4.2

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

N/A

Changes

This release makes it easier to see the message telling you that you need to install the Gateway API CRDs when they are missing, by not showing all the usage information for linkerd install in that case. It also fixes a bug where metrics for the final request in a gRPC stream could show an UNKNOWN error rather than a success.

What's Changed

• test(multicluster): don't retry the "extension is managing controllers" test by @alpeb in #13897
• fix(test): avoid duplicate registry errors by @olix0r in #13898
• build(deps): bump miniz_oxide from 0.8.5 to 0.8.7 by @dependabot in #13899
• build(deps): bump openssl from 0.10.71 to 0.10.72 by @dependabot in #13901
• build(deps): bump tokio from 1.44.1 to 1.44.2 by @dependabot in #13906
• build(deps): bump smallvec from 1.14.0 to 1.15.0 by @dependabot in #13903
• proxy: v2.291.0 by @l5d-bot in #13916
• build(deps): bump hostname from 0.4.0 to 0.4.1 by @dependabot in #13915
• build(deps): bump openssl-src from 300.4.2+3.4.1 to 300.5.0+3.5.0 by @dependabot in #13913
• build(deps): bump miniz_oxide from 0.8.7 to 0.8.8 by @dependabot in #13914
• build(deps): bump errno from 0.3.10 to 0.3.11 by @dependabot in #13905
• build(deps): bump golang.org/x/net from 0.37.0 to 0.39.0 by @dependabot in #13910
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @dependabot in #13907
• build(deps-dev): bump eslint-plugin-react from 7.37.4 to 7.37.5 in /web/app by @dependabot in #13902
• build(deps): bump cc from 1.2.17 to 1.2.18 by @dependabot in #13904
• build(deps): bump tj-actions/changed-files from b74df86ccb65173a8e33ba5492ac1a2ca6b216fd to db731a131ccd81ed52a3d463b6d2a4b2856c7ec9 by @dependabot in #13917
• build(deps): bump github.com/linkerd/linkerd2-proxy-api from 0.15.0 to 0.16.0 by @dependabot in #13884
• build(deps): bump golang.org/x/tools from 0.31.0 to 0.32.0 by @dependabot in #13909
• build(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 by @dependabot in #13895
• proxy: v2.292.0 by @l5d-bot in #13918
• fix(CLI): streamline error output when gateway api is missing by @adleong in #13912

Full Changelog: edge-25.4.1...edge-25.4.2

edge-25.4.1

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

Starting with edge-25.3.4, Linkerd requires the Gateway API CRDs, so you must either install them before installing Linkerd, or you must explicitly set installGatewayAPI=true when installing Linkerd. This release correctly supports setting installGatewayAPI when using the Linkerd CLI, and also correctly configures Prometheus to scrape the new multicluster mirror controllers.

Changes

This release correctly supports installGatewayAPI when using the Linkerd CLI. Additionally, it adds the --only-controller flag to the now-deprecated linkerd mc unlink command, to help users migrate to the new multicluster controller by removing old mirror controllers but leaving the Link resources in place, and it supports restoring the authority labels on inbound metrics by setting LINKERD2_PROXY_INBOUND_AUTHORITY_LABELS=unsafe as an environment variable for the proxy. It also introduces a new control_dns_resolutions_total metric, and correctly propagates span context into proxy debug log messages to make it easier to understand what caused things, and correctly configures Prometheus to scrape the new multicluster mirror controllers.

Note that to make use of the new GitOps-compatible multicluster functionality introduced in edge-25.3.3, of which this release is a recommended alternative, you must upgrade your Link resources by following the instructions in the upgrading multicluster page.

What's Changed

• build(deps): bump socket2 from 0.5.8 to 0.5.9 by @dependabot in #13882
• build(deps): bump darling from 0.20.10 to 0.20.11 by @dependabot in #13881
• build(deps): bump once_cell from 1.21.1 to 1.21.3 by @dependabot in #13880
• build(deps): bump @babel/eslint-plugin from 7.26.10 to 7.27.0 in /web/app by @dependabot in #13879
• build(deps-dev): bump @babel/eslint-parser from 7.26.10 to 7.27.0 in /web/app by @dependabot in #13878
• build(deps-dev): bump sinon from 19.0.4 to 20.0.0 in /web/app by @dependabot in #13877
• build(deps-dev): bump @babel/runtime from 7.26.10 to 7.27.0 in /web/app by @dependabot in #13876
• build(deps-dev): bump webpack-dev-server from 5.2.0 to 5.2.1 in /web/app by @dependabot in #13875
• build(deps): bump event-listener-strategy from 0.5.3 to 0.5.4 by @dependabot in #13868
• build(deps): bump linkerd2-proxy-api from git to v0.16.0 by @olix0r in #13883
• build(deps): bump hyper-util from 0.1.10 to 0.1.11 by @dependabot in #13886
• feat(multicluster): add --only-controller flag to linkerd mc unlink by @alpeb in #13874
• build(deps): bump tj-actions/changed-files from 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 to b74df86ccb65173a8e33ba5492ac1a2ca6b216fd by @dependabot in #13887
• build(deps): bump iana-time-zone from 0.1.62 to 0.1.63 by @dependabot in #13885
• proxy: v2.290.0 by @l5d-bot in #13889
• fix(CLI): Check if installGatewayAPI is true before we error during CRD install by @zaharidichev in #13872
• build(deps): enable tracing feature in hyper-util by @alpeb in #13890
• chore(multicluster): update Prometheus configs and access policy to scrape new multicluster controllers by @alpeb in #13892
• feat(policy-test): conditionally compile experimental type tests by @olix0r in #13891
• build(deps): bump the clap group with 2 updates by @dependabot in #13894
• fix(policy-test): feature-gate experimental types in tests by @olix0r in #13896
• chore(ci): run policy tests against various Gateway API versions by @olix0r in #13893

Full Changelog: edge-25.3.4...edge-25.4.1

edge-25.3.4

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

This release includes one breaking change: Linkerd now requires the Gateway API CRDs, so you must either install them before installing Linkerd, or you must explicitly set installGatewayAPI=true when installing Linkerd -- but a CLI bug in this release prevents the CLI from installing the Gateway API CRDs for you. While edge-25.4.1 fixes the CLI bug, we recommend edge-25.7.4 instead for other bugfixes.

Changes

Starting with this release, you must have the Gateway API CRDs on the cluster before installing Linkerd. If you are upgrading from an earlier version of Linkerd, you should not need to take any action. If you're installing Linkerd for the first time, you'll need to either set installGatewayAPI true when installing Linkerd, or install the Gateway API CRDs manually.

This release restores correct IPv6 support and restores Role permissions for the multicluster mirror controller, and continues multicluster improvements by introducing the new linkerd multicluster link-gen command (which deprecates link and unlink), as well as adding a CLI check to warn of any older mirror controllers that haven't yet been replaced. It supports setting proxy.metrics.hostnameLabels true when installing Linkerd to include hostname labels in outbound metrics, supports excluding labels and annotations from federated and mirrored services, fixes a bug that could result in stale Service resources when mirroring services, fixes support for ExternalWorkloads that don't explicitly declare the Linkerd proxy port (4143) in their manifests, and mitigates a thundering herd effect where proxies could unnecessarily load the DNS server. Finally, linkerd viz tap no longer relies on the obsolete authority pseudo-resource (thanks, Stephen Muth!).

What's Changed

• build(deps): bump tj-actions/changed-files from 0b975f61488402a699abcebd6a1e25924cf85218 to 6482371e862961013f9584015cf362c4f664b20c by @dependabot in #13837
• chore(deps): remove unused k8s-gateway-api dependency by @olix0r in #13844
• build(deps): bump kubert from 0.23 to 0.24 by @olix0r in #13843
• chore(dependabot): group kubert updates by @olix0r in #13842
• build(deps): bump actions/download-artifact from 4.2.0 to 4.2.1 by @dependabot in #13839
• build(deps): bump Swatinem/rust-cache from 2.7.7 to 2.7.8 by @dependabot in #13838
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot in #13836
• fix(dest): fallback to default proxy inbound port when one could not … by @zaharidichev in #13840
• proxy: v2.288.0 by @l5d-bot in #13847
• build(deps-dev): bump sinon from 19.0.2 to 19.0.4 in /web/app by @dependabot in #13846
• build(deps): bump linkerd-extension-init from 0.1.2 to 0.1.3 by @alpeb in #13833
• refactor(multicluster): revert Link permissions back to Role by @alpeb in #13848
• Remove deprecated 'authority' references from tap form by @smuth4 in #13850
• build(deps): bump tj-actions/changed-files from 6482371e862961013f9584015cf362c4f664b20c to 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 by @dependabot in #13854
• build(deps): bump iana-time-zone from 0.1.61 to 0.1.62 by @dependabot in #13857
• feat(policy): Configure outbound hostname labels in metrics by @sfleen in #13822
• build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by @dependabot in #13855
• build(deps): bump log from 0.4.26 to 0.4.27 by @dependabot in #13856
• build(deps): bump cc from 1.2.16 to 1.2.17 by @dependabot in #13853
• feat(multicluster): add CLI check for legacy service mirror controllers by @alpeb in #13859
• build(deps): bump rustls-webpki from 0.103.0 to 0.103.1 by @dependabot in #13863
• build(deps): bump pest from 2.7.15 to 2.8.0 by @dependabot in #13862
• build(deps): bump delegate from 0.13.2 to 0.13.3 by @dependabot in #13861
• build(deps): bump pest_derive from 2.7.15 to 2.8.0 by @dependabot in #13860
• proxy: v2.289.0 by @l5d-bot in #13864
• feat(mutlicluster): Add support for excluding labels and annotations from federated and mirror services by @adleong in #13802
• feat(multicluster): add link-gen command, deprecate link and unlink commands by @alpeb in #13858
• feat(CLI): Add errors for invalid Gateway API CRD states by @adleong in #13834
• fix(multicluster): fix stale service resources during event requeue by @adleong in #13849
• build(deps): bump the clap group with 2 updates by @dependabot in #13866
• Bump Prometheus to v2.55.1 by @siggy in #13867

New Contributors

• @smuth4 made their first contribution in #13850

Full Changelog: edge-25.3.3...edge-25.3.4

edge-25.3.3

Overall status: NOT RECOMMENDED, use edge-25.7.4 instead

Cautions

This release unintentionally switched the multicluster mirror controller to use ClusterRole permissions rather than Role permissions. While edge-25.4.1 correctly switches back to Role and correctly supports IPv6, we recommend edge-25.7.4 instead for other bugfixes.

Additionally, this release introduces several changes to make Linkerd multicluster more GitOps-friendly, and federated Services will now keep their metadata in sync with the member with the oldest Link. To make use of this new functionality you must upgrade your Link resources by following the instructions in the upgrading multicluster page.

Changes

This edge release integrates the service-mirroring controllers into the Linkerd multicluster extension, allowing better GitOps management of the new Link v1alpha3 CRs and credential Secrets. Additionally, when using federated Services, the metadata of the federated Service will be kept in sync with the Service with the oldest Link, the proxy.cores Helm chart value has been replaced with a more flexible proxy.runtime.workers structure, it's now possible to set an environment variable to reenable outbound hostname metrics, and - last but not least! - we will correctly honor custom debug container annotations (thanks, Vishal Tewatia!)

What's Changed

• build(deps): bump tokio from 1.43.0 to 1.44.1 by @dependabot in #13793
• build(deps): bump tokio-util from 0.7.13 to 0.7.14 by @dependabot in #13797
• build(deps): bump tj-actions/changed-files from 45.0.7 to 45.0.8 by @dependabot in #13798
• build(deps): bump once_cell from 1.21.0 to 1.21.1 by @dependabot in #13796
• build(deps): bump itoa from 1.0.14 to 1.0.15 by @dependabot in #13794
• build(deps): bump helm.sh/helm/v3 from 3.17.1 to 3.17.2 by @dependabot in #13792
• build(deps): bump github.com/prometheus/common from 0.62.0 to 0.63.0 by @dependabot in #13791
• feat(multicluster): have linkerd-multicluster chart be responsible for service mirror controllers by @alpeb in #13770
• feat(multicluster): have linkerd-multicluster chart be responsible for service mirror controllers - probes by @alpeb in #13781
• build(deps): bump extractions/setup-just from 2.0.0 to 3.0.0 by @dependabot in #13812
• feat(multicluster): have linkerd-multicluster chart be responsible for service mirror controllers - CLI by @alpeb in #13782
• feat(multicluster): have linkerd-multicluster chart be responsible for service mirror controllers - tests by @alpeb in #13800
• build(deps): bump rustversion from 1.0.19 to 1.0.20 by @dependabot in #13807
• build(deps): bump hyper-http-proxy from 1.0.0 to 1.1.0 by @dependabot in #13808
• build(deps): bump foldhash from 0.1.4 to 0.1.5 by @dependabot in #13809
• build(deps): bump dtoa from 1.0.9 to 1.0.10 by @dependabot in #13810
• build(deps): bump libc from 0.2.170 to 0.2.171 by @dependabot in #13811
• feat(inject): replace proxy.cores with proxy.runtime.workers by @olix0r in #13767
• build(deps-dev): bump @babel/core from 7.26.8 to 7.26.10 in /web/app by @dependabot in #13804
• build(deps): bump @babel/eslint-plugin from 7.25.9 to 7.26.10 in /web/app by @dependabot in #13806
• build(deps-dev): bump @babel/eslint-parser from 7.26.8 to 7.26.10 in /web/app by @dependabot in #13805
• feat!(multicluster): Federated services take metadata from member with the oldest Link by @adleong in #13783
• build(deps): bump async-trait from 0.1.86 to 0.1.88 by @dependabot in #13819
• build(deps): bump http-body-util from 0.1.2 to 0.1.3 by @dependabot in #13818
• build(deps): bump rustls from 0.23.23 to 0.23.25 by @dependabot in #13817
• fix(multicluster): correct Helm manifest whitespacing by @alpeb in #13815
• fix(injector): use annotated values for debug container by @vishu42 in #13778
• fix(test): add missing env var to debug annotation test by @alpeb in #13825
• fix(multicluster): move controller's permissions from Role to ClusterRole by @alpeb in #13823
• build(proxy): update fetch-proxy to use the new release assets by @olix0r in #13824
• build(deps): bump tj-actions/changed-files from 9200e69727eb73eb060652b19946b8a2fdfb654b to 0b975f61488402a699abcebd6a1e25924cf85218 by @dependabot in #13820
• build(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.27 by @dependabot in #13816
• chore(multicluster): descriptive name for the test-multicluster integration tests by @alpeb in #13826
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #13831
• build(deps): bump actions/download-artifact from 4.1.9 to 4.2.0 by @dependabot in #13830
• build(deps): bump windows-link from 0.1.0 to 0.1.1 by @dependabot in #13828
• build(proxy): use correct naming convention for proxy artifact in fetch-proxy by @zaharidichev in #13832
• proxy: v2.287.0 by @l5d-bot in #13829
• chore(helm): eliminate stray whitespace by @olix0r in #13827
• feat(multicluster): Add Link v1alpha3 by @adleong in #13801

New Contributors

• @vishu42 made their first contribution in #13778

Full Changelog: edge-25.3.2...edge-25.3.3