This release includes a security improvement. When a user manually specified the `policyValidator.keyPEM` setting, the value was incorrectly included in the `linkerd-config` ConfigMap. This means that this private key was erroneously exposed to ServiceAccounts with read access to this ConfigMap. Practically, this means that the Linkerd `proxy-injector`, `identity`, and `heartbeat` Pods could read this value. This should not have exposed this private key to other unauthorized users unless additional RoleBindings were added outside of Linkerd. Nevertheless, we recommend that users who manually set control plane certificates update the credentials for the policy validator after upgrading Linkerd. Additionally, a PodSecurityPolicy fix is included which fixes installations where PSP is enabled and `proxyInit.runAsRoot: true`.