From b2f14a347a7685b8bc7bf8b61a26f450c8c7ff9d Mon Sep 17 00:00:00 2001
From: Maxime Legault-Venne <maximelegaultvenne@datawire.io>
Date: Fri, 18 Feb 2022 20:33:52 -0500
Subject: [PATCH 1/8] Update pre-release and fix path issue

Signed-off-by: Maxime Legault-Venne <maximelegaultvenne@datawire.io>
---
 concepts/context-prop.md                      |   3 +-
 concepts/intercepts.md                        |  21 +-
 doc-links.yml                                 |   2 +
 howtos/intercepts.md                          |  10 +-
 howtos/preview-urls.md                        |  16 +-
 install/telepresence-pro.md                   |  66 +++++
 quick-start/demo-node.md                      |   2 +-
 quick-start/demo-react.md                     |   2 +-
 quick-start/go.md                             |   2 +-
 quick-start/index.md                          |   2 +-
 quick-start/qs-cards.js                       |  23 +-
 quick-start/qs-go.md                          |   4 +
 .../telepresence-quickstart-landing.less      | 272 ++++++++----------
 reference/architecture.md                     |   5 +
 reference/client/login.md                     |  19 ++
 reference/cluster-config.md                   |   2 +-
 reference/config.md                           |  31 +-
 reference/intercepts/index.md                 |  50 ++--
 reference/rbac.md                             |   6 +-
 reference/restapi.md                          |  98 +++----
 reference/vpn.md                              |   2 +-
 release-notes/telepresence-2.4.10-actions.png | Bin 9342 -> 0 bytes
 .../telepresence-2.4.10-intercept-config.png  | Bin 23528 -> 0 bytes
 .../telepresence-2.5.0-pro-daemon.png         | Bin 0 -> 13623 bytes
 releaseNotes.yml                              |  63 +++-
 versions.yml                                  |   4 +-
 26 files changed, 400 insertions(+), 305 deletions(-)
 create mode 100644 install/telepresence-pro.md
 delete mode 100644 release-notes/telepresence-2.4.10-actions.png
 delete mode 100644 release-notes/telepresence-2.4.10-intercept-config.png
 create mode 100644 release-notes/telepresence-2.5.0-pro-daemon.png

diff --git a/concepts/context-prop.md b/concepts/context-prop.md
index dc9ee18f..b3eb41e3 100644
--- a/concepts/context-prop.md
+++ b/concepts/context-prop.md
@@ -31,6 +31,7 @@ used for is a little unorthodox, but the mechanisms for their use are
 already widely deployed because of the prevalence of tracing.  The
 headers facilitate the smart routing of requests either to live
 services in the cluster or services running locally on a developer’s
-machine.
+machine. The intercepted traffic can be further limited by using path
+based routing.
 
 Preview URLs, when created, generate an ingress request containing a custom header with a token (the context). Telepresence sends this token to [Ambassador Cloud](https://app.getambassador.io) with other information about the preview. Visiting the preview URL directs the user to Ambassador Cloud, which proxies the user to the cluster ingress with the token header injected into the request. The request carrying the header is routed in the cluster to the appropriate pod (the propagation). The Traffic Agent on the service pod sees the header and intercepts the request, redirecting it to the local developer machine that ran the intercept.
diff --git a/concepts/intercepts.md b/concepts/intercepts.md
index c39a80eb..4b1e770f 100644
--- a/concepts/intercepts.md
+++ b/concepts/intercepts.md
@@ -70,7 +70,7 @@ export function TabsContainer({ children, ...props }) {
 <TabsContainer>
 <TabPanel class="TabBody" value="regular">
 
-## No intercept
+# No intercept
 
 <Paper style="padding: 1em">
 <Animation class="mode-regular" />
@@ -81,7 +81,7 @@ This is the normal operation of your cluster without Telepresence.
 </TabPanel>
 <TabPanel class="TabBody" value="global">
 
-## Global intercept
+# Global intercept
 
 <Paper style="padding: 1em">
 <Animation class="mode-global" />
@@ -117,7 +117,7 @@ with all your dev tools.
 </TabPanel>
 <TabPanel class="TabBody" value="personal">
 
-## Personal intercept
+# Personal intercept
 
 **Personal intercepts** allow you to be selective and intercept only
 some of the traffic to a service while not interfering with the rest
@@ -183,5 +183,20 @@ while sharing the rest of the development environment.
     service that is running in the cluster.  This enables you to share
     the cluster with a team!
 
+### Intercepting a specific endpoint
+
+It's not uncommon to have one service serving several endpoints. Telepresence is capable of limiting an
+intercept to only affect the endpoints you want to work with by using one of the `--http-path-xxx`
+flags below in addition to using `--http-match` flags. Only one such flag can be used in an intercept
+and, contrary to the `--http-match` flag, it cannot be repeated.
+
+The following flags are available:
+
+| Flag                          | Meaning                                                          |
+|-------------------------------|------------------------------------------------------------------|
+| `--http-path-equal <path>`    | Only intercept the endpoint for this exact path                  |
+| `--http-path-prefix <prefix>` | Only intercept endpoints with a matching path prefix             |
+| `--http-path-regex <regex>`   | Only intercept endpoints that match the given regular expression |
+
 </TabPanel>
 </TabsContainer>
diff --git a/doc-links.yml b/doc-links.yml
index c21cf9f3..fb08e3f8 100644
--- a/doc-links.yml
+++ b/doc-links.yml
@@ -8,6 +8,8 @@
        link: install/upgrade/
      - title: Install Traffic Manager with Helm
        link: install/helm/
+     - title: Telepresence Pro
+       link: install/telepresence-pro/
      - title: Migrate from legacy Telepresence
        link: install/migrate-from-legacy/
  - title: Core concepts
diff --git a/howtos/intercepts.md b/howtos/intercepts.md
index ea088950..6adebd6c 100644
--- a/howtos/intercepts.md
+++ b/howtos/intercepts.md
@@ -8,21 +8,21 @@ import QSCards from '../quick-start/qs-cards'
 
 # Intercept a service in your own environment
 
-Telepresence enables you to create intercepts to a target Kubernetes workload. Once you have created and intercept, you can code and debug your associated service locally. 
+Telepresence enables you to create intercepts to a target Kubernetes workload. Once you have created and intercept, you can code and debug your associated service locally.
 
 For a detailed walk-though on creating intercepts using our sample app, follow the [quick start guide](../../quick-start/demo-node/).
 
 
 ## Prerequisites
 
-Before you begin, you need to have [Telepresence installed](<../../install/), and either the Kubernetes command-line tool, [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/), or the OpenShift Container Platform command-line interface, [`oc`](https://docs.openshift.com/container-platform/4.2/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands). This document uses kubectl in all example commands. OpenShift users can substitute oc [commands instead](https://docs.openshift.com/container-platform/4.1/cli_reference/developer-cli-commands.html).
+Before you begin, you need to have [Telepresence installed](../../install/), and either the Kubernetes command-line tool, [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/), or the OpenShift Container Platform command-line interface, [`oc`](https://docs.openshift.com/container-platform/4.2/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands). This document uses kubectl in all example commands. OpenShift users can substitute oc [commands instead](https://docs.openshift.com/container-platform/4.1/cli_reference/developer-cli-commands.html).
 
 This guide assumes you have a Kubernetes deployment and service accessible publicly by an ingress controller, and that you can run a copy of that service on your laptop.
 
 
 ## Intercept your service with a global intercept
 
-With Telepresence, you can create [global intercepts](../../concepts/intercepts/?intercept=global) that intercept all traffic going to a service in your cluster and route it to your local environment instead. 
+With Telepresence, you can create [global intercepts](../../concepts/intercepts/?intercept=global) that intercept all traffic going to a service in your cluster and route it to your local environment instead.
 
 1. Connect to your cluster with `telepresence connect` and connect to the Kubernetes API server:
 
@@ -55,7 +55,7 @@ With Telepresence, you can create [global intercepts](../../concepts/intercepts/
 
 3. Get the name of the port you want to intercept on your service:
    `kubectl get service <service name> --output yaml`.
-  
+
    For example:
 
    ```console
@@ -72,7 +72,7 @@ With Telepresence, you can create [global intercepts](../../concepts/intercepts/
 4. Intercept all traffic going to the service in your cluster:
     `telepresence intercept <service-name> --port <local-port>[:<remote-port>] --env-file <path-to-env-file>`.
       * For `--port`: specify the port the local instance of your service is running on. If the intercepted service exposes multiple ports, specify the port you want to intercept after a colon.
-      * For `--env-file`: specify a file path for Telepresence to write the environment variables that are set in the pod. 
+      * For `--env-file`: specify a file path for Telepresence to write the environment variables that are set in the pod.
        The example below shows Telepresence intercepting traffic going to service `example-service`. Requests now reach the service on port `http` in the cluster get routed to `8080` on the workstation and write the environment variables of the service to `~/example-service-intercept.env`.
        ```console
        $ telepresence intercept example-service --port 8080:http --env-file ~/example-service-intercept.env
diff --git a/howtos/preview-urls.md b/howtos/preview-urls.md
index cad231fc..670f72dd 100644
--- a/howtos/preview-urls.md
+++ b/howtos/preview-urls.md
@@ -42,34 +42,32 @@ $ telepresence intercept example-service --port 8080 --env-file ~/ex-svc.env
           You may use an IP address or a DNS name (this is usually a
           "service.namespace" DNS name).
 
-             [default: example-service.default]: ambassador.ambassador
+            [default: -]: ambassador.ambassador
 
      2/4: What's your ingress' TCP port number?
 
             [default: -]: 80
 
-      3/4: Does that TCP port on your ingress use TLS (as opposed to cleartext)?
+     3/4: Does that TCP port on your ingress use TLS (as opposed to cleartext)?
 
-             [default: n]: y
+            [default: n]: y
 
      4/4: If required by your ingress, specify a different hostname
           (TLS-SNI, HTTP "Host" header) to be used in requests.
 
-             [default: ambassador.ambassador]: dev-environment.edgestack.me
+            [default: ambassador.ambassador]: dev-environment.edgestack.me
 
-      Using Deployment example-service
-      intercepted
+     Using deployment example-service
+     intercepted
          Intercept name         : example-service
          State                  : ACTIVE
-         Workload kind          : Deployment
          Destination            : 127.0.0.1:8080
          Service Port Identifier: http
          Intercepting           : HTTP requests that match all of:
            header("x-telepresence-intercept-id") ~= regexp("<intercept id>:example-service")
          Preview URL            : https://<random domain name>.preview.edgestack.me
          Layer 5 Hostname       : dev-environment.edgestack.me
-
-  ```
+   ```
 
 5. Start your local environment using the environment variables retrieved in the previous step.
 
diff --git a/install/telepresence-pro.md b/install/telepresence-pro.md
new file mode 100644
index 00000000..f7a86bb1
--- /dev/null
+++ b/install/telepresence-pro.md
@@ -0,0 +1,66 @@
+import Platform from '@src/components/Platform';
+
+# Install Telepresence Pro
+
+Telepresence Pro is a replacement to Telepresence's User Daemon
+that gives you premium features including:
+* Creating intercepts on your local machine from Ambassador Cloud.
+
+The `telepresence-pro` binary must be installed in the same directory as
+`telepresence`. When you run `telepresence login` it will automatically be
+installed and placed in the correct location. If you are in an air-gapped
+environment or need to install it manually, ensure it is placed in the
+correct directory.
+
+<Platform.TabGroup>
+<Platform.MacOSTab>
+
+```shell
+# In this example, we install the binary in `/usr/local/bin/` since that's where `telepresence`
+# is installed by default
+# Intel Macs
+# 1. Download the latest binary (~60 MB):
+sudo curl -fL https://app.getambassador.io/download/tel-pro/darwin/amd64/$dlVersion$/latest/telepresence-pro -o /usr/local/bin/telepresence-pro
+# 2. Make the binary executable:
+sudo chmod a+x /usr/local/bin/telepresence-pro
+
+# Apple silicon Macs
+# 1. Download the latest binary (~60 MB):
+sudo curl -fL https://app.getambassador.io/download/tel-pro/darwin/arm64/$dlVersion$/latest/telepresence-pro -o /usr/local/bin/telepresence-pro
+# 2. Make the binary executable:
+sudo chmod a+x /usr/local/bin/telepresence-pro
+```
+
+</Platform.MacOSTab>
+<Platform.GNULinuxTab>
+
+```shell
+# In this example, we install the binary in `/usr/local/bin/` since that's where `telepresence`
+# is installed by default
+# 1. Download the latest binary (~60 MB):
+sudo curl -fL https://app.getambassador.io/download/tel-pro/linux/amd64/$dlVersion$/latest/telepresence-pro -o /usr/local/bin/telepresence-pro
+# 2. Make the binary executable:
+sudo chmod a+x /usr/local/bin/telepresence-pro
+```
+
+</Platform.GNULinuxTab>
+<Platform.WindowsTab>
+
+```powershell
+# In this example, we install the binary in `/usr/local/bin/` since that's where `telepresence`
+# is installed by default
+# Make sure you run the following from Powershell as Administrator
+# 1. Download the latest windows zip containing telepresence-pro.exe and its dependencies (~50 MB):
+curl -fL https://app.getambassador.io/download/tel-pro/windows/amd64/$dlVersion$/latest/telepresence-pro.exe -o telepresence-exe
+
+# 2. Move the exe to your path (We recommend the default directory used by telepresence `C:\telepresence`)
+Copy-Item "telepresence-pro.exe" -Destination "C:\telepresence\telepresence-pro.exe" -Force
+```
+
+</Platform.WindowsTab>
+</Platform.TabGroup>
+
+# Upgrade Telepresence Pro
+There are two options to upgrade Telepresence Pro. You can run `telepresence-pro upgrade` to get the latest
+version that is compatible with the current Telepresence version you are using or you can remove the binary
+and Telepresence will automatically install it next time you `telepresence login`.
diff --git a/quick-start/demo-node.md b/quick-start/demo-node.md
index 3d7a687b..5dcbd654 100644
--- a/quick-start/demo-node.md
+++ b/quick-start/demo-node.md
@@ -4,4 +4,4 @@ description: "Claim a remote demo cluster and learn to use Telepresence to inter
 
 # Telepresence Quick Start
 
-To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/pre-release/quick-start/demo-node/)
+To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/2.5/quick-start/demo-node/)
diff --git a/quick-start/demo-react.md b/quick-start/demo-react.md
index 91e06e8b..7c7c00cc 100644
--- a/quick-start/demo-react.md
+++ b/quick-start/demo-react.md
@@ -4,4 +4,4 @@ description: "Claim a remote demo cluster and learn to use Telepresence to inter
 
 # Telepresence Quick Start
 
-To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/pre-release/quick-start/demo-react/)
+To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/2.5/quick-start/demo-react/)
diff --git a/quick-start/go.md b/quick-start/go.md
index 65b88f6f..bd3e1e55 100644
--- a/quick-start/go.md
+++ b/quick-start/go.md
@@ -4,4 +4,4 @@ description: "Install Telepresence and learn to use it to intercept services run
 
 # Telepresence Quick Start
 
-To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/pre-release/quick-start/go/)
+To use a demo cluster provided by Ambassador Labs to learn how Telepresence can be used to intercept services to speed up local development and debugging, follow [this guide](https://www.getambassador.io/docs/telepresence/2.5/quick-start/go/)
diff --git a/quick-start/index.md b/quick-start/index.md
index efcb65b5..f2305d72 100644
--- a/quick-start/index.md
+++ b/quick-start/index.md
@@ -2,6 +2,6 @@
    description: Telepresence Quick Start.
 ---
 
-import TelepresenceQuickStartLanding from './TelepresenceQuickStartLanding'
+import TelepresenceQuickStartLanding from './TelepresenceQuickStartLanding';
 
 <TelepresenceQuickStartLanding/>
diff --git a/quick-start/qs-cards.js b/quick-start/qs-cards.js
index 31582355..0d8c7226 100644
--- a/quick-start/qs-cards.js
+++ b/quick-start/qs-cards.js
@@ -28,39 +28,38 @@ export default function CenteredGrid() {
         <Grid item xs={4}>
           <Paper variant="outlined" className={classes.paper}>
             <Typography variant="h6" component="h2">
-              <a href="../../howtos/preview-urls/">
-                <b>Collaborating</b>
+              <a href="../../install/qs-java-advanced/">
+                <b>Create a Local K8s Dev Environment</b>
               </a>
             </Typography>
             <Typography variant="body2" component="p">
-              Use preview URLS to collaborate with your colleagues and others
-              outside of your organization.
+              Read the advanced guide on how to create your own complete Kubernetes development environment.
             </Typography>
           </Paper>
         </Grid>
         <Grid item xs={4}>
           <Paper variant="outlined" className={classes.paper}>
             <Typography variant="h6" component="h2">
-              <a href="../../howtos/outbound/">
-                <b>Outbound Sessions</b>
+              <a href="../../howtos/preview-urls/">
+                <b>Collaborating</b>
               </a>
             </Typography>
             <Typography variant="body2" component="p">
-              While connected to the cluster, your laptop can interact with
-              services as if it was another pod in the cluster.
+              Use preview URLS to collaborate with your colleagues and others
+              outside of your organization.
             </Typography>
           </Paper>
         </Grid>
         <Grid item xs={4}>
           <Paper variant="outlined" className={classes.paper}>
             <Typography variant="h6" component="h2">
-              <a href="../../faqs/">
-                <b>FAQs</b>
+              <a href="../../howtos/outbound/">
+                <b>Outbound Sessions</b>
               </a>
             </Typography>
             <Typography variant="body2" component="p">
-              Learn more about uses cases and the technical implementation of
-              Telepresence.
+              While connected to the cluster, your laptop can interact with
+              services as if it was another pod in the cluster.
             </Typography>
           </Paper>
         </Grid>
diff --git a/quick-start/qs-go.md b/quick-start/qs-go.md
index 37291657..c2514635 100644
--- a/quick-start/qs-go.md
+++ b/quick-start/qs-go.md
@@ -390,6 +390,10 @@ Normal traffic coming to your app gets the <strong style="color:green">green</st
   The <strong>Preview URL</strong> now shows exactly what is running on your local laptop -- in a way that can be securely shared with anyone you work with.
 </Alert>
 
+## Create a complete development environment using this demo application
+
+Apply what you've learned from this guide and employ the Emojivoto application in your own local development environment. See the [Creating a local Kubernetes development environment](../../install/qs-go-advanced/) page to learn more.
+
 ## <img class="os-logo" src="../../images/logo.png"/> What's Next?
 
 <QSCards/>
diff --git a/quick-start/telepresence-quickstart-landing.less b/quick-start/telepresence-quickstart-landing.less
index 1a8c3ddc..37304255 100644
--- a/quick-start/telepresence-quickstart-landing.less
+++ b/quick-start/telepresence-quickstart-landing.less
@@ -1,184 +1,160 @@
 @import '~@src/components/Layout/vars.less';
 
-.doc-body .telepresence-quickstart-landing {
+.telepresence-quickstart-landing {
   font-family: @InterFont;
   color: @black;
   margin: 0 auto 140px;
   max-width: @docs-max-width;
   min-width: @docs-min-width;
 
-  h1,
-  h2 {
+  h1 {
     color: @blue-dark;
-    font-style: normal;
     font-weight: normal;
     letter-spacing: 0.25px;
-  }
-
-  h1 {
     font-size: 33px;
-    line-height: 40px;
+  }
+  p {
+    font-size: 0.875rem;
+    line-height: 24px;
+    margin: 0;
+    padding: 0;
+  }
 
-    svg {
-      vertical-align: text-bottom;
+  .demo-cluster-container {
+    display: grid;
+    margin: 40px 0;
+    grid-template-columns: repeat(2, 1fr);
+    column-gap: 40px;
+    @media screen and (max-width: 720px) {
+      grid-template-columns: repeat(1, 1fr);
+      row-gap: 50px;
     }
   }
-
-  h2 {
-    font-size: 23px;
-    line-height: 33px;
-    margin: 0 0 1rem;
-
-    .highlight-mark {
-      background: transparent;
+  .main-title-container {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    p {
+      text-align: center;
+      font-size: 0.875rem;
+    }
+  }
+  h2.title {
+    font-size: 1.5rem;
+    color: @black;
+    font-weight: normal;
+    margin: 0 0 10px 0;
+    padding: 0;
+    &.underlined {
+      padding-bottom: 2px;
+      border-bottom: 3px solid @grey-separator;
+      text-align: center;
+    }
+    strong {
+      font-weight: 600;
+    }
+  }
+  .reading-time {
+    color: #7c7c87;
+    margin: 0;
+  }
+  .get-started {
+    font-size: 0.875rem;
+    font-weight: 600;
+    letter-spacing: 1.25px;
+    display: flex;
+    align-items: center;
+    margin: 20px 20px 10px;
+    text-decoration: none;
+    &.green {
+      color: @green;
+    }
+    &.green:hover {
+      color: @green-dark;
+    }
+    &.blue {
+      color: @blue;
+    }
+    &.blue:hover {
       color: @blue-dark;
-      background: -moz-linear-gradient(
-        top,
-        transparent 0%,
-        transparent 60%,
-        fade(@blue-electric, 15%) 60%,
-        fade(@blue-electric, 15%) 100%
-      );
-      background: -webkit-gradient(
-        linear,
-        left top,
-        left bottom,
-        color-stop(0%, transparent),
-        color-stop(60%, transparent),
-        color-stop(60%, fade(@blue-electric, 15%)),
-        color-stop(100%, fade(@blue-electric, 15%))
-      );
-      background: -webkit-linear-gradient(
-        top,
-        transparent 0%,
-        transparent 60%,
-        fade(@blue-electric, 15%) 60%,
-        fade(@blue-electric, 15%) 100%
-      );
-      background: -o-linear-gradient(
-        top,
-        transparent 0%,
-        transparent 60%,
-        fade(@blue-electric, 15%) 60%,
-        fade(@blue-electric, 15%) 100%
-      );
-      background: -ms-linear-gradient(
-        top,
-        transparent 0%,
-        transparent 60%,
-        fade(@blue-electric, 15%) 60%,
-        fade(@blue-electric, 15%) 100%
-      );
-      background: linear-gradient(
-        to bottom,
-        transparent 0%,
-        transparent 60%,
-        fade(@blue-electric, 15%) 60%,
-        fade(@blue-electric, 15%) 100%
-      );
-      filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='transparent', endColorstr='fade(@blue-electric, 15%)',GradientType=0 );
-      padding: 0 3px;
-      margin: 0 0.1em 0 0;
     }
   }
 
-  .telepresence-choice {
-    background: @white;
+  .box-container {
+    border: 1.5px solid @grey-separator;
+    border-radius: 5px;
+    padding: 10px;
+    position: relative;
+    &::before {
+      content: '';
+      position: absolute;
+      width: 14px;
+      height: 14px;
+      border-radius: 50%;
+      top: 0;
+      left: 50%;
+      transform: translate(-50%, -50%);
+    }
+    &.green::before {
+      background: @green;
+      box-shadow: 0 0 0 5px #00c05b45;
+    }
+    &.blue::before {
+      background: @blue;
+      box-shadow: 0 0 0 5px #0066ff45;
+    }
+    p {
+      font-size: 0.875rem;
+      line-height: 24px;
+      padding: 0;
+    }
+  }
+  .connector-container {
+    display: flex;
+    justify-content: center;
+    span {
+      background: @grey-separator;
+      width: 1.5px;
+      height: 37px;
+    }
+  }
+
+  .telepresence-video {
     border: 2px solid @grey-separator;
     box-shadow: -6px 12px 0px fade(@black, 12%);
     border-radius: 8px;
     padding: 20px;
+    h2.telepresence-video-title {
+      padding: 0;
+      margin: 0;
+    }
 
     strong {
       color: @blue;
     }
   }
 
-  .telepresence-choice-wrapper {
-    border-bottom: solid 1px @grey-separator;
-    column-gap: 60px;
-    display: inline-grid;
-    grid-template-columns: repeat(2, 1fr);
-    margin: 20px 0 50px;
-    padding: 0 0 62px;
-    width: 100%;
-
-    .telepresence-choice {
-      ol {
-        li {
-          font-size: 14px;
-        }
-      }
-
-      .get-started-button {
-        background-color: @green;
-        border-radius: 5px;
-        color: @white;
-        display: inline-flex;
-        font-style: normal;
-        font-weight: 600;
-        font-size: 14px;
-        line-height: 24px;
-        margin: 0 0 15px 5px;
-        padding: 13px 20px;
-        align-items: center;
-        letter-spacing: 1.25px;
-        text-decoration: none;
-        text-transform: uppercase;
-        transition: background-color 200ms linear 0ms;
-
-        svg {
-          fill: @white;
-          height: 20px;
-          width: 20px;
-        }
-
-        &:hover {
-          background-color: @green-dark;
-          text-decoration: none;
-        }
-      }
-
-      p {
-        font-style: normal;
-        font-weight: normal;
-        font-size: 16px;
-        line-height: 26px;
-        letter-spacing: 0.5px;
-      }
+  .video-section {
+    display: grid;
+    grid-template-columns: 1fr 2fr;
+    column-gap: 10px;
+    @media screen and (max-width: 1400px) {
+      grid-template-columns: 1fr;
     }
-  }
-
-  .video-wrapper {
-    display: flex;
-    flex-direction: row;
-
     ul {
-      li {
-        font-size: 14px;
-        margin: 0 10px 10px 0;
-      }
+      font-size: 14px;
+      margin: 0 10px 6px 0;
     }
-
-    div {
-      &.video-container {
-        flex: 1 1 70%;
-        position: relative;
+    .video-container {
+      position: relative;
+      padding-bottom: 56.25%; // 16:9 aspect ratio
+      height: 0;
+      iframe {
+        position: absolute;
+        top: 0;
+        left: 0;
         width: 100%;
-        padding-bottom: 39.375%;
-
-        .video {
-          position: absolute;
-          top: 0;
-          left: 0;
-          width: 100%;
-          height: 100%;
-          border: 0;
-        }
-      }
-
-      &.description {
-        flex: 0 1 30%;
+        height: 100%;
       }
     }
   }
diff --git a/reference/architecture.md b/reference/architecture.md
index 47facb0b..3965260e 100644
--- a/reference/architecture.md
+++ b/reference/architecture.md
@@ -21,6 +21,11 @@ another.
 The Telepresence Daemon runs on a developer's workstation and is its main point of communication with the cluster's
 network. All requests from and to the cluster go through the Daemon, which communicates with the Traffic Manager.
 
+## Telepresence Pro Daemon
+When you `telepresence login`, Telepresence recommends downloading the Telepresence Pro Daemon.
+This replaces the open source User Daemon and provides additional features including:
+* Creating intercepts on your local machine from Ambassador Cloud.
+
 ## Traffic Manager
 
 The Traffic Manager is the central point of communication between Traffic Agents in the cluster and Telepresence Daemons
diff --git a/reference/client/login.md b/reference/client/login.md
index 269a240d..d07f6554 100644
--- a/reference/client/login.md
+++ b/reference/client/login.md
@@ -29,6 +29,25 @@ box via SSH, or are using Telepresence in CI), then you may instead
 have Ambassador Cloud issue an API key that you pass to `telepresence
 login` with the `--apikey` flag.
 
+## Telepresence Pro
+
+When you run `telepresence login`, the CLI will recommend you install
+a Telepresence Pro binary.  The Telepresence Pro version of the [User
+Daemon](../../architecture) communicates with the Ambassador Cloud to
+provide fremium features including the ability to create intercepts from
+Ambassador Cloud.
+
+(show a screenshot of what the login flow looks like... but for now
+I'll do a code snippet)
+```
+telepresence login
+Telepresence wants to install the Telepresence Pro User Daemon to enable Cloud features(y|n): y
+Telepresence Pro installed!
+Launching Telepresence Pro User Daemon
+Launching browser authentication flow...
+Login successful.
+```
+
 ## Acquiring an API key
 
 1. Log in to Ambassador Cloud at https://app.getambassador.io/ .
diff --git a/reference/cluster-config.md b/reference/cluster-config.md
index 48aaa6f9..1db27ef7 100644
--- a/reference/cluster-config.md
+++ b/reference/cluster-config.md
@@ -83,7 +83,7 @@ intercepts.
 
 ### Create a license
 
-1. <ClusterConfig /> 
+1. <ClusterConfig />
 
 2. Generate a new license (if one doesn't already exist) by clicking *Generate New License*.
 
diff --git a/reference/config.md b/reference/config.md
index 3d42b005..6722bc93 100644
--- a/reference/config.md
+++ b/reference/config.md
@@ -31,9 +31,6 @@ grpc:
   maxReceiveSize: 10Mi
 telepresenceAPI:
   port: 9980
-intercept:
-  appProtocolStrategy: portName
-  defaultPort: "8088"
 ```
 
 #### Timeouts
@@ -65,6 +62,8 @@ case insensitive:
  - `info`
  - `warning` or `warn`
  - `error`
+ - `fatal`
+ - `panic`
 
 For whichever log-level you select, you will get logs labeled with that level and of higher severity.
 (e.g. if you use `info`, you will also get logs labeled `error`. You will NOT get logs labeled `debug`.
@@ -135,28 +134,16 @@ The `telepresenceAPI` controls the behavior of Telepresence's RESTful API server
 If the `traffic-manager` is auto-installed, its webhook agent injector will be configured to add the `TELEPRESENCE_API_PORT` environment to the app container when the `traffic-agent` is injected.
 See [RESTful API server](../restapi) for more info.
 
-#### Intercept
-The `intercept` controls applies to how telepresence will intercept the communications to the intercepted service.
+#### Daemons
 
-The `defaultPort` controls which port is selected when no `--port` flag is given to the `telepresence intercept` command. The default value is "8080".
+`daemons` controls which binary to use for the user daemon. By default it will
+use the Telepresence binary. For example, this can be used to tell Telepresence to
+use the Telepresence Pro binary.
 
-The `appProtocolStrategy` is only relevant when using personal intercepts. This controls how telepresence selects the application protocol to use when intercepting a service that has no `service.ports.appProtocol` defined. Valid values are:
+| Field              | Description                                                 | Type               | Default                              |
+|--------------------|-------------------------------------------------------------|--------------------|--------------------------------------|
+| `userDaemonBinary` | The path to the binary you want to use for the User Daemon. | [string][yaml-str] | The path to Telepresence executable  |
 
-| Value        | Resulting action                                                                                       |
-|--------------|--------------------------------------------------------------------------------------------------------|
-| `http2Probe` | The telepresence traffic-agent will probe the intercepted container to check whether it supports http2 |
-| `portName`   | Telepresence will make an educated guess about the protocol based on the name of the service port      |
-| `http`       | Telepresence will use http                                                                             |
-| `http2`      | Telepresence will use http2                                                                            |
-
-When `portName` is used, Telepresence will determine the protocol by the name of the port: `<protocol>[-suffix]`. The following protocols are recognized:
-
-| Protocol | Meaning                               |
-|----------|---------------------------------------|
-| `http`   | Plaintext HTTP/1.1 traffic            |
-| `http2`  | Plaintext HTTP/2 traffic              |
-| `https`  | TLS Encrypted HTTP (1.1 or 2) traffic |
-| `grpc`   | Same as http2                         |
 
 ## Per-Cluster Configuration
 Some configuration is not global to Telepresence and is actually specific to a cluster.  Thus, we store that config information in your kubeconfig file, so that it is easier to maintain per-cluster configuration.
diff --git a/reference/intercepts/index.md b/reference/intercepts/index.md
index bd9c5bdc..20b0094d 100644
--- a/reference/intercepts/index.md
+++ b/reference/intercepts/index.md
@@ -43,8 +43,8 @@ login`](../client/login/)) changes the Telepresence defaults in two
 ways.
 
 First, being logged in to Ambassador Cloud causes Telepresence to
-default to `--mechanism=http --http-match=auto` (or just
-`--http-match=auto`, as `--http-match` implies `--mechanism=http`).
+default to `--mechanism=http --http-match=auto --http-path-prefix=/` (
+`--mechanism=http` is redundant. It is implied by other `--http-xxx` flags).
 If you hadn't been logged in it would have defaulted to
 `--mechanism=tcp`.  This tells Telepresence to use the Ambassador
 Cloud traffic-agent to do smart "personal" intercepts and only
@@ -52,8 +52,8 @@ intercept a subset of HTTP requests, rather than just intercepting the
 entirety of all TCP connections.  This is important for working in a
 shared cluster with teammates, and is important for the preview URL
 functionality below.  See `telepresence intercept --help` for
-information on using `--http-match` to customize which requests it
-intercepts.
+information on using the `--http-match` and `--http-path-xxx` flags to
+customize which requests that are intercepted.
 
 Secondly, being logged in causes Telepresence to default to
 `--preview-url=true`.  If you hadn't been logged in it would have
@@ -68,26 +68,14 @@ your cluster; if it detects it correctly, may simply press "enter" and
 accept the default, otherwise you must tell Telepresence the correct
 value.
 
-When you create an intercept with the `http` mechanism, Telepresence
-determines whether the application protocol uses HTTP/1.1 or HTTP/2. If the
-service's `ports.appProtocol` field is set, Telepresence uses that. If not,
-then Telepresence uses the configured application protocol strategy to determine
-the protocol. The default behavior (`http2Probe` strategy) sends a
-`GET /telepresence-http2-check` request to your service to determine if it supports
-HTTP/2. This is required for the intercepts to behave correctly.
-
-### TLS
-
-If the intercepted service has been set up for `--mechanism=http`, Telepresence
-needs to terminate the TLS connection for the `http` mechanism to function in your
-intercepts. Additionally, you need to ensure the
-[TLS annotations](../cluster-config/#tls) are properly entered in your workload’s
-Pod template to designate that requests leaving your service still speak TLS
-outside of the service as expected.
-
-Use the `--http-plaintext` flag when doing an intercept when the service in the
-cluster is using TLS in case you want to use plaintext for the communication with the
-process on your local workstation. 
+When creating an intercept with the `http` mechanism, the
+traffic-agent sends a `GET /telepresence-http2-check` request to your
+service and to the process running on your local machine at the port
+specified in your intercept, in order to determine if they support
+HTTP/2.  This is required for the intercepts to behave correctly.  If
+you do not have a service running locally when the intercept is
+created, the traffic-agent will use the result it got from checking
+the in-cluster service.
 
 ## Supported workloads
 
@@ -192,12 +180,12 @@ Finally, run `telepresence leave <name of intercept>` to stop the intercept.
 
 You can skip the ingress dialogue by setting the relevant parameters using flags. If any of the following flags are set, the dialogue will be skipped and the flag values will be used instead. If any of the required flags are missing, an error will be thrown.
 
-| Flag           | Description | Required |
-| -------------- | ------------------------------ | --- |
-| `--ingress-host` | The ip address for the ingress | yes |
-| `--ingress-port` | The port for the ingress       | yes |
-| `--ingress-tls`  | Whether tls should be used     | no  |
-| `--ingress-l5`   | Whether a different ip address should be used in request headers | no |
+| Flag             | Description                                                      | Required   |
+|------------------|------------------------------------------------------------------|------------|
+| `--ingress-host` | The ip address for the ingress                                   | yes        |
+| `--ingress-port` | The port for the ingress                                         | yes        |
+| `--ingress-tls`  | Whether tls should be used                                       | no         |
+| `--ingress-l5`   | Whether a different ip address should be used in request headers | no         |
 
 ## Creating an intercept when a service has multiple ports
 
@@ -236,7 +224,7 @@ Oftentimes, there's a 1-to-1 relationship between a service and a
 workload, so telepresence is able to auto-detect which service it
 should intercept based on the workload you are trying to intercept.
 But if you use something like
-[Argo](https://www.getambassador.io/docs/argo/latest/quick-start/), there may be
+[Argo](https://www.getambassador.io/docs/argo/latest/), there may be
 two services (that use the same labels) to manage traffic between a
 canary and a stable service.
 
diff --git a/reference/rbac.md b/reference/rbac.md
index 2c9af7c1..6c39739e 100644
--- a/reference/rbac.md
+++ b/reference/rbac.md
@@ -149,7 +149,7 @@ rules:
 - apiGroups:
   - ""
   resources: ["services"]
-  verbs: ["get", "list", "update"]
+  verbs: ["get", "list", "update", "watch"]
 - apiGroups:
   - ""
   resources: ["pods/portforward"]
@@ -157,7 +157,7 @@ rules:
 - apiGroups:
   - "apps"
   resources: ["deployments", "replicasets", "statefulsets"]
-  verbs: ["get", "list", "update", "patch"]
+  verbs: ["get", "list", "update", "patch", "watch"]
 - apiGroups:
   - "getambassador.io"
   resources: ["hosts", "mappings"]
@@ -223,7 +223,7 @@ rules:
 - apiGroups:
   - "apps"
   resources: ["deployments", "replicasets", "statefulsets"]
-  verbs: ["get", "list", "update"]
+  verbs: ["get", "list", "update", "watch"]
 - apiGroups:
   - "getambassador.io"
   resources: ["hosts", "mappings"]
diff --git a/reference/restapi.md b/reference/restapi.md
index e3934abd..462abd19 100644
--- a/reference/restapi.md
+++ b/reference/restapi.md
@@ -10,6 +10,13 @@ On the cluster's side, it's the `traffic-agent` of potentially intercepted pods
 
 ## Endpoints
 
+The `consume-here` and `intercept-info` endpoints are both intended to be queried with an optional path query and a set of headers, typically obtained from a Kafka message or similar. Telepresence provides the ID of the intercept in the environment variable [TELEPRESENCE_INTERCEPT_ID](../environment/#telepresence_intercept_id) during an intercept. This ID must be provided in a `x-telepresence-caller-intercept-id: = <ID>` header. Telepresence needs this to identify the caller correctly. The `<TELEPRESENCE_INTERCEPT_ID>` will be empty when running in the cluster, but it's harmless to provide it there too, so there's no need for conditional code.
+
+There are three prerequisites to fulfill before testing The `consume-here` and `intercept-info` endpoints using `curl -v` on the workstation:
+1. An intercept must be active
+2. The "/healthz" endpoint must respond with OK
+3. The ID of the intercept must be known. It will be visible as `ID` in the output of `telepresence list --debug`.
+
 ### healthz
 The `http://localhost:<TELEPRESENCE_API_PORT>/healthz` endpoint should respond with status code 200 OK. If it doesn't then something isn't configured correctly. Check that the `traffic-agent` container is present and that the `TELEPRESENCE_API_PORT` has been added to the environment of the application container and/or in the environment that is propagated to the interceptor that runs on the local workstation.
 
@@ -33,85 +40,54 @@ $ curl -v localhost:9980/healthz
 ```
 
 ### consume-here
-`http://localhost:<TELEPRESENCE_API_PORT>/consume-here` is intended to be queried with a set of headers, typically obtained from a Kafka message or similar, and will respond with "true" (consume the message) or "false" (leave the message on the queue). When running in the cluster, this endpoint will respond with `false` if the headers match an ongoing intercept for the same workload because it's assumed that it's up to the intercept to consume the message. When running locally, the response is inverted. Matching headers means that the message should be consumed.
-
-Telepresence provides the ID of the intercept in the environment variable [TELEPRESENCE_INTERCEPT_ID](../environment/#telepresence_intercept_id) during an intercept. This ID must be provided in a `x-caller-intercept-id: = <ID>` header. Telepresence needs this to identify the caller correctly. The `<TELEPRESENCE_INTERCEPT_ID>` will be empty when running in the cluster, but it's harmless to provide it there too, so there's no need for conditional code.
+`http://localhost:<TELEPRESENCE_API_PORT>/consume-here` will respond with "true" (consume the message) or "false" (leave the message on the queue). When running in the cluster, this endpoint will respond with `false` if the headers match an ongoing intercept for the same workload because it's assumed that it's up to the intercept to consume the message. When running locally, the response is inverted. Matching headers means that the message should be consumed.
 
 #### test endpoint using curl
-There are three prerequisites to fulfill before testing this endpoint using `curl -v` on the workstation.
-1. An intercept must be active
-2. The "/healtz" endpoint must respond with OK
-3. The ID of the intercept must be known. It will be visible as `x-telepresence-intercept-id` in the output of the `telepresence intercept` and `telepresence list` commands unless the intercept was started with `--http-match` flags. If it was, the `--env-file <file>` or `--env-json <file>` flag must be also be used so that the environment can be examined. The variable to look for in the file is `TELEPRESENCE_INTERCEPT_ID`.
-
-Assuming that the API-server runs on port 9980, that the intercept was started with `-H 'foo: bar`, we can now check that the "/consume-here" returns "true" for the given headers.
+Assuming that the API-server runs on port 9980, that the intercept was started with `--http-match x=y --http-path-prefix=/api`, we can now check that the "/consume-here" returns "true" for the path "/api" and given headers.
 ```console
-$ curl -v localhost:9980/consume-here -H 'x-telepresence-caller-intercept-id: 4392d394-100e-4f15-a89b-426012f10e05:apitest' -H 'foo: bar'
+$ curl -v localhost:9980/consume-here?path=/api -H 'x-telepresence-caller-intercept-id: 4392d394-100e-4f15-a89b-426012f10e05:apitest' -H 'x: y'
 *   Trying ::1:9980...
 * Connected to localhost (::1) port 9980 (#0)
-> GET /consume-here HTTP/1.1
+> GET /consume-here?path=/api HTTP/1.1
 > Host: localhost:9980
 > User-Agent: curl/7.76.1
 > Accept: */*
+> x: y
 > x-telepresence-caller-intercept-id: 4392d394-100e-4f15-a89b-426012f10e05:apitest
-> foo: bar
 > 
 * Mark bundle as not supporting multiuse
 < HTTP/1.1 200 OK
-< Content-Type: text/plain
+< Content-Type: application/json
 < Date: Fri, 26 Nov 2021 06:43:28 GMT
 < Content-Length: 4
 < 
 * Connection #0 to host localhost left intact
-true%
+true
 ```
 
 If you can run curl from the pod, you can try the exact same URL. The result should be "false" when there's an ongoing intercept. The `x-telepresence-caller-intercept-id` is not needed when the call is made from the pod.
-#### Example code:
-
-Here's an example filter written in Go. It divides the actual URL creation (only needs to run once) from the filter function to make the filter more performant:
-```go
-const portEnv = "TELEPRESENCE_API_PORT"
-const interceptIdEnv = "TELEPRESENCE_INTERCEPT_ID"
 
-// apiURL creates the generic URL needed to access the service
-func apiURL() (string, error) {
-	pe := os.Getenv(portEnv)
-	if _, err := strconv.ParseUint(pe, 10, 16); err != nil {
-		return "", fmt.Errorf("value %q of env %s does not represent a valid port number", pe, portEnv)
-	}
-	return "http://localhost:" + pe, nil
-}
+### intercept-info
+`http://localhost:<TELEPRESENCE_API_PORT>/intercept-info` is intended to be queried with an optional path query and a set of headers, typically obtained from a Kafka message or similar, and will respond with a JSON structure containing the two booleans `clientSide` and `intercepted`, and a `metadata` map which corresponds to the `--http-meta` key pairs used when the intercept was created. This field is always omitted in case `intercepted` is `false`.
 
-// consumeHereURL creates the URL for the "consume-here" endpoint
-func consumeHereURL() (string, error) {
-	apiURL, err := apiURL()
-	if err != nil {
-		return "", err
-	}
-	return apiURL + "/consume-here", nil
-}
-
-// consumeHere expects an url created using consumeHereURL() and calls the endpoint with the given
-// headers and returns the result
-func consumeHere(url string, hm map[string]string) (bool, error) {
-	rq, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		return false, err
-	}
-	rq.Header = make(http.Header, len(hm)+1)
-	rq.Header.Set("X-Telepresence-Caller-Intercept-Id", os.Getenv(interceptIdEnv))
-	for k, v := range hm {
-		rq.Header.Set(k, v)
-	}
-	rs, err := http.DefaultClient.Do(rq)
-	if err != nil {
-		return false, err
-	}
-	defer rs.Body.Close()
-	b, err := io.ReadAll(rs.Body)
-	if err != nil {
-		return false, err
-	}
-	return strconv.ParseBool(string(b))
-}
-```
\ No newline at end of file
+#### test endpoint using curl
+Assuming that the API-server runs on port 9980, that the intercept was started with `--http-match x=y --http-path-prefix=/api --http-meta a=b --http-meta b=c`, we can now check that the "/intercept-info" returns information for the given path and headers.
+```console
+$ curl -v localhost:9980/intercept-info?path=/api -H 'x-telepresence-caller-intercept-id: 4392d394-100e-4f15-a89b-426012f10e05:apitest' -H 'x: y'
+*   Trying ::1:9980...* Connected to localhost (127.0.0.1) port 9980 (#0)
+> GET /intercept-info?path=/api HTTP/1.1
+> Host: localhost:9980
+> User-Agent: curl/7.79.1
+> Accept: */*
+> x: y
+> x-telepresence-caller-intercept-id: 4392d394-100e-4f15-a89b-426012f10e05:apitest
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 200 OK
+< Content-Type: application/json
+< Date: Tue, 01 Feb 2022 11:39:55 GMT
+< Content-Length: 68
+<
+{"intercepted":true,"clientSide":true,"metadata":{"a":"b","b":"c"}}
+* Connection #0 to host localhost left intact
+```
diff --git a/reference/vpn.md b/reference/vpn.md
index 368a9fa1..cb3f8acf 100644
--- a/reference/vpn.md
+++ b/reference/vpn.md
@@ -146,7 +146,7 @@ be possible. In that case, your best bet is to attempt to shrink the VPN's CIDR
 One easy way to do this may be by disabling split tunneling (see the [prerequisites](#prerequisites)
 section for more on split-tunneling).
 
-Note that once you fix this, you may find yourself landing again in [Case 1](#case-1), and may need
+Note that once you fix this, you may find yourself landing again in [Case 1](#case-1-vpn-masked-by-cluster), and may need
 to use never-proxy rules to whitelist hosts in the VPN:
 
 ```
diff --git a/release-notes/telepresence-2.4.10-actions.png b/release-notes/telepresence-2.4.10-actions.png
deleted file mode 100644
index 6d849ac214bd4a222a713a6f1926a26f6116c9b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9342
zcmeI1WmH^C*XOa|5G)Xay95p1xTkRm?iL&xcMA?d8WJFQ0t9!LAi;yXB#kx@9D@5C
z?tPy3xoh5;HD6}FP50_Pb*k#WckO+8t^KR&Xf+ji9LyJ(2nYx`;MX!52ndKmKsys1
z75GMx|MeW`kh7JRRs%~*Q>(c;zqNI+LO@`KT9}#=fZ3P_%*;$p2S#49V7hu~L`A*V
zFb(SK9OxYGL?dcYP~zZ#V51))){vU=vR-=P6um&_*nKzLa(<UQ!Z*0?%FYyu8*~q$
zC(;zfTu}hCtDsH>1q+Hc=N5&9gm6C@(B|M|L8ulEc7W36<^}HwQG0^Iz9IIgysJtG
zo(V${LS7IEb_jvLm&ql4&l&8HMNfb1PR~DWjJM+9a(1i^;d{mX>Ij{2#W+b4Y$uBm
z<vGe(#P&mJj9DFm5}{G@&f2&pJN_Ls1d5N0%sfm}BEF0e$&mLPO^Qt?Eu_m|Tulvw
zCZ#Dn#LOOqj4UoLr4*VIBKeybx%>0-lW5s!2pU(Q1&ay~|GTQ@Mjoyzm79kLH$i0N
zRz~FR<=uyeho$?6hh-~l>|u#-Xzhpym+WS>atwVAKw{0Ubir?xl@VBhHaY?lA^`$2
z&_V>>2$8l3D1WsP5Ey|g0s?YU1OggxB>+BZxk&#WMHI?K{&yQ8^Kqi2rZgA~Ts19R
zt*o5fY@FR?KQN3VARvj_zR`8pRaOF7I6HEfSvs3rad<mI9wi7O-XNgqXytB3?d|B`
z<OcE<rTuFL2xvccbJ9}(HO1XtlvY<+jau5-)ry**gNuWURt%Gxnp(uw@-0Y1M($s7
z;7*j*#@!tP;^g%5^5XE~;c#}f=HwO<65`}~#rf(LJ1~RY&Bw{z%$wcGjqYzF|F$Dz
z<!0e(3vst~cA|c?Yi923;Vw!``{?MuUVpFC%G>roo}AqN6&4U6=i>+`HwPEz|4Qa=
z`}Th$dmQ;&_E%hgyAydd22!*2wsO#uv2_Hp3M@^Gn~z`QFE{^f<Ub4jTdCz{<tpv$
z2ngN9{_|M=CI08&|1A8=rS5-R@^JI~)8#)#{-Jyf0i^0`3wSeo%%K>!2<Lz6``3IC
z&c_7*BjJBP&A)nq$0>#>!uel64KYmp%i0A51ZokmjN}_{#QiJ`{|__G4?zoFuhB!Q
zq`wnWOGqF=MaybtpBOHdTvi%BYu+)byqjNKI%jn}yPiuppVT<hS2y4-dIFU_7sZnb
z#zPNblL!tA3rh?bd+-@O!c87jVwCV_;_<=F`Q(#&lD*-#c{g$*vekx|NRJX0jE9FL
zC4r8PNJIU9x@o{@x<o@2m>*>n`b*}RAz`Z?5?esrq7P#3|Ep_MN<wB-Pfp{S1~4Xz
zMC(diJs=5K&I}LsGuV!@pNodz#7D%ca(32_@RpXZKt0hB`x(?sVk2T4rb*~??{~yt
zH)a>nXe49QO=m%v9D#T4hiz||0c-6jFMiahrQTz_D5-4p?RE5AlSHYQ>DR|3LUK$&
zAmi~L+x@inBH4mOi%n28(qM-G>71$aLS*^Im*FOcymy5j1CeI@9vyOPRB5RL)lA0r
zJ$ti*k0g~lf;WD$)L1$&$Yz&uH42t~bmeX+X=VbQA}O6_L<y4+rl+Qz!$mV{VMAFY
zM8t1C=UtrCp&7@;h#IKxmQ3Zq3OSdNkf{)jYdF<HuagGC-iM4A3`ymR;zL-WCx1L6
zOYNsRGQ3P2#D_CTEBZX<S4O?hk5@fO*Hfk`L`%qw^+1?zU&B9J<O&#j+tGu(&Z`yu
z3N&a|uu(GQ;Iybu=nlSpx`eA%EB9F)<cl>0**SZN_{xwBznH59Q;Oowmk6`gyaaMZ
z^d-_$E>&d-9phYbFYVy>M0qIXNHQoaSd##f-eFtk-O#0hg?WTz;I8$t9#_DWP%iRI
z$o=!XJkCQ2BS(tsNHifss{Agg+;V&fCe)3F#G@zJbWhy#8R3@}b7Kb+|5}#22E9sO
zH_RHhA64cX_#XR}sc~IL_mbZ52Pe8?+s@zkpD$-7nc4g-s9fC?k5BWuxvsLEjxLTn
z&yp1Uj{`uSd#yzk0S{-<%;ja0g}BDQXBVCZMGM37MR^KOdnY4NX$~UU-pB5}tIDQW
zky`Tnb;IMb;*Hz>)93Rb-|UY6>Vu3Kypx*kYD2|igpI>b9mUx1kZbfS$#)nG$9^dz
zKFDFX^SYe$a>ng~+780h)Y|g7s1DP)OhHQS?e4=>1|vlxvXq21lFDj@O2#;ulM~0K
z!yT!m344EL^l7BPA@zn)soIyXMn7m*l(kpYT*HOpsGebx)YR#&P__nfZ7T1?{j%S<
zd@G*<dN@qL>8^^xtB28aB6ok^_T?0CpkGx~c4ng{>^twQiHxLXsYh@j8#UiQXESWp
zj_@Uz;v<`?_E=`nir+SH^Z05-49)e;la_b(0PoEo(3^6kc~*AuQHkaAh=6~`YX+z$
zUCKVi>6#7IIokHJUR_^}5ND&Z(EsRwg;+?lLPXmLv7`D$Z4cj>dF3FK7B?CqhK_Ok
zZC`RR<3p*;$k;NWQR{VAsLbc2UrWX7zC|^(g8^-cnqL}7)G`kh0!fXp))D>hm07c|
z#=aF5mv-m5;W+VFm(Zl16wi6C=JBx%w7W|i^*fXM`E5kwzZMC=3DW&k6yMKeD7RTa
zKp?cTtGt!yx|z=1(J*0{brWx>z0fBcUNTmdjaagOA@dvs6cInCvAV@+C@-U%xOjgv
zSFGE}Kry7f*PYWLBCAdR37QlZoQx0ghFVDOQ0ycOT|HY_7$PSCsU(b0dH<BI&k2hl
z#FE|n_DxL^$%~62=NBkc&Hd|O@FiTN33_?u-MWgNHAT>mP-$2$ku#34kEi$cnT_ep
zD{vWIho4iOtK#yd+q=O}n*xqAdfNJNYc((4Gc-2JU*P_*yE*#FgMRQk&v53oYiljX
zvr>fys<yJSHqPaYkY|<e>72R*6CtwA@R3HTQB1^sx|Ji^i<J?KNSZsO>a}p2+w)KA
zc0}IVe>@2d9Az1_o(s2OnMZg?V)hn!lDEl7t(K!qe<ZTA_U9K7!I@{Z-yzdd2d8AT
zW?)SA6_RaiWaSJWEW^|4k=ct+;LTFlds9%uX-a0AuAe^C2G0b1Ep^-rJ}rhaRg~P7
z`;D&8QISj9^?7`JD9FL>?+;2dFSiroKp{^L9;Db#yGv84W@=~(JpKvmo6|Ai(XyVe
zX@!08KL?>g)lTWXJec$Z3I`nFf(sfkIo0UKbh~9WZKyN!Hc(^`X{@zQr58!i#`hOb
z^%pJ&-7=sCy75dT*fN66@$6vsVmE>M#?Txz^Vj*w;G_ANwhub-Iivee8OANUT-KV5
zHhamu?_kopb+>3$8KWFx2Eo81t;L7fKzC<q=|I<hW_L@m17n;5?Q8s*n&0a#+fxh_
z7CR4UQ~458J|BHq3(IT%5x!13Ck7`dG-`ULBdl=D+d!E^drT&&y_~_BpvAHG^$v9x
z{BrCzIW_7?Y5%2jucl!cZjiqjc3XhxaIN02MlI_#3@6TU(VnNRxMV2oG#e#$!Vh>v
z&$NnMm+uo?F4xL!SHk<r{q`1mb&OKwlbQd$#;Mu9fW{HiX4_CrMeSKVg8TtQ$v#ui
zHaK>&`h$o^_ZEqE@X%^qPEY7myG4ZRQebR~VZJ4i`8{0hveN3pRBbt4S6)%9;n1;V
zFZ3j%FlmkT*2#*XO$2t_pW0V4#im9)HA2|1Q^qv3zjNj~bKe8csMuDXP!=_@WV=?S
zqL3GgrsNd4Kk`bRX!S$T4)nm}n~8617@ucZz(dkTpFiuMKYe~8uAROi7`dQ~liy!i
zVIrUl_N{BH-?7A+9Gb!rh+#dmX_%%#d4XRf^v6H%t`$~&ZbHzq?AWz`=j$nYMkKfi
z)Aw-AOfUhW<{^aGc+Gr5le>N_ZM%4QP<x7ajTis}96tm{8In;vw@m?V%B6vd<{_xS
z0>D9?I#ALa-A(iL9&d0FZ(<C;l?~ZtnSIa*3l7B}KYlEqd~bLk+=D}LGI({+(L;y{
z{w}IBBz3oykh;VyOF|^6PDJ$IK8HVb;1vhb(t0V#*wMV|z}#8d&I^B07*MENW5~T~
zIPM7XLEq#Ifa2`Q*ooAC(Uv_}F;<c8IbFXi(}XJD-5YuD-drl;`1XffLwK+>VJ;Xo
zzN<R++Cm>Pn{DLCL%TH|${a@m_&Y!;i_V0>v|5v)r~u)tOryxaGkv`a+<-Wu1_r$z
zxu=kkns#ft`(+leKnWR@cAz$(3-Tf23l&ltZ)XCTpmqI20WeZ$F;MP>&W;qe9!Uq9
zeE3LCD#`%w6i4cSm;geF%JfGA#vpcpL`Af1QV0Ma88}?{5v()`@t|%ys~<-J3RxKs
zYI1~EN$QFOq5AuOi=)$1H;!(?`3VtW81Yu(2Ta&>ppfgsi8<3kuu@$i94E6uQ9RUT
zsRUvGd)ySHWMd&}BH`{=Twi*>4EfnCj<^{6WNf;IXWzlz!LPZsyBjug*#dhdjC#2a
zy|Je2T-GrHS^N<^-JgNkaet=C;_~XFFWoY@>8X-jjUuJ6t=82cDGD?IZEx;i2G-Mm
z;;|XzOOi+b#ex{w06(ak^7751YVLJzKljfY+TGc8;aEo!yV?RxPtWp!tZl8;ys6$(
z@L}6->j`?k!l^Ys43CUN8?`p6{y=eeecE#ho|tb7;M^f&duuxr%54#mXON25LnXS9
z|LeCp)ccaD_NY`qTtZgMBk!c+_JV==Wo73L)qU-Ri=yx*_V?lh(bh<FRsSyqdpo-B
z(`p}d-q36)wakb#x|yHX9lur)ihZeb;=J{0a5or8_krm+folHRIF#_{&uPyJ;vE+^
zBW8lAAX;h1qG@ei*m_~2$MLH_Sg{V99<$h+*m4Qa-*MBMk3|34D_&PubI;R~86D|;
zQv0<h_e+}s0J9yIjCZa!(9)u!p3b8s8=EGpwWIrbDm{tG(YG|~-x<P>Pn(tAKj+7T
zwL}!%Mcv<3!6(8m_YHz1t?IiLqqFehqSwD1-FV$c9DF$JEfDVws=S^4G9E`MhT>MJ
zDq(7h@CU1cj)AY+vMJq3P8PRM`s8bf(Z!D+tb3ruC`Uis;`d|hdNQ+G4F2D~;Ze?#
zoz<VgXQ}#9jE?)>9pn(kR;zcfY;T0{Y}M%RxxT=vs+wq(XU-1V!FQN%A*r>nc=OX+
zNju<0<o7R0a@d<=+3(FlZ@R<7w)U6X=JNv#Zx2lZh$)b6@rb4+H}uXH<_75Rhkd&O
zG{-+0UccKFsIt8Ytcf2hBCbwk*B2xl?(gn43Sbhu>Id<TcckX{7;fl!FIx_O5~J+!
zUk|9~bRGrgT1kH3U-W8^ekc6I91+I67<(b$bmQ`%D)04FfB{vK0-4L>_PGc0fw;S&
zx_R}{k$WT-T9p%{i3!!^4XHWgfP5_P#K}o{qE_(MVS;>`Z`$H+6V{||7&9MjQD>g+
zAE9PKWg_x4+&wg?)`iLSPsN0?Fyh|5%g#Ivf(Y`yGHs*Ft{743N2s3&rI>N{&h07K
zf}7<n(JM~lFW2YPb&A&5d&@dmtr-HI9nA??TS{F^((*2XEKjnE%WKV<ip-Ts_k_~I
zhIA@Qs7ity7enAv$}sh}>fnRpvoGe5?6zB^un3g(?S3k?wW86fr<Ap(5t)orP45fl
z*Wv>rk2e|(R^-KzhJudKW1_b^_z&OsXpFtp@QHBrkXXu03YIo-J&qn+Au&)mu~z=B
z*x@6eD!JA~)KT{#IU}KGon`TWB1k3Ud0hIAep{_8UrCAmK!9+J35SW)8lgkAQUlRL
zgKv4d|LVNy_X*3kv!5g%vC8$**>I`UGRxx2U~o-a@4Jlxg-gLrVqr7v8nCI@?X7`U
z;P>ie@AY~s;@y_y(B;4mWVFHZt?B4Myojfy!F<b3PH*1yT{+lEQ%VhfuO~u-4}+OB
zxt;rDHY)6V=8?*ai+dk#hU}hU!Gf5<^#RxLY9cD5grjy*q9LQ3grXCN0?%DyDZ|p}
zDKH!3%R>h_eq6mMQGUDJJwXw~NMa$s3Gu9ykW0Ej2wiEJd?SaYqwM<3R!&dMg;+}|
z<Js?}XA45j3M+N*R5HaBX-V?-`LEen*yUZoLd2ulF&s3KM>Mf<FtNjolo!^cpF2TV
z<b_BzVY=ADXkHq%`Fm@W%Ne<&#|BTDTbp$%p?-e$u+PVE3J1$<fu>Xc?dGyQ?P`Mh
zw=#0rYO`xo;z4S{`M=f>%>t&y3=*VmzIylC4?z`Z!n@@)A&jD$%1ceKS2b~SKO#;D
zAimHWZenaIMHOjG42nX+!qKEeL(K{euNtDd9`n2c1A|5Up&Ux5gCd6A9^RQmS!;F|
zCA)3Hr>r_0vF2}diYUJMdD?&YHtW#WxVlMHKHF|rL$0i;?6@8<<>p}IYJTz4-*cva
z2uoH#L8&%xHovT;<yvm*z_Wh_wsJs{nnD`e;x0sD{feXH4nDPYbYLQ`qkX>;a>wQW
zTcWD>j$dyuX^{l6kVHt77#mGvFE%+g_GL*aw$ymsnnC)|^Th(q*mf-;pDWg{J*y&)
z%>%jjs6#y(h=hG{^fblYyD#s{%J_^s1V(?n5IET_1uK<;>rkKmj=RGE@9?7S`k3dJ
zm3<d!T^wt%{e(mHDv?nz{`tvKx_FSU75#IRKJPVtekF^vS&ntx?3BrYJGd2-Ng1q&
z0*Uk3<#SM`|DeK1t9I0kO9ZL2r?b%gd^DrG(=TQ%9}(sT*1;<b!H)wj<5#qI=^2bu
zPrASM`)v1TeI1~=Q`a{}^{Q#3MU9~IomOMuCzsf|78K<YAhs89C`9mK+Tj0W@Frzv
z^Kyn7^H%(70Lg(#z?He#ApORQB?uo@=D#kV^f4)DA4I9o1=HX!?T?=VaXSh3BaK-Z
zzey&}&Zg9sttiSTnyVx!1ygc-K)%Qd4L#!OZS;;1j-I`Pfm@V_i8<-py@t^<l|<1z
zyGJyQC24vWe2YnE-eWBYLM~C1MZ(sjdrxNGJG_QerPrAarKkQ8x#^K+9c|p1s%Osq
zWJHPPM3*{pAdKbDTdt$TB(S*nLiU7zpxuH1*j_7wTo$>GkA}zGNuPKIT=quy##-Op
zx4-??;-g?Ixu>oFh1=qXU|ZEG_p{qkYOJC$WdRL0LNbAAJRS>@*wi4%d(NaXhIV|y
z_$(yOu=)=Td!S%+f?X!c>`E0kNLFPt={uglbQAj`oG63FCz6&6!x=(gt5qvX|8BI)
zn@=X@zk+Up#I$NZEIRP#s3nt8m8(mYzOuvNGM@47&Xm;nV>?W59Q&L58|7!C-~DC=
z>sU6<KM$nQ{n`p$$9!tSQxD31))}xPl9CF&-mvbPWaJl%y`dcA(0jjSEBBF5_4jSS
zh*#f}pTnQ5zxcdAO|R0xfeOI>Iz+Nx_JO^09>GN3b}5dMG$ZnNCg<JKo5K;`(@F@i
zJ=^9c8>+~mVkcuMup&#}EuL}SO@?W;&nC%QZ0l!3R&+BOIL0)xH{*-@r)?JGh1k1o
zY}f3iq(ON{eK_^Rl?8KrsR>k{O3O=mR6e9_X(fDwo*7yZ?5>O46Vbu-G!<1dy(eD?
zdHH^v@|8U4v4ATm`mh;UXX~8*6bqUBf+St`y{uTpY|tfV{^QyP{bn>(bWQ&|GtX$H
z(6!BdJEt7k>H?(xjia*PF#7gE=L@;5+XW$=!>@~sbLp|EKB$}KEKd!_W|Lw>)0H=E
ze0<*T6j3E*W&}?~W!9UmJ?Y-NXHSF8rG@8wSXl><91jwRq_SQCdQbyD4F~8iKA6vI
zrfR;Z`Q^qVfJ$|SJfi2(3U~?_t$IXGe!9WO6E@^Ws$A(x{)&Z2W10Z~sH0qxG{CfI
zk4)Pc%B1`V!TbQr{(Mg#30T5a0<<A$s_7hn*b%_g22wCCK&j+ufEM{_Hm?yN{s~Z&
z15Xn9BL{N<S~N-#+ZI6F04!qRE&b!!AH)>U;)-}rx&vYdU=g(=uU#JjyA#lodmrU*
z1LApL5!M+{`2WKI4jO9fVB~a>IN#T<cvjYT9UUxXeHhmG9lDP{@UC+M8z`yVI|5)Q
zYS3ni%3=7Ut9jUA9UT{aw;)VaW;9BMKTM*Pab=u#Ykj>O#cAt4OfFQ=TcShmro4H5
z^&q091vD*C_qO;tWn%|Pgv$#=pqkltwfC~zScs=4WoLIseQu@msLVqtzEKYem)+G@
z^Ng<Xa%3*MUwqa{%KVRQ#tfPVc4w2HoT)%GL{_VQ<W^i8^~Ce?=Gy#r9(r_qZs!5r
zh0zglik|S48ku4Fo#~L3WjA`zg6x=oyevs{WrS&K3vr?l0f&xM$Fbw(is)}uNF#eJ
zSUjHzop=I-v)-|EMW&!Ir2p-r*=MfG?o3~+;-z8rX*3$t`<7QPu5h~g`*$)gt*yW5
zR$Atug1MnGmO>xS%F4>k)h6&l=@->fhqiA15VKgLCH@baFWsqZUyiDliYm+dNADu5
zt#m~C<mFfIn>DqBjg8t-NI17v#;Agd&n=i_EL?|eF0XD@6r99n{cA~u=y5as+eD7x
zbXa(^jj4;vEy9!*1HNF852}GDc_#p2E}VLi#alIaqIPK@%8N>NUC8pA`ooRwkfbD6
z|Kl^c%%K*WdWwhYJq-U2M^0Qyu=bfuVr+-$IgvZgc78>Isz}9k7gIfG!FR*66)K#b
z?SoGhbj)ryc*m<e!&m=Wu_G6^xjE59X?yac$U67ZA<^^Te#*?)_HV6uB{i6l@n225
zXGQ%n{YSop^WZ-ddQM4sV8<p7z$|=|WaXk#EEX3r5FK+TxH0I2Ry*LFkHfIdfv<yA
zZD~;yG16G7#%$LZ#S1e(!>#7H_lB%-f6B^K*b^OL?8rBH!0}hh(_Sm9v}eM`7&8mQ
zCzf5LWvN*=1XTeSW;0*YCZK8J_5{jlhT3x|Xr7(159gX2AlHbE4sRml?>DAF-?<%@
z$tqD8=>^d#Zf~d0?gQI*7^y@>kXmucCBIK3N0AbSgSqn({jbSqo%y4BYw0@=oGPkj
zah+-t8qKs@<ZaNi@2`*{dAGX)hjQm1$!8LZ*ZX-(c;22u92Nr+Na-P=*B8BslB+wn
z`)xkWt?LCrH$uMdyYEJRUeGbH6IK)UoA$w7O40`3Z0VZUSuC6RU+oiLs{iu1;-pmH
zYI6JtKR4lI?d#y*m!QNjal3LZG)kKD!4RxtAjwI?4y?B7`F=d<yfhJzfBE%hr8}s^
z)b~#@Z`=JJ4F>;Xda=R6(PA?G<4YF!avjH(Qcl!qnS+1Lrtr+H#bEK}m`;wQrA$yJ
z16C0k#%POjYc-RYdX_49r03-jrSoK^c)$@xjDo_<@#G)ZHdV)QMtlyV!QK;kY+!p>
zVv(|FroU1bZJ}<U8R?~6fofpxx0b+a_KDl4j6j3^u(edI|BQ^G#L)p9$Do)Le&#uu
z7zMe!xmkO9_`vz6(nu%Owao2B+-iepB;HaZnq7%~wfzG=u)|%&)+>Xxga<PzCaHWi
zUwR+?!^o;VGkxfAAX&P^?awUh<4#>aywiv{$&GJW&_Gv$Sk5Rw6olqgqg#?uTH4Ze
zGo^h0E2%f`&*|=zrXGtw7sFZE@vn_vBGZ#2PU+qzgo0v$d>wews9~!UXa~}2@<9;n
z_~b(Cp@>GEF*VCAIBSR|$>h)I54GqSKM5C=ST16ps3@jZZhqEO%We3%HdeJHs<k9r
z*RHOJJTSA><3XXKpiaCNGnbOAm>t~>|B($Is{>^Ov|iPNHfrziY!-}GIz<Bao^)>_
zO^?67S_yQsePY1c%P9GvnCdq8WLWOW$O~6<9Suc?t|~Iy^x@r0jNWy|W#JdH^im|Y
zFlsEi)?{|&>;p>6!5RJ^#+vr?US2$GXsh0Nwk1pxt;ujOx4g>NJ8P`ErY53_Q@YNS
z)z+XpL%pp~wDazx&&W_|m!ZbNA9Wv`1Ud>{!PDFb0m8P&!is>g;Pw`mw8-h%7f!x9
z>RpWMbJjKu?wE*K54}((OGsduAGKX;nt(KucIu$9wYgxwJo(PB-qW{oAHWuqIg5Kj
z%K?2hSLyY1gTU^EC|B9jlHzaW-%d9~l!=aBB|7sv$UjjALH^`ppo*JN_4cQlLwx2i
zt3jhx!|;2dYSyKJ<Y(cssEQgl)hqS}NjWEAyAG601-N(ItZYq;QZhi-_Geq0TcsnP
zG|ib!J5+l&l2kIgzD;zye0obRv_vFJh)#ZUE#j0HBjjQj6MFR0*x;+vH7>>NN361s
zw%fI3ZAdWb)?DYx15-rrKda$!HF|cDwh_pYs>~!%YY(qI;dflFS@LqYU-VR^e+}^-
z!kltI$ssLQXLdCVPB87ncba}%$<MalnLM~KWCyI#gn8n0m8i~r30_P4%=>ewc8j54
zqhzP;om5QsnUu^!;6PKNBhLe@L8rpYA4!GA6<p_PqAbE&i+<MsoHhC5%ea`i*^}B0
zXiA_l25SGeCI1UL|C2lI%Nw84^FL)=%bnzwTe+Y@W!`mf8sW$a(z5KbdC4yqnCuth
z8pw5%^>m%$wirKn62!wuQpCRE_D$6!rg3+Np#Je-0U`srob2=VwzuB}GHs4zMh(y)
zYh|cpi^bOO2B`_L&DfS7e%)AFY@d1Ssi|{+sN=me5pL%ic2bpbH<z&f=6r0ey}y>I
z5*|&cvbXq<#c1nI@NTLB7KwN6ty+J7;9N&J2Aq~c+v@F+IPOEb8rwr~-@h|z2XL~_
z3SVDG_m=;*Ds{FJ=6kAmxS)$$RGapxf@NJdL!2FpB`>^r(L%+4Z!30l{nwQPxsqT-
zOXn<U?3~VSV3n=jlkqS)hUVaOY8&i2RmJ`BQQMq*IDd-H8(o}J`z!tRsh?ALIi+Pz
z*SzShRR^c6g&t9x(Lz2=&3QX-e<h9yq%Pn3E_kUR705n`F!8885DI7L4_I4}GgdLr
z{;C?&u=~!;DS=^Pbw1VhDC^{y8}~P7x;O=o%>?I|4Jw+4j0>1FK1XStZG>^8pf+Vt
zLwNWkC26-*r-t51AJ+CE+$4p-?bS2E(J8|~MXQ18bLmc7HX(ayVz)7fzQc>S(Yn{V
zinsYFob(O!G5VB#fpT)#2;w1~FYjxa)q=t(vFxKI7HUT{8u6+G5baYkr(!d|bt&Ef
z%=TNlGkt*1IJiL7AfFguyRcv<fau(%*`ERDmZnbu>O0Tn@W4c*$t45G5T>Rm`v`iW
z06mHpDP}zykOR(81*SEi05G0Y0|5ARN23sEx8UPJr*P`uJpSV>3Y@(zgtknx{D1TR
d7n0NYfL2qGCVn6E%MSr~fn`->Dx^%`{SOWvP(lCz

diff --git a/release-notes/telepresence-2.4.10-intercept-config.png b/release-notes/telepresence-2.4.10-intercept-config.png
deleted file mode 100644
index e3f1136ace83dbf8ff906e426f529f72f1ca1ba7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 23528
zcmd4%b983S(gzI3w(U%ki8ZlpPHfw@ZQHh!iOq>QF(<bDUNiT7o^#gst@r<Tuhm!g
z)w^2NwX3Us)#388V(>6HFhD>+@Dk#}ia<ahXn=AY6a?T`e((ka2nc4?Tu4Y>LP&^6
z-oe(y+{zdTNIX0_6;fGA9mns|^Ef&M379IM?U>dtX-4Q$Mp+O=oRYC9Pfy6$4s0YK
z0*aE9^J~HO5!9#}l0p^bw=+;CO3G8czL0TVJ!s}eQ`hN_!*$o5+n&#lgB;JTXF{MP
z`53h<_)4HS(gcYDP;aboi7~i!W*}g!89!(uyEa8eY9=N$A|{^C@0(j9RmeY#S$9si
zwmwxA_O6Syfb!6S=G_!+5c;i0v34TJnSkWQkh*pZ(%k}VNu?8sph>vd`>>VXj05Js
zU{^DlqvD=N)*%DAF@=(j0r^=)9$~w$!wn*Gpy+EN%TWrpA?eH2_zehQg~R^d->1pg
z)(@IQ@?-=;!|DIo#P|I3De{vg*cX99s87jR24+)^65Z7C=5xCGc`G52HaA8;0Iq=_
z1ugm~&gjR+ga%rHo`QzkAPcN};zJ@$9ORG;v+7AE_at|WZkU0!i`x-PDJ<v;3?Gxr
z8Ov?)2je`AI$CvDGTpVY46_&$s%j2;=?v_XRq!W>fK@-sA@trrsd@%FDwE+}<&4z+
zY{c7h0e^0K8*s#`W07x#>ZnRpGPFS;TC=0c&0(Y(GjDNt#JZao-zRn^dvKT9@4_(h
zsTk#z+eT1y4|AO;gK9XAEM`kmbkDRg=$I@MBp482&_RDIB2biGU|@bIVL$pk`gj?%
zy$<m#dSnwQBRC9)y(hSqFiW0LeOpUg#NNU8Y)%y0<HSdl0^OY1gGVAU4jBI=Z0$2|
zAdUEyq6+M6Y=<1mav&#8`-6l|DtwP!e_-LfC@*Xle>w&*lU|q=P}6OMPJccq2xKA*
zGJkMCSTG{UF)v0n2o-+=d6;kh)_EukemvVi>~JvwCUz)U;F!JWcA)FPhywIjK=gf3
zZivG~Q2hdEVKC-`9&wCD(7%MFM^SG=1@p})p(TTvh>*!bQv@vY6wBZ$f?R~0XQpSM
zk7%5rPeLw)yl0T^AYR}K^_Zjso%K*xAWZsc*ui3g4+pUA=(K<^`*62m+Aw&**!oO&
zsITzbFnyq73xFbm3JUKOR4BiUW1{;@iWV1=m7$lRD05U`Ec#i9I2YLDdngQ)$(hk)
zM404N&s-c4IpJkQPKng=*NUkYAm(Mx;2&uo@!mnb;D!Xu4yzfgGgwKJd;x95Qi`G)
zIUB$m$r@SjgVWnItXJb)LOTtB@BgCDTrX9BTF+G<z4Fb9t%Z;)Vqk~GK7}1o3oIru
zaVNr_%P!Q;)Q-&_v@O;RMF-I~7O|INPvmLw$>B}l&HPQ~&G8LOAXrb@j#L=QEy$~1
zv|mS%dWTcrk3m$KJOhO%tbR~>_p1STy}w(|Q`l3AFbQ^?mV^Qsae17w0H<KP_z9^u
zNo73kX!kx^LsqAMXYRUax15huzPvQ$W|C1vRD-{w7>Ag<;B%Sq_XZUM>gyzxuivRy
zsWy~7ilybhshCjF%hSozsq&V1X}hZh=NT02R`x5X=PMRF2o{SOD<@Z2l;Y%P6t?T!
z=bex*3b1BnglF{N$W@D5$F6cT`+SYC5Wg>WD7P&0EI%v<Wuci&8ZI%OlQa)C*KR^~
zW_1?3ce^J)`F>Km;CW2h4xKGCU1D2ASiDv2n^Vjj$r{OLxlt9O&SvU8lUBV`-M36R
zYqro<c&(n8e_Weh{6oD_{k9%MV?vNx(z1SuuKHGEpwYZ>!_?6<^(QaqtN*tu>wNs`
zE@jWyhwtYK_}bb0`1Ml=*^Zn8?M~XZ8`2xq?WNA4cV!+q9)exf9;SCX3=7yaqTdPw
zX8W*amzNOdQco|JF6RiD8Cb)Z)vRaCu2$mAMp>lU)-6_S*bRzI(M+0tmTeySGxnvK
z(=cq>ted~}4K9%N8C6R(j^&kyP^~rfHf`R;V-NkDpjob3I&0xr$}-O}?w)@O0k_&Q
zBCacIXtROV<kW<rb=7d0?)zz<O`4&^RXP%3HPkTPSkZdYSfUxKQQKnE;$v)RlxWrX
zt7QInW_6-<%el^4sEdV5pG)Pr#`)%o=8EHa<(Vy)JRS(13TG30r%RL5KG%gq=b^AO
zjHAZs!o}U<uOao_^=<BbgZ+dP#q+s=B1Y2m({xO2#v0xlYHhi89|uR5#2@(1uLB$7
zJQMGEuiIMlKi+<L9zJ+tx!G~Mc;0z1aVzoo-ksggJ?^?KdhpzTyZh~adFwO9WNO@i
zP_Og6@*?gP^Xhfwe5-x2_B-?j_Ky1c^hWhI_O|xU7ex;#4q2X%0p$p-jirtj3Kb2d
ziK8sEdf<1%=?ZBdUEf3?m*6NdBXKgZoDi)bd49FNotoWBN}brw@J_+iZz!a`m=%<3
z_Bj?Nwwq;2D`g|)?+cA)9Y@Bq*^CQm!HkfGn<FoSHc{SKrWh2lma(caa^ba+pK;r%
z@+mW!W{GXw*OCb;2@K`r*r|BAo%HTbIiH=@w-Ab1iV;c|Q*7BiMjyrC8n6wRSsG=X
zagA4MU%#*t-|L-V%7T@qFlP+QR?6b;yg0Nv>fUs^Yq|@0A^Ko{y0?pYsK4lihz+Mi
z5&Ng+X)(~;p{u~?nnD;a8TpJxjIQRg=48ihqy<h(OmYw_q8f*DVjR<HG?ZytQPE*M
z{%$|8nZS<^5`T~&KK3$?j0$0qR6Q`cx!m`5&vF0mPKY@|&)XvG9BwwY=oR_q{5%Z{
z0^_3*p);<%+AZz-tHRiOLVd!u)=#CV+DzBHt-<VoUte#>|NG!~^~##+7H#d8myL`d
z)@l(>kzkScEpQ)I-6~}ostfhg?v~%4caQy-9ZMWlYxNhJ(6##x<<{oz$Eo-0_o=>h
zulc*7*YL-<?cX?U*PEd`B$|#dOll_~$CW2w#$Q^4tj$-)S2P;#H(G+%=#sfomaQmk
zQf)7*p{mV(={Fh9$IvGSjB|bG{T{uzx_DZ_cea1t`D4OURVZ3k#(eUSFqm(14Zp3U
ze5t6#3(-YxGso0(@6qLB@U7e?cd2{MTlX>Y;gKMWcShk*QPoxcb$i&OO-F~%iSl43
zdcY@C6Q>Htg>4R3D%OwmhLqk%_Wk){Hm>k|By9x8hw-EMh5g=50(Bv2i)D_+?7~{Y
z;+PlNtDtMK>;9>Bspo>P+_&K*>7_inG`uuYHa3@voq6?(4K8n{eM^tG{_B8a_@Rxf
zu(MM(B8Ts_U~jNvcGVO!CJ$Xs=f2DFpz-g6-_%p888w{RJU)}htJidgH6^EX%bGTA
zn`Y-ZYu+y<%ae_*Z#LR(lil72vQOC;9rmu5_eFPin|m9$ow?qh_ko>|hKR6)`UJ_`
zD(+ez!mkqNw!eE=A2=U#PHs;-URZt~5BS)8PHYwT_+nFfh`OtMXkEH*<h^f?<@@F1
z(*N$la-;I$_@?!Sxah0g!{m8CLAdFwg)f1J?MCa)^I`I?IobNU#nEj^7>(zB!+ZF?
z5}FX3L5S#O;B)epb@lwbvP<7akFGn})8YgB{9wjy>ZSEF-tLPgFdEbLofFXJnb=DZ
z8BiG;5YbfTNi79<#tTIn*;TGv1!OLoDG*K^RRg>qzY*S7uwFFj`+Zbvg(@~bd_1&0
zT@o4By4)KP(RQhyBiGlhoIu+ez)xSX2?^IYct4!!6KLkPnhs>|?@<dP-wc0h!Z467
zUwmH;?3qxW{w&4$<P8jm!|U5R^aWXmz}3f%5f%d&yAj4}5+*V-Kwkl6C?GIk93XH&
z2^f%gfpPz@EDB5s1p2ogU>S#+1A+ZZBMZp?JaK^Zr_Db(XhH}OB;X$kAi3p%{D&F@
zEf4fR<-e3b0!l&>5&$A4LkDAH8%Hx+ryaKiJU|7sow&Lq5D*6Wp9CzSNOlG2f5}`~
z%}Gs0n$ytMnoi%y*1(v~&Dst?4FtsP#tA4|8$0O}xmjD;IC8r2ko=|K1eE_&(~}VW
zC2_LkAyJc&Cla!CFeds&$3VwG!V5!0M8xf2WWuQ^Ec$PAz&{=mGbblIPI`J*S64b$
zW;$C3Q+h@Y4i0(-CVD0&S^x#Dqq~ihz8kHLBk4b#{HGsbV@E>=b2}$<TN|Q3{puUo
zIy>=@ko+0w|DJ#5Y3yeH-;rz_|6LYff%Jdg&@<98(EnfGfTrAkYB}Z2-Hff&h0U!2
zJOhlu%gDmQ{g?j#@6CTl{GXO;|82?2%=Eu4|L4vBZ_DqF#tuTZ)_@_Mc>lXy|2F>L
zm;W~8rvJ0@|KY?xZ2nsd;4?1_H~s(Z881xs$9H?cHsYBJ%P9kLfRO!t!~wsQfb=H^
zB&x&5_K_7p-Y6j~pzH>GrVXiuK5|P)?GhcKT~BRr*@vTG7#^$_j>9D?L!&UOW>6q%
zh!Q=#QmA0qN3b@%8IEpv)}@b$t_%i7^Ja?R`h#n;u#;<l%=h8ezqO;4jq7!TdTT8^
zTLu^?{%OP?Sq}^gSk&)tmWeFxZ_1Qkht10y|KEBj;4f%i_zWOXK%~7;fXq)HEKMFO
zBo6$)RY0gP-4OrRjc6|eh%_af&?v}%tNftBbwU5r0}!bm7Vtc@$as@Edhw>PFqTTp
z|8&;->hEVBMB*KTH{<>2GpgP|*6IEX(*lPB^hulc>66#1!Svs`5Q9mRqSXX;<y{Zv
z7BlsIAnG+J0pB_F+0c<u;_3fqX$e#yCCCwi&L@Jg+MeXnsUNM-DV|L!$FA5^vsE0*
zryH0J=nesprLz4Omtq5rnLd|_;5F31P<FoLKs0pYe^;GNqKA{8_keD_0wvjM1wL)F
z5%7ue0Zk7Al2G*Pz6TfdUMxDrdAf2B#??D^oJH&m7Wjhx^#pM#<S#2Vkr<NYR|@zI
zvIgkO2Kia9jU0T*30i2<|Gf2g4F*Dua1CZzHbe(-TP1(zA6|8`K{4dJ*|vXu{yH8+
z^87&C8U-N#_$1O}&bO=3M2z^s8szk=afF}x>BGCN-H>bj^-(R#@Fj`_em!qg44z24
z#mesWikN+`OPVTyLzlOV)rd05Y!z?Lcnq!&k+AQ_BK6KfL$O(*y%N1>;<sDyWMWg<
zvJYcE%8deaqp4iEa*Cq|{I(WPiY&DzBoI2?xrJ(3BauS+2C6ZI3N$dCE|}DB)<G1@
zwE_{!<-I?eI}F%Q)Y@5!Bu{~m^NHQgIJ4A$fW%B^R$`!%<`f!HQQnq^2KXXqm1KU=
z_HaWdfXD~-k3c@58oVl*=5<5Iz}VA@*SG8dNCvEIvjufS?d2Nma*M5!u%f1=JA810
zOol)P9QL+|9#NKN2M&T<E`&Z-EN$8^U1d3r!4BQjskUB96cZX95L0^Hm}(E+;Xiu^
zkT(#JZ>SLum7fr%Ug{dK-Hs-GDgN)(_$klXtyZc!QAq;ye)Y$SLg)Ge`F)Ru#KtEJ
z4OwBG?)NYltma^?AJ@q0j6Rbd0*m;JFemx;rWGva1`7h%wX^Qa!#>_S3%Zds1f{9A
z9mdrA_4i#o*TKFpoK?@b4H%S^w~O(0rUF+=HHZu9OgSj`WuND+@{rdO@l3@(ThZLn
zkrDVfOj^aiMm1Ts`T7ZdludPvd<H+8U9H-^#csdc>qT<T-ssyRy0*FgTu#W4%u#<A
z>BpO?Uxg>*j5)##4*1*yqSWZ&74GyZFM1~Y=NskU{Uah~tiHfW*7FEGHHF-UCF1dd
zw}SP_@>v=!U|)SUMOq#vPnVINe@Fi=meuWXv`|Tu63CoR17GyGPdOwbYj_N;uk(Fl
zKc`y3cm$8k6C9Z~=0#2)c`BA_-yfvcV;x&LVa1BsO>N^nf*#5@SIYO;q9<mJ5tk<d
z5g|oQ!nmnIj-V0e=d9iW`!SI`uZ)U=1te$l<S$erJq{HiRPyuYDF~5iU}8o-9RhW=
zm>g|{`0N-}0;-&(Urf$Lhua;bCz%dmM=tkkd)lV%EN##i=hOZYci%Dxpp5$?Xf8y8
zg?;;gfAmzZ7MRr+G!NDWOlkzsDKW&)HA%{_H2FNt`S|pC{b|>&e#^J^JGD+YExR<`
zAkZG!0BzDxYKcZ&`NbD6=*dzU%<ojf{cBz1vYJ{7Hx8Vs{x)l_0wwD|lAXkR4bxN_
zu!O-NCmbmYDA4G2JN;OW=c$ct2sz+Rxjp%}lPB^B&Y=fVFXVm{cGoQSbJ}hI57~K$
z2T`*x)&Yxgn|Vm!->B4p5F+3ODIoyY89p(%;S<myX3o;F=0iO^reetxo@3wQ;|Ulf
zcUW;8b-LpgeG+*T9c(Y?>QkHu^__hrzz>RJkg2eFdl4xO!%4azJ%ppah(oKOQr|=4
znf{~Z7{Gx$NYG9&s?V3Or)VBi)L9Ps?xsNBMq^0umR-(+$R{%?M;udJLO@t81&6a@
zB-<%hUCMO3g>7;+x@nEWM{i#rx0mvTuI`4N<H4~V4gzZFb%L9)nZLT%_V??nEJln+
z>SFYZ2Ty7DdVdI}H#;ssv9mv8rk8}}$cF`%s?vlyZ*))=h2QLwpe488`>8k{hR>tF
zCKc0W&Lf5XjHEVD=~xI7T)-wkf%9c`2=rtJClSPs{Wde@Su75coSw#0neeT##|XSa
zTnVrE>g1q23P>h{jj-kOHui*44EvvB3I!CngA6Uy=M&xq4j-kkE6{d5fadvz`WaC+
zH-uyH>ky?7w&?GD%R5{k8Q<)$2Xib#G5R`8v?S&8#eoWPf#iL}phH81Y-pj$x>7;A
zs~6gJO(M);gXMV02Bc_BzgFwGKH}&sF%<Ah5hcyU<G7Ke2CH0-p~0i2X)MklS`p1l
z(MGSFpdM69*4>L#60>fEMgt)M{foXxjc)7ybCmiQiS%AT1?NutsI50K#!UwB-f=k!
z{PK#r0kvBkbV^lxA(31ig{>%^7NArsEJ@<(@xgBktdyexXYGS-bAc~Or7EW?p+MUa
znASHbZa{K6j49E2p5_wz)pAbEQ{zP3UvImP<<9N;3^Vh%;>%=RPT<av5~hAWhZ@0S
z*aMkMIHFng<MqOOTe%~K`&*BWbz7hk&x>AB&s_ui<Ucwwjs<E3KmVzip8(4HZj=Pa
z`;&(%8YS>zBbZ7AMxDlVADne}R>`i{xPl}Ik`L02RB?5Sg<UQerDu?8rXu26-7Z6z
z6+WK=Eu}=H3B|Bv-1!WQ02Xrsw6rsI*GWP(J;oNmxN_*B`AoJQS2Bf^QNrUzlVb-m
z$@8L!&D@rdiA=V!rZB8ydg4Iee>XP)<Btp*{3>G=f5GDdb{|hwMMxCb-WOExA-+4X
z_7*6f%)%DsjnN3tOU2H;qX)kgJQ@gXD9e$bX_!qs>L4NRv+frz+e0`0DSl}E>;d#N
zm6MKytY-ocynvMGDaUI4@2PZVZ5mA<VmD8O&3sL5UJFYf2>~4a|1xDCaN^241OK9q
zLV!tjK}IGfu9NF2QvR-kf6wQN@ir49*j3RFCpfFO?pF3X38ju+U38VsE>N<E%Gjt4
zO^g;;v*}j_UMLn{g60^(xFPhyoF67f?|}VRF3xZPr+fRyb-S~wp*VZ7n!XqGuoiIv
z*QCK5oS*{uyJZtUA1=uZOngs==<5j5v;BL<V$Bmu1WTJ_h^S|fT!g9XWv}v}A`dy4
zlZha4+`r<ssSB1so^OYL1|CiELF0Kq&vMgQZ`vw7g7IuM$?4R%p@^Zr@q;u=6TRzA
zfgnt55Kb_@RMGgzaX+mp+KRIzg%YQf%hJ7n4In@f^!Y@#S@6TcTyTvo8X*hJbGk1s
z4jKQbSt4^J@sywf!DXB6kC9xI*&a`);Q2O4aWBDgmFoO~ispu+;>pjz1A=N=AN2`A
z6%qi@j8ff#pWie+jfx(sixz9kP^o=QjJAJkusuY*9mkkhK;X`mtyIm#J!noW)hF(&
zo*?E<wblN`HxOZt{a*`{j2C1qL4JS4IJe90xfCk3)du*+3EQyky*iP`nfE+Zfc{Er
zYHHU>-qSrP-IkQ4Ne<V$OE5O+5P+TGeT$T5FASY|m{67YwJ+i{k>_s*hwq{eW02uL
z9<Ha-0Z>+iXtWUc%hq74chW&CSA|S~FL@#V<NQ|*E!^b>WXC<cbQUutMosvauoH*>
z)3%8I!lY=eu>}5+xNPDw@6*{rg+n}7FdK4}fyI-33nPp6_o*IMmE3025dx|;mT(|)
zh0BxHLXgx_ip=bsAnv(Uo2B$YyT272EtM5iL7yv>!R5%vPA12us<lDIOef{vDC3l<
zGa}07=25lQ*S3AWm=lFrfkj}>jxt8d$IW0g9ttKC<lsE-cfW!dc)?~%#urw-EmjDX
z|IX#lN7N>Mdv;6<c{MG2ykRKRwh%-PnD9iDO^17w%i$l<RJS)>F_G`~78B2=v#3Q;
zeAo;}t*aBzjwZ+umG9T{EkEGcy=Y~7xK#QEUHHau=cLi5!vp2k5gXP{GxG1p`csH#
z7Alw=oz~q=8con2faBQv*Q~jWcYO)sWqG6X5|htaC2yh>>R}O?aVc+IAC<yuY<fn=
z_uM^%oR>sL9ZJ$=2B=jAFYaU2ve`#!8T@*311p4(;OG`98A^l7%$N;sH=vZ}7ci2z
z^+EKght#;OnML##IxV7vaa+SIkTuW!urINw|GE{wN#d-a!TXZHQ)zrc9+2Frzb8lu
zEMCPQjtlk31;4lLl@-Tz2#T0}bH+h)s5ZX#;tb8=dY;OLr@)}~!vqG#VKhO3A#O9e
z#n^rr02@8uC225tOGvB+sHp)Q7D{hJ{WTlX^9TU%>5)lPJH%pxZrLjeb6mpn%jgEo
zeB;}ckIc@PE^ZYmb(3OIdbnKkl?z3CThKV`IL7{Z5MxkjqLk806Uz2Rhw@0Jz!ARd
z!oPrT$L>$ZAv7O9xd>`8bz1sG@+dFv(t9*m@uuWT<H9;V2|!;Oo7jTO$2E~ts>KzI
zDftLxyV$p#gs^Oo3H;V7U*Gpojo->{R?J1fR^|XEMc#4LB<QO^i(s&ys1Jd58<78U
zO@C$>l;!tf>Mb+hgYkIK(U^eI$$&-6?fjUdAt`9O!GE<M5!i<=QUn-rf3TqlzYOK>
zO%iq`5%1`~Z>x~>1mmmPnXhpNf=I3zf8+f1@7xHH^#reZA2d)-eg=_1_Z?RJm5(|@
zfSb5tf4EX;Ax(K!uc}7zR|O^z092sF7UX3z1R$PJd0}Aum)gzrkEdfQPZ1k2?$+cl
z*laOSS;x>;Z%e4PR!{5B5~bPq&m{EzxT7K4dx`%F;h!l0rq#C${Ey}P$4SK!^@9%9
zhf@F7Vf~xsZ(IK3<o=xn9BFS*KSL1B|5T;PU$Or6Z~tip@Y)3Ru>>*xr%Iag3Fm*j
z<pIEq8Q_Rv|ECJzD8v8PEB=3Xl(~e6Jg-r%uBQ`;RDU^Ou)=n_pnLh`K(ReuHo9@w
z{EYhHD6}b=OzgX8u^q=s&E4gLZ$rQh6icriw7j!ppFK5#?N26@CzVPk-(;o`78Mm#
zZ#eQLoj|MJ7{GM3;UOCbsb({1LT@$<fD4j0ONBzRgU<V=8xkaF)@#`2z0Z)P)qq8i
z!%<B&68?zj4?@@;aM<l@@ZC%3Qpe6<Hb8CS2(i7%8gjDa0|6T!|2{N{g{Mde6jbjs
z=z5#Wv3-asYYd8v9Av&kCh%mjk~*k=agmkk`%XJ85rDBEln+VYtEW?EyfoejFMK|q
z{8~Mw!rVUAb25-C>Buu!LoK>q1zQAVueKK?R^H#u++61AmmCvr1*AyP%$ZI2N#dlw
zaS;cRh*T)gm=ApBxfKrIcts%j_xi?>7)#20%>H85KV1f8aX%4uIIrDbrE}iuy1X7F
zLTk2I1bHc}Ga5r_^Zo3WVMr$*DH%WCC;NitGKajhFoPPQ_X&yQbjizZG!Ay$U<@Am
zQ=QnE6LRwSQ8vqOXc9+AO)u}umJaHF9Qu>V|8wYp%+{V<HmS+c0H?fjH#V@%-tdIu
zKn{4{RQy)2`DO7H6ARj$(NCynyO+ZL!)#)yO)oq536raAR-u$-u>?zB@@1Ff*Gq3%
z3W)rp#Y)V(qgf&Uq4{~#scbG&RAG~``f>*@PG~+QySJ>*GZauVw0OgQ-HDzMzK^0s
zW|4@|gh@?dAMfXO8leLoM7*Vx#=Var$RDDQZ;O_lZ0$XjuMp6|5QUN(9)qx?P4QuP
z?{C4}t_z8W@n)IGwT{)zv_BqH9jsHEeY^;7<K=}3c)i$fX7YtXYV@7g;-M&+Bx)if
zBPSgu6AG8kd7_xp>kefj6XiR}VbozTBJe)0!oBQ~$|>b<g)(hpT*IOHM)$fQt;x}3
zolnhc!sR|SES@sNYu=N!*6!&p4+d)@p+(lGBL*)5+4tAF0zwG=?1A)_Z}y}p%c3WJ
za`WBY7jAG&maS3W`w?&2E(J89MHV-`S(k&>g2F>;!}nKp$C|Zwd8H6~q$ziORLG3^
zC@gVd-UJ~v$m3fDMZ|M?xB$2iO7#k8@^|DvPT5r+QCqz$qSjV3>MPOLB=dQUEQ`eu
zRegOs?=79S7Vk_4B5EACr5hX=@=TUM7Hp<o*d#}ra|?EE?+g)5@W%ZkYf6MSPH2~C
zJi3L&H<jlC#HKV}rQgTVr)BWPnk@l%#gYQsi<Nff^P+AJ?>KR@IgXaDLkx5EPUhmt
zOTZ+8LRTx!?2QiKc)4t<<H}-YW5hd}?IP5pO5Gr<jz%F@+j>`g-Y|4FtA4(?#Baw+
z_f!~rPeg1(A^kMoK?xj^DFIBm9{h~0A#sI965@$;JT+C&1E&=7j08LfU2rxpXG%5b
z_AxKZ(%x3h`FY9s)~R%<7SGRTp(4>ZqfNBPh401>&XlWq6Yq3W#kz&(iWB2;%oNI>
z4Y>}sf503LG^bYtt+g&x)kB&fzlqd^A;W0Ep{;PS1_H1fO1Rz83|H$Y<cRjKNyDI^
z6>=<_&K}<~7PsSQaogOQg1OPD`>C5^fA~v9*5=7bYY{7Lc5bha<Kt;-ZI|cf8i?IK
z^}9!wCJ!8n_0VOb^ZX0Lw5ZWBGFAVQ-xu!W;pWamI}sfo?(XikyV@3Lb3ByIvPd(2
z)f0}%%)~8{NQB7Y@q}Q%Cvlz%d_TXqK$x1ELPACcHl51ycRpPbK<e%|V<eLjR6x@O
zYT~A&(9yCF&J0E9?~gqhHyC&aompYbOz8G}(@l$o2!J2?gsRa+jM0ae3mz4pTN}W?
zz`spqqBKa!3POs2FmqGIgufDAVcUURVY7)62Z_&enNS(Md)dr+GT;WsUwVt4P=p=#
zat?xf@)^JP=adRRtW`ketkQu^cQ_2Umo`HBM!nkX&(&7M+M+icxGwFjxErngxptX1
zRkwrjs<n}#ioA1`X!w9t)GzH_#tV>e!11oP9XyfYBHxocn3_@DXXcykj<1LtwSH*<
z7u6y)TES(2wje~hr|gEW4pVzQR9CO7%YMI1A{A<^Q{!-u|7_b6sC3TBG_4`LUfN`E
zSea;g&={*z!%UqFX}Qlo`s#Lr_Eh)DA0MQiOx-)+Xlkq>j5k*jjQf;-kVYDsaPY|v
z6tPr`i2PLlKo>wRINNNgdi1NY^hQwS^a{lphsg*EkIO|m8=urB2&ya?JH8RHMWaC>
z514dX@^HdR27C|aYnYr)M?mFQfpYk7@9+Biqw#hhoyPs8bgwmgV=?l1^*BvgJgT=q
z<nm(~*@7o`$HXEq7B0$R+46Xyb)|Ai^vVjnH<OuI4Z7RQ{kFxCmfge6LH#Zq0KLld
zNaz>9{*|<Ui>JN+*jP%02_m1J#rmuA<tus7FfugE-Bo@(v}9yxzMH%RF;@9pWottc
z>%kgq_7v$2(pxWKPo4ucnULPw?|aLYC@G}aPe!o_GhRasWg+aApf0|s;P<@|b6M7k
zSPeA*o|3&}8?b)RBwIYnH;{<yGk${evg<UOq@MF_C-CRZOMx`=J#zAjB;}D;Q>Ncd
zt}{|W(v~6nNt5+xo*PF4Q%BETQ2)|t9FD=h4_k-!lOFKDKpFXxtxi|K$P>8SH2h01
z@*_I>KUf)5Y4NslEw5M1GI4ZB1t{{$@>79yCU4+xj-qb4i9L&Kxlb)Jxk82EW^K-~
zCSJkmL1H!=p%=sgUOXFuCrFI;#br#TIhm8CV42&G89d9SLW;A&SwC0gyC4I=aWYe-
z&Rl$AcQ@g9JV$Ql;1E#7?jcDGCzcUzr8P3Ef*b;mTjF&e>Ez{mIGu~=`|(^#W0Qi1
zQuYO{%kwcrBJqnrG!AQ0yP47M_1;Jvz3zfIrtusUc=RaPURWJZu#pI*WU~c4zDo7t
zwx`!lZk^=<lp8Wq-v0d6N9(lUel$LAK9uN}H0UlE#k@?n>9osjC|)3kLdb!s%+@j7
zxER8$7wR)S-lzgec~lruhg~U3voPndE&N|}B=U)o7y))<TqH+?`z+^)5QJaQMj4kl
zrwNeU4w#yB-`Uvr7NCL|vKpSKTo;z1iuout;9jyhBj-uXsi5zgn_E0FjoZGD_4?l3
z+^RJRE18%KIq(w@P^CQ+u?Z21l(&BVMdfhX#;T~<51N5{jsl%6=WqXm%IN~vfxc?H
zrLkxd=7%8*#v_!zaz7FVWwBcqA^<Pf^l_49+eZ_n17PMJ>}BFHMvtD%4Z8O(N#Ovm
zegFtAcp@l!$TVa9O7|=cEfDH7FNqNdwIM~EDy9Ck8&*s9;zTFYV{^2KnzPX^AwhIA
zH}c4rWkFL*wirYLfSMV$-;75?=v82ZO-fQ-6)vpFg&u4FI@w}(kq+NWr&%5w+ubnU
zBD#<FK+|XFVS<SkHp*qSp?qHZO6W4N>{;{EI2^y+oh~D8>b<H|sR7^qo>YPowy@%J
zpS7AHvapz5Tf;4pi+wmS#6V_{Lf9$#g2r;gZ{!b!(rmt1@twbrmgSt$cpPo?!39iv
zt7fp5E1xM5K0ojI<im7og4pfFqJ;jAnSHt%u`qC8KQi?<0p_<dipa8Xzfm|u=#U<q
zAALMoAjkrrex*#Pjbil%Uky|6-i5{!;K92X+Ar55g-fgC5xowlLTEu>##lt|5FPBV
z?jjEA5F~(k+$aY{DHle{s(jFbZYYyZSD?8u=wc+deH%*EW{0&U4r$Kez%7=7qBsh<
zzs<!pzmQ*WnPPBvcx&cRlT2T31!{&O^v&bW>f)Llk?zkg+f@Fz6-KGKSV54|{8pNe
zn~teEDDA!Ad|cZa^psD;k$!s^I;~P0`1ZY`Z0KvDVyUXzfXkZ(!cZ-dRNv1Jl4ldG
zP?PmblNM^B8m+7Qp~^T6Zx4AuZ~~#RLM7@NrFP~AY}<5fj?HQ~Ar~aYXF-<Gr`dP`
zq=y7;m{J7E)7uT|+4IF3*76Rf*hjEe@>i;%yTM%1F^z5UJgCwXT7jDt88X(ME(H9c
z(}IeG$G1N3G>y(MgVcPgB1x7Z1(;f$obhI6^G&an54kfP?eC>HF))Gx0Xlm}6f%%e
z*vt?uwp%svGV~j?nk|%tvv&a{3NXkpm~?PI>UxCDR-33;%;$t9=3rlcPqr4xpt-$z
zK3-_&@ge_A5V`@&CqmiT-UcEz!=3N(^)-eOUJ&aMPWU37mS@z}izq0Nv0$9Qlw$=I
z?DKJZcJjUMx8pfOEf6PhP=M$c3|5!GH8ab61eQ6*{b5=Oy`vSf(l?}=ZGS~+IZCT!
zRLp#$fxc-wVgD#95jUr6lAo2@%ptAPQiwN}9j<+I7?VUOwz9|z^dk3x5x<>!-X4P}
zA^h2+*t@LECx7e`?aY6kiHyehJc^`gS2q~cQO)hDZn<7NTN#(|QrQn0ui*QNr?N)M
z!<N=dnvF(s>yaCj@V<PFLV-yT^A?n?If;H#L9tLk#D26EQoP;@cqW-RsjYq|2gB(?
zkciQN)Vy@fPb5#j?m{?T$9ad~pVuvwv}cKKG)zmCjuby}I@Vj5*W);sBt?wmv!O%?
zWX1t*)$Nund7sV+20+Ua4fKe5WZwkiVRR)y>9xP(CC_rO+~0VrA7U*tM>pN`o>32-
zoY(9FbA^{dgO>{fq9CSJR_krZc(aq-@qXW|SJl22>|@t^%fqsgh#>(cU5Lzb<M872
z(;98GC15pquNr=WBG(H9*j8+7v7PKY_b;S~k3%|vnB5_CyyF9&F0FJdwpbtz;vj?R
zmCL@vk?URMN!!PbR~87R+tbCAfe{Zu{YpF@00fYT^p-#-mwxPMwEXiR(E+&4!*Gm3
zhPFlflL!&fBL+g#m{{BtTE?-?c&#P$ZuBPH4r)O5eVxWyzSxVyTs~Zu1?v@b0iRdV
zr0Vtzq13Ji*?Xo3Z}*jmO(}Q1O|tm1{<Fw}1)rfS$|ZuIpb3RhiO?Gz0QV6mo(Yd;
zdzQ;-gwZ^E`n+=*<Lr~8z*+V!eW2V#>4cJvRK02+3HOMuF3un3nJDW6NbC-;h@0K8
z38M%})Nc+{=Uz^$HpW@yAyl=(>%hcD2PK)~DSQk`(UeQR$d0i-8#hoQeC}-0<Ju!)
zIh%!(Iwad0#el@el#@sHJ1(lWwO8>BE(YyBUGFj2ZSxx!^(WX+tJVYw2E+6Xgd*mD
zuPmd|k~)Y&0&eCebpYVPB^($uYIzvd;nO)hxL<d_62RzsT?aSZ2q_UkqmBj0&(uWe
z67W&!cSd5aaxb4SRmTpd%5x9p*KS=G3$kSt&p@Q^B@Y?9leqb=;?UV{76H_He;8mF
zkerWw#|Zi{AN7d15E*l8=?i`1PD3^C5AMz1zb3$Ycl)856&lbUl_DkOugw-3ptar$
z*Z>5YDnn^g${wf85>DH2f&su-o<GP`2hx<cCyfT4VeoYEr*#0jHDB}7cj?2`Row!e
z!sYz*$BvmXvkp;i4;TdX0(j?vz}!7t4O$+~9EfwoAOU7<^_b~^c{28D(LzjsrCdzy
z-CjDjy}X*FsTCBURpIM>z-ja|Ua35bx5<ZINpe+x21SXUWf(0a_wYjpwvtPjZ@PfB
zB{wZYenxp{UM;0~z8i1onl!O{`&epIgFz5%fhl?vIVj)(*?g^~`g?-#{rlAb;!K_X
zLfI0)%iQVp2en{LV9B9@3T}KYo$(p6fZk94POWc!81oND0SLZ(jY3L`2X@j$0ECLj
zsV^DgyTYr`4=-gI%Bay<R2ZffFMnz|k{rl^NDBX}qh0VJ)u62pZ;VocA_uHlzERY6
zuR2<Uq4w>#DyYazw%MmEr03mKE7EqW@SHX7o(o&Gdv#5FwU5=80460urzbGy&Jc<0
zmhEvg5;JIMlas<)HbyA$MFETtT9e7yD(Sp88QuHfz1!xcw<I}$07r1HJvp2Gey4L{
znyYC#@-^Py17Of)r-~!KRB4!k*VLSz;Ry`eXW;Hf#8dCn70R+D_wj8|;K{Xtq(L_9
zij*ML7r)jorO4IaD?ete#%*_zX!^@B`LY7)4~d|_e~k_`uO00UMdk~KqacOx24=8{
zX;M=6K_SaWvi#8(^;XKXs)V_Wh7ii`marl%#1BngEb2%RC*C~)CT%*JLGP#(y*h7-
ztr$N^{tZOHj#&T#5ef5<0OPuT48TJv(R4+Bb`nu&kqLKS!2`MtBie~I_ugXoQ)3N6
zs$gmn&OGl>D2kLfa9lg`aNd=_ta?8JiN1T<c20`Z1Bj;wYNR~n{dR=^H>pn6LhB|$
zeNhh6E*!~Kz$e}h_{2>%F9j)Hnwzzae3>~Zl~+aLc*eW0_ZAAOhXFA8cb#39iZGkG
z**1?@n#ylRDd`pBUQpoJwFvFI6xM-e!bUi&5VK99J@bdfJrSWtpL!}o4PTERu#E+Q
z>wMllM&DiTiDeFEl45wkne=^YKP}+jMfY@`3K{pRT1xHSV_A$lE`QZhMGEs1h@F~F
zGP26DXJI|RN2WHM<(;zG6CR;8bgDbV$&YfH`Nm*n29oDpUJ2C1f3MecEw632UfSIs
z*X&YIkNyBP<ROG#WI3q*0Wt#lqeRP#4U$=juqk5sNN*ws6Cf^^0E`Cb-Hww=<?Q}&
zBw18U3+H)Z+ML<AK`j(;>NqiY;b*w@z-AvUi+6O|Y%Fevx_rf`S6VKO#k5`3BHe3b
zJ*^t&w=Ilsn$2t@Ja#WkrI-^>G3NNX<#f^{Ug~kr>VB7nd~p7Z2`$pe204HXQ+)P&
zGSko+H-?7n`L`asVE&O`3u^sI2Cuh=u_4RqsMSCSeEiWR#nO$$OzI_DI#I9Is&B~;
zjw`8Il2KuhyAB7Jt<yp(TwM~s%_|n?Zy&}E1*7#8g8nuwtk$A|bTXOun6{A|zGmZl
zVZlQ;fQvOO2N5iGjcT&=ThiV)$`w_!`og{Q;#x7d^gKa2CMTpu5nF>_(3BD54Xy(U
zbe%@5>fc))QmrBd3@rbAC<VHt=LM-fI9#bN=d=c;HFAVvpQt$4T?o$_$^IXTEXL-B
z{9WAfQ`<*n#DrVCu+e9AE?wNYHO^Tr^&Z`EhKN1k0+gK2Cu9J0sN%cza9>y!ARczH
z(IKS`35TWESQEaOI%Y5)xQ_QINNtG>V!JL+a~G@&K2G5}em)z}uIyNCKZU<l7~yGc
zPlo~%eQGWB4Xx?7*T2yx2ORgntUxJ}#Ttvr1VcF`f+s!2l!9=V#91u$;Q6;&UL*ih
zbW>v*N99JE6o-iKW=XvjX1JE>f3FGp7W{g-<8Tq=gehp>)fh@xc_}-fI7xz35r**E
z;&vm;rV7^MlldAaRvi$vwyG=WH%o=c3@|`Y-*L=SH^-L#jg-Zg%rNu$0E-3b8TB%&
zr+KMMQ(d6#<@6~?mhl*s(TE}6-`Gt0w}uZV`hYJ3>rM#WS&`*pqIu0mo~L~1ju~Eu
z&)kT>>?@yWhYY6O5Cu*u6c$7cjYQ)@YPQ-mmrIE54~~TFg5DXmn@r-2`fVyfKLP+p
zOK!i_qNXtla#+E9HR{4t@tym42F0GFQL_kcwg_W~lgx0hZ$GQHN%W&5q2ee8V@~b7
z8^<pLH>JKnGfTzrAj4Q-%F+vvuCECPeST;_W!g1|W_0c>AW}}uw!2^s>0#Dfu=^o+
z(15?g?%piXMuhfZAsQxCf-MTIN_*e&0+q>VLcj+Z9+^!jA|V<%uT3t9X_r<9k&xQZ
z2@5=lDNHDj*uTJPOh-Qm*h8}=X~gId(1Me`i`)Q=JpdP-U!$5LdDX(=ehb=$kf?dk
zg&7KOn+bKRnsEtadW7fcAV|4GmP&_YlXfd0BtlBJ5`N*Y?o;@nU6^Kc`22LtDO<!7
zOnFJg%bXR9vumv774`Jy=Jb`#Mz`!V?Py`>bS3QM+3FqSaMat$Xs%CTyVWy5ifA}O
zic7IjWDknD?d<HVvt|q@vZm0Z(rua!%W8uX@j2@WN2T~GTB4lG<1t3ol>nZf7jhJR
zVz#i2#bm32u2AeLXWXjrRm}Y51;xfZaOQP4sUQ3}4rM{uZ+sTs`*R<f#bO+WJmXv7
z%{kY&v9?ox7b?ZfyovUt4nmS`3Z5q^+CD?+XF4njp9S@E#Y&Ve`@Tjd)G|feo_T#p
z^idp2&SrZt*3&FP4F>3DS)iSJ=4$W#orCSlH?%G`1Hu_`Fj|3XK-|&85zg-iYe5%J
zMztL5I%J6?qFi*we#%?_F#J*RZC*pd7ru)ZaZ>GIUZ>!z!|B=4>b5iA#(U(5BWQ5i
zYb8&c=6#W*sdK;mR=e|dB!U~fk9R}5w@7NX1yV`j2(4?&R$?0(3Mdrpi^*z*$rq_%
ze&2XmQE2cnhEpF3btWt;Ro=UA$Kj;Kce|K7>#MAGPD^k@eDJieL*=ah20ZgDUs#Zw
z9%FXX6_ZBFQOqJC8cz6SI|#Jfp^`aWlOOTBR&ut*tL*T^JSX20*iv7bu&(7yra~%m
zbj@zwKd${n;Q8kEhf?f>Ydf0)sjN{%0Z51f%yK0pa6Qddl#GsGEIC9zQ2{@f8;sD1
zOy;+~D)q+w1m&CdUr4FuEoQSIW~5A(ePMV4lmvN(!Vaji9Yu2v%OoNZ{2c45Wria$
z<G=NlA4T4vN}>nMa#1{CKLPiFKR=OKz;1wm$iDx%zIm<<>831#$pZ*HK#?^C&7cUz
ze;JZ5mc%Ry4^Tc1d&>(eC@7<ZfhZ5~^UL!i!Y?B2lDtH!02B8Ef+qHVd+a`dfBlvj
zM273qxc=O|FZ1KFJDs_M>u~aCS0V&I+<Wm$9HSV*-G(nxjn1Zh%Ryf@!%xe36xL7#
zp;=C6)*oqUSW!1lV*A-#8XjhLP)t9543!UbZuhrTKUIq;ad&zybFY<ne7!#j{Nm3?
z^{(lQ7419_QsHDkLax~=u(su++WNNG$n}xUAyk~pnow!R*reNrML;fvV-xQFhGjli
z!n&``=K|N$Y7;)wXbSh763$I7wUfPQ89zBcFMszmOIjq8DtjQZ*%NB(@S}o7%t}4C
z37aWz=ZH|g*j0Ccc~{CSnVGAge;_%G_Oy_i_F2@jDf=}vr^#c3{RY<R!yzdDY;s6y
zXSpqWd~f=-uq@Qg?zAN(mE6?^v|Fp&Vut@Lhh1mGkTxOfqhaW9MrF%&qJ_LvyK16#
z=+unaly1({iLtEZVMEVfQ$PUfj`~IUn+%SVP6seAs|D|5V;E0FME@Kwk3#b$&_1=Q
zEOi$qUesmRt)@6mq782_<Mt7BkxZ@*`p?T5gpm)evN>px6L2uS#i(P5dWcJ>;o)p9
zcz3E~C^$IbgYo3P+<Bl1DKGt{Ds@VoPIf^dq1mFb`AffM&j>WC07Bn4WcQnWg`wqI
z-O$KLSS@Xt9yVlT<T9nwn6IrE5*0bkmdCC1n%^wH!n?mdUXH{O3nAG&cp4(rIg-Hh
zY*9gh?~U@sSRaYC+EuS+Df{>QELEu<jCgz@J)09@$pa?U>*fFcVOa>l-lN}@A{!=u
z1)1&(wuDGn;*G4{+N?*-6C+O9)^&UoISgt$RI?Eu1ED|B%jfZG@)p1v2)UzRRAgMg
z=!8HLcz*a9?sYIh3jbcG5i(lWvBGO(RV9#kV5LpC^<`52aiVrxy&}n&RhjcepG>w|
z%|95QYn!oonR}(3SArZZ`Sn5UTrPxEiq7@+L_HdkkSC(JYilT3d-@wYS#yt-0A(9+
z%Tu=|C`tMGoU?lhZRoHe=nlU8<jG;$fsJmP--gnco!+0vfGEVQ?PAT_FY~uO_VW&7
z%Dlm3Z_oNpUBb6kU&2j3T(IQ;os7}*NX%=)>;9D8`nj%0{2<fgIgJne7g{(P1-#h8
zLc_74<oKA;_i|^;o$M`Pod7yrf8F;NH@uNcJuQ!fj9kT_fYUt*dS+6w7-0zy1xd?m
z1E;-VcpB|?G(db)s_sN$7L_o6oAGdeEHRDQ6yclA`qO%yY+b$zSXPAm(YfQ}y%4mA
zlHL7{;8i>+yNppl_+TTLBZ=L8FE9!5`}Xg1cps&1`?t1-lJ}>b0kH4CB;^7S8ybP8
z#oJz!{Vpw|w}0;yzRTwTZqu>>ZfC&hrzFJ@TdKHqq4*iV>k9qO;;=tm=g4~YjD8@+
z!StWcH9UQ3L#G4D)o70E@d9s~$s7;VY(;W7K@0f!6>usRi-aGW8@txd>%oQUIjP-G
zNbl?h3tp*Qte)2?o=b&VaIrz^;H6_Za?Dz3Z$9z>wq|(#W9*pT@&zR`HS5yTYg*E#
z!%Z{~YBC6;Oj%+eQ(`c=%d@HHb-8Bf(X5&VG9G;Ei%fHRFIOtv&VIx}oBLZ@yY15k
zRMAA5f|M=^%9GTjMa55z!4402C+!{y^y&{i1{a8!@5iRmZfzZfnrq)yY5MNKVeK~p
zka#Ky#F8hnIGEqw-u^_h*L!>kG0V2x_~mHKC8G!cL4#68lkHyr(PV1OhPg{UH8rf7
zSyS@y-QXdGdPhmYc)YsFaG)M|Y51}PGUt}L#G=p%nE*ec?FFcPT2+EBm-Fw|>+iQl
zRcC~sOxmrJnmga`(a&>U?}qW!3a|)J%9Heb!G1!EEZ1nC>*kX!@k0fJ+qIB@w9FYQ
z@JPUb1o$PA#C7ol8%<{-J_ghhpWPg|X+A$RBvUTs<tL;s?z3hU7KgP7_P%}!1uATn
z8|Zv&FuNB>N)2{HLFL!ce^5O*X(9t_9!u1RL>LJ0BiT`cMJ!Z@wx-Z5fBQzL&OnIE
ziyO1nL}pCTa4-@2JJBb^ws83C>rKu^n#u;tZ64Dk$s!+CghvyhI3mrbRP~93PQt?d
z=%UM??(tI)ipNxhdsRH}VDQSLh=`zyumG3uIjgk{X9(YkQ1n%6i2@!jjBf8{Oc;Jv
zv$!$;u3A2!rmle5@W|s<*Di7$16xIo&}xDlB^PrkX69xI8Wr<PPz6V+rv?$EJcIEa
z=UM;TzhX^sfjSZr7#_5Lm6368iU@u4DSsw=v`J~o{r=<_MGE}@Q^PoPkGm53GX68G
z1>CcI@gylXbA6j8X3$KCIdn|09}>*S31a4A$mDHj<#(~WKuGo;bJVGiE>4Md>tYHC
z#MDeMU;&~<l3tTS@{Csg@+Ir|Oq!*J1Y59glO}{Tj~}mcjc%(#nG75@*iWvdFLC)S
z%nEAMFs13y+d`1_xj&WUYPIyK=*%Gn{N6Q<@_4(2KH^+>DRK#@W}SW|rK6NZ$O3i%
z2@EjIHn<Q!)DY~_&YaeNs))#ukObrZze)5((DX$*J&w`SMOaL9S6@wy<N{6MKNIh@
zM{*;E9;(ds^+%c1m;vTaM`|)g#jl&c{qZ0^`vQM;QkqL@`@=yz_xhNa-)kE&m)ODh
zlHg~R?%|K6V|9X*N;P|yHy0Le$<+F<1Rf7?EnctibXJ>2&00+0z*1mLB@<A-v5HrZ
zcO%)5u68fKsj_~!uPV~?v7DBxT^XY}-7gu@Z~X}KPJP_nDGY_)w4~cMyJxJ;90Ugz
z6Wb0ZL%Y0Kk9<3ru=Kv&ey|4EB)&H9XbffyI9|8bozs!w;eBD!$9u{3V)}imAT!?c
zeAm1l64M0i{E)~zwcE>89Py3FcC>0USEE>iW{tcGj|0dA4ydUv7ri}=raLb?LJ%Ah
zE0F#HH9Bc47BCgB3&J5z!_zOD)SlO475OU|O{{(6#d4VhgbN=~JQWXu7c|3{*OOOB
zZ=HrHqP7IVM<cV>Ck{<7gPQ78Xkd6~z{F_N@$yMFpI<i9IB?D97|!^Wg~6t**ZnGA
zABi2OvM8?{$oIc0qP5cN^e*^)MR<&_|0WdAXo<lIKPv>d3KLY|w)drMp^<I96Lx2{
z&$s@gai`6ZSo}DOUa?%2kOlgUiWgZ(eTGkyq1D*&k0lm&IU2sdy%%<Fp;bWjr8Orc
zD}7!0UXav=SoL?-*Y_}!(@o7)%$|$v{2Ln5^f}Yv-KmMNBxO~R_*uko$zdX;mr`b5
z&G59QtY2`51*Az??t`-@hB|EFups5of7TN&zyClVzS;3etUVmHdKhRbTC(iPy4b^b
zYd>av_>s?hD?yCbZ2nyOFfx!FQ_c!vXZ%Q)97As)L3shLE3~rsxt&0Z3$P*k$vdcN
zt$FaZ)Rq@PAsH&|LAjyeqve_hlE@(mL(K;hBa$X`fipdAg)~SOcNCDZx?f1Exa&bu
zFSQB|VCcOzx22k>*K`tNJkX*;=1=sdi#Jp<84sd$XY$`PHGYlZmR>EsAV0k>SX_An
z^DZ)!s1rpT($yq?w)i4=(4G)T#TG77sDP6TA&DD94a$4#mhoxaggtZL#6PgHu<!q9
z>KdNWKS_VH>iJEZGvTPzZW}I-wfeo=aap)E5<)sK1|+$XyAgo|EyVNGn`hk3HiLz+
zTP9-&j@x;PXxaM|p)d>77cwDGPV&*$;I334BMrXmBm4)~jlj=y`hG*4WHW<iL{V0P
z>an`@aT{OFWU2#ojWMnFI}_>a_3rxpo5N8;$Kymja@D!QB!S`ClSC{Uk%u9iMnwhR
z9yfeLM8R46Aq&<#_#Ry3L}Dq7fmqG2FTGeN=T||y&<dkF2l&i)FSLu0(kCz~-a|7O
zV&|Zy#Awz!7PSzMh?a<vsIN5G4TD)v+f`pY4=2LXNG?PS$9%S&s^;!hf@A8(f6&jD
zNZ>XWPa}}CwI5>zW)&`uDDe3z)?(U5NsH$8xas{0l)qbVmV-A544}jISxK06cUex<
zfC4vMcUyM@3`|)8|IvH##3QxE1)C3L#V7!OVSJMkjp^yAt^vU~YVxJu-u=m0X1RG<
z&`@j6lqu;n?V)N;lPA`c%dI8gL7P(j_Wx<;EWe_RqBSleNDd(#GlUG?B}(WFJpv<w
zGzik+5K0Usp_DKJ(%sT1T|-MtgCHFPA|N%ukaxWGH{1{R>$}!@*Zc0Z&tCg^e&=kv
z2N3^b<RG?(H9oyyBm+sMk{MS3&-EdvE7N11J;V^1=*Ty`h5formNO99hH`KUqJ$bf
z^4zlmQd1mGZsTfwJ4MXC&tjeWQ!R-h+8L9FwC8Hi_gn?_)bBM1>@a~7>t7>NJ^@9F
zWSy$sLebwg+IPL#=-<1}QMFG~w2Vo{T^gkq4QFmnm+Nm|n$$sZSfmfOR-oxiEzEW=
z%HcMNu@dZy!Hh<4#AM1gFF#-txde9YefjFH#aRA)pw!1oqV)Xg8B?#Mp4jZBN)eP2
z1K<t{tE<~3D}#kSJ{AJ73$bt9hl>h#Ko7(34JM8*=_=F8xDgr5nGR$<@={U?&6Ep?
zzaRK#-Y8!q32<FmKPi)q;eQr<GSRSXdFC(hD6A{+GRFUTk)gguC|AGl(=vV`D0X|M
zIPb)tNy$kjCjFs}))2<WX=x#}WKqAi^&Sy==w9W9O4hsUv$_NOazKYy$g@im5Q|MR
z`K{f7x9v64U|24X+D+%Lqo=+iHJ!XSWb1t43WPT*Cm(0`lhLOwb|KIiT*lYs(Z9y?
zW7~Q9n%AVai<t<D?$ZHn%pvih-W)iVh17F6<dG%Q#=#q}MjWNI(m7MDef7&G3g)3|
z{q(z=1y{(m<w{9?bJJK(gOJ!Mh58pmX}1F_&fQIO-7t*BCREYAG0@j6)U;%bb%?Hy
z22KKBI~XfD((KHI+5OJMz^$g*2}Y`lQQ?r(8i(4QYGtsktm8}m-0|WF_$1EizGJ{y
zY{^AoCAzy%RMEg8hVF|lJwoK{xup%CU)*wZR$IMG^q_U5qwr_v1!9*#NlIhWYlD$J
z>sEJagovp!rrdn`^%K7=s0sc9=IHzaCREqmWK#@@mnfdZ&ea}#Qg_e{JL;;iFU+`m
z^C*1#-fF!SvhDjzzcJVR65SO9*(&BL%^0a163e9LQN{4Lb<1pMRteVsI~Io!h2+sj
zcT97`VnkGvlA0Y=mJrtf?&*M%9`<rY<idskNj_c^#K7rF^jQ%%wG=gK9izNsRNM#Q
z0aB8-KXQp-3{~e)ZG@z7(TMUa03pbZ*C%fAi|apebW~fI`>&>!pZvr=&yL$r5BZB$
zYxn)jdYH*0UZnCo-KbR{k<Z0b`AFkA#ap|aFZ-@qGX9vM0k#B5wiLJ&vl2}L@_2GP
z<7Xgi8(YvYcN@Ik$k?Y_7CPo~^ul{=CkDvy*8gr;Kw2K}v)Ju!@D~RMa1h~$y|_<<
zmvFLegS>QHPTHknz%hxSz2~c?k@%@AWOp3gnTjoHp!I@}*S0Ll4*at?<yubShHZ`(
z)T(`stxc8w>byOI)NPj8o1=89cadB#P+ncme#IA8N>Z`Z9F&_^c2DrC5yQZi&M1Z^
z16VxzLa*bZK)5^DTHM2`Rf;NqqPoOau37)Ra#!nW&dyDz9K>5IQ9C<7*M-kdY4!ik
zPcAxOf#%vmM)MSv?CGE!lGS89k9F@8;;t~Y(N?Xml9o+dKF@GqpVsYn8yr2#!TyZ+
z-B%t_MQXn({m1^@!Q}X<Low%QJs)tqrUB@z!FOrg5+l2LQ(QV-@lX7|1qFtNf1(y1
zp7@<L-&je^$4N)r&<-=WA#W<%x8yqUr$H!>(=vsnuixY?b#M>hW07^eGfvveAOer{
zmicfMzE#*JB$;E%TondCda1$Z%`8AjqX^h}>Ew1=L89PKw#y(CtRx)mDrSL%X+UB_
zh8#qlXM>&Bl|rFR{<c2+JB#<MN^A;8+u9zAsx4SyrFKQ5`6G^UHp>+Gy{6~SlKR3*
zVF3L_q$jLQ&Vg%gu(?9DoU69>TN2^m%6jxY%^$+mtS7BrB*0nu{SjQ?=z0?I7u5iP
z7jI>SZ(JTU1BGp+#@6v!T0%ohb4Qo|wl<W{I}$DE<93|O@1)?2drc?fcTU>oxNS5i
zt*Db?Brh+v-_2}2l&T*e9Y7rsQ6t|@_|Av#*VlW-+G#o8rpK4jyBB};9vZk=%!Tcf
zee+3HS1Y&7;>*A*j+Zl`2bwQX`|WRn*hJqiNono6D^_lvD)~Lt>Nxr(+-3yIyhsa3
zYXY>LKBi1&taIu4_^?(lg<IHXU1UY);&BO=)1JKXl{bHpeMVDBMKiBXcLpp;&loj-
z^;baT^-|2Q%`AX&;`+!Og$j7iZro;9)jLt7ytH$VKfcQSu~LEzXkKo@{RG0ee#L_r
z@_yL!<AOf`v7jqDU6B|H5tTo_kQV~Sbyl0Q4P`lK^EpSLuAPsZxKj(5=JT3QFp9`+
zsWM#e*$0G()1Y@zWQKT7frF}DM-HwgE9bco);fhCGh@__<4q7jAhzdYYny$4t1{E&
z;hCdbRwX${sJzv-C1j9)OYeZaDx}olds|uKA?AvXS5Yh$y*7i&J8U>iZOEHaLxh+T
z1x-f2o1iAUd4b4YXu*|$f>CT8>zW%=sCt2Hb-&PD%{Bu2<1Ry<9}`o7fiI0K^;76p
zJRU2e{dI&T_n-EaeJHFK^^jA@oK&Do{IjXXFx1;wuQk!y^!h5*nB={=#g*gi_w@&L
z-|o}xp#$u7Bnetbb*W^v)7vMv^%Lr!E_zJZ{UvB+%Bj&fEE?ybh7PhM2H6FlgXEq7
zwW7Y{Y9t8Qv&vv8oI+Q3&fg|alzn|-XBrBb$+L(LK~;3oR9I&O*_ge^iS(i`f9P>C
z^1VtQw9K&UvAi5#E%v>RDGb@O?c@t8+(`~cZTpoaP+A;`2V8F66%IIvcN!Qh{Iy@^
zP4{Y>H?wwmmK<PF35r0-#7wR-kJ~=pVg!$T*@<Zui=_s{ya1K!9_mo5_mDiG%(1`d
zg?!FuKSm}mw2=O&5Wi~J@;R4Qgp9ci%5(|!*5LhQpI*<a7hP{haZ!D-OUG+;?k7S4
z0uD$g2@(a3`w8%4B_!=$Po#sfH&vgGjV8<D=x`QK=<S+KPNq|b4`B*6ww@y@Gdmb+
z&d@RuTUi(D_WgqTN4Zm?k_l`e*TP}vVzyWLKf*<yd2ER#G&cA$vgLa~j`16xt832+
zf*U7k_A_D}tGJvWcbVg?PGdEqERU*vqQ~gT0O{E6SAD@4<?uVCT;bUD;6&xqU($Wu
zyLW-dX<7*7Fn|5-vl(6op9O|D9hV_THD@a~861Zzc|8kC9tDK$T>Vp?wmWQ9j4B@V
zJrS(D&s_X?-ik5(QMidEy{OKyd-nP%|E~G<rakr<eSA2_Co&pWGDt@?5i|sv5M^Ut
zeJ#LCd7lBsj=bqs<5O&MV-=Ch1VCa>w}!t<LCcpaDwyrrjhEVc(-hS(**0+xGE?Xv
z9Yx5K+0#noVuJt0)<@KUfD1DX#4@69LMjmK8K1KCVMM71KL~D7-q1Ku=r>jbFbYg)
zxQ+PaB5qS6Fr7I4A#E{VZXynDC=yo8nkByaG&DGEDCDeLHbB+mW+rwoLOK>el+`S5
z|N9nOTL4AZHidyC9cAHkM+`aG>c$Hd?OpK6!K3`t09V5d@SMGBONC0^8&jRww!C;>
zl=c+nefDbP)&vFJpH26p|B;<RlcDdPQ<E)LiY@oKz4wI#0P**{nERL7tJ3NdGP_mL
zM+0H|e`d-T6Y>9t=AOGkKmPql{)Xyu_G^fyiE1c3xy+pF^-}J}N8j)U`bbvZ7$-$w
zuna;%NH+P^%!kAQ&9S%?pslpe@NyS)WTvuZGjC!*8cEyBAli9(;-WVf2d|plYFn?q
zU)(WE@;(NN-oe@9*67#0gtJpZfw;faF=k37jBC898C#d`jKaI8X3tD1n{#^tU2a&7
z6J)Rk8T`^TG}v1=$Fl%MpEqE3@bpdPqUK#Sytsv@NiYJ<--!gik^20HRIL<cF4{<T
zyO@Zeh=cCE<8-c;7b_iRT4taa64|Z7Hy#&#y<g>8E4sRJb@9{MHrKwQO9JS3OcHDl
zdcX0jQY48E@~qLzLJAzng8X?oZ17VZ@zafnlkVLHFtVXaVg#XxWz^f6G_o0Xx**mT
z!NCfIx!(ZDaV3WN->8PJ>0y2DP$~%DoBMHIW()obM)rCWfQx}EA3&<Vm=^uG5oik*
zQ~6-ucKAm^Qw}7E%sK|iPETmjxl6JJdx9EJ5HIw}2H#B7J)WyS$YIdgQBo__vHBx=
z7~FpJ_?;GqF4p3!suqPv!Y@%%Hap+GD9fSV`aJ=k!LE)z7D&QZUkn>j>*{0z(|kCb
zuT|MTQ^T&76I9~cAW|7{t&)C<n+%xZ_+`^&8?w_rv8nHqMHohDgW2UXEvkrHv-32y
zxpD<xWlpXmO)9H563kpZOt5VNS4&a%K<FfyJpm(h@A!LJ8ZxL);}5gdDLW(3pwuv&
z>6izzF9kCz=Fwu6dUeJ|<(bl&mvwM4{wO=kz1aV}i-R6vR#>i|zUi4<Y5kMkOIOUb
z=KOvErMu2Ha8nn0BiBPgbdj}HeZ#ThLUyn#olP+QGS~ihSa2Un<Lv8-($3q)Ru42`
zl>L+%DLH&o6$*1hNJn5(;Pg`=o-CF`PQsLi69rep#uJP?Oo`5)3aFn5aPATN(biDF
z(!g-|q|(ecR?bda|3qHihM0ooBk_`7X(mq42lH`cp`JFsuR1w8b<iZLn)OJwcnMn-
zh<PKlI}6qM-XxQDDJkITGe>naSJT;F0Q;O?ZpRlFf-2Dyi1ITIyz^mFV)(uxvTMB{
zVh#F(<;0>);Y!x{>ipQZR94n3^-aTme_*Ok6y8zU2bodK?3qtQW#P8%u|Al{sBDgX
zwtodFHrDf)io7xJ<*Ox{SCRCPvuIWU6!)7N>5>~nIOhnyR6LA**k~n(X+1!urwLOI
ztZLkU53gd~0$RV#4I4e$l!nnRpa?dLc<PsT`#O6nHJ+P2Z8l$QC7*D-^QFbhYv;)|
z8GTKSO`2T1f{W+UH#51*afBZ*G<WAw#@OLzQ5whEAwkYe|D_{2B$h`9*y43aVfxK>
zLhp$9$5*sU*<P5X63^d>Mxmy>lD>;m>MetzeWPmW9Cd&q#xSLKLUEP?cNU>TaU|i}
z>tXHAv#EDCR@T?NiipI-Mp+?7LeFW@gnV?eEhUi=h#wuezP!D<OHRzJEhRX6+v8EP
zIY}bWB)A?^7sV3~|A2Qha?UjyIbMq1Ne_mLd1EjM>5DQL-?FQ|;}7vN{>aIzLqWYf
zSxbOC#~(X=LqLW6<I_2hTfpn<RH2(+GADP-*w2GB)6~2@-%<HRf(HpaDkCuxY&v8)
zuACm79qS9vKrMzS+{?i<^;wTRi{}$mr9RC+XF5Z_=?t$KkEE!9BVCN%GvMtYddB_;
zhP$567bB0);?=YPJMu6u@hf@!El;<HwT=at6sg3Xp?Jc~p(7VO!x^q=2|ed-!+c>l
zxp_!9*f-ae-a^A?uRYC9zxX>h%97p4%bDk{Bc@|IluPa`c?O2^a{5IK^*!NY0<ER>
z$BVyO$wJ01R5~j*<qvAwym)B;+c&w%SF;Q`b?OqXlJT?}q85V6oz8b$AKDIjB4US0
zw_Z39m9O@7#0fhPzhWP@z7Kw2>`(jLE0+FFrtH6_R<qV6Os0C1W&af~Tvj{tF)rrs
zmyKIMA;ef3dM~+e9-0&2aUCf-@#|bhjApEBOo`EIru$$n2<}{%TJJ}sw=>ONU|a__
z7-FXO+>rRrAXpaF+XTiZA1y3iRS{}Ml>zFg$n%*qQ<6@YICW4}RT`7}*rFM8aG;C*
zGGDL6g2Fv3n6>CSANdd;;S89}?vN5}E$~>LWq*y*ZlHzn#fY5WGdSJVANh(|(52s|
zVfnJ8<PX5}TO<H5oE9|&C3Zku%ZIcVrY87e!J@gG$+`u(an<xW>YJ+&pax3t@{C}I
z)k@_Co$BP`IlS;$TR_;j5{*2;Q!sJ#M<q*JwmxSqzU039^dS9N-dOo{>0^1LmVHi3
zHXuCkVzT7@CvR;XfA>-?kphLm>`VmVA^$=1x4BXJ3(P^+Pun$kwYsqIpZ(e{@3-#J
zhRQ+Yvw4_lbTb@`VAk@S{aUc~beeT1KA6zAmu=w<#V|ZM@d+T7NFzEzf9kuoR`|7?
zG2Zy;*QZvG{@1H5gBE^R|6YM^(stAT6rcQuS_^an*F`PN?^UbvHM~nwoEu7UdcYWZ
zG;BxkpgasuX{E4cdiX*FPJmnI6SRr$Qi+3{g%gg123ur=rR`u%<W6AiJoyD0pWYg}
zZXj^U96eAK*sV)tQhPa8A-!nc#MK|#smog=8&@!7`*2ba-L5v=R*fuw2vSM1xm|E^
zzASHUbp}o<HFu6zplkYOsuC4+I_mvdsMyZIz{&qdVgHW%uR}H}bO$Ch_zjpIR8C-f
z^WW6hR_@Iwc40Y}`NoM)NxBinDo+=MaO!S~A>4e&@|}6y@N&4cO9V7<5AS03Sty&$
zHy}*wCI@i?nbNY@S>n^7#+sdrXDdJbJh|oVRdXTNk=uQTpTgmjsnqYt>qDgEjso$$
z?opG5DYd!_$pfk!j&+=H{IHOq=Ps}mR55CDbQs{jk3aP2mKtrmxNcO(#?A;N`TNe%
zk+fYGbMl^iu95n#J$F_BJgI=9C|;BA%v|wj$?&`qyy1n5c1b%SyC_weccl{ETvHAi
zQ{wnXj9)i4j=h&L@ysTeXg0<g?ygiTC63bt_7%sg|2Wv#Ua^hE+mAw-A+~&T6P)(A
z@SWc<5nIQ0Aa6a2)ro_*E;VN~t1Bz#LnwFPhvWFiSP8TQ|3=8{^eAbyTM9|hot$Mm
zULp{BL_VL}%ExiR*n4xN(&nxi`gYqn_MqiNcZ;yWCu3;s87f!&?Tqzq_<<`I2`Lex
z9+EuvT1LRv$m^``&#K7o5Vg~Vpke*LYI%aMmdkx459o77gTT*q&c?wi0Tb)cLhn}_
z!)v|AtI8G&eq?zh?B@E}x;(oSRA3r|lfAL)Jqy@n%z?7OazCY?hze<{oE!G=c9y<-
zYTuoE5#7X!LW6C%KYb>3LJh)2FDgdEm94P(pXL9;4v;*zdRWkfM(OihrJp4OE64h>
zEp?!p`tObp<50~Oq-W@9lGlogEZRlC4RL8Tp|-mpQFLXRLR0-cy<H3JEvR6-uZ5z9
z;eT|r%c8N_bbaa}Qhix@x4eD2Wa~x!6fQr-+cE|B9|mU_3l|lTUpb??<<SxuRO6%d
zG%fQjwVq~Z4^k)X^3K;>bO%KE_Q>yTg2a>dF&bA*$jVkW><Z7b{tIi_;i1<1YV4O9
zwf~}AkEyE&|8cxqP4c?`^Tbu=PAL3=2};xVf0sSt;0WymWDjx^{r`*pGbsNjV{}bb
ZPspFK6KxlSpA~mYLq%J;0`fBWKL8f{1ug&p

diff --git a/release-notes/telepresence-2.5.0-pro-daemon.png b/release-notes/telepresence-2.5.0-pro-daemon.png
new file mode 100644
index 0000000000000000000000000000000000000000..5b82fc7691708af0d08b30c82bae25919128ba39
GIT binary patch
literal 13623
zcmdUWWmH_@l3>%gySoN=cXxsWcPF^J2X}V}1c%@R2=4CgF2UV(JMX=jc{^wJoIU$*
z`$u=(lFzEnS9Uu>>9Z6f93C7106>(H7FPiPz(63N9tH^dKH^c+2O&f(#l)0k#KcIH
zob1glZOi}w>I4%*Lo{i6>LDW|L&KqQIvO}9ca`w)Xca^Mfv!H1uCDQ}!Mv<=UEM7l
zlr3=89zcO|cat?jG|6)v<50z~%m84&^hMBBx0G+wfE<-kxfGZ#O<Di2@G~;XCrWIL
z6lP{-D!}r{J|!fH8+<&23WN(rya0IL=dhZ^fF&7}d$5|!coGYe7r1za`0Rvqps5g8
zooixz-)zE?lD9|z`O*;o(9&E&z!w>4$}&t!k`<oLygF(&fdcVvR2<PVxbL3BUc7LU
zP?C}e2zi&GrSCrA1hLV^1TeL8ga`;!<HFrpFtw-d2ngO-EX<efV&P@S;7?7sI7mg9
z6j+o!gk6s@Mcm^{Fg*tw6J1@rXCEJv+Xx7!nFt8})gK=p-Y*{?{%I`C%$vrB+?R*|
zfhzry2Ukyj(3$F*Y08)@C;(_dFbn_!3<>}ag1`Wv^9Dov7YtGX81;YQ!z=+1|KI@t
z1VO(505A{u9~dw|9{7L2fcn2gnof*B5KE(_s-}ykf;_K@y)C1WslBloqlc}-Uj_ib
z2QLV;HFGf{@vybAbLRCBAo~XgF9`mNW+Ef`2aAif0GXzO5{a0-lNkvoBQqm2nIIeq
z2?@WGsX4ETxa7aYK~Dl?UtL@rc$t{o-Q5}8*%<AeESOk$czBqYS(#W_89*Ei&YpHI
zMji}y&gB0b<Uhs{H*+>|vUG5<w6`PqJFbzjy{n4=8QI^7{`2$Cb-GxZ|JO`*&i~pL
zXoF0DDNHPk%uN52n3;#=|3U08<)32z*w;U&<NrGtub929gOi!FGiX_YEd2kN;D5vY
z*Yf_!uVUtGZ{zxR7ixBvE`qH868UfF|1PEIWN8LEmcL^EIm^G}{yV?YS9=$Gkcylv
zO=Rp`%$z_={Fn59O!$B1__wkC?weQ1(!<O~Q{2+l%<dn%WaZ%GXZjy0|D&YVe@U`%
z@%+2wzft}r$<Opxv;U^)f11%hupm1UgyU!WPn#5k6N8us87gy_jJSxZ2iTb&v@V7e
zb|+u#Mpgi#a!@xTCw=WhsH6$~QY#f+(pNMc1gkk8t5d24(DS{%ac?MM>o+LzBf?mx
z%QyEwcJ|E!H11u)rx)Dj7MpDuPm|tk_U88ou$^awjCt4+dB4a=Xe%*G?uucUVU!^A
zoRrE@^Wc=qvvSqH(*jZgRbl{Y0V?aSzphomN)eK+AWDJB#|I@TlO+Jc&YFU7B?wte
zpt0EELcgBw&jblIA?LU{^Tq|LAx27tXHM1=38jM|{KO@9o=`@>z9Q<>w*WBAu6~6z
zyZFku>U|E8YsdQF#cyNcffy2wH7r-RoYh*x$0vSfM9>!5%b95S67#}x_|sBQ;$2E`
zQ#C2Bo3OFa!Hz#6?457Yg!D;bunRX?<Te?@&kp`PikUnJ{6w?UmmXD=xS$3~1O|v;
z<hdf_Zwjgh_FO876sO7xvmn8ui3T4Pgtaa&!A=s(&Wp+uD?=az3U|oV=(7rMA|HK>
zAIG>I{kaC>h9^M4HcR8>!C)W)z0?6qZ#6y(+7jIp)9pYKNi+&^r}Zz&vXR2us8jVo
z!v*+OgTanm11|~@QHnoOez)7Sf(HhWEh|fwHjr}GKiZR?OGJMdUYeGe6CT!RQL{{2
z#6@8$Ry-Llj4~;^9G?8)`X*-3j#_AOxyy%irc+$^N$4P)#Hh&L4Eq7&%(}pgF7uhQ
z{<hrc`}a(2ADXlC`RF!&!K{3k)g@NZjLdxYc8%PIv?kA1!A58<igHFbSHiE@gc(Vh
zW0$oJ*skXm_7^sFW-_|P;_5|$<b)w)-Km?ql@%d`9W_6d=IL3~@mzS%o_giyo}b>v
zs)Ejfm`W@Pv3VelPpo`upH%@B4<`Ld=x{RH&l{NdklmzK%ER(<8j(_>6wv4l_1o9_
z#k=5ol!<K??v$UasKAnPM!ky&Hc|`wMy8s?O1R0RQtFLehKB}39?Pmjp4@(*)w(k{
zPb!Wpp2>;$xEe%(C1v*+2bMJt1uxSZG2UKnxYEbgHQ+zU;mTPnPnBUX5l2l6wN`yc
zMZc%NdB2O^Fd@uxtrKu2$)NbLc@Y&LhzV%b)4cd2>tNOUSz!h_6F%z!u7V!dm`?7)
z$oFh*gapSpbz^x_ISPpIv_Z)u(sEjI7|mWhdBU;QQPg?XPfjx&(Hx(3e8)iRnKdYW
zz~7dV&|^h*-`M-zG*Tg0%{n8jbF9TV1vdomR}Cu%W`|#bT6Kh(tgPKs#;*$b(5!}-
zQc1DVy6?uJ*Rqm~KSzQqH8^g9HIH&ej}Grn{LPQl)(LL)o>xVDoa=6M1^PJfG?!Mg
z_&XRpuQVGk)rMCq%zdN!JZO%#M5<lX%FScx^#x52+uO!tZ9dmIvmPxe*5bz1PK<oM
z<)=U|x3i>Nd9dh7YDJs=F=x<}T)EK&go{tj#7E6kTOO2;s6Va@DRNk|(detrAS55o
z>kR>t`qBdKy=qq_JPKYETYSDG#96_Jao6h2%urh57A_|c$g5h)M7I|V4Ug|_wV0B<
zh4Xi?JuN)BgfsDuG7a+0-`5AgELfV)x1^1a9I;FVE(q9Kbu=W)-c;Di=h0%N!Y)n}
z&)XSqZ(B0TOr{*{sh3)vYt7r7)Ol#G?gI4`6d;Wh>%3xIZp$p1Z9Vx%7i!(mf0lIP
zy6R{)9GbU2zPKAw(#0jgdfhpFFGfFTkqkBa)Gs#()pD+rgyO=8*#1(QQB|9;9O0-^
z!g|dp;NP#y-$!#bb7~_=5O?+&3g=8nLt2Qe-8ySfLS{EVL$9ZK*DSOsCrH|cN;Wdd
zmT;hbyzFrNYe8z1wEq(=LX8r5Ik->7Z5hC0Ht_V0EGT_y@zqAPw=(p;QfX9*hG=;B
z1Wop8Z=pBIvZoZLzmbKv{<6kKT>X-@a&yM&&-J6uN3qEQx3AhV6`{@NGZTcMvFJ6m
zdSh|2?o(H@pIpC!fh02v`oH&HzNSy~cDP?#egzY;pBup=Jj-UWN7Z_h9SFx|{B%#D
zqYZb`^lPJm?ERqMWz4|~$=RXW@cH6uZbc!z*7^^v`R|jtNkM-0m$+q?cte~+LXa7O
zY2Vi<geNd&pdmiJ8z&b;h0#!_Fj{aWB~vVG;~v2!!<5h0df;VGDzUR+BfT&1+$-GQ
zIoCbTQIr+@gtd|yprb_ky<h16GQ+)w^g57n3?QZiSx9a*X%8$*^r1;+=}4Q8nIxCK
zVDc6pjUX2-EB=jy=sguX{0?Ob9GQWI*6I+#)e<#L2DfDJ!Q3r+M8Bw_J)5)Kw0qQg
zf^1*DN^!-~M#Auk1WYg1mz%pA6IjJ}_q$N6-#HyC;F||nqI5c_rd2*>v!A-rW?F@i
z6CPbv>(!GosqacD=qPeYVSA;2>h|u8(DWbVH8(r#v13D9Tt(t42eVN#RES#+H@8Up
zUz*jyph~$0#5IC00Q=@`0pdDvLp$64Nl6ZZH`;6#-E^v7d#OPL5LAZwvhv0?hGfG-
zm9ull_eCx<W}H^G>ql~}LO>H~4J$K~M3h0z^98s3OA9TEl$8m!Qe!9+D=;sYJqpZ@
zFK9)%bLJKB)_kE1RNy!kJH~}HGHd*~KVrPof_}BC(^3gB4>NzNb&RJeFIJmaa-Xs4
zpz0E~g>4t)2qH?v1v-IzY39MsA)~$k8x^U#G5{JoDP7teLDf6vr5{rd{MoPh7Jex}
z9@_7NRNJ;(1+&aA=BbyYi|_k)V1~fR&@aka4yzU-TLA|a2O7ao{@KLuTP&nvPR!HE
z5Z|2kswu`kp!`o%t24~-{j(;eR;1d8Lyg<KGE)*#SIzQ#wG?NOd{3vGg<5j#=he^^
z8Q&e5*}Si=8it04D;LMCmQ*cj%i?R!IH!p6H;X#o7U9=UHETaBhL|x`siv^loa=pl
zxMX*AL;rJd;EHRw$k2uKb`|xKXywZAs;#4O$6~*qJ6ZR~$>)Z4bWT3pm4Pvo_^~im
z;_+t8#jPqX&}>XTO;+$AEw1o)3i_hq!SmQuAe!-3B*K@t^n!Yrq8&M*ZDc~>!unPm
zh*ttR3(Z_|z=p#B-*=DE7~!MY)|*{hXpZh<^r_MDpJblLw3{fU8D@}FnTaGsSo|&W
zow1zYowYsJa+m$Ly{l-bas3&0H^wi~uCI2rI<ntxa}^>;n{Zks9!`#YhXWg6&%9Re
z2)5%>=>>lA&@iOnqIca#vBYk^P9i3m*ZAIK9@#MwD&Vuu1D~0#53_c?lPXW;p%fkK
zYB2i6O)oTYk-wSnCF-pyc*i-*D<<gkWh``5;}QP$*PCHb*KQA_EJi8cuTY=dnO4X^
zYE8jR%CK7$K?=U^2OrKfF#fr~JQ(~q<9K(0YCM<8LZOnvW}FAUmY$cIcPkF}1Z`q8
zeYv-RY@j^Aesw}=*1-zDFL{W)XlL+Z@{>d?hQ2YAN5&E@`uwYz`ab5Sr1d5Yxh;4S
zpjD!L0DK3&dCbC=Tv|@8F`i^ic3A{@d@MNQ^qD3y*pm9$vIvo8Osk#+Oxe6RzKY7W
zvK6uR!}V3Ch`{ztyq+sHq~S)TqqJO_9Qg+T{ZF&8jNzhH$Q`A>^v6l$Uk~ef|FUt_
zkPC6)aebp08~HiXJeA}T+silV^(L4IC^bnEr5ANwwEu}kShL=yL(04^;?BD;K1np(
z2-1l9OJ={Z6fmk@QH(;RKQfI!=CzaF_OpJ~fJ{<$^7~?RfS>}&-Zz7$tvA26?J<8s
zm@Hk>TsdbJh!n_!+&?@_YtNtIV>*bBB%YP2FQ0@7yS9Yyx01_439F>s=Ml1eSQRXv
z*x7YSfL`CBwq3DbTg+TqvXX?yjf;wB0&ryFmF{eD6=Z%5h>^KIm2QK1OS}|OA)*(_
zx#j)Ph!7K=gbR4yZqn<1nJFnw6Dz5ba}|LyrkI|M>k-tQAbEzw(!|Camxnv3=3($P
zMuA|@5Du{_zX?;R(G+wR^=#YrQH}2!k4Uis?4Qs&1n<{di1k!P9jCD-Cmx=t*ApZ~
z{^YPUjhidR?4ejZqQ$7;-4~94lN6rT%*4nuBwC>%neu?I)C)L++Z^#2M7M8#8+@bI
zH&jtJjK!R!0`k35`)xP6J4!qjcr@&cE`*>fK=MAFgnLYF6@&t8To(dgb&vFF$+|QE
z>|~aPF_bg(0#=EA9itl!)ZYoBX3A=VW@@RKsx7L1qZW-umf$UfMD9T74TQijGNodx
zrlA%<v!V$WUAA{A52g>`LV&pvCgpEG!YK*g6EAe3IJRw6>?8gGI?ewvk!XO`Xp4h$
zxg1}k6`D(TBvKjLG}wxPl%8yzP0tjh)`AfR!(dR<&lLyb7~++(%x0)mu`(ip&{`m3
z<(T^6ny#8%bK~J8^7NPo&LnG04Y7AdJH^eKlpr#Q8en2kdVQQzohZ!atg26WEu_Xj
zmG=}mLnDbWvso__Vv~-GJ48uLyyu>6Mg2IXq)aM|Ct-q4jUilgmXIg|HJ!jkuVJ17
zb1oAB>o7x2hf03^YCPIwQ_15ZZMxA~N?myE;7)G2Or$5-J6-=%(20tk5EoY(EtcH*
zr!I!5XlE1>7<<@pjXZ>YG2pl`m&QQw$M&#d$7BA_A?Uq6I`*tgjW5?QTSE($!{pNb
z^7NiGypuU^Kd6Ght?x;?VzZ=&5G&+yCOyf6R7mG<iDfZv7f@j0jWQetw#J6R@D;UV
zJcp<Qbg5tvXFZ3rk_hMbWp3cx`BRNlM43F>fA6p)j%+Y*dW@X(FMAjf1ryI~x|^Dz
zoN5un(KfM~5_I*Y6`EZdg?xVt<6#eCC_&ys{b35z6*!NJR=g<@2Ixd&=1wv<sk2y3
zK!r>drB6eHY?q%}hH0J}{XP;Q!+{|aS*3lEhTa)$lVU~)hCg|N8LlrbAtg1~C;I#n
zQzd#Ghy(y@VjV-ihefnA(}NL7Cd5@8fac*yimt{V6KIcw04r`zKt1xk9tN{yZM>UK
zrc&^ss)sbr!Yo_*2se_*l}R@^#MQp_Qlh?27=}dG12Xybqndj=dP+@r4?vK<v9LJ$
z993&=!ah6QIGO6}SH&QD2S6$Vm$}etJrcZvDs9lZ%qhTwzDAsezS99ANUr#|DIVE2
z+eiawAn7{Cgwln-GXEl)hCjfidmi&wzm3SQVXr$+qBMfZkozouF1y4<!&j};Hj}tg
z%Yg!evmF=nM@~paJQVoE9RLbolgGGLPeu(*!<XAMabOSW!87V=jh@xmVQRj~*O8Ie
z+n^ZYN&kQqXP+{wB?qu1;2e=$70ya=DawD+q9~wh8-Qf->@pvK$5Ie*9Sy;BPELAa
z-nU@%*-aWf4PcqwY%4un(sZ3sbc&Ayx9=WV$;5@`PDU}!KnV?IyHQ}>H<8eswg)Hg
za+8+_-!`U9Nzlwkktg7T8KOvskDAV=AY83NAY6&t?&74lQNUsSKv5(bCaO0@DB@Sj
zfB!>=Njo+l#ZY@{>EhyJWAn{wbFw<Zm|$p>?#lqIG!V|Sv!{Y&cw7=n+8o0C0ZbFa
z%;Bbax~3at>&H0UZ&BuDEMsq~Mo-OJDqa%v_u-JNaOqGALg#J_0=lAGKFT1>HV<6u
zG(Q#2&(J$N>A57cqrXv5B7z$^-Kxy885kUtzz;eLlSDrar3-JySLLL<w;{+3j7}-R
z`f1SNLr4ECzR=UwE6io4Y@F)d%75)Y@YV>UQi=kY^02Y7v9L@pET~7LYc5A2p!E#r
zcJ9!1om^fP7WSzVj>J6w$P9{VbXJ%<5GSVrQlbR*X%4r9C^BVxnOIn8)QWm8sD^CQ
z_6U=JVg)Z>O~Fz?$~)Rp<S%LBXh4foID2AAaj~JYj`?+cy>1=4JU5#)Uf+3%?+3Jr
z0(z=EM7Z?sB`XY%$$BrKN63h18Cn?P#z-nCQOi%8HZs5ug~VAeA6%0hbNE8*C=6>V
zitJLEJbuvby#}9KzM4t@cRj%Xq^4j^%;kK2cR^gs^Dn0&!ob|cW)n5lV4(xKzG%R8
z)G96Q8P4>xe;*8UlHt;GbZu|?+uCZLe98}4V#jgId1_!qd~XJfez1`~bV!%UCmhm)
z6dWhzXlfua7qBqRq9{iVprVuUIE%WqYv-fQ*PPKy1IPde;M}K>4AACdOKh1)2IyUE
z^ZJ+*2Q=@Y?#23jfe_S&(45VM;r}9KjustN$#`L_;;Twr508#+lo~OmO2LlFTykj+
z?^N%6Ggjz%sY5%dO3b57gaMX=Y6uyp^<h*=bT4%!Jvv10eKaP8PbzL;Ma7B=%LK1-
z0XL%$PtoT~>$Bw<Nq-z(k(Ie(IN41B53e$JI1@_YYYu?GNQ_1C#Foxg`D#qY%7K1?
z-AAa*gN=tou?uPG4q>SSF}*Gx+s=?(U++|?a==A-n-7Bl4}3ZRgfIna(#x`7(qjkT
z2=tZKg$(t^sDzXF=4XW2Hp0Z>s#$(Tkmv$kp6|K%kVCD)&%-djLWM##Bu9T(gA)Hb
z^!TVkut;HLvUtVoJS^gDu2Vlv!BI&2hyokJr@wTRVOM$4VQOHAQ~*9S4kUH-nzKZA
z1-4tK+h`d10dzbBY(h4%OfN=YzKF1pGr+w63q@Z=n!(}W)Z(N)L|BIxx%A|pU+ue7
z9nr*|8zI5z=(}8SD{3sP*R~FqZ;REvl@;{Xi&fhvIwgmLF>|T|DM>Lg9Mz9_K|g*N
z{h2g4-e{N0U}eOMI1I{{2)KQtPz*MMQyOA5Z2w3kNy!?Potb&4TB3$QQXb``Q#g?Q
z?j0Gt2vIh!P~qgnzGC?ChFxnp%lYNY>_`e7B^4Dhw*xinwcf*d4mXtq`cjK4HY*;N
zT`=QvQDI?NXvfId*i1<J%-_Ss5cY<yDDqi4Yx$()(ahIiR6=zGopkfJAhMJMRZ0IA
z=4<)qAX3@}o1L{5%kmz+-Fnf_+WG_*T~b?{)e@PA-|6i+28$tcWp&jE^=P|y5VV%_
z(^K7_3nh>HLNK4RxxbXDNbtkK!_(<36!^Whgts~Fy16yZ&DOuRdy{f<s{8pNj*sJN
zq#iDc5%I@H#u`)mo<zu}!$xGE`49ChHZgj=WpM?OlWlBGPZyN%x_m{n?K5hLBN7m~
zwwf2bx=+oa#>2Wl-tH~Azi*^w4nI;$L>(#t5bG+P-WfMVQAj=Hx;zzgs++RmVOSoK
zG@8hO$`|ZU{ED)&pJio_=gJ5Z{0a}(nr+{nUB|{1e*E&jKlQ&qmDnHAM<y0*aoS&5
zs_o4K7ZKsg74(fI7LcYu3#Lr0FdxSg@VaHErF~vta84N7TW@vW-cA4m^JQaYU8sDK
zqfJR=GB|&{Vl(7$Ff>R;wdn@4A?EkMz;LnN>6<<}s;i~r;lYKF?r_{qWi`{awY6=u
zS)MMED=AjM7xa6z8H`<zjg4*O<cyFRg9X2(9fmoS0fQi`TZ}3n2<=$V-(C=VNv+;5
z5D(h(&=XApii@{F3W&$ZnHd>r)fz*t<?l*8TwH86C>K0OM99dcR<wEDNe;%^UJcF7
zAvD5qt{hAn+@3BwQv=A@SZ6+cCIFZCHq_zsg!b(G_FTEQmt6Mc6Dcdj-ta_@cYcA1
zBP-e<R+CgLf&U9<x!LG}5-Ic1W+!sT<adFK19kJU^li;<UZ2Ol5cm&Kuqu7Tx`u|A
z<DV?%=EdF*@4gR=0@CnGDQj{<aE6D^pneAld^C7DZb%qg%hm9w=%?*1!;8JW@MbVl
zkd+|jN3`>NMOyS+U0qEw>RVsmJ(|T{Ugp`}wy&$JOJ&drQuPo4-(+E7iHM+qL1|3y
zK_V6mzufZ|@_$Ebg2!g;=6W<N4P0sS#*Wc~D<n=(EB9D$_s-1?4wb_LJ}U#-_Cp_h
zhL8d>8dC0MCEMW!k)4E1jLe1^ph<bszseq->kq80oo@GjLd0MAgbyXMXs7r4@nY%+
zn424?bV_FC`QZ??jF%VGsRs`+hc|pVyp-t#v(KZUCv9L(&e@FxlS5WwB3xrSLU5SL
zx9xC~6mC2S0s;cV{fDF7Nr}u1ZA~2=$C1?3;&g0Bc6OzFl&Q&MzKyF}jG@>B6VnwH
zEOniEDIH{81l`EVVd6hh{2uaO;|b*FX2{W0RvT@zu$lDjRvT~b&sr@e_4ysIf7K_U
zWAu)W&i3@Y&XuvDq9%M&{2ns)^vEnla^&aftpRzJ^hr@cq2K*NaH-Zr@$=`;l+}@j
z-q(Fv>6(Lax!Rq6&MGRjLp8uC^!uJ39JXq&J4MGT7aN=Gr9KF)Ty96adJCp%*>nhK
zz1FAGWjP!Zk^&7GNnxSCnRgXk-GGi=VYy&CpU{Sz(w7EbpjWfE8ik_X9zM_&V!<%q
z6IHrP`?9&oZk@;DGCm^Ww<IEQ9aLn0MnC}5$NS4+CdbJ%vHRgvv3likW}P~|LAzJO
z=bROT4j)8O8zUnyB-0H4tu7{HLf-p7xmh(T!9#GEBV;^Sv2GWFFuv)WXD<^uD?jQt
zn=VMOc#XX7&c_iTbNHI%q@}sNP9e-`mdXG+4H+{-Xx{>uIXEz9#VZ20(pVqQ7hmCI
z-EQ^M9%zY8G&IwrF@v2X$D;C97Z+?WO@~rLAJ?=evkTc_2bgce^6G?pUS$Im%Q&+W
zNJTa)tcJVZL&wS#@=Z*&wRsV6D2;14xSA;3uswrWcM8>#1J@2@Z&>Ro)~+!kAObTo
zGOS2b(q~um#q+FlOor@cEe!}ljeB&*%BY`l!AO3m3mS7_Uw9<as@?sJQ*=_5cXFvv
zp={RAjk=(6NIp2&Zs%u|l<QIn@>P>Ql8P;#iIY}qjIJ9kB8Fi0P6pYysW%vySBe9~
zZ2_Q^!f*ZC!^>4D+lMQOjZ=azBLlT6R{8@Lw}rXc3B|iM&a@Op;DeN~P?F(Zln9{H
zE`$2g0WJMd9|46N7VX&h^>89p1=LCw7q*8Bcx8^O8OIt!Qxyg!y7wgDEQusP7;lq9
z$@1JGK;=+sg48kFItU?n+FKNEE29`G5&)<jB7V`3k3a+DCCh8#0i+Svf2SBew>b#l
zxl$9M)lVFKDDViB&<k`$4@5L?k6y1{?MpNH42}WzMwaIfDf~pTkS|ZuSS`p_Yh`0x
zd9I03Cg>kkW*|-7G!qQ!)C2%vIJ#cmJbH1fe{YL1;s|NGweG3j3Q6RJqf8l>Vk^Ub
z<-`ay77w5mX8ERA&*%qgMPc~kPoZIu169EyQGGI9ugHZl^Bz|NQuA>BHnF0&W-FqI
z!O8*sn^3<X`oo30UjV78=KY$2nH&;%%rK^=7!K6vgkW&sObXVwpzas*GgTobH3Dcj
zxFDkcd(_Z9m`YONg}z05jFNM7+_Xl5dH`7-E|{a6+eX58#NuSh9_&^_+B?4no9gZG
zV0eJXUG$;5eVx!i`82OG1gHjpfhpskugNT*ykjCE%mT~Vgc6$}<J;_8fv9j&L<ANB
zoU^n!(ob+a5oU@MJ`xfB0f@Vh))!#dns1&7g0Hls`HP|%ZqCB)Pf4_zwNinA0m4D%
z{q4??0?9tQ?~Bc?d@NH$>A$APkpg!H&TOsNf59}T+#kAmiI@7heRH?jM4#YIUO@WV
zAG!bX@F5D1xK`0S4A&MwGu`FBezN${4P8)f0Y@o2uk+i>ezT*YwKeOQT&%B)fh9Y<
z`$rO*^W$z{n5~DFtE=xt3K#dC=iRYT&(y#G)O%M-dgmfTc3w9N#wKKC@g6B@+z|OA
zb>PdM=yRv%>tk7o1tcAvSsH()6PFUd2~cY#(nm)VF@5iL9Zet{ve5q{(BFmT+`!)!
zycTQ3zVoftVv>ocB#K}^k&+ID7>&%iX0RU{C!k;+5+3X0g=rV6{41je`pv_I_t^?!
z(dk5Xa{#T)qPA}l#oF08zI(je;S|fG%h}3L{dFpx#?!s;9rlLzr%zd&wsg#xYZj!l
z0RgB(zbq#GTu(Tkj!JUjog1$L-o=7~E-=%pf57%7RM)eqIJ3?asaYLcAY%CX7f2%d
zJsQ<9N-#O(1uRPa&LUzp1q>pdHz5)7j;wcRbZu;$pRfNcE`Ba6JJ+&bZ>g6-A5h?O
zx83ZBg7+5&_=SUT!NJ12m)pBSZ|v|JFX64D$XmtUiLNK=95#pWULL5#0?#K!avBQX
zUsKM9<w%M=_M^WZI_iJ_B}SYzKnS;QI)O6(Q>Ew{<kz3z0FyBe2b2k>PRre?OKqOs
zrhBW``=c>L0t8g(Ep)ev0$wh*8*Q*dTUxH5faK<2Jk-AWXx1N>#aOz*D);s2&wy+S
zzfrz!i%XF<$AwJNz<L`lLRuU%Efm7x%TdWjun<&?@5?(9TnkuOHw9?~GEzq?C?F^-
zq!8*HFz{Q}N&3Tz(yPtw|88t!(-swlE(5=~1`4$j_?r9O<>l!IB0;WfWo6~|<N=a~
zb7z_v8kwlW<BF9a$@P4#)?~0z7Y!|dtxnL_t4jCj6TcHWq;TNFxq!#bfvw_X<omnc
z)57BX&&BOg4o1cftuLK|2DicZLX>t6J+M;0W{VYQrpSP+0Res`in&3+Y`%w!-NCr_
zcA@3^Kf*y!9VP<^Qnkng+`$Q0HNUJE@ra9}WhW|)F%Q=^X$G4<rDP{2B!Xfn0kR!L
zyihuv*T?&}9p}eeN|uN7klQ0R5<0q{a%r(B1@CWRJuwvg08wZ2iR`4D97JpHfoS1F
zs4E-y=Q*u-(zCmhCM+iX`@`wo=erX^?#sz|QWGo&ZT0pRWDLut8kVo3Qvqinolj)*
zY*uKYN8{)EZy=}A?IaxKiI8V!XKOdwfHhTizFyPOM6cKnQ7+kSc4T=+g8cwRf0(q%
zpIFjoZqEfSCvskFSAIFUx)QP-&`Gm-vb&$#ADVS{udlxi5?k19v;~>;K%Q^<<DjGK
z{ZvQnGZe<*v^gD4vH)cd>Dk%*4qFZ$f>g<uZu~~CT*kG(-Oe&~8f|j<pQK{JVb_|S
z?QajOSAJQl<=vut)r?G-Zxnc5?NHh@3%xG^D6T~04Y$7Sk1qJAG}ILokb99e^i#=4
zzUes9%esBuh=D)q*C#0g<_Vq8m93{T@Zqr=#!Fay+#by$;;UD0)?_GodHiND=t#e1
zY4^JOI<-{~{UC<NVaIGWH`N;!SE<)JJutw@q`~XB!%aEy`|i@gpoRnmj2kKxC6~t;
zqMd3DoXc(vjW(>7h|T<Pve6cQO9kEZQnAhB>iX_PL$4iAwMbUY_~3^}dc|&8>QDcV
zj?vW0Y;H$-s@N%+!?A3hdbf)WsYKz1;?FtJ8#znnrMpiz9}AT__#=(hiyP!p_eo}e
zzO@d96Bs9_Lgv8)ehv=A6EJw}i5sK!AQM(Vvyj^<;AoxHU+9DXA=e*gU5ts@cK{iO
z5#@Zn)nYJKV9L44a`sy?7_ETQUT_AR|LJrAe8luSAt7PC^<oF7tu`8Kgm|6ri{wmy
z-V!KH;q&qE-ycc2{H4X#iAp~3aJG5^u1^0eO@v9Y|GV0_zJNwLx|dP80aXw*^692O
z^J_gHH@7hQN~0}e^_(u&VO1ult<O$hM%ox=YD&rzBQ2idHV~^v;OmsMiz+Bz?Mm;W
z+y)+|%i!d&WZQ^6J4Pwv^BZ&`g#p*vy^+6fEmp3I4<#lg>9@g1;Pk-#1V@`~b`HBg
zTb-*mz)na%@_V~;4@TScf4j37&zv8&jU&pzrq^`2KZT?|o-X)AnseDUP6OC0mP<oo
zjx^LXQ8;+I!4`MP3(oaXNs$(M6rQ~#MF<g9ZnBFm6utiTt!grp1KQenD$x5O-6*);
z)({A~oG@vzQBgB86Ia^3EfNU^a9XT19mT;!MTx3(njGg!x7)p3KS87)Iav$h$g5Xs
zi|)KU5P$oDdH<)i=|a$Y+U9u9Ub-z!gOcp+w?u7wd%Fy#1H3bm8{q&KJ31+&^5)KT
zy)H3Cksfd6t$`-2TF^>^wQ8ld>z@hVAgDV&w^NE1f5C4xainf27@9?Q$MgHuO@_WG
zGsq@TwgZa!-rS6gq*PSrpi77XHWgl{!MH^}{qD~Mp<e4f6VAEw0ew2VWlxO}nCtOe
z@Rak|Q-&xRNVB!JtBlkDtd8f~BgnTsY9p7s3n2vBNacyqpJ)~hy_#W%4yLaG5fL>8
zof{P9hf{&*pFV4~d#y)eM(ymP|I|pcB>bLVGBh$WAPP)19%o=SP~v9l^Ah&);oo*R
zTe-8EZ(|X_5%R+rc3h~){oT*yhnq(+<+cUj8=06$r9<<V!RS8_0>)HUG879FI7YyQ
zv$U2^4_(hbn`b0uKOR<8cNlv87S+cIaoq;6^6~NMQM1tL)td`AFr92~)EN2tB_iTC
z3O545OUTjcI!uS1&W~Q7qS|TI>Kbd|5VAYJCUCOl$mL^np(qze!?Pq^!Z=&oQFLc}
z9E_EPzrI|MGqctF2&A;F8r9edTI~*caXsAfe_tztCMEr;KFX^q8fwWHd^+_*K%9=*
zpYjTYHC_0!SrVZpI9R;Y7^HI543pCqA{X>4YCwx~EZ~jNji1@cI5eJS7y%J6=s2;2
z`4<rQoOC($BdFwa&Rof4o=j44o_`>_^BdP-B!uCOp`mJ|YD=X~6BZO#)lz!0R7XUG
zMs+Hh7HqTHtyr-+88)&&1#-T{H&~qpt4g2{$!-hFnFGihAg<KeESLMy;#(|9gUTMG
zL-B?^EvCaG$;lW!aNt*){=}Jl_UeXP^73#@1|7u$@C}MaC<ebBV9AiCL8%!m3=WU=
z0>2WYew*=D7ixH*D=OAKTqEBC<-F4t8J&6sU_R&dY%Y~SNGzk-1EPjd@_sb03$%w;
zzc(n)<3Ec4H@08!d<KUigRwckL<DcTF$iTY1LaL3VFRrPs@%H|nq7`Y-rqj*x+ZhO
zCUQGr+QEN!3tDde7>^TrB|yEx(qzzSq~fHiven6ejKhSCR`!2yKJ5+)>-^|QG-yPI
zG4YG5g1a%4KQ}Qp?)>o6&S`NSiuT`+6sl1X_gGn84hxeKR%8x(K5xx6+#w?x4>sf7
z3Sh=sR<BfvE+tk%(@UhL>TXdw5e?cnJf5%5>uZB6C|{vqh8B9MC|i-TB4=@Xd2wIu
z{J7}w71AK<8bfRRU2Xp*L3*jd`j3;@Xdqx*$aZBC3=Di|WNWFGyjbyNf3M7+n@=qw
zqF6`Mp!1E>e!GYAYf5%Dfo89PzW`JpGiHs_Y=xGNe8P0+`}>P%hfG1lYM#g&DEVdg
zs4-RyQgS<6fu&t(^W+<fNz*7QR>+F?K%l|rs_M2g+#RT7J_(seGNX#i^B5vDqW)fD
zQRMgbY>129#GDJNeZ>JMGcmuKTP?IpEnalyN+;6m^M7R7`yH+=6Ps0O*6ysh(y`2g
zf?2Lqh*ZWm+r6PH97g8aZ6U8}=E%221AqBU_W8-`6k(FvyUJF(b-14GzG1dQ7-@1O
zB38rhZ~f`kMtuR<h7q{Z`Kvuv^S4J|x**<mv$*U($r}Q=)+og<fDFNX0BoNJYd^>g
z!uCP=nxVVyuwDHY7fkp`C(fsL_v1MtEa#5Wp7l207o_;^Dh2}ln6haw9i0Nc#=S3w
z<ETLaD((}XJgOaxja4Kip$e5aFr5OuR+mb1kxOUDq4cWj>yyg0MV)ILAYK$~Y2PIC
zmvHc(_$adV#96<!b+3t%K3!$@5UX>(Z~xXiAplQODDh1om)F8c{e3G0bbyo~{?K3N
zPrC#MTJ0ZzKYo?{W`;g5g_EYMhdC>&_U$3k(V=Eg$`-ANr$`&GNLs-PHi91SNXk<+
zN`Z<^SGgG$Q%L_yx?Is_fH6{@K}RyaL>Dzm9-JY@xH!BeH7LcyfzujU{Qm)k@L2Hp
zKzp4){>cHx?$5-TV>#S}RM#?&bZijx6`!M16#1_fx3fomei{~uJYfjgV4(0bC_Y`!
zm$;cNnLOL<eDnX%@j6jw{tWhX(FsE!{4&n<Wi*8@DjgKMV|t{+>6UC=x+qwXIXKuX
z*P$b{x*QGVG!6^Q5Ovk2GwHX@IRUfp_iim^#Ds%;*{4hUb?CEELT_dqg3)6iL}WJF
zA_!PL3@;|%Sg5vA1sc6^kOV!c-KPtRKmqgkMuT%T7Lb4Cw<8@=26%6snZU0v<$}IX
ztQfH>()<&&piF>+XFxtBaR3Jrm|tu12^7>mygteGYwBjlL?<CT3ZH76vKVqx*xaO^
zJw_AoU=-o;xls^_aJ3u`L-cHCac7*A<aYFS+lQ2K#KIUfJ1N*PI>!>XM`M5uKt#sG
zWU!jyAu%E$WGmCp2dqyDY2Xf8=I}ouYa}}EO78TomqQtH=WshhSp*@$9S-_Oc4Yk4
zNRV}Qs3YS!M;7ZlnjIUCaX7y|Yckla(Im((KF)!(__JH;IPrljPet%^NGKguiu`ld
zJ^Z75Ix}vVUn~wwdM*bdK0Gi|EwA2UvKL>YHW`0b_qTn3HF|b&IB-izIr||78Th*&
z0W3}!z&gLPT{B<y#iHwQur|Hk?>jy!YWH+k`$)N(wXaXPTA7OHaq>~0A}l{%VAuFK
z;uoas$?{=7c!W1Pjc?rQ-QDizn-*}rdW?)!4sQXgsSH^f)$cUeir@nw0ZaY;xM71y
zqSc^SS0e9}rv&EM`SegG{e_#u|9mav@MW?313qKNuwB6W-elqBr1~Rhk=Em)XS#d6
z#dRkQ+V{21vvWKH+}$wxBrKM2)%9p53WeYE8X@fHJFjav0T?_-7g&>6C<0)Ax?qsy
zApV@-hPYuv>#?~MF^%a0%$^RE`W~$|aec50HT1F9^^uW)eEoO;Sg(U2ZDjiQ?^H?%
zuoBwl7y<I0GF5x&I(B{;iHX28igHLeM8qUhX<k?337G*%3)=6Pbn(nso(|_sx(x|B
z*?jO>(0?L!>7CHTI*gV|?<RUmer(6#fU&HVvVYx*`f?dno0z^%MfnLDay^}87a9Y6
zRK$9bRX?Iw-iZH_UY8r%E!KbXTy|ZEsGBr0gD19;ODtV?;hH=-LJn=B8UDL*aJOTh
zljyR)!iHAz(Bau&WB^VFT4JK<XUfQ*iA!fYlP=RSlUWaJ8aNCk@{1KmL2M%|NGOA!
z;_ZL`{5oI9Gt<)!hsDeDhY?5KVVm0~mI3zb^~5({t_nU<SjYF9>wUU$9TXQ#X;@X0
z7EIf<-%p^BzF)`mk>_-7x>Kv(t<RDFpkps}ECQSHwcT!=DjoXg=WmXN{-BiF@73|X
z)m{10lEZpIH-aK)4)R=WYtC^ZdlLnD5xVoerPTX@iDXKaV}36OQXfA*KYxm^t7s&0
z-@2!_S4MOv7a0;tu`onZugwEewzMyG0}mcJB4Avb{IXR0<(%l8&&@`6xTUX~0tad`
z_^QC@DUbisvEB2A*9O6)szSSMf7G9ii_3Ps#kn^$R|MtlH9ZAa_cE>4^Cs8*e9d;L
zMxs(1al72>d`-*8z%CeJLu<<qV?*nB?kY%(Xo3%(z)Ufn8H+MdE~WG^UA<C}{1!*8
z#pMXX-XJ}}WDAeQ`0%%5(m+g>{P!9A0x{voQKp+|CS$I!cBkr7^X!bHezE9tO~W7P
z8x>nXm{p@ClrE=n&_$QfX1l7+9K-8&8-^_Qdq}U{tBi^d;zrNq+{Zsu_Z$bTW=_n@
zj!}gspjM*N9cxMT@Mv3AG=j(*X{`@j8~XOqPboS4$d-jnDK88MyhYlp+DZ&MF)5J+
zpGsflv8jfOS)ASWxJ2f8la5?gw;Y992`oLwP@bTmz{J+J_S-d)e(7yg!3-So2bQz(
z8DIA^1MI$fISPsiB`B+?-rd>RV#d*sn9f#F^VeQhi49oV>|~<9P>BUr`jtrt_oex@
zv3;=$%)?~LfuT+n;dA-gWIkRu69KGr1(BnhnRH{IA#SbLTSAVrfJIo?+E*&y0v@mT
z>orfQ;5Uj2Cw^sOfFXf}!1hT@10?cpNkA3L+g}`&Wq2T8R|*y)nL_mU75ndv#T;ru
z05t$d-c;!f2nd*&UHDaO1#*pfP#Ab>ULZipYbA3*6%jagGPT0=jz7ObbMz%LV474|
y3Q%Cps%_{?CX6YZ`&C6>G7L1({~N0718l7&e4TBu$m#E2XJjNki&u#ne*0gAbVk?!

literal 0
HcmV?d00001

diff --git a/releaseNotes.yml b/releaseNotes.yml
index b91a78ec..e5a43a36 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -26,6 +26,7 @@
 #             `FOO/releaseNotes.yml`, then the image paths are
 #             relative to `FOO/release-notes/`.
 #         - docs: The path to the documentation page where additional information can be found.
+#         - href: A path from the root to a resource on the getambassador website, takes precedence over a docs link.
 
 docTitle: Telepresence Release Notes
 docDescription: >-
@@ -38,6 +39,64 @@ docDescription: >-
 changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md
 
 items:
+  - version: 2.5.0
+    date: "2022-02-18"
+    notes:
+      - type: feature
+        title: Telepresence Pro Daemon
+        body: >-
+          Telepresence now supports a Telepresence Pro Daemon extension which
+          enables users to start intercepts via Ambassador Cloud.
+        docs: install/telepresence-pro
+        image: telepresence-2.5.0-pro-daemon.png
+      - type: feature
+        title: Intercept specific endpoints
+        body: >-
+          The flags <code>--http-path-equal</code>, <code>--http-path-prefix</code>, and <code>--http-path-regex</code> can can be used in
+          addition to the <code>--http-match</code> flag to filter personal intercepts by the request URL path
+        docs: concepts/intercepts#intercepting-a-specific-endpoint
+      - type: feature
+        title: Intercept metadata
+        body: >-
+          The flag <code>--http-meta</code> can be used to declare metadata key value pairs that will be returned by the Telepresence rest
+          API endpoint <code>/intercept-info</code>
+        docs: reference/restapi#intercept-info
+      - type: change
+        title: Client RBAC watch
+        body: >-
+          The verb "watch" was added to the set of required verbs when accessing services and workloads for the client RBAC
+          <code>ClusterRole</code>
+        docs: reference/rbac
+      - type: change
+        title: Dropped backward compatibility with versions <=2.4.4
+        body: >-
+          Telepresence is no longer backward compatible with versions 2.4.4 or older because the deprecated multiplexing tunnel
+          functionality was removed.
+      - type: change
+        title: No global networking flags
+        body: >-
+          The global networking flags are no longer used and using them will render a deprecation warning unless they are supported by the
+          command. The subcommands that support networking flags are <code>connect</code>, <code>current-cluster-id</code>,
+          and <code>genyaml</code>.
+      - type: bugfix
+        title: Output of status command
+        body: >-
+          The <code>also-proxy</code> and <code>never-proxy</code> subnets are now displayed correctly when using the
+          <code>telepresence status</code> command.
+      - type: bugfix
+        title: SETENV sudo privilege no longer needed
+        body: >-
+          Telepresence longer requires <code>SETENV</code> privileges when starting the root daemon.
+      - type: bugfix
+        title: Network device names containing dash
+        body: >-
+          Telepresence will now parse device names containing dashes correctly when determining routes that it should never block.
+      - type: bugfix
+        title: Linux uses cluster.local as domain instead of search
+        body: >-
+          The cluster domain (typically "cluster.local") is no longer added to the DNS <code>search</code> on Linux using
+          <code>systemd-resolved</code>. Instead, it is added as a <code>domain</code> so that names ending with it are routed
+          to the DNS server.
   - version: 2.4.11
     date: "2022-02-10"
     notes:
@@ -85,7 +144,7 @@ items:
       - type: bugfix
         title: Check conditions before asking questions
         body: >-
-          User will not be asked to log in or add ingress information when creating an intercept until a check has been 
+          User will not be asked to log in or add ingress information when creating an intercept until a check has been
           made that the intercept is possible.
         docs: reference/intercepts/
       - type: bugfix
@@ -189,7 +248,7 @@ items:
       - type: bugfix
         title: Prevent network recursion
         body: >-
-          The TUN-device will trap failed connection attempts that results in recursive calls back into the TUN-device (may happen when the 
+          The TUN-device will trap failed connection attempts that results in recursive calls back into the TUN-device (may happen when the
           cluster runs in a docker-container on the client).
         docs: reference/routing#connect-recursion
       - type: bugfix
diff --git a/versions.yml b/versions.yml
index ef6d2867..bc3ffb52 100644
--- a/versions.yml
+++ b/versions.yml
@@ -1,5 +1,5 @@
-version: "2.4.10"
+version: "2.5.0"
 dlVersion: "latest"
-docsVersion: "pre-release"
+docsVersion: "2.5"
 branch: release/v2
 productName: "Telepresence"

From 2e39407b974e228d2475b6d258eee479e2a321af Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Wed, 23 Feb 2022 16:29:35 -0700
Subject: [PATCH 2/8] enhanced free daemon

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 doc-links.yml             |  2 --
 reference/architecture.md |  6 ++----
 reference/client/login.md | 17 +++--------------
 releaseNotes.yml          | 25 ++++++++++++++++++-------
 4 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/doc-links.yml b/doc-links.yml
index fb08e3f8..c21cf9f3 100644
--- a/doc-links.yml
+++ b/doc-links.yml
@@ -8,8 +8,6 @@
        link: install/upgrade/
      - title: Install Traffic Manager with Helm
        link: install/helm/
-     - title: Telepresence Pro
-       link: install/telepresence-pro/
      - title: Migrate from legacy Telepresence
        link: install/migrate-from-legacy/
  - title: Core concepts
diff --git a/reference/architecture.md b/reference/architecture.md
index 3965260e..a7427486 100644
--- a/reference/architecture.md
+++ b/reference/architecture.md
@@ -21,10 +21,8 @@ another.
 The Telepresence Daemon runs on a developer's workstation and is its main point of communication with the cluster's
 network. All requests from and to the cluster go through the Daemon, which communicates with the Traffic Manager.
 
-## Telepresence Pro Daemon
-When you `telepresence login`, Telepresence recommends downloading the Telepresence Pro Daemon.
-This replaces the open source User Daemon and provides additional features including:
-* Creating intercepts on your local machine from Ambassador Cloud.
+When you run telepresence login, Telepresence installs an enhanced Telepresence Daemon. This replaces the open source
+User Daemon and allows you to create intercepts on your local machine from Ambassador Cloud.
 
 ## Traffic Manager
 
diff --git a/reference/client/login.md b/reference/client/login.md
index d07f6554..78335197 100644
--- a/reference/client/login.md
+++ b/reference/client/login.md
@@ -29,25 +29,14 @@ box via SSH, or are using Telepresence in CI), then you may instead
 have Ambassador Cloud issue an API key that you pass to `telepresence
 login` with the `--apikey` flag.
 
-## Telepresence Pro
+## Telepresence
 
-When you run `telepresence login`, the CLI will recommend you install
-a Telepresence Pro binary.  The Telepresence Pro version of the [User
+When you run `telepresence login`, the CLI installs
+a Telepresence binary.  The Telepresence enhanced free client of the [User
 Daemon](../../architecture) communicates with the Ambassador Cloud to
 provide fremium features including the ability to create intercepts from
 Ambassador Cloud.
 
-(show a screenshot of what the login flow looks like... but for now
-I'll do a code snippet)
-```
-telepresence login
-Telepresence wants to install the Telepresence Pro User Daemon to enable Cloud features(y|n): y
-Telepresence Pro installed!
-Launching Telepresence Pro User Daemon
-Launching browser authentication flow...
-Login successful.
-```
-
 ## Acquiring an API key
 
 1. Log in to Ambassador Cloud at https://app.getambassador.io/ .
diff --git a/releaseNotes.yml b/releaseNotes.yml
index e5a43a36..250f454f 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -39,16 +39,27 @@ docDescription: >-
 changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md
 
 items:
+  - version: 2.5.2
+    date: "2022-02-23"
+    notes:
+      - type: bugfix
+        title: DNS server bugfix
+        body: >-
+          Fixed a bug where Telepresence would use the last server in resolv.conf
+      - type: change
+        title: Remove user prompt
+        body: >-
+          Removed the user prompt before downloading the enhanced daemon
+  - version: 2.5.1
+    date: "2022-02-19"
+    notes:
+      - type: bugfix
+        title: Fix GKE auth issue
+        body: >-
+          Fixed a bug where using a GKE cluster would error with: No Auth Provider found for name "gcp"
   - version: 2.5.0
     date: "2022-02-18"
     notes:
-      - type: feature
-        title: Telepresence Pro Daemon
-        body: >-
-          Telepresence now supports a Telepresence Pro Daemon extension which
-          enables users to start intercepts via Ambassador Cloud.
-        docs: install/telepresence-pro
-        image: telepresence-2.5.0-pro-daemon.png
       - type: feature
         title: Intercept specific endpoints
         body: >-

From b358190bddd283b8208414cdf752d4e98249d35a Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Wed, 23 Feb 2022 16:54:15 -0700
Subject: [PATCH 3/8] release notes

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 releaseNotes.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/releaseNotes.yml b/releaseNotes.yml
index 250f454f..31d2cc42 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -46,10 +46,6 @@ items:
         title: DNS server bugfix
         body: >-
           Fixed a bug where Telepresence would use the last server in resolv.conf
-      - type: change
-        title: Remove user prompt
-        body: >-
-          Removed the user prompt before downloading the enhanced daemon
   - version: 2.5.1
     date: "2022-02-19"
     notes:

From e6e42e77c6b893490e5dee1baf04f484ebe50df0 Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Fri, 25 Feb 2022 12:29:31 -0700
Subject: [PATCH 4/8] 2.5.3 release notes

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 releaseNotes.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/releaseNotes.yml b/releaseNotes.yml
index 31d2cc42..eb6c4b15 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -39,6 +39,17 @@ docDescription: >-
 changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md
 
 items:
+  - version: 2.5.3
+    date: "2022-02-25"
+    notes:
+      - type: bugfix
+        title: Connectivity Fix
+        body: >-
+          Fixed bug in the TCP stack causing timeouts after repeated connects to the same address
+      - type: Feature
+        title: Connectivity Fix
+        body: >-
+          Client-side binaries for the arm64 architecture are now available for linux
   - version: 2.5.2
     date: "2022-02-23"
     notes:

From 30e2f2a98db60fed7fd0723075610e63bbcad09d Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Tue, 29 Mar 2022 14:53:46 -0700
Subject: [PATCH 5/8] release notes

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 releaseNotes.yml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/releaseNotes.yml b/releaseNotes.yml
index eb6c4b15..78e891d3 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -39,6 +39,53 @@ docDescription: >-
 changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md
 
 items:
+  - version: 2.5.4
+    date: "2022-03-29"
+    notes:
+      - type: bugfix
+        title: Linux DNS Concurrency Bugfix
+        body: >-
+          The DNS fallback resolver on Linux now correctly handles concurrent requests without timing them out
+      - type: bugfix
+        title: Non-Functional Flag Fix
+        body: >-
+          The ingress-l5 flag will no longer be forcefully set to equal the --ingress-host flag
+      - type: bugfix
+        title: Automatically Remove Failed Intercepts
+        body: >-
+          Intercepts that fail to create are now consistently removed to prevent non-working dangling intercepts from sticking around.
+      - type: bugfix
+        title: Agent UID Fix
+        body: >-
+          Agent container is no longer sensitive to a random UID or an UID imposed by a SecurityContext.
+      - type: bugfix
+        title: Gather-Logs Output Filepath Fix
+        body: >-
+          Removed a bad concatenation that corrupted the output path of `telepresence gather-logs`.
+      - type: change
+        title: Remove Unnecessary Error Advice
+        body: >-
+          An advice to "see logs for details" is no longer printed when the argument count is incorrect in a CLI command.
+      - type: bugfix
+        title: Garbage Collection
+        body: >-
+          Client and agent sessions no longer leaves dangling waiters in the traffic-manager when they depart. 
+      - type: bugfix
+        title: Limit Gathered Logs
+        body: >-
+          The client's gather logs command and agent watcher will now respect the configured grpc.maxReceiveSize
+      - type: change
+        title: In-Cluster Checks
+        body: >-
+          The TUN device will no longer route pod or service subnets if it is running in a machine that's already connected to the cluster
+      - type: change
+        title: Expanded Status Command
+        body: >-
+          The status command includes the install id, user id, account id, and user email in its result, and can print output as JSON
+      - type: change
+        title: List Command Shows All Intercepts
+        body: >-
+          The list command, when used with the `--intercepts` flag, will list the users intercepts from all namespaces
   - version: 2.5.3
     date: "2022-02-25"
     notes:

From 44717e6b172c47571355ba0eb2a98ab2e98e8fc7 Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Tue, 29 Mar 2022 15:05:42 -0700
Subject: [PATCH 6/8] better titles

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 releaseNotes.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/releaseNotes.yml b/releaseNotes.yml
index 78e891d3..8c6746e9 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -43,11 +43,11 @@ items:
     date: "2022-03-29"
     notes:
       - type: bugfix
-        title: Linux DNS Concurrency Bugfix
+        title: Linux DNS Concurrency
         body: >-
           The DNS fallback resolver on Linux now correctly handles concurrent requests without timing them out
       - type: bugfix
-        title: Non-Functional Flag Fix
+        title: Non-Functional Flag
         body: >-
           The ingress-l5 flag will no longer be forcefully set to equal the --ingress-host flag
       - type: bugfix
@@ -55,11 +55,11 @@ items:
         body: >-
           Intercepts that fail to create are now consistently removed to prevent non-working dangling intercepts from sticking around.
       - type: bugfix
-        title: Agent UID Fix
+        title: Agent UID
         body: >-
           Agent container is no longer sensitive to a random UID or an UID imposed by a SecurityContext.
       - type: bugfix
-        title: Gather-Logs Output Filepath Fix
+        title: Gather-Logs Output Filepath
         body: >-
           Removed a bad concatenation that corrupted the output path of `telepresence gather-logs`.
       - type: change

From 2bea7ca08a65ed5cafc280fb065716caea69e80d Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Wed, 30 Mar 2022 09:01:58 -0700
Subject: [PATCH 7/8] fix 2.5.3

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 releaseNotes.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/releaseNotes.yml b/releaseNotes.yml
index 8c6746e9..a9f5f24d 100644
--- a/releaseNotes.yml
+++ b/releaseNotes.yml
@@ -90,11 +90,11 @@ items:
     date: "2022-02-25"
     notes:
       - type: bugfix
-        title: Connectivity Fix
+        title: TCP Connectivity
         body: >-
           Fixed bug in the TCP stack causing timeouts after repeated connects to the same address
-      - type: Feature
-        title: Connectivity Fix
+      - type: feature
+        title: Linux Binaries
         body: >-
           Client-side binaries for the arm64 architecture are now available for linux
   - version: 2.5.2

From e245985a977117ce0ddfe416880b4f43d1632d9f Mon Sep 17 00:00:00 2001
From: njayp <nickjaypowell@gmail.com>
Date: Wed, 30 Mar 2022 09:08:24 -0700
Subject: [PATCH 8/8] versions

Signed-off-by: njayp <nickjaypowell@gmail.com>
---
 versions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions.yml b/versions.yml
index bc3ffb52..199baa0e 100644
--- a/versions.yml
+++ b/versions.yml
@@ -1,4 +1,4 @@
-version: "2.5.0"
+version: "2.5.4"
 dlVersion: "latest"
 docsVersion: "2.5"
 branch: release/v2