Updated 1.62.0 (markdown)

1.62.0.md

@@ -1,33 +1,33 @@
 ## All platforms
 
-- New: Web interface now uses ACL grants to manage access on tagged devices
-- Changed: Tailscale SSH connections now disable unnecessary hostname canonicalization
-- Changed: `tailscale bugreport` command for generating diagnostic logs now contain ethtool information
-- Changed: Mullvad's family-friendly server is added to the list of well known DNS over HTTPS (DoH) servers
+- New: [Web interface][web-interface] now uses ACL grants to manage access on tagged devices
+- Changed: [Tailscale SSH][tailscale-ssh] connections now disable unnecessary hostname [canonicalization][canonicalization]
+- Changed: [`tailscale bugreport`][tailscale-bugreport] command for generating diagnostic logs now contain ethtool information
+- Changed: Mullvad's [family-friendly server][mullvad-family-friendly] is added to the list of well known DNS over HTTPS (DoH) servers
 - Changed: DNS over HTTP requests now contain a timeout
-- Changed: TCP forwarding attempts in userspace mode now have a per-client limit
+- Changed: TCP forwarding attempts in [userspace mode][userspace-mode] now have a per-client limit
 - Changed: Endpoints with link-local IPv6 addresses is preferred over private addresses
 - Changed: WireGuard logs are less verbose
 - Changed: Go is updated to version 1.22.1
-- Fixed: DERP server region no longer changes if connectivity to the new DERP region is degraded
+- Fixed: [DERP server][derp-servers] region no longer changes if connectivity to the new DERP region is degraded
 
 ## Linux
 
-- Changed: Auto-update version detection on Alpine Linux is improved
+- Changed: [Auto-update][auto-updates] version detection on Alpine Linux is improved
 - Changed: IPv6 support detection in a container environment is improved
 - Fixed: DNS configuration on Amazon Linux 2023 no longer causes an infinite loop
 
 ## Windows
 
-- Changed: `ManagedByOrganizationName`, `ManagedByCaption`, and `ManagedByURL` system policy keys are now supported
+- Changed: [`ManagedByOrganizationName`][mdm-keys-org], [`ManagedByCaption`][mdm-keys-caption], and [`ManagedByURL`][mdm-keys-URL] system policy keys are now supported
 - Fixed: Tailscale Tunnel WinTun adapter handling is improved
-- Fixed: MSI upgrades no longer ignore policy properties set during initial install
+- Fixed: [MSI][windows-msi] upgrades no longer ignore policy properties set during initial install
 
 ## macOS
 
-- New: A `.pkg` installer package is now available for the standalone release of the Tailscale client
-- Changed: Taildrop notifications now include actions to reveal the received file in the Finder, or delete it
-- Changed: Tailnet lock settings UI displays more information about the status, including key and public key trust status
+- New: A `.pkg` installer package is now available for the [standalone][macos-variants] release of the Tailscale client
+- Changed: [Taildrop][taildrop] notifications now include actions to reveal the received file in the Finder, or delete it
+- Changed: [Tailnet lock][tailnet-lock] settings UI displays more information about the status, including key and public key trust status
 - Changed: The onboarding flow now guides the user in enabling the Tailscale system extension
 - Changed: **Launch Tailscale at login** settings item can now be toggled when the Tailscale client is disconnected
 - Changed: DNS behavior is improved when handling transitions between network interfaces
@@ -35,8 +35,8 @@
 ## iOS
 
 - Changed: Battery usage is improved
-- Changed: Taildrop notifications now include actions to reveal the received file in the Files app, or delete it
-- Changed: Tailnet lock settings UI displays more information about the status, including key and public key trust status
+- Changed: [Taildrop][taildrop] notifications now include actions to reveal the received file in the Files app, or delete it
+- Changed: [Tailnet lock][tailnet-lock] settings UI displays more information about the status, including key and public key trust status
 - Changed: Unnecessary log messages are removed when triggered by changes to device power state and routing
 - Changed: DNS behavior is improved when handling interface transitions between Wi-Fi and Cellular
 
@@ -48,5 +48,23 @@
 
 ## Kubernetes operator
 
-- Changed: Ingress resource handling is improved when deployed before its backing `Service` resource
-- Fixed: Destination NAT (DNAT) rule management by egress proxies in `nftables` mode when IP address of `tailscale.com/tailnet-fqdn` changes
+- Changed: [Ingress][kubernetes-ingress] resource handling is improved when deployed before its backing `Service` resource
+- Fixed: Destination NAT (DNAT) rule management by egress proxies in [`nftables`][firewall-mode] mode when IP address of `tailscale.com/tailnet-fqdn` changes
+
+[auto-updates]: https://tailscale.com/kb/1067/update#auto-updates
+[canonicalization]: https://en.wikipedia.org/wiki/Canonicalization
+[derp-servers]: https://tailscale.com/kb/1232/derp-servers
+[firewall-mode]: https://tailscale.com/kb/1294/firewall-mode
+[kubernetes-ingress]: https://tailscale.com/kb/1236/kubernetes-operator#cluster-ingress
+[macos-variants]: https://tailscale.com/kb/1065/macos-variants
+[mdm-keys-caption]: https://tailscale.com/kb/1315/mdm-keys#set-an-info-message
+[mdm-keys-org]: https://tailscale.com/kb/1315/mdm-keys#set-your-organization-name
+[mdm-keys-url]: https://tailscale.com/kb/1315/mdm-keys#set-a-support-url
+[mullvad-family-friendly]: https://mullvad.net/en/blog/family-friendly-dns-content-blocking-now-added-to-our-encrypted-dns-service
+[taildrop]: https://tailscale.com/kb/1106/taildrop
+[tailnet-lock]: https://tailscale.com/kb/1226/tailnet-lock
+[tailscale-bugreport]: https://tailscale.com/kb/1227/bug-report
+[tailscale-ssh]: https://tailscale.com/kb/1193/tailscale-ssh
+[userspace-mode]: https://tailscale.com/kb/1177/kernel-vs-userspace-routers#userspace-netstack-mode
+[web-interface]: https://tailscale.com/kb/1325/device-web-interface
+[windows-msi]: https://tailscale.com/kb/1189/install-windows-msi