v1.71.1

What's Changed

This release contains a fix for a panic on trace extraction when DD_TRACE_PROPAGATION_EXTRACT_FIRST=true and no trace headers were present. It also updates the tracer to only retrieve CI tags when CI Visibility is enabled, improving efficiency.

General

• ddtrace/tracer: Fix panic on Extract when DD_TRACE_PROPAGATION_EXTRACT_FIRST=true and no trace headers present [1.71 backport] in #3141
• tracer/stats: Only get CI tags when CI Visibility is enabled [1.71 backport] in #3142

Full Changelog: v1.71.0...v1.71.1

v1.71.0

What's Changed

Application Performance Monitoring (APM)

• Adding Span Link support for compound header tag extractions with conflicting trace IDs by @mhlidd in #2948
• contrib/net/http: Make DD_TRACE_HTTP_CLIENT_TAG_QUERY_STRING false by default by @mtoffl01 in #3010
• ddtrace/tracer: initialize runtimeMetricsV2 with statsd "direct" client by @anatolebeuzon (#3006)
• ddtrace/tracer: report datadog.tracer.api.errors health metric by @mtoffl01 (#3024)
• ddtrace/tracer: Report datadog.tracer.queue.enqueued.traces as health metric by @mtoffl01 (#3019)
• ddtrace/tracer: Report datadog.tracer.abandoned_spans health metric by @mtoffl01 (#3032)

Application Security Management (ASM)

• appsec: never start a new WAF Context when one is in context by @eliottness in #2989
• contrib/envoyproxy: envoy external processing support by @e-n-0 (#2895)
• appsec: stop storing span tags, directly call span.SetTag by @eliottness (#3044)
• ddtrace/tracer: Tracing as transport-only mode (APPSEC_STANDALONE) by @eliottness (#3033)

CI Visibility

• internal/civisibility: ensure git permissions before extracting git info by @tonyredondo in #2974
• internal/civisibility: fix RWMutex usages by @tonyredondo in #2982
• internal/civisibility: specify if the user is setting the DD_SERVICE by @tonyredondo in #2988
• ddtrace/tracer: Disable agent features and remote configuration in CI Visibility agentless mode by @tonyredondo (#3026)

General

• ddtrace/tracer: add support for span links on Span Context by @mhlidd in #2973
• ddtrace/tracer: Ensure SpanLink access is safe from corruption by @mtoffl01 in #2975
• fix(ddtrace/tracer): ignore agent-provided TCP port when using a UDS w/ WithDogstatsdAddress by @darccio in #2985
• Add example listening for sigterm to docs (APMSP-15340) by @ajgajg1134 in #2978
• fix(ddtrace/tracer): refactor DogStatsD URL resolution using agent-reported StatsD port by @darccio in #2995
• chore(go.mod): reduce blast radius in go.mod from #2817 (#2979) by @darccio in #2980
• ddtrace/tracer: remove health_metrics_enabled from startup logs by @hannahkm in #3003
• internal: add workflow to check for outdated integrations by @quinna-h in #2936
• go.mod: Use explicit go-runtime-metrics-internal version by @felixge in #3013
• Propagate statsd client to stats concentrator (APMSP-1631) by @ajgajg1134 in #3007
• ddtrace/tracer: Add a retryInterval option by @mtoffl01 in #2986
• Remove deprecated cache option by @sethsamuel in #2984
• go.mod: module go.opentelemetry.io/collector/pdata@latest found (v1.21.0), but does not contain package go.opentelemetry.io/collector/pdata/internal/data/protogen/profiles/v1experimental (#3042)
• vuln: upgrade golang.org/x/{crypto,net} to non-vulnerable versions by @darccio (#3050)
• build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#3001)

New Contributors

• @mhlidd made their first contribution in #2973
• @quinna-h made their first contribution in #2936
• @sethsamuel made their first contribution in #2984

Full Changelog: v1.70.1...v1.71.0

v1.70.3

Summary

This patch release fixes an issue when using orchestrion. Seeing this error message 👇 or seeing an build with orchestrion hangs are symptoms of this issue:

-: # net/http
resolving woven dependency on gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext: cycle detected: net/http -> net/http

Changes

• fix: workaround for otel agent dependency causes orchestrion failure (#3066)

Please refer to v1.70.0 release notes for more detail.

Full Changelog: v1.70.0...v1.70.1

v1.70.2

Summary

This patch release fixes the following issue encountered when running go mod tidy:

module go.opentelemetry.io/collector/pdata@latest found (v1.21.0), but does not contain package go.opentelemetry.io/collector/pdata/internal/data/protogen/profiles/v1experimental

Changes

• go.mod: module go.opentelemetry.io/collector/pdata@latest found (v1.21.0), but does not contain package go.opentelemetry.io/collector/pdata/internal/data/protogen/profiles/v1experimental (#3042)

Please refer to v1.70.0 release notes for more detail.

Full Changelog: v1.70.0...v1.70.1

v1.70.1

Fix the version number reported by dd-trace-go to avoid the release candidate label and add a fix for internal/civisiblity.

Please refer to v1.70.0 release notes for more detail.

Full Changelog: v1.70.0...v1.70.1

v1.70.0

This release includes ASM Exploit Prevention's General Availability and offers multiple fixes in contribs, improved client-side stats implementation, and multiple environment variables for configuration:

• DD_PROFILING_FLUSH_ON_EXIT: if set to 1, the profiler will upload the profiles in progress when profiler.Stop is called. Be mindful of using this setting for short-lived programs (e.g. lambdas, which we do not currently support for Go) as it may lead to inflated host counts. Also note that stopping the CPU profiler takes 200ms. See https://go.dev/issue/63043.
• DD_PROFILING_ENABLED: if set to false, then calling profiler.Start will not enable profiling. Note that setting this to true is not sufficient to enable profiling; you still need to call profiler.Start.
• DD_TRACE_LOG_DIRECTORY: it allows specifying a log directory for tracer logs (details).
• DD_APPSEC_RASP_ENABLED: if set to false, disables ASM Exploit Prevention (defaults to true)

What's Changed

Application Performance Monitoring (APM)

• contrib/segmentio/kafka.go.v0: refactor tracing code by @rarguelloF in #2885
• contrib/slog: clone record before calling Add by @felixge in #2929
• contrib/confluentinc/confluent-kafka-go: fix goroutine leak in Produce by @rarguelloF in #2924
• contrib/jackc/pgx.v5: wrap previous tracer by @rarguelloF in #2932
• contrib/net/http: refactor tracing by @rarguelloF in #2921
• contrib/confluentinc/confluent-kafka-go: split tracing code by @rarguelloF in #2907
• [godfathering] contrib/dimfeld/httptreemux.v5: failing tests for path variable replacement by @darccio in #2938
• [serverless] Inject trace context into SQS/SNS/EventBridge by @nhulston in #2917
• contrib/log/slog: fix WithAttrs and WithGroup implementation by @rarguelloF in #2857
• [SVLS-5560] Inject DD trace context into AWS Step Functions input by @DylanLovesCoffee in #2942
• APMSP-1241 Directly import trace-agent stats code for client-side stats by @ajgajg1134 in #2817
• [fix][internal/httptrace]: integration-level error codes override global by @mtoffl01 in #2946
• contrib/valyala/fasthttp.v1: fix memory leak of spanOpts by @0angelic0 in #2962
• contrib/go-chi: Apply DD_TRACE_HTTP_SERVER_ERROR_STATUSES by @mtoffl01 in #2960
• [fix][tracer] DD_TRACE_HEADER_TAGS treats trailing colon as invalid input by @mtoffl01 in #2913
• Fix: Support custom propagators in startup log by @mtoffl01 in #2925
• fix(options): Don't override c.httpClient if it is set via the options by @BaptisteFoy in #2970

Application Security Management (ASM)

We’re pleased to release Exploit Prevention (aka Run-time Application Self-Protection (RASP)) to protect your Go services against exploits of SQL injections (SQLi), Server-Side Request Forgeries (SSRF) and Local File Inclusion (LFI) vulnerabilities.
We recommend leveraging orchestrion, our new automatic Go instrumentation tool, to benefit from this new type of application security monitoring automatically. Note that some of those features are exclusive to orchestrion, such as LFI or the upcoming Command Injection (CMDi), which is coming later this quarter.
Please refer to the documentation or our blog post for more information.

• appsec: enable SQLi and SSRF exploit preventions by default in monitoring-only mode by @eliottness in #2952
• appsec: add tracer start option for appsec enablement by @RomainMuller in #2966
• appsec: differentiate user login and user set event by @eliottness in #2956

CI Visibility

• internal/civisibility: add early flake detection feature by @tonyredondo in #2916
• internal/civisibility: adds git tree upload feature by @tonyredondo in #2927
• internal/civisibility: add handshake linkname to orchestrion api to address linkname lock down by @tonyredondo in #2934
• internal/civisibility: add more nil checks to increase resilience by @tonyredondo in #2944
• internal/civisibility: auto test retries max retries fix by @tonyredondo in #2947
• internal/civisibility: intelligent test runner support by @tonyredondo in #2943
• internal/civisibility: test with efd enabled disable atr for that test by @tonyredondo in #2958
• internal/civisibility: add support for unskippable tests and suites by @tonyredondo in #2957
• internal/civisibility: api refactor and support for telemetry metrics by @tonyredondo in #2963
• Add CI Visibility data to client stats (APMSP-1241) by @ajgajg1134 in #2969

Profiling

• profiler: add enable flag to control profiler activation by @korECM in #2840
• profiler: add DD_PROFILING_FLUSH_ON_EXIT to upload current profiles before exiting by @jinroh in #2926

General

• Implement DD_TRACE_LOG_DIRECTORY by @mtoffl01 in #2901
• internal/osinfo: setup for kernel info by @eliottness in #2933
• fix and cleanup the Content-Length handling in transport by @paulcacheux in #2954
• ddtrace/tracer: support reading statsd port from tracer by @hannahkm in #2931
• ddtrace/tracer: fix trace_agent_url on startup log by @rachelyangdog in #2949

New Contributors

• @nhulston made their first contribution in #2917
• @korECM made their first contribution in #2840
• @DylanLovesCoffee made their first contribution in #2942
• @paulcacheux made their first contribution in #2954
• @0angelic0 made their first contribution in #2962
• @jinroh made their first contribution in #2926
• @rachelyangdog made their first contribution in #2949

Full Changelog: v1.69.1...v1.70.0

v1.69.1

Summary

This patch release introduces multiple bug fixes and refactors mainly related to contribs for integrating dd-trace-go better with Orchestrion. More details below.

Changes

Application Performance Monitoring (APM)

• contrib/confluentinc/confluent-kafka-go: split tracing code #2907
• contrib/confluentinc/confluent-kafka-go: fix goroutine leak in Produce #2924
• contrib/dimfeld/httptreemux.v5: failing tests for path variable replacement #2938
• contrib/jackc/pgx.v5: wrap previous tracer #2932
• contrib/log/slog: fix WithAttrs and WithGroup implementation #2857
• contrib/net/http: refactor tracing #2921
• contrib/segmentio/kafka.go.v0: refactor tracing code #2885
• contrib/slog: clone record before calling Add #2929
• [fix][tracer] DD_TRACE_HEADER_TAGS treats trailing colon as invalid input #2913
• Fix: Support custom propagators in startup log #2925

Full Changelog: v1.69.0...v1.69.1

v1.69.0

This release offers a lot of QOL changes and fixes for DataStreams Monitoring (DSM) and for two contribs: 99designs/gqlgen and aws/aws-sdk-go-v2/. Application Security now offers new attacker fingerprinting capabilities and support for entire read-only filesystem on linux

Important

If you are using gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http.WrapRoundTripper, you can expect new errors to be reported in the span generated by your outgoing HTTP requests. The behaviour expected across all tracers was to report status codes between 400 and 500 as errors. Meanwhile dd-trace-go was reporting errors when the status code was between 500 and 600, this is now fixed. To revert to the previous behaviour. Please use the following environement variable: DD_TRACE_HTTP_CLIENT_ERROR_STATUSES=500-600

What's Changed

Application Performance Monitoring (APM)

• contrib/aws/aws-sdk-go-v2/aws: Fix streamName nil pointer panic by @webdestroya in #2846
• contrib/99designs/gqlgen/tracer.go: nil check response by @dienvoandpadcojp in #2792
• Fix and Feature: Make configuration options consistent across tracing libraries: @mtoffl01 in #2873
  • cf-connecting-ipv6 replaces cf-connecting-ip in HTTP headers tracked for http.client_ip tag when DD_TRACE_CLIENT_IP_ENABLED is set to true
  • DD_TRACE_HTTP_CLIENT_TAG_QUERY_STRING: Boolean that determines whether or not to include query params in http.url tag for http client spans
  • DD_TRACE_HTTP_CLIENT_ERROR_STATUSES: Customize errors on http client spans
  • DD_TRACE_HTTP_SERVER_ERROR_STATUSES: Customize errors on http server spans

Application Security Management (ASM)

• appsec: use memfd on linux instead of dumping libddwaf.so in /tmp by @eliottness in DataDog/go-libddwaf#106
• appsec: Suspicious Attacker Blocking by @eliottness in #2878
• appsec: Attacker Fingerprinting by @eliottness in #2899
• internal/appsec: upgrade default WAF ruleset for fingerprinting and RASP rules by @eliottness in DataDog/appsec-internal-go#33
• internal/appsec: support for _dd.appsec.rasp.* metrics by @eliottness in DataDog/go-libddwaf#109
• internal/appsec: refactor listeners by @eliottness in #2862

Profiling

• profiler: avoid metrics profile log noise when stopping profiling by @nsrip-dd in #2865

CI Visibility

• internal/civisibility/utils/net: a new http client for rapid endpoints by @tonyredondo in #2869
• internal/civisibility: adds the new vcpu_count metric for tslv events by @tonyredondo in #2883
• internal/civisibility: change the default value for DD_CIVISIBILITY_ENABLED to false by @tonyredondo in #2893
• internal/civisibility/integrations/gotesting: add the DD_CIVISIBILITY_ENABLED kill switch environment variable by @tonyredondo in #2861
• internal/civisibility: test session logical names by @tonyredondo in #2904
• internal/civisibility: automatic test retries by @tonyredondo in #2892
• internal/civisibility: fixes the test parent status when the auto-retry feature ended up with a failed test and then a successful test. by @tonyredondo in #2910
• internal/civisibility: add support for the test.source.end tag by @tonyredondo in #2911
• internal/civisibility: add and improve debug logs by @tonyredondo in #2912
• internal/civisibility/integrations/gotesting: fixes for orchestrion autoinstrumentation by @tonyredondo in #2844
• internal/civisibility/integrations/gotesting: improve the isCiVisibilityEnabled and enable reporting Code Coverage percentage. by @tonyredondo in #2866

General

• internal/stacktrace: upgrade tinylib/msgp and add stacktrace.GetSpanValue by @eliottness in #2864
• Regenerate stats payload to add is_trace_root by @ajgajg1134 in #2856
• ddtrace/tracer: update log msg to accurately count dropped traces by @hannahkm in #2845
• internal/datastreams: fix Processor goroutine leaks by @ggambetti in #2880

New Contributors

• @webdestroya made their first contribution in #2846
• @ggambetti made their first contribution in #2880
• @dienvoandpadcojp made their first contribution in #2792
• @fkmy made their first contribution in #2898

Full Changelog: v1.68.0...v1.69.0

v1.68.0

With the release of Go 1.23, we are dropping support for Go 1.21. Our minimum supported Go release is now Go 1.22.

This release removes the gopkg.in/DataDog/dd-trace-go.v1/contrib/google.golang.org/grpc.v12 integration, which wrapped grpc v0.12.0. This release also brings several bug fixes to the APM and ASM libraries.

What's Changed

Application Performance Monitoring (APM)

• contrib/gocql/gocql: implement observer api based tracing by @rarguelloF in #2805
• Drop support for ancient and unused grpc.v12 by @ajgajg1134 in #2820
• ddtrace/tracer: dereference pointers to supported types in span.SetTag by @darccio in #2796
• ddtrace/tracer: add uptrace/bun to telemetry's supported contribs by @darccio in #2810
• chore(w3c): ensure last parent id is never set to 16 zeros by @mabdinur in #2808
• ddtrace/tracer: add IsTraceRoot to clients-side-stats by @knusbaum in #2821
• ddtrace/tracer: fixed resampling to occur on root span only by @dianashevchenko in #2824
• Log regex compilation as error by @ALX99 in #2809

Application Security Management (ASM)

• internal/appsec: fix missing ResponseHeaderCopier call by @eliottness in #2841
• appsec: missing SQLi and LFI RC capabilities by @eliottness in #2851

General

• all: upgrade minimum supported Go release to 1.22 by @nsrip-dd in #2850
• go.mod: retract experimental versions by @darccio in #2806
• [CI Visibility] Refactor gotesting integration to be used by orchestrion by @tonyredondo in #2843
• internal/globalconfig: make statsTags un-changeable from outside of the globalconfig package by @mtoffl01 in #2842
• fix(ci): smoke tests due to broken SQLite driver & update upload-artifact action by @darccio in #2848

New Contributors

• @ALX99 made their first contribution in #2809

Full Changelog: v1.67.1...v1.68.0

v1.67.1

Summary

This patch release introduces two key changes to sampling:

• Resampling now occurs only on root spans, eliminating redundant sampling tags on child spans.
• Client stats have been updated to align with the Trace Agent version, enabling support for adaptive sampling.

Important

Depending on your sampling rules, and especially if you have trace sampling rules that match child spans, you may notice an increase in ingested spans. This increase is expected and a result of improved sampling accuracy. If the ingested volume is problematic, reduce it using APM Ingestion Controls. For any questions or issues, please contact Datadog Support.

Changes

Application Performance Monitoring (APM)

• ddtrace/tracer: add IsTraceRoot to clients-side-stats in #2821
• ddtrace/tracer: fixed resampling to occur on root span only in #2824

Full Changelog: v1.67.0...v1.67.1