Releases: DataDog/dd-trace-java
Releases Β· DataDog/dd-trace-java
1.39.0
v1.39.0
This tag was signed with the committerβs verified signature.
nikita-tkachenko-datadog
Nikita Tkachenko
Components
Application Security Management (IAST)
- π Do not skip ErrorReportValve.report in any case (#7489 - @smola)
- β¨ Suppress internal exceptions in tomcat stacktrace leak detection (#7488 - @smola)
- π Add exclusions for openid4java and seasar frameworks (#7417 - @manuel-alvarez-alvarez)
- Add detection of untrusted deserialization in snakeyaml library (#7406 - @Mariovido)
- β¨ Fix progagation for Untrusted Deserialization vulnerability (#7374 - @Mariovido)
- Map JSP stack traces to file names (#7005 - @jandro996)
Application Security Management (WAF)
- Free AppSecRequestContext resources when the request ends (#7535 - @manuel-alvarez-alvarez)
- π Make RASP addresses ephemeral (#7529 - @manuel-alvarez-alvarez)
- β¨ Set DD_APPSEC_RASP_ENABLED to true by default (#7528 - @smola)
- π Fix call depth counter for sqli blocking (#7522 - @ValentinZakharov)
- Enable WAF generate_stack action by default (#7518 - @smola)
- β¨ Remove warning whenever we receive an unknown WAF address (#7482 - @smola)
- Add fingerprint support to the WAF (#7436 - @manuel-alvarez-alvarez)
- Upgrade to AppSec rules v1.13.0 (#7424 - @manuel-alvarez-alvarez)
- Add support for suspicious attacker blocking to appsec (#7401 - @manuel-alvarez-alvarez)
- Exploit prevention for SSRF (in java.net.URL) (#7373 - @manuel-alvarez-alvarez)
Cloud Workload Security (CWS)
- Make cws-tls use the same JNA dependency as instrumentations (#7412 - @bantonsson)
Continuous Integration Visibility
- π Fix Gradle Daemon process detection (#7524 - @nikita-tkachenko-datadog)
- π§Ή Split Gradle instrumentations into different modules (#7523 - @nikita-tkachenko-datadog)
- π Implement a fallback method for getting effective JVM for Maven Surefire executions (#7493 - @nikita-tkachenko-datadog)
- π Fix Cucumber JUnit 4 instrumentation to support empty scenario names (#7470 - @nikita-tkachenko-datadog)
- Implement telemetry and global per-JVM limit for auto test retries (#7458 - @nikita-tkachenko-datadog)
- π Fix Cucumber JUnit 4 instrumentation to correctly handle feature and scenario names with brackets (#7446 - @nikita-tkachenko-datadog)
- π Fix Gradle instrumentation to support v8.10 (#7443 - @nikita-tkachenko-datadog)
- π Fix Maven instrumentation to support command-line plugin goals invocation (#7430 - @nikita-tkachenko-datadog)
Crash tracking
- Make the warning in ScriptInitializer less scary (#7514 - @jbachorik)
- π§Ή Improving crash tracking script initialization error handling (#7427 - @PerfectSlayer)
- π Fix crash-tracking uploader script overwrite warning (#7386 - @jbachorik)
Data Streams Monitoring
Database Monitoring
- Full mode for SQL Server (#7186 - @nenadnoveljic)
Dynamic Instrumentation
- π Fix concurrent modification (#7469 - @jpbempel)
- π Fix considering directory as jar file (#7459 - @jpbempel)
- β¨ Add exclusion predefined redaction keywords (#7457 - @jpbempel)
- π fix freeze context only for capturing line probe (#7456 - @jpbempel)
- π Fix SymDB upload dropped requests (#7442 - @jpbempel)
- β¨ Add protobuf collections as safe ones (#7438 - @jpbempel)
- π Fix Fingerprinter thread safety (#7429 - @jpbempel)
- π Add modifiers for extracting symbols (#7420 - @jpbempel)
- β¨ Add support for enum value comparison (#7418 - @jpbempel)
GraalVM native-image
- Avoid RemoteHostnameAdder.config resolution error when building Quarkus native images (#7480 - @mcculls)
- Fix ClassNotFoundException: net.jpountz.lz4.LZ4JavaSafeCompressor when instrumenting Kafka 3.7 with Quarkus native (#7404 - @mcculls)
- Fix unresolved field error when instrumenting Kafka 3.7 with Quarkus native (#7403 - @mcculls)
JMX fetch
- Bump JmxFetch to 0.49.4 (#7501 - @amarziali)
Metrics
Profiling
- Log a warning when profiling enablement is misconfigured. (#7511 - @jbachorik)
- Emit recording setting events for SSI details (#7507 - @jbachorik)
- π Update ddprof to 1.13.0 (#7471 - @r1viollet)
- Allow subsampling the liveheap profiling data (#7380 - @jbachorik)
Telemetry
- π Enable telemetry logs for services using AppSec (#7534 - @smola)
- π Enable telemetry logs for a subset of Java versions (#7475 - @PerfectSlayer)
- Tag span metrics with 'otel.library' when we know it was created by an OTel extension (#7463 - @mcculls)
- β¨ Reduce telemetry log messages per minute to 10 (#7410 - @smola)
- β¨ Add Otel env var telemetry (#7391 - @cecile75)
- β¨ Add telemetry app product change message (#7348 - @jandro996)
- Adding InitializationTelemetry - e.g. guard rails reporting (#7287 - @dougqh)
Trace context propagation
- β¨ Use W3C Trace Context trace ID as parent ID regardless of propagation style order (#7355 - @mtoffl01)
Tracer core
- π Avoid using stdout to report bootstrapping errors (#7432 - @PerfectSlayer)
- Add _dd.tracer_host to local root spans (#7388 - @amarziali)
Instrumentations
Apache Spark instrumentation
- Allow instrumented Spark trace linked to Openlineage originated context (#7450 - @yiliangzhou)
Armeria Instrumentation
AWS SDK instrumentation
gRPC instrumentation
- π Fix grpc server error mark (#7505 - @amarziali)
JDBC instrumentation
- π Don't leak calldepth threadlocal on statements (#7472 - @amarziali)
- π Do not leak call depth threadlocal in jdbc instrumentation (#7468 - @amarziali)
- π Fix exception handling for SQL Server full mode (#7405 - @nenadnoveljic)
- Full mode for SQL Server (#7186 - @nenadnoveljic)
OpenTelemetry instrumentation
- OpenTelemetry drop-in fixes for Apache Pulsar (#7500 - @mcculls)
- OpenTelemetry drop-in fixes for Apache Dubbo (#7499 - @mcculls)
- OpenTelemetry drop-in fixes for Armeria HTTP (#7498 - @mcculls)
- Tag span metrics with 'otel.library' when we know it was created by an OTel extension (#7463 - @mcculls)
- OpenTelemetry drop-in fixes for r2dbc (#7444 - @mcculls)
All other instrumentations
- OpenTelemetry drop-in fixes for Apache Pulsar (#7500 - @mcculls)
- OpenTelemetry drop-in fixes for Apache Dubbo (#7499 - @mcculls)
- π Apache http client 4: do not copy all request headers on redirect (#7483 - @amarziali)
- π Avoid finishing twice a servlet 3 async dispatch span (#7395 - @amarziali)
Other changes
Contributors
smola, mcculls, and 17 other contributors
Assets 6
1.38.1
Components
Application Security Management (IAST)
- π Add exclusions for openid4java and seasar frameworks (#7423 - @manuel-alvarez-alvarez)
Continuous Integration Visibility
- π Fix Cucumber JUnit 4 instrumentation to correctly handle feature and scenario names with brackets (#7447 - @nikita-tkachenko-datadog)
- π Fix Maven instrumentation to support command-line plugin goals invocation (#7431 - @nikita-tkachenko-datadog)
Dynamic Instrumentation
GraalVM native-image
- π Fix ClassNotFoundException: net.jpountz.lz4.LZ4JavaSafeCompressor when instrumenting Kafka 3.7 with Quarkus native (#7422 - @mcculls)
- π Fix unresolved field error when instrumenting Kafka 3.7 with Quarkus native (#7421 - @mcculls)
Tracer core
- π Avoid using stdout to report bootstrapping errors (#7433 - @PerfectSlayer)
- Add _dd.tracer_host to local root spans (#7426 - @amarziali)
Instrumentations
AWS SDK instrumentation
OpenTelemetry instrumentation
Contributors
mcculls, PerfectSlayer, and 4 other contributors
Assets 6
1.38.0
Potentially Breaking Changes
Warning
When setting up the client library using the Single Step Instrumentation feature (SSI), the library will now check the presence of multiple Java Virtual Machine (JVM) agents and won't install it if is not the only one.
This behavior can be disabled by forcing the injection using the DD_INJECT_FORCE environment variable to TRUE.
Components
Application Security Management (IAST)
- Improve SSRF detection in apache http client (#7359 - @manuel-alvarez-alvarez)
- Add Untrusted Deserialization vulnerability (#7345 - @Mariovido)
- π Fix session rewriting false positives (#7323 - @jandro996)
- Create new ranges for vulns to prevent GC issues (#7309 - @manuel-alvarez-alvarez)
- Update URI and URL call sites for precise taint tracking (#7299 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- β¨ Upgrade to libddwaf 1.19.0 (libddwaf-java 10.1.0) (#7369 - @ValentinZakharov)
- Report telemetry metrics for Exploit Prevention (#7314 - @ValentinZakharov)
- Report span metrics for Exploit Prevention (#7273 - @ValentinZakharov)
- Exploit prevention for SQL injection (blocking support) (#7231 - @ValentinZakharov)
- Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)
- Use three modes for auto user id collection: identification (default), anonymization and disabled (#7135 - @manuel-alvarez-alvarez)
Build & Tooling
- Use unified Gitlab pipeline for APM libraries (#7151 - @randomanderson)
Cloud Workload Security (CWS)
Configuration at Runtime
- Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)
Continuous Integration Visibility
- π Fix built-in retries tracking in Karate framework (#7379 - @nikita-tkachenko-datadog)
- π Fix package resolution for non-Java source files (#7356 - @nikita-tkachenko-datadog)
- π Fix null JvmInfo exception in Maven instrumentation (#7354 - @nikita-tkachenko-datadog)
- π Fix tracer freeze when CI Visibility is enabled (#7325 - @nikita-tkachenko-datadog)
- π Fix Gradle v8.9 instrumentation (#7319 - @nikita-tkachenko-datadog)
- β‘ Optimize per-test code coverage (#7315 - @nikita-tkachenko-datadog)
- Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)
Crash tracking
- Add severity tag to crash upload (#7375 - @jbachorik)
Data Streams Monitoring
- Separate manual & automatic checkpoints when aggregating (#7351 - @piochelepiotr)
- Add pathway propagation for SNS (#7341 - @nayeem-kamal)
- Add tag to differentiate manually created checkpoints (#7331 - @piochelepiotr)
Dynamic Instrumentation
- Add support for
any/all(#7346 - @jpbempel) - π Fix exception thrown for distribution metric (#7344 - @jpbempel)
- Add
Setsupport forhasAny/hasAllexpression (#7340 - @jpbempel) - β¨ Extend
containsEL expression (#7337 - @jpbempel) - Fix EL function behavior for null values (#7328 - @jpbempel)
- π Fix
instanceofas predicate for value expression (#7313 - @jpbempel) - β‘ Add high rate queue for log template snapshots (#7310 - @jpbempel)
- Fix service version and sanitize tags (#7293 - @ojung)
- Implement debug context propagation to enable live debugging of java applications (#7286 - @evanchooly)
- β‘ Remove explicit capture of fields (#7282 - @jpbempel)
- β‘ Move snapshot UUID generation at serialization (#7280 - @jpbempel)
- Serialize restricted collections as regular object (#7274 - @jpbempel)
- Fix mixing log/span decoration probes (#7246 - @jpbempel)
JMX fetch
- Support Websphere JMX admin metrics (#7235 - @amarziali)
Library Injection
- β¨
β οΈ Add lib-injection multiple JVM agents guardrails (#7122 - @PerfectSlayer)
Profiling
- Capture the auto-injection related settings in JFR recording (#7317 - @jbachorik)
- Track JVM RSS in JDK 21+ (#7227 - @MattAlp)
Tracer core
- Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)
- β¨ Add tracer log file to tracer flare when datadog.slf4j.simpleLogger.logFile is NOT defined (#7085 - @cecile75)
Instrumentations
Apache Spark instrumentation
- β¨ Add Parameter to only inject data jobs for particular java commands (#7366 - @paul-laffon-dd)
- Add shutdown hook to finish the spark application trace (#7357 - @paul-laffon-dd)
- Use spark application name when service is set to hadoop (#7294 - @paul-laffon-dd)
AWS SDK instrumentation
- π Fix parsing of binary datadog headers in SQS (#7324 - @vandonr)
- π Remove binary
_datadogattribute if present in JMS SQS instrumentation to avoid crash (#7283 - @vandonr)
GraphQL instrumentation
- π Fix advices for GraphQl 22+ (#7295 - @amarziali)
Jetty instrumentation
- π‘ Support jetty client 12 (#7305 - @amarziali)
Spring instrumentation
- π Rollback wrapping of runnables on each schedule for Spring Scheduling (#7290 - @amarziali)
All other instrumentations
Contributors
evanchooly, spikat, and 18 other contributors
Assets 6
1.37.1
v1.37.1
This tag was signed with the committerβs verified signature.
nikita-tkachenko-datadog
Nikita Tkachenko
Components
Continuous Integration Visibility
- π Fix Gradle v8.9 instrumentation (#7336 - @nikita-tkachenko-datadog)
- π Fix tracer freeze when CI Visibility is enabled (#7335 - @nikita-tkachenko-datadog)
Contributors
nikita-tkachenko-datadog
Assets 6
1.37.0
v1.37.0
This tag was signed with the committerβs verified signature.
PerfectSlayer
Bruce Bujon
Components
Application Security Management (WAF)
- π Add missing appsec propagation tag on appsec events (#7262 - @jandro996)
- π Set appsec.blocked in local root span (#7251 - @smola)
Continuous Integration Visibility
- π Fix -DargLine propagation for Maven builds (#7269 - @nikita-tkachenko-datadog)
- Update default versions of DD Javac plugin and Jacoco plugin used by CI Visibility (#7248 - @nikita-tkachenko-datadog)
- π Fix language detection logic (#7245 - @nikita-tkachenko-datadog)
Crash tracking
- Add support for sending OOME events (#7253 - @jbachorik)
Profiling
- Collapse wall samples by default (#7272 - @richardstartin)
- Add support for 'auto' value in DD_PROFILING_ENABLED (#7264 - @jbachorik)
- Add support for sending OOME events (#7253 - @jbachorik)
Instrumentations
Apache Spark instrumentation
- Capture all spark conf parameter (#7242 - @paul-laffon-dd)
JMS instrumentation
- β¨ Trace JMS Queue and Topic producers when destination is explicit (#7266 - @amarziali)
All other instrumentations
- Add ServiceTalk async context propagation instrumentation (#7241 - @ygree)
- π§ͺ Instrument Tibco BusinessWorks 5 and 6 (#7155 - @amarziali)
Contributors
smola, jbachorik, and 6 other contributors
Assets 6
1.36.0
Components
Application Security Management (IAST)
- Add builder for vulnerability types and fix insecure auth protocol (#7216 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- Apply appsec rate limiter on event instead of when request end (#7221 - @jandro996)
- Preserve original types before passing data to the WAF (#7220 - @smola)
- Set _dd.p.dm to -5 for IAST and AppSec spans (#7219 - @jandro996)
- Update missing RFC parts for user event tacking (#7213 - @manuel-alvarez-alvarez)
- Upgrade to AppSec rules v1.12.0 (#7192 - @ValentinZakharov)
- Collect and report RASP events (+Stack traces) (#7162 - @ValentinZakharov)
- Add grpc.server.method to WAF addresses with FQN of the grpc method (#7079 - @manuel-alvarez-alvarez)
- Add standalone ASM billing support (#7040 - @jandro996)
Continuous Integration Visibility
- Do not report code coverage for skipped tests (#7244 - @nikita-tkachenko-datadog)
- π Fix TestNG tracing for parameterized tests that modify parameters (#7226 - @nikita-tkachenko-datadog)
- Add more metrics and tags to CI Visibility telemetry (#7223 - @nikita-tkachenko-datadog)
- π§Ή Replace string constants with a dedicated enum for test statuses (#7218 - @nikita-tkachenko-datadog)
- Ignore exception when trying to remove Git data upload shutdown hook during JVM shutdown (#7204 - @nikita-tkachenko-datadog)
- Do not include system-properties in test session command tag (#7187 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Add Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)
Dynamic Instrumentation
Metrics
- Bump JMXFetch to 0.49.2 (#6935 - @carlosroman)
Profiling
- Update ddpfrof to 1.9.0 (#7229 - @jbachorik)
- Enable timeline events by default when ddprof disabled (#7224 - @richardstartin)
- Add configuration parameter for GC generation count tracking (#7210 - @jbachorik)
Testing
- Fix spring-messaging tests (#7157 - @amarziali)
Tracer internal logging
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7160 - @nikita-tkachenko-datadog)
- Support DD_LOG_LEVEL (#7159 - @mcculls)
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7190 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7193 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7184 - @mcculls)
- Add more tests aboutβ―OpenTelemetry attributes conventions (#7163 - @PerfectSlayer)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7142 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7129 - @mcculls)
All other instrumentations
- Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)
- π Fix Protobuf schema sampling logic (#7197 - @piochelepiotr)
- Support graphql 22 (#7176 - @amarziali)
Contributors
smola, mcculls, and 12 other contributors
Assets 6
1.35.2
Components
Application Security Management (IAST)
- π Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)
Dynamic Instrumentation
Tracer internal logging
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7195 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)
Log4J2 instrumentation
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)
Contributors
mcculls, vandonr, and 3 other contributors
Assets 6
1.35.1
This patch release was published as 1.35.2
Components
Application Security Management (IAST)
- π Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)
Dynamic Instrumentation
Tracer internal logging
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7195 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)
Log4J2 instrumentation
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)
Contributors
mcculls, vandonr, and 3 other contributors
Assets 6
1.35.0
v1.35.0
This tag was signed with the committerβs verified signature.
PerfectSlayer
Bruce Bujon
Known Issues
This release contains a critical bug that may break applications using AWS SNS with immutable message attributes.
To avoid this bug you can either upgrade to v1.35.2, revert to v1.34.0, or turn off the SNS integration with this JVM option
-Ddd.integration.sns.enabled=false or this environment variable DD_INTEGRATION_SNS_ENABLED=false.
Turning off the SNS integration won't change the traces collected, but may cause some SNS traces to become disconnected.
Potentially Breaking Changes
Warning
Enable by default the Spring Boot environment instrumentation that infers the service name to the value of spring.application.name if the user did not provide any DD_SERVICE configuration.
Check #7029 for more details and how to revert it.
Components
Application Security Management (IAST)
- Add XSS support for JSP (#6944 - @jandro996)
- Detect a vulnerability when a default application is deployed (#6885 - @jandro996)
Application Security Management (WAF)
- π Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
- π Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
- π Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
- Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
- Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
- Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
- Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)
Build & Tooling
- β¨ Update lib-injection docker image tags (#7057 - @andrewlock)
Cloud Workload Security (CWS)
Configuration at Runtime
Continuous Integration Visibility
- β‘ Do not gather coverage for skippable tests (#7139 - @nikita-tkachenko-datadog)
- π Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
- π Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
- π Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
- π Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
- π Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
- Implement agentless log submission for Log4j2 (#7082 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Use backend parameters for histograms (#7050 - @piochelepiotr)
- Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
- Add product tags to each span if products are enabled (#6990 - @kr-igor)
- Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)
Database Monitoring
Dynamic Instrumentation
- π Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
- Remove too generic redaction keywords (#7117 - @jpbempel)
- π Fix line probe in method with inline lambdas (#7099 - @jpbempel)
- Report exception when deserializing config (#7092 - @jpbempel)
- Add option to limit number of frames captured (#7083 - @jpbempel)
- Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
- π Fix short circuiting of boolean expressions (#7060 - @jpbempel)
- Add
EXCEPTION_REPLAY_ENABLEDconfig token (#7054 - @jpbempel) - πβ‘ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
- β¨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
- π Add fingerprint info into Tracer flare (#7043 - @jpbempel)
- πβ‘ Fix expensive folding only in debug level (#7042 - @jpbempel)
- Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
- Remove debug log on sampling (#7021 - @jpbempel)
- π Fix support of literals in Expression Language (#7018 - @jpbempel)
- Fix log level and message for SymDB extraction (#7016 - @jpbempel)
- π Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
- Filter out Errors for Exception Debugging (#6997 - @jpbempel)
- Add support of Set in Expression Language (#6992 - @jpbempel)
GraalVM native-image
Metrics
OpenTracing
- Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
- Bumps opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)
Profiling
- π Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
- Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
- π Fix the ddprof safety check (#7037 - @jbachorik)
- Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
Telemetry
- Report updated
trace.sampling.rulesto telemetry (#7106 - @mcculls) - Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
- Adding support for reporting remote config id (#7012 - @stanistan)
- β¨ Add log file if size is not too big (#6993 - @cecile75)
Trace context propagation
Tracer core
- π Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
- Preserve
unix:agent URLs (#7094 - @mcculls) - Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
- Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- π‘ Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
- Implement span origin for JVM applications (#7001 - @evanchooly)
- Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)
Instrumentations
AWS SDK instrumentation
- Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)
Core Java language instrumentation
- β¨ Disable URL instrumentation by default (#7073 - @mcculls)
- β¨π§Ή Improve loom features support (#7045 - @PerfectSlayer)
gRPC instrumentation
- Extend gRPC context propagation into
WriteQueue, add queue timing toWriteQueuecommands (#7110 - @richardstartin)
JDBC instrumentation
Kafka instrumentation
- Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)
Micronaut instrumentation
- Support micronaut 4.x (#7035 - @amarziali)
Netty instrumentation
- π Don't always finish parent span in Netty client (#7126 - @amarziali)
OpenTelemetry instrumentation
- Ensure manually created OpenTelemetry spans are compliant with trace metrics (#7138 - @mcculls)
- Support custom OpenTelemetry context (#7118 - @mcculls)
- ①Avoid creating unnecessary OtelSpanContext⦠(#7116 - @mcculls)
- Track OpenTelemetry propagated context (#7114 - @mcculls)
- Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)
Spring instrumentation
β οΈ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)
Other changes
Contributors
smola, stanistan, and 21 other contributors
Assets 6
1.35.0-RC1
Warning
This is a release candidate and is not intended for use in production.
Please open an issue regarding any problems in this release candidate.
Components
Application Security Management (IAST)
- Add XSS support for JSP (#6944 - @jandro996)
- Detect a vulnerability when a default application is deployed (#6885 - @jandro996)
Application Security Management (WAF)
- π Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
- π Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
- π Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
- Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
- Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
- Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
- Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)
Build & Tooling
- β¨ Update lib-injection docker image tags (#7057 - @andrewlock)
Cloud Workload Security (CWS)
Configuration at Runtime
Continuous Integration Visibility
- Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
- π Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
- π Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
- π Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
- π Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
Database Monitoring
Data Streams Monitoring (DSM)
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
- Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
- Add product tags to each span if products are enabled (#6990 - @kr-igor)
Dynamic Instrumentation
- π Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
- Remove too generic redaction keywords (#7117 - @jpbempel)
- π Fix line probe in method with inline lambdas (#7099 - @jpbempel)
- Report exception when deserializing config (#7092 - @jpbempel)
- Add option to limit number of frames captured (#7083 - @jpbempel)
- Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
- π Fix short circuiting of boolean expressions (#7060 - @jpbempel)
- Add
EXCEPTION_REPLAY_ENABLEDconfig token (#7054 - @jpbempel) - πβ‘ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
- β¨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
- π Add fingerprint info into Tracer flare (#7043 - @jpbempel)
- πβ‘ Fix expensive folding only in debug level (#7042 - @jpbempel)
- Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
- Remove debug log on sampling (#7021 - @jpbempel)
- π Fix support of literals in Expression Language (#7018 - @jpbempel)
- Fix log level and message for SymDB extraction (#7016 - @jpbempel)
- π Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
- Filter out Errors for Exception Debugging (#6997 - @jpbempel)
- Add support of Set in Expression Language (#6992 - @jpbempel)
GraalVM native-image
Metrics
OpenTracing
- Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
- Bump opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)
Profiling
- π Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
- Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
- π Fix the ddprof safety check (#7037 - @jbachorik)
- Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
- Extend gRPC context propagation into
WriteQueue, add queue timing toWriteQueuecommands (#7110 - @richardstartin)
Telemetry
- Report updated
trace.sampling.rulesto telemetry (#7106 - @mcculls) - Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
- Adding support for reporting remote config id (#7012 - @stanistan)
- β¨ Add log file if size is not too big (#6993 - @cecile75)
Tracer core
- π Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
- Preserve
unix:agent URLs (#7094 - @mcculls) - Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
- Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- π‘ Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
- Implement span origin for JVM applications (#7001 - @evanchooly)
- Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)
Instrumentations
AWS SDK instrumentation
- Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)
Core Java language instrumentation
- β¨ Disable URL instrumentation by default (#7073 - @mcculls)
- β¨π§Ή Improve loom features support (#7045 - @PerfectSlayer)
JDBC instrumentation
Kafka instrumentation
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
Micronaut instrumentation
- Support micronaut 4.x (#7035 - @amarziali)
Netty instrumentation
- π Don't finish parent span when instrumenting a client (#7126 - @amarziali)
OpenTelemetry instrumentation
- Support custom OpenTelemetry context (#7118 - @mcculls)
- β‘ Avoid creating unnecessary OtelSpanContext when extracting context from OTel wrapper around Datadog span (#7116 - @mcculls)
- Track OpenTelemetry propagated context (#7114 - @mcculls)
- Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)
Spring instrumentation
β οΈ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)
Contributors
smola, stanistan, and 20 other contributors