Skip to content

v1.70.0

Compare
Choose a tag to compare
@darccio darccio released this 21 Nov 15:33
· 6 commits to release-v1.70.x since this release
cb45e9b

This release includes ASM Exploit Prevention's General Availability and offers multiple fixes in contribs, improved client-side stats implementation, and multiple environment variables for configuration:

  • DD_PROFILING_FLUSH_ON_EXIT: if set to 1, the profiler will upload the profiles in progress when profiler.Stop is called. Be mindful of using this setting for short-lived programs (e.g. lambdas, which we do not currently support for Go) as it may lead to inflated host counts. Also note that stopping the CPU profiler takes 200ms. See https://go.dev/issue/63043.
  • DD_PROFILING_ENABLED: if set to false, then calling profiler.Start will not enable profiling. Note that setting this to true is not sufficient to enable profiling; you still need to call profiler.Start.
  • DD_TRACE_LOG_DIRECTORY: it allows specifying a log directory for tracer logs (details).
  • DD_APPSEC_RASP_ENABLED: if set to false, disables ASM Exploit Prevention (defaults to true)

What's Changed

Application Performance Monitoring (APM)

  • contrib/segmentio/kafka.go.v0: refactor tracing code by @rarguelloF in #2885
  • contrib/slog: clone record before calling Add by @felixge in #2929
  • contrib/confluentinc/confluent-kafka-go: fix goroutine leak in Produce by @rarguelloF in #2924
  • contrib/jackc/pgx.v5: wrap previous tracer by @rarguelloF in #2932
  • contrib/net/http: refactor tracing by @rarguelloF in #2921
  • contrib/confluentinc/confluent-kafka-go: split tracing code by @rarguelloF in #2907
  • [godfathering] contrib/dimfeld/httptreemux.v5: failing tests for path variable replacement by @darccio in #2938
  • [serverless] Inject trace context into SQS/SNS/EventBridge by @nhulston in #2917
  • contrib/log/slog: fix WithAttrs and WithGroup implementation by @rarguelloF in #2857
  • [SVLS-5560] Inject DD trace context into AWS Step Functions input by @DylanLovesCoffee in #2942
  • APMSP-1241 Directly import trace-agent stats code for client-side stats by @ajgajg1134 in #2817
  • [fix][internal/httptrace]: integration-level error codes override global by @mtoffl01 in #2946
  • contrib/valyala/fasthttp.v1: fix memory leak of spanOpts by @0angelic0 in #2962
  • contrib/go-chi: Apply DD_TRACE_HTTP_SERVER_ERROR_STATUSES by @mtoffl01 in #2960
  • [fix][tracer] DD_TRACE_HEADER_TAGS treats trailing colon as invalid input by @mtoffl01 in #2913
  • Fix: Support custom propagators in startup log by @mtoffl01 in #2925
  • fix(options): Don't override c.httpClient if it is set via the options by @BaptisteFoy in #2970

Application Security Management (ASM)

We’re pleased to release Exploit Prevention (aka Run-time Application Self-Protection (RASP)) to protect your Go services against exploits of SQL injections (SQLi), Server-Side Request Forgeries (SSRF) and Local File Inclusion (LFI) vulnerabilities.
We recommend leveraging orchestrion, our new automatic Go instrumentation tool, to benefit from this new type of application security monitoring automatically. Note that some of those features are exclusive to orchestrion, such as LFI or the upcoming Command Injection (CMDi), which is coming later this quarter.
Please refer to the documentation or our blog post for more information.

  • appsec: enable SQLi and SSRF exploit preventions by default in monitoring-only mode by @eliottness in #2952
  • appsec: add tracer start option for appsec enablement by @RomainMuller in #2966
  • appsec: differentiate user login and user set event by @eliottness in #2956

CI Visibility

  • internal/civisibility: add early flake detection feature by @tonyredondo in #2916
  • internal/civisibility: adds git tree upload feature by @tonyredondo in #2927
  • internal/civisibility: add handshake linkname to orchestrion api to address linkname lock down by @tonyredondo in #2934
  • internal/civisibility: add more nil checks to increase resilience by @tonyredondo in #2944
  • internal/civisibility: auto test retries max retries fix by @tonyredondo in #2947
  • internal/civisibility: intelligent test runner support by @tonyredondo in #2943
  • internal/civisibility: test with efd enabled disable atr for that test by @tonyredondo in #2958
  • internal/civisibility: add support for unskippable tests and suites by @tonyredondo in #2957
  • internal/civisibility: api refactor and support for telemetry metrics by @tonyredondo in #2963
  • Add CI Visibility data to client stats (APMSP-1241) by @ajgajg1134 in #2969

Profiling

  • profiler: add enable flag to control profiler activation by @korECM in #2840
  • profiler: add DD_PROFILING_FLUSH_ON_EXIT to upload current profiles before exiting by @jinroh in #2926

General

New Contributors

Full Changelog: v1.69.1...v1.70.0