Releases: DataDog/dd-trace-java
1.37.0
Components
Application Security Management (WAF)
- π Add missing appsec propagation tag on appsec events (#7262 - @jandro996)
- π Set appsec.blocked in local root span (#7251 - @smola)
Continuous Integration Visibility
- π Fix -DargLine propagation for Maven builds (#7269 - @nikita-tkachenko-datadog)
- Update default versions of DD Javac plugin and Jacoco plugin used by CI Visibility (#7248 - @nikita-tkachenko-datadog)
- π Fix language detection logic (#7245 - @nikita-tkachenko-datadog)
Crash tracking
- Add support for sending OOME events (#7253 - @jbachorik)
Profiling
- Collapse wall samples by default (#7272 - @richardstartin)
- Add support for 'auto' value in DD_PROFILING_ENABLED (#7264 - @jbachorik)
- Add support for sending OOME events (#7253 - @jbachorik)
Instrumentations
Apache Spark instrumentation
- Capture all spark conf parameter (#7242 - @paul-laffon-dd)
JMS instrumentation
- β¨ Trace JMS Queue and Topic producers when destination is explicit (#7266 - @amarziali)
All other instrumentations
- Add ServiceTalk async context propagation instrumentation (#7241 - @ygree)
- π§ͺ Instrument Tibco BusinessWorks 5 and 6 (#7155 - @amarziali)
1.36.0
Components
Application Security Management (IAST)
- Add builder for vulnerability types and fix insecure auth protocol (#7216 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- Apply appsec rate limiter on event instead of when request end (#7221 - @jandro996)
- Preserve original types before passing data to the WAF (#7220 - @smola)
- Set _dd.p.dm to -5 for IAST and AppSec spans (#7219 - @jandro996)
- Update missing RFC parts for user event tacking (#7213 - @manuel-alvarez-alvarez)
- Upgrade to AppSec rules v1.12.0 (#7192 - @ValentinZakharov)
- Collect and report RASP events (+Stack traces) (#7162 - @ValentinZakharov)
- Add grpc.server.method to WAF addresses with FQN of the grpc method (#7079 - @manuel-alvarez-alvarez)
- Add standalone ASM billing support (#7040 - @jandro996)
Continuous Integration Visibility
- Do not report code coverage for skipped tests (#7244 - @nikita-tkachenko-datadog)
- π Fix TestNG tracing for parameterized tests that modify parameters (#7226 - @nikita-tkachenko-datadog)
- Add more metrics and tags to CI Visibility telemetry (#7223 - @nikita-tkachenko-datadog)
- π§Ή Replace string constants with a dedicated enum for test statuses (#7218 - @nikita-tkachenko-datadog)
- Ignore exception when trying to remove Git data upload shutdown hook during JVM shutdown (#7204 - @nikita-tkachenko-datadog)
- Do not include system-properties in test session command tag (#7187 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Add Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)
Dynamic Instrumentation
Metrics
- Bump JMXFetch to 0.49.2 (#6935 - @carlosroman)
Profiling
- Update ddpfrof to 1.9.0 (#7229 - @jbachorik)
- Enable timeline events by default when ddprof disabled (#7224 - @richardstartin)
- Add configuration parameter for GC generation count tracking (#7210 - @jbachorik)
Testing
- Fix spring-messaging tests (#7157 - @amarziali)
Tracer internal logging
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7160 - @nikita-tkachenko-datadog)
- Support DD_LOG_LEVEL (#7159 - @mcculls)
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7190 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7193 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7184 - @mcculls)
- Add more tests aboutβ―OpenTelemetry attributes conventions (#7163 - @PerfectSlayer)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7142 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7129 - @mcculls)
All other instrumentations
- Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)
- π Fix Protobuf schema sampling logic (#7197 - @piochelepiotr)
- Support graphql 22 (#7176 - @amarziali)
1.35.2
Components
Application Security Management (IAST)
- π Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)
Dynamic Instrumentation
Tracer internal logging
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7195 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)
Log4J2 instrumentation
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)
1.35.1
This patch release was published as 1.35.2
Components
Application Security Management (IAST)
- π Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)
Dynamic Instrumentation
Tracer internal logging
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
- π Fix NPE when kafka consumer info is not available (#7195 - @amarziali)
OpenTelemetry instrumentation
- Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
- Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
- Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
- Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)
Log4J2 instrumentation
- π Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)
1.35.0
Known Issues
This release contains a critical bug that may break applications using AWS SNS with immutable message attributes.
To avoid this bug you can either upgrade to v1.35.2
, revert to v1.34.0
, or turn off the SNS integration with this JVM option
-Ddd.integration.sns.enabled=false
or this environment variable DD_INTEGRATION_SNS_ENABLED=false
.
Turning off the SNS integration won't change the traces collected, but may cause some SNS traces to become disconnected.
Potentially Breaking Changes
Warning
Enable by default the Spring Boot environment instrumentation that infers the service name to the value of spring.application.name
if the user did not provide any DD_SERVICE
configuration.
Check #7029 for more details and how to revert it.
Components
Application Security Management (IAST)
- Add XSS support for JSP (#6944 - @jandro996)
- Detect a vulnerability when a default application is deployed (#6885 - @jandro996)
Application Security Management (WAF)
- π Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
- π Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
- π Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
- Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
- Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
- Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
- Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)
Build & Tooling
- β¨ Update lib-injection docker image tags (#7057 - @andrewlock)
Cloud Workload Security (CWS)
Configuration at Runtime
Continuous Integration Visibility
- β‘ Do not gather coverage for skippable tests (#7139 - @nikita-tkachenko-datadog)
- π Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
- π Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
- π Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
- π Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
- π Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
- Implement agentless log submission for Log4j2 (#7082 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Use backend parameters for histograms (#7050 - @piochelepiotr)
- Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
- Add product tags to each span if products are enabled (#6990 - @kr-igor)
- Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)
Database Monitoring
Dynamic Instrumentation
- π Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
- Remove too generic redaction keywords (#7117 - @jpbempel)
- π Fix line probe in method with inline lambdas (#7099 - @jpbempel)
- Report exception when deserializing config (#7092 - @jpbempel)
- Add option to limit number of frames captured (#7083 - @jpbempel)
- Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
- π Fix short circuiting of boolean expressions (#7060 - @jpbempel)
- Add
EXCEPTION_REPLAY_ENABLED
config token (#7054 - @jpbempel) - πβ‘ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
- β¨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
- π Add fingerprint info into Tracer flare (#7043 - @jpbempel)
- πβ‘ Fix expensive folding only in debug level (#7042 - @jpbempel)
- Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
- Remove debug log on sampling (#7021 - @jpbempel)
- π Fix support of literals in Expression Language (#7018 - @jpbempel)
- Fix log level and message for SymDB extraction (#7016 - @jpbempel)
- π Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
- Filter out Errors for Exception Debugging (#6997 - @jpbempel)
- Add support of Set in Expression Language (#6992 - @jpbempel)
GraalVM native-image
Metrics
OpenTracing
- Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
- Bumps opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)
Profiling
- π Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
- Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
- π Fix the ddprof safety check (#7037 - @jbachorik)
- Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
Telemetry
- Report updated
trace.sampling.rules
to telemetry (#7106 - @mcculls) - Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
- Adding support for reporting remote config id (#7012 - @stanistan)
- β¨ Add log file if size is not too big (#6993 - @cecile75)
Trace context propagation
Tracer core
- π Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
- Preserve
unix:
agent URLs (#7094 - @mcculls) - Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
- Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- π‘ Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
- Implement span origin for JVM applications (#7001 - @evanchooly)
- Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)
Instrumentations
AWS SDK instrumentation
- Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)
Core Java language instrumentation
- β¨ Disable URL instrumentation by default (#7073 - @mcculls)
- β¨π§Ή Improve loom features support (#7045 - @PerfectSlayer)
gRPC instrumentation
- Extend gRPC context propagation into
WriteQueue
, add queue timing toWriteQueue
commands (#7110 - @richardstartin)
JDBC instrumentation
Kafka instrumentation
- Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)
Micronaut instrumentation
- Support micronaut 4.x (#7035 - @amarziali)
Netty instrumentation
- π Don't always finish parent span in Netty client (#7126 - @amarziali)
OpenTelemetry instrumentation
- Ensure manually created OpenTelemetry spans are compliant with trace metrics (#7138 - @mcculls)
- Support custom OpenTelemetry context (#7118 - @mcculls)
- ①Avoid creating unnecessary OtelSpanContext⦠(#7116 - @mcculls)
- Track OpenTelemetry propagated context (#7114 - @mcculls)
- Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)
Spring instrumentation
β οΈ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)
Other changes
1.35.0-RC1
Warning
This is a release candidate and is not intended for use in production.
Please open an issue regarding any problems in this release candidate.
Components
Application Security Management (IAST)
- Add XSS support for JSP (#6944 - @jandro996)
- Detect a vulnerability when a default application is deployed (#6885 - @jandro996)
Application Security Management (WAF)
- π Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
- π Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
- π Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
- Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
- Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
- Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
- Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)
Build & Tooling
- β¨ Update lib-injection docker image tags (#7057 - @andrewlock)
Cloud Workload Security (CWS)
Configuration at Runtime
Continuous Integration Visibility
- Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
- π Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
- π Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
- π Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
- π Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
Database Monitoring
Data Streams Monitoring (DSM)
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
- Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
- Add product tags to each span if products are enabled (#6990 - @kr-igor)
Dynamic Instrumentation
- π Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
- Remove too generic redaction keywords (#7117 - @jpbempel)
- π Fix line probe in method with inline lambdas (#7099 - @jpbempel)
- Report exception when deserializing config (#7092 - @jpbempel)
- Add option to limit number of frames captured (#7083 - @jpbempel)
- Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
- π Fix short circuiting of boolean expressions (#7060 - @jpbempel)
- Add
EXCEPTION_REPLAY_ENABLED
config token (#7054 - @jpbempel) - πβ‘ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
- β¨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
- π Add fingerprint info into Tracer flare (#7043 - @jpbempel)
- πβ‘ Fix expensive folding only in debug level (#7042 - @jpbempel)
- Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
- Remove debug log on sampling (#7021 - @jpbempel)
- π Fix support of literals in Expression Language (#7018 - @jpbempel)
- Fix log level and message for SymDB extraction (#7016 - @jpbempel)
- π Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
- Filter out Errors for Exception Debugging (#6997 - @jpbempel)
- Add support of Set in Expression Language (#6992 - @jpbempel)
GraalVM native-image
Metrics
OpenTracing
- Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
- Bump opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)
Profiling
- π Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
- Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
- π Fix the ddprof safety check (#7037 - @jbachorik)
- Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
- Extend gRPC context propagation into
WriteQueue
, add queue timing toWriteQueue
commands (#7110 - @richardstartin)
Telemetry
- Report updated
trace.sampling.rules
to telemetry (#7106 - @mcculls) - Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
- Adding support for reporting remote config id (#7012 - @stanistan)
- β¨ Add log file if size is not too big (#6993 - @cecile75)
Tracer core
- π Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
- Preserve
unix:
agent URLs (#7094 - @mcculls) - Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
- Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- π‘ Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
- Implement span origin for JVM applications (#7001 - @evanchooly)
- Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)
Instrumentations
AWS SDK instrumentation
- Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)
Core Java language instrumentation
- β¨ Disable URL instrumentation by default (#7073 - @mcculls)
- β¨π§Ή Improve loom features support (#7045 - @PerfectSlayer)
JDBC instrumentation
Kafka instrumentation
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
Micronaut instrumentation
- Support micronaut 4.x (#7035 - @amarziali)
Netty instrumentation
- π Don't finish parent span when instrumenting a client (#7126 - @amarziali)
OpenTelemetry instrumentation
- Support custom OpenTelemetry context (#7118 - @mcculls)
- β‘ Avoid creating unnecessary OtelSpanContext when extracting context from OTel wrapper around Datadog span (#7116 - @mcculls)
- Track OpenTelemetry propagated context (#7114 - @mcculls)
- Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)
Spring instrumentation
β οΈ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)
1.34.0
Components
Application Security Management (IAST)
- Report servlet misconfiguration vulnerabilities with opt-out configuration (#6970 - @jandro996)
- β‘ Only enable byte[] or char[] call sites in full detection mode (#6960 - @manuel-alvarez-alvarez)
- π Report via telemetry if _dd.iast.json tag exceeds max tag size (#6930 - @jandro996)
- Add environment variable to activate SCA (#6902 - @jandro996)
- π Add option to disable IAST instrumenter for anonymous classes (#6898 - @manuel-alvarez-alvarez)
- π§Ή Refactor propagation module with APIs for strings and objects (#6820 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- Exclude non username and password authentication from user tracking (#6995 - @manuel-alvarez-alvarez)
- Skip auto user events when sign-up logic fails (#6964 - @manuel-alvarez-alvarez)
Configuration
- Add single parameter
dd.data.jobs.enabled
to enable DJM (#6972 - @paul-laffon-dd)
Configuration at Runtime
Continuous Integration Visibility
- π Flush on tracer close if CI Visibility enabled (#6985 - @nikita-tkachenko-datadog)
- π Fix Selenium instrumentation to avoid trying to set cookies for about:blank and other similar pages (#6973 - @nikita-tkachenko-datadog)
- π Do not trace processes spawned by internal shell command executor (#6927 - @nikita-tkachenko-datadog)
- π Fix CI Visibility Gradle plugin to be compatible with Gradle build scans (#6913 - @nikita-tkachenko-datadog)
Data Streams Monitoring (DSM)
Dynamic Instrumentation
- Capture exception snapshots only once an hour (#6983 - @jpbempel)
- Consolidate PII redaction keys for all libraries. (#6980 - @shurivich)
- Add coordinated sampling for Exception Debugging (#6974 - @jpbempel)
- Only capture stacktrace for snapshot probes (#6955 - @jpbempel)
- Optimize Redaction detection when capturing values (#6947 - @jpbempel)
- Integrate initial list of third party libraries (#6928 - @ojung)
OpenTracing
Profiling
- Upgrade to ddprof 1.5.0 (#6978 - @richardstartin)
- Remove unnecessary cache for custom context encodings by @richardstartin in DataDog/java-profiler#86
- Prevent race condition in LivenessTracker by @jbachorik in DataDog/java-profiler#88
- Drop bad queue time events by @richardstartin in DataDog/java-profiler#89
- Trust ticks parameters by @richardstartin in DataDog/java-profiler#90
- Make tasks wrapped by grpc-context unwrappable (#6977 - @richardstartin)
- Use real time threshold for queue times (#6976 - @richardstartin)
- Unwrap akka
TaskInvocation
and scalaCallbackRunnable
(#6975 - @richardstartin) - Ensure time waiting for
CyclicBarrier
andCountDownLatch
is eligible for wallclock profiling (#6941 - @richardstartin)
Testing
- Add test set for tomcat 11 (#6966 - @amarziali)
Tracer core
- π‘ Adding sampling provenance/mechanism to SamplingRules (#6989 - @dougqh)
- β‘ Check target super-class implements
FieldBackedContextAccessor
before delegating to it (#6950 - @mcculls) - π§ͺ Support deferred matching and transformation for particular class-loaders (#6887 - @mcculls)
- Add enabledProducts tag to all spans (APM / DSM / DJM) (#6967 - @kr-igor)
Instrumentations
Akka instrumentation
- Anwrap akka
TaskInvocation
and scalaCallbackRunnable
(#6975 - @richardstartin)
Apache Spark instrumentation
- Increase spark listener max collection size (#6979 - @paul-laffon-dd)
- Finish pyspark-shell trace using SparkListenerApplicationEnd (#6956 - @paul-laffon-dd)
- Add logs on datadog spark listener lifecycle (#6943 - @paul-laffon-dd)
OpenTelemetry instrumentation
Protobuf Instrumentation
- Instrument Google protobuf serialization/deserialization (#6865 - @piochelepiotr)
Scala instrumentation
- Unwrap akka
TaskInvocation
and scalaCallbackRunnable
(#6975 - @richardstartin)
Other changes
1.33.0
Components
Application Security Management (IAST)
- Admin Console Active vulnerability hash calculation (#6897 - @jandro996)
- Remove deduplication for session rewriting vulnerability report (#6895 - @jandro996)
- Exclude oracle.j2ee from vulnerability locations (#6888 - @smola)
- Add directory listing support to WEBLOGIC, WEBSPHERE and JETTY (#6871 - @jandro996)
- Detect Tomcat's host manager tomcat application as admin console (#6867 - @jandro996)
- Add session rewriting detection (#6692 - @jandro996)
Application Security Management (WAF)
- Introduced trace post-processing (#6800 - @ValentinZakharov)
Continuous Integration Visibility
- π Do not abort CI Visibility spans dispatch on interrupt (#6926 - @nikita-tkachenko-datadog)
- Disable retry instrumentations if both Early Flakiness Detection and Flaky Test Retries are turned off (#6925 - @nikita-tkachenko-datadog)
- π Fix Karate instrumentation to handle parallel tests execution (#6924 - @nikita-tkachenko-datadog)
- Increase default timeout for requests made to CI Visibility backend through EVP proxy (#6884 - @nikita-tkachenko-datadog)
- Implement Selenium support in CI Visibility (#6799 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Enable Data Streams without adding context into Kafka headers (#6533 - @piochelepiotr)
GraalVM native-image
- Register SpanLinkAdapter and SpanLinkJson for reflection (#6892 - @luneo7 - thanks for the contribution!)
Profiling
- Update ddprof to 1.4.0 (#6914 - @jbachorik)
Tracer core
- Introduced trace post-processing (#6800 - @ValentinZakharov)
Instrumentations
Kafka instrumentation
- Enable Data Streams without adding context into Kafka headers (#6533 - @piochelepiotr)
1.32.0
Components
Application Security Management (IAST)
- β‘ Improve IAST metric unwrapping logic (#6831 - @manuel-alvarez-alvarez)
- Ensure no IAST advices are added unless appsec is fully enabled (#6813 - @manuel-alvarez-alvarez)
- β‘ Add request sampling back in http sources (#6810 - @manuel-alvarez-alvarez)
- β¨ Improve coverage of application vulnerabilities for servlet (#6803 - @jandro996)
- Add support for kafka bytebuffers in 3.x (#6736 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- Upgrade to libddwaf-java 9.1.1 (#6846 - @smola)
- Minify AppSec rules (#6773 - @smola)
- β‘ Improved API Security schema computation performance (#6765 - @ValentinZakharov)
- Upgrade to AppSec rules v1.11.0 (#6754 - @smola)
- Replace ASM transient mechanism with WAF ephemeral addresses (#6687 - @ValentinZakharov)
- Added GraphQL monitoring support (#6375 - @ValentinZakharov)
Configuration at Runtime
- Allow for disablement of tracing via remote config (#6827 - @nayeem-kamal)
Continuous Integration Visibility
- π Fix handling skipped features in Karate (#6870 - @nikita-tkachenko-datadog)
- π Flush pending traces synchronously before terminating child process (#6866 - @nikita-tkachenko-datadog)
- Reduce logging noise in CI Visibility (#6825 - @nikita-tkachenko-datadog)
- Add possibility to retry every failed test when retries are enabled (#6821 - @nikita-tkachenko-datadog)
- π Fix tracing for tests executed with JUnit Platform Runner (#6818 - @nikita-tkachenko-datadog)
- Optimize in-progress tests and suites lookup (#6728 - @nikita-tkachenko-datadog)
Data Streams Monitoring
Dynamic Instrumentation
- π Fix inaccessible fields capture (#6883 - @jpbempel)
- Make Exception debugging instrumentation async (#6829 - @jpbempel)
- Add frame tags and send snapshots on addThrowable (#6824 - @jpbempel)
- Filter out bridge methods when instrumenting methods (#6785 - @evanchooly)
GraalVM native-image
- Enhance 'runtime_version' tag to encode graalvm source (#6788 - @jbachorik)
Library Injection
- Update base image used for lib injection (#6814 - @randomanderson)
Metrics
Profiling
- Upgrade ddprof to 1.3.0 (#6845 - @richardstartin)
- Fix spurious context clear when thread detached from wallclock profiling (#6836 - @richardstartin)
- Enable queue time tracing by default (#6833 - @richardstartin)
- Unwrap ForkJoinTask$AdaptedInterruptibleCallable (#6830 - @richardstartin)
- Ensure queue timer is started for RunnableFuture types (#6828 - @richardstartin)
- use JFR timestamping for queue time thresholds (#6703 - @richardstartin)
Tracer core
- π Fix Datadog-Entity-ID detection paths joining (#6864 - @ygree)
- β‘ Keep track of public classes in compact filter (#6860 - @mcculls)
- π Fix Datadog-Entity-ID detection by skipping a root inode (#6858 - @ygree)
- β¨ Support ordering of InstrumenterModules (#6840 - @mcculls)
- β‘π§Ή Re-use helpers across all instrumenters in a module (#6822 - @mcculls)
- π§Ή Update instrumentations to use
InstrumenterModule
as the service type (#6808 - @mcculls)
Instrumentations
Apache Spark instrumentation
- create SpanLink from spark.streaming_batch span to databricks.task.execution span for spark instrumentation if applicable. (#6816 - @yiliangzhou)
JDBC instrumentation
- π Fix for MySQL multi-host internally_generated connection urls (#6853 - @ygree)
- Handle comment injection for procedure CALLs (#6807 - @sethsamuel)
- Add host and db name to tags injected in SQL comments (#6778 - @vandonr)
All other instrumentations
- Optionally prevent undertow from setting http.route (#6841 - @amarziali)
- π‘ Support JDK-21 virtual thread executor (#6789 - @am312)
Other changes
- Update byte-buddy to 1.14.13 (#6861 - @manuel-alvarez-alvarez)
- Bump java-dogstatsd-client to 4.3.0 (#6851 - @mcculls)
1.31.2
Components
Application Security Management (IAST)
- π Fix string format when escaped patterns are used (#6795 - @manuel-alvarez-alvarez)