Releases: DataDog/dd-trace-java
Releases Β· DataDog/dd-trace-java
1.24.2
Contributors
jbachorik
Assets 6
1.24.1
Breaking Changes
Warning
Regression in the continuous profiler when running on OpenJ9. All stacktraces appear as truncated.
Components
Continuous Integration Visibility
- π Fix module name calculation for test executions whose working dir is outside of project repository (#6235 - @nikita-tkachenko-datadog)
Instrumentations
OpenTelemetry instrumentation
- π
β οΈ Store OpenTelemetry span kind as tag instead of span type (#6232 - @PerfectSlayer)
Contributors
PerfectSlayer and nikita-tkachenko-datadog
Assets 6
1.24.0
Breaking Changes
Warning
Span operation and resource names issued from OpenTelemetry instrumentations will change according our new naming convention. Check #6104 for more details.
Warning
Regression in the continuous profiler when running on OpenJ9. All stacktraces appear as truncated.
Components
Application Security Management (IAST)
- Ensure grpc message handler generates telemetry metrics (#6204 - @manuel-alvarez-alvarez)
- Exclude net.jodah.failsafe from IAST (#6200 - @smola)
Continuous Integration Visibility
- Add custom test fingerprint tags to ITR requests (#6195 - @nikita-tkachenko-datadog)
- π Fix CI Visibility Manual API to not fail when there is no tracer injected (#6192 - @nikita-tkachenko-datadog)
- Add x-datadog-trace-id header to ITR backend requests (#6189 - @nikita-tkachenko-datadog)
- π Fix error when trying to get class stream for Mockito mocks (#6183 - @nikita-tkachenko-datadog)
- π Fix error when serializing skippable tests whose names contain non-ASCII characters (#6182 - @nikita-tkachenko-datadog)
- Fail fast when tracer versions do not match in parent and child processes (#6168 - @nikita-tkachenko-datadog)
- Update default versions of Datadog Javac plugin and Jacoco plugin injected by CI Visibility (#6166 - @nikita-tkachenko-datadog)
- Add caching to JVM info factory (#6162 - @nikita-tkachenko-datadog)
- Implement configuration-cache support in Gradle instrumentation (#6124 - @nikita-tkachenko-datadog)
Database Monitoring
- Fix SQL Server connection instrumentation driver class allow list (#6209 - @jmeunier28)
Dynamic Instrumentation
Metrics
- Revert setting dd.internal.card:none for UDS (#6220 - @mcculls)
- Upgrade bundled metrics integrations to 7.49.0 (#6207 - @mcculls)
Profiling
- Change default safemode to avoid last Java pc retry strategy (#6221 - @richardstartin)
Telemetry
- Fix log message to debug level when DD_API_KEY missing to create Telemetry Intake connection (#6213 - @ygree)
Trace context propagation
- β¨ Context propagation improvements (#6186 - @PerfectSlayer)
Tracer core
- β¨ Context propagation improvements (#6186 - @PerfectSlayer)
- Try to locate tracer JAR using class loader resource lookup when bootstrapping the agent (#6126 - @nikita-tkachenko-datadog)
Instrumentations
gRPC instrumentation
- β¨ Expose remote peer info for grpc client spans (#6184 - @amarziali)
OpenTelemetry instrumentation
- β¨ Ensure OpenTelemetry span kind is set (#6205 - @PerfectSlayer)
- β¨
β οΈ Add span operation naming convention (#6104 - @PerfectSlayer) - β¨ Add span links support to OpenTelemetry instrumentation (#5616 - @PerfectSlayer)
All other instrumentations
- π Obfuscate Cassandra statements (#6187 - @am312)
- π‘π§ͺ Add google pubsub instrumentation (#6147 - @amarziali)
- π Obfuscate Couchbase queries (#6116 - @nayeem-kamal)
Contributors
smola, mcculls, and 10 other contributors
Assets 6
1.23.0
Components
Application Security Management (IAST)
- π Ensure no strong references are kept due to source names (#6129 - @manuel-alvarez-alvarez)
- π§Ή Improve coverage for IAST web sources (#6083 - @manuel-alvarez-alvarez)
- Taint gson sources (deserialization) (#6056 - @jandro996)
- IAST Servlet.getRequestURL instrumentation (#6031 - @DDJavierSantos)
- Stacktrace leak protection for Tomcat 7 (#5740 - @ValentinZakharov)
Application Security Management (WAF)
- π Make sure AbstractServletInputStreamWrapper does not propagate exceptions (#6170 - @manuel-alvarez-alvarez)
- AppSec Xml support for play 2.6 (#6100 - @cataphract)
- Update to ASM rules 1.9.0 (#6181 - @ValentinZakharov)
Continuous Integration Visibility
- π Fix NPE when instrumenting Gradle projects that have no 'main' source set (#6174 - @nikita-tkachenko-datadog)
- π Fix forked JVM args duplication when auto-configuring Gradle test tasks (#6151 - @nikita-tkachenko-datadog)
- π Fix NPE in @setup calls when tracing Karate (#6146 - @nikita-tkachenko-datadog)
- π Fix CI Visibility to work with DD Admission Controller (#6139 - @nikita-tkachenko-datadog)
- π Fix NPE when tracing named parameterised tests in JUnit 4 instrumentation (#6125 - @nikita-tkachenko-datadog)
- π Fix suite name calculation for jqwik framework (#6108 - @nikita-tkachenko-datadog)
Database Monitoring
- π Append sql comments instead of prepend to prevent exceptions on CallableStatements (#6034 - @jmeunier28)
- DBM-APM: Selectively pre/append sql comments depending on DBMS typeq (#6160 - @jmeunier28)
Dynamic Instrumentation
- Add limits on dynamic log message (#6167 - @jpbempel)
- β¨ Improve snapshot pruning algorithm (#6164 - @jpbempel)
- π Fix accessing array field by reflection (#6154 - @jpbempel)
- Sample log probes with errors on condition (#6150 - @jpbempel)
- Add git repository and sha in RC request tags (#6143 - @jpbempel)
- π Fix tracer enabled detection default value (#6142 - @jpbempel)
- π Fix sampling for line probe without condition (#6135 - @jpbempel)
- β¨ Add Language Specifics in Symbol Extraction (#6119 - @jpbempel)
- Add support of lambdas as CLOSURE scope type (#6105 - @jpbempel)
- Change redacted values in snapshot & log templates (#6103 - @jpbempel)
Profiling
- Upgrade to ddprof 0.84.0 (#6176 - @richardstartin)
- Bump ddprof dep to 0.83.0 (#6169 - @jbachorik)
- add resource name to profile samples (#6113 - @richardstartin)
- Upgrade to ddprof 0.82.0 (#6109 - @richardstartin)
- report profiling context integration on root span (#6163 - @richardstartin)
Telemetry
Tracer core
- β¨ Update span links implementation (#6009 - @PerfectSlayer)
Instrumentations
Kafka instrumentation
Other changes
- instrument Exception and Error classes to avoid instrumenting generic throwables used for control flow (#6128 - @richardstartin)
Contributors
cataphract, jbachorik, and 12 other contributors
Assets 6
1.22.0
Breaking Changes
See #5968 for further notes on details and the feature flag to revert back to the old behavior.
Components
Application Security Management (IAST)
- Handle serialization exceptions in IAST (#6102 - @smola)
- π Fix NPE in IAST evidence redaction (#6099 - @smola)
- Protect EvidenceAdapter against invalid ranges (#6071 - @jandro996)
- Changed HttpServletRequest.getRequestURI reported source to http.request.path (#6066 - @DDJavierSantos)
- Ensure that iast json tag does not exceed the maximum allowed (#5987 - @jandro996)
- Limit the max number of ranges for a tainted value (#5986 - @manuel-alvarez-alvarez)
- Truncate long String values in IAST Vulnerabilities (#5975 - @jandro996)
- π Fix issue redacting consecutive tainted values (#5969 - @manuel-alvarez-alvarez)
- π Fix the X-Content-Type-Options header string (#5950 - @DDJavierSantos)
- Add tainted range based redaction for XSS vulnerabilities (#5948 - @jandro996)
- β¨ Add redefinition listener to disable taintable visitor in case of failure (#5928 - @manuel-alvarez-alvarez)
- Update IAST vulnerability hash (#5926 - @jandro996)
- Add multipart support as IAST source for servlet (#5918 - @DDJavierSantos)
- Add propagation support to GRPC request payloads (#5894 - @manuel-alvarez-alvarez)
- Support servlet getRequestURI/getPathTranslated/getPathInfo as IAST sources (#5814 - @DDJavierSantos)
Application Security Management (WAF)
- Akka: skip synthetic header Raw-Request-Uri (#6101 - @cataphract)
- Update obfuscation query string regex (#6095 - @ValentinZakharov)
- Fix AppSec-related problems in akka-http (#5989 - @cataphract)
β οΈ Appsec support for Play 2.5+ (#5968 - @cataphract)- Added trusted IPs protocol (#5952 - @ValentinZakharov)
- π Fix blocking in netty 3.8 (#5947 - @cataphract)
- Added Api Security request data classification (#5942 - @ValentinZakharov)
- Add support of all rule tags in AppSec event reports (#5939 - @ValentinZakharov)
- Add API Security request schema extraction (#5888 - @ValentinZakharov)
- ASM WAF support for Akka HTTP (#5855 - @cataphract)
Build & Tooling
- Make sure internal 'datadog.trace.api.Functions' class is relocated in dd-trace-ot (#6005 - @mcculls)
Continuous Integration Visibility
- π Fix tracer logging when instrumenting Gradle Daemon (#6080 - @nikita-tkachenko-datadog)
- Add support for Karate testing framework (#6041 - @nikita-tkachenko-datadog)
- Add support for AWS CodePipeline CI provider (#6027 - @nikita-tkachenko-datadog)
- Remove application key header from settings and ITR requests (#5949 - @nikita-tkachenko-datadog)
- π Update Git unshallow logic to handle cases when HEAD points to a local-only commit (#5934 - @nikita-tkachenko-datadog)
- π Fix module coverage calculation issue where data from one module could influence data from another module (#5931 - @nikita-tkachenko-datadog)
- π§Ή Split JUnit 5 instrumentation logic into framework-specific modules (#5907 - @nikita-tkachenko-datadog)
- Implement ITR unskippable tests for TestNG (#5889 - @nikita-tkachenko-datadog)
- Imlpement ITR unskippable tests for JUnit 4 (#5882 - @nikita-tkachenko-datadog)
- π§Ή Create separate modules for test framework instrumentations based on JUnit 4 (#5875 - @nikita-tkachenko-datadog)
- Imlpement ITR unskippable tests for JUnit 5 (#5874 - @nikita-tkachenko-datadog)
- β‘ Update Jacoco instrumentation logic to use static method handles instead of reflection (#5845 - @nikita-tkachenko-datadog)
- β¨ Automatically configure list of packages for Jacoco instrumentation (#5835 - @nikita-tkachenko-datadog)
Data Streams Monitoring
- Avoid potential deadlock in DefaultDataStreamsMonitoring on tracer shutdown (#6011 - @mcculls)
- β¨ Add DSM API changes to support kinesis use case (#6001 - @devinsba)
- β¨ Add DSM implementation for kinesis in SDKv1 (#5981 - @devinsba)
- β¨ Add DSM implementation for kinesis in SDKv2 (#5966 - @devinsba)
Dynamic Instrumentation
- π Fix sampling with probe condition (#6086 - @jpbempel)
- β¨ Add config for custom redacted types (#6059 - @jpbempel)
- β¨ Add config fo custom redacted identifiers (#6053 - @jpbempel)
- β¨ Introduce PII redaction based on keywords (#6048 - @jpbempel)
- π Disable sampling for span decoration probe (#6006 - @jpbempel)
- β¨ Introduce symbol extraction for debugger (#6004 - @jpbempel)
- π Fix race condition for applying probe rate limits (#5988 - @jpbempel)
- Fix boolean expression eval as template parameter (#5971 - @jpbempel)
- π Prevent calling size method from unknown classes (#5946 - @jpbempel)
GraalVM native-image
- Mark some default services as off during native-image build (#6079 - @mcculls)
- Skip task scope creation for Graal VMOperation threads (#6078 - @mcculls)
- Relocate OkHttp to avoid conflicts (#6018 - @luneo7 - thanks for the contribution!)
- Register that we will reflect on ConcurrentHashMap constructor at runtime (#5924 - @mcculls)
Metrics
Profiling
- add heap histogram option (#6076 - @richardstartin)
- Expose omit linenumbers mode for profiler (#6040 - @richardstartin)
- Upgrade to ddprof 0.81.0 (#6039 - @richardstartin)
- Do not record queue time before JFR is initialised (#5977 - @richardstartin)
- Upgrade to ddprof 0.79.0 (#5965 - @richardstartin)
- π fix wallclock profiler enablement logic (#5960 - @richardstartin)
- Enable jdk.ZAllocationStall event (#5954 - @richardstartin)
- Register netty event loops known to do IO for wallclock profiling (#5944 - @richardstartin)
- Propagate span into lettuce CommandHandler event loop (#5936 - @richardstartin)
- Do not start profiler if running in AWS Lambda. (#5891 - @purple4reina)
Telemetry
- π Fix dependency service for spaced paths (#6051 - @ygree)
- Flush telemetry data on JVM shutdown (#5943 - @nikita-tkachenko-datadog)
Tracer core
- Skip attaching the tracer to the keytool command (#6096 - @mcculls)
- π§ͺ Service naming: use the root service instead DD_SERVICE when flattening (#5959 - @amarziali)
- Flush telemetry data on JVM shutdown (#5943 - @nikita-tkachenko-datadog)
- π Fix baggage HTTP header encoding (#5927 - @PerfectSlayer)
Instrumentations
Apache Spark instrumentation
- Add support for scala 2.13 for spark instrumentation (#6054 - @paul-laffon-dd)
- Rename spark streaming query attributes (#6029 - @paul-laffon-dd)
- Add spark streaming watermark gap metric (#5979 - @paul-laffon-dd)
- Add Databricks default service name if not set by the user (#5961 - @paul-laffon-dd)
β οΈ Rename operation name spark.batch to spark.streaming_batch (#5953 - @paul-laffon-dd)
Armeria Instrumentation
AWS SDK instrumentation
- π AWS set reponse status on error (#6055 - @ygree)
- β¨ Add DSM implementation for kinesis in SDKv1 (#5981 - @devinsba)
- β¨ Add DSM implementation for kinesis in SDKv2 (#5966 - @devinsba)
- β¨ Extract trace context from embedded SQS message attribute '_datadog' (#5920 - @mcculls)
gRPC instrumentation
- Register netty event loops known to do IO for wallclock profiling (#5944 - @richardstartin)
- β¨ Add support for armeria-grpc (#5819 - @devinsba)
JDBC instrumentation
Lettuce instrumentation
- Register netty event loops known to do IO for wallclock profiling (#5944 - @richardstartin)
- Propagate span into lettuce CommandHandler event loop (#5936 - @richardstartin)
Netty instrumentation
- Register netty event loops known to do IO for wallclock profiling (#5944 - @richardstartin)
OpenTelemetry instrumentation
- β¨ Improve OpenTelemetry span attributes encoding (#5980 - @PerfectSlayer)
- β¨ Add support for OpenTelemetry root context manipulation (#5970 - @PerfectSlayer)
- β¨ Add OpenTelemetry context propagator instrumentation support (#5962 - @PerfectSlayer)
Play Framework instrumentation
- π Fix play-2.6 reporting header ip as peer IP (#6014 - @cataphract)
Trace annotations instrumentation
All other instrumentations
- Add
weblogic.net.http.HttpURLConnectionto list of traced connection classes (#6047 - @mcculls) - Support tracing of custom (non-JDK) HttpURLConnection implementations (#6046 - @mcculls)
- Skip falling back to 'org.apache.jasper.servlet.JasperLoader.loadClass' (#5998 - @mcculls)
- Use package prefix to direct search for helper dependencies in OSGi (#5973 - @mcculls)
- Openliberty jakarta integration (#5652 - @nayeem-kamal)
Contributors
smola, devinsba, and 17 other contributors
Assets 6
1.21.0
v1.21.0
This tag was signed with the committerβs verified signature.
PerfectSlayer
Bruce Bujon
Components
Application Security Management (IAST)
- Add Thymeleaf support to IAST XSS vulnerability (#5901)
- π Improved IAST request sampling with more accurate configuration (#5879)
- β‘ Use bytes instead of strings in IAST metrics tags (#5872)
- π Fix request body tainting in spring boot 2.7.5 (#5867)
- Exclude net.jpountz.xxhash (#5856)
- Add XSS detection for Spring's ResponseBody (#5813)
- Add support for scala APIs (#5284)
Application Security Management (WAF)
- Update to ASM rules 1.8.0 (#5902)
- Make sure we close the AppSec default template resource after reading (#5876)
- π Fix blocking for jetty 10.0.16 and 11.0.16 (#5857)
- π Fix race condition in AppSec GatewayBridge (#5834)
- Improve query obfuscation regular expression (#5824)
Continuous Integration Visibility
- π Always populate test.command tag in session spans (#5885)
- π Fix deadlock occuring when stopping SignalServer (#5884)
- π Fix NullPointerException when calculating ITR skippable tests in TestNG (#5836)
- π Correctly handle cases when there are multiple JVM forks per single test module (#5806)
- Implement sending total coverage percentage for sessions and modules (#5769)
- Allow specifying additional JVM arguments for children processes (#5628)
Data Streams Monitoring
- β¨ Add version tag to data streams (#5866)
- Allow data streams monitoring to be controlled by dynamic config (#5779)
Dynamic Instrumentation
- Make
@durationa float value in ms (#5823)
Metrics
Profiling
- Upgrade ddprof to 0.78.0 (#5914)
- GA the profiling context API (#5830)
- Restore exception profiling instrumentation enablement (#5826)
Remote Configuration
- Allow data streams monitoring to be controlled by dynamic config (#5779)
Telemetry
- Less verbose dependency collection debug logs (#5904)
- π Fix Telemetry Config Collector to collect String and Map values (#5886)
Tracer core
- π§ͺ Make peer.service manually overridden by component (#5860)
- Skip attaching the tracer when we know the JVM is running a JDK tool such as
jstack(#5854)
Instrumentations
Apache Spark instrumentation
- Add fallbacks when retrieving databricks ids (#5910)
- Custom spark spans tags at runtime (#5870)
- Add Spark SQL spans (#5820)
Eclipse Vert.x instrumentation
- Add vertx4 mysql client instrumentation (#5717) -- thanks @akshaypatidar1999 for the contribution!
JDBC instrumentation
- Preserve single line comment (--) prefixes when normalizing SQL (#5812)
JMS instrumentation
- Support tracing
jakarta.jmscalls (#5868) - Avoid duplicate traces for nested JMS receive calls (#5863)
OpenTelemetry instrumentation
- β¨ Add support for OpenTelemetry record exception span event (#5895)
- β¨ Only invalidate current OTel context if we created it (#5880)
All other instrumentations
- β¨ Add asynchronous type support for trace annotation instrumentation (#5802)
- Add instrumentation support for Apache Pekko (#5858) -- thanks @scoquelin for the contribution!
Other changes
Contributors
scoquelin and akshaypatidar1999
Assets 6
1.20.1
Components
Continuous Integration Visibility
- π Fix NullPointerException when calculating ITR skippable tests in TestNG (#5842)
Other changes
- Replace okio dependency with fork that backports the fix for CVE-2023-3635 (#5851)
- Exclude JMXFetch jackson dependencies because we don't need them for our embedded usage (#5843)
1.20.0
Breaking changes
β οΈ π Elasticsearch and Opensearch should omitparamsby default (#5749)- π
β οΈ httpasyncclient4: fix url parsing and make host/port extraction happening (#5543)
Components
Application Security Management (IAST)
- β‘ Use a NoOp tainted objects for vulnerabilities without context (#5786)
- β‘ Improve performance while computing IAST metrics (#5784)
- β‘ Check for overhead constraints in weak randomness module (#5783)
- π Fix NullPointerException in unvalidated redirect detection (#5755)
- π Set concrete types for the response instrumentation (#5714)
- π Prevent IAST from creating empty spans for duplicated vulnerabilities (#5780)
- Redact empty sensitive ranges (#5706)
- Add URLEncoder tainting support (#5656)
- Add JavaScriptUtils.javaScriptEscape tainting support (#5648)
- Add unbescape escape functions tainting support (#5647)
- Add freemarker.template.utility.StringUtil tainting support (#5645)
- Weak cipher detection in javax.crypto.KeyGenerator (#5634)
- Add more org.owasp.esapi.Encoder escape functions tainting support (#5624)
- X-Content-Type missing header vulnerability (#5571)
- HSTS missing header vulnerability detection (#5520)
Application Security Management (WAF)
- π Fix timing of appsec.blocked tag setting and double finishes (#5777)
- Enable user event tracking only when AppSec is enabled (#5756)
- π Fixed NPE in user events tracking (#5732)
- Response blocking in OpenLiberty (#5657)
- Response blocking in Netty (#5650)
- Reduce log level for WAF timeouts (#5733)
Continuous Integration Visibility
- Add basic Scala MUnit support (#5781)
- Update repo URL extraction logic for Bitbucket (#5766)
- π Make Maven test module names unique (#5762)
- π§Ή Refactor CI Visibility to better encapsulate internal APIs (#5747)
- Use DD Javac Plugin metadata to resolve method lines (#5746)
- π Exclude org.mockito package from CI Visibility code coverage by default (#5712)
- Add git command line client builder to GitInfoProvider (#5711)
Dynamic Instrumentation
- Merge span decoration and log instrumentation (#5809)
- Reports instrumentation failure (#5795)
- Enable ByteCode verification by default (#5774)
- π Fix instrumentation when bytecode generation fails (#5767)
- π Fix log template issue for duplicated line probes (#5620)
Metrics
- Preserve tracer's default metrics namespace as "datadog.tracer" in dd-trace-ot (#5810)
Profiling
- Do not attempt to use ddprof library on windows (#5793)
- Rework Queue time tracking to avoid unwrapping the task type unless the event will be recorded (#5785)
- Update ddprof to 0.71.0 (#5719)
Telemetry
- Report dd-trace-java and its dependencies to telemetry (#5698)
Tracer core
- β‘ Type resolver's use of URL caches should be configurable (#5805)
- β‘ Avoid creating new ContinuingScope if the top scope is already keeping the span alive (#5739)
- Add _dd.base_service to disambiguate service map (#5701)
Instrumentations
Apache Spark instrumentation
- Capture app, job and databricks parameters in spark streaming spans (#5796)
- Get databricks cluster name from spark conf, if absent in job properties (#5775)
- Unify spark metrics naming (#5723)
Eclipse Vert.x instrumentation
- π Fix for Vert.x 4.0 instrumentation to close span on timeout (#5772)
Elasticsearch instrumentation
- Separate config for Elasticsearch body and params (#5771)
JDBC instrumentation
- β¨ Add redshift support to JDBC URL parser (#5792)
Jetty instrumentation
- π Fix simultaneous jetty 10/11 instrumentation when jakarta/javax servlet are both present (#5787)
- β¨ Add tracing support for Jetty 12 (#5744)
OpenTelemetry instrumentation
- β¨ Add RxJava async result types support for OpenTelemetry annotations (#5801)
- β¨ Add Reactor async result types support for OpenTelemetry annotations (#5800)
- β¨ Add Guava async result type support for OpenTelemetry annotations (#5799)
- β¨ Add generic async result type support for OpenTelemetry annotations and its Reactive Streams extension (#5737)
- π Ensure OpenTelemetry spans are not modifiable when finished (#5722)
- β¨ Add OpenTelemetry annotations support (#5593)
RabbitMQ instrumentation
- π Fix exception in reactor-rabbit (#5707)
Reactor instrumentation
- π Fix exception in reactor-rabbit (#5707)
All other instrumentations
- Support java.util.Timer once scheduling (#5708)
