1.19.1

Warning

Do not use this version for profiling, the excessive resource usage was introduced in 1.19.0 and fixed in v1.19.2

Components

Application Security Management (IAST)

• 🐛 Set concrete types for the response instrumentation (#5729)

Continuous Integration Visibility

• 🐛 Fix automatic Javac plugin configuration in Maven projects that use annotation processors (#5727)
• 🐛 Fix automatic tracer configuration for Maven projects that use Jacoco (#5726)

Instrumentations

OpenTelemetry instrumentation

• 🐛 Ensure OpenTelemetry spans are not modifiable when finished (#5728)

1.19.0

Warning

Do not use this version for profiling, the excessive resource usage was introduced in this version and fixed in v1.19.2

Components

Application Security Management (IAST)

• Extend apache commons StringEscapeUtils tainting support (#5638)
• Update IAST exclusions to not filter JSPs and hdiv related classes (#5625)
• 🐛 Fix HttpOnly cookie detection and add small refactorings (#5615)
• Implemented trust boundary violation vulnerability detection (#5612)
• Support escape functions used in OWASP Benchmark for Trust Boundary Violation (#5608)
• Add support for XSS vulnerability (#5589)
• Add String#split taint tracking (#5584)
• Add String#toCharArray taint tracking (#5576)
• Update IAST redaction algorithm (#5528)

Application Security Management (WAF)

• Upgrade to libddwaf 1.12.0/libsqreen 7.1.0 (#5658)
• 🐛 More accurately report whether the request was blocked (#5594)
• Add Fastly and CloudFlare headers to ASM attacks (#5579)
• Response substitution on undertow (#5536)
• Response header substitution in jetty (#5467)
• Automatic user events tracking (Spring Security) (#5350)

Continuous Integration Visibility

• 🐛 Close outstanding APM spans before finishing test span (#5689)
• Disable code coverage segments data gathering by default (#5627)
• Report test framework data from child processes instead of parsing project dependencies (#5613)
• Add Cucumber support to CI Visibility (#5611)
• ⚡ Replace reflection calls with method handle invocations in test utils (#5610)
• Send test session events when build system is not instrumented (#5603)
• Implement Intelligent Test Runner metadata tags (#5602)
• 🐛 Fix Maven instrumentation for parallel builds (#5598)
• 🐛 Fix TestNG instrumentation to use immutable ITestResult.getName() instead of mutable ITestResult.getTestName() (#5595)
• Pass skippable tests from parent to children with signal server (#5581)
• Support test framework version extraction for legacy TestNG (#5580)
• 🧹 Move ITR skipping logic to test events handler (#5575)
• Tag test spans with method description (#5564)
• 🧹 Split DDTestModuleImpl into parent process and child process implementations (#5549)
• Implement repository index sharing between processes (#5512)
• Update signal server and client with mechanism to send/receive signal responses (#5511)

Data Streams Monitoring

• Add DSM Context Propagation for SQS v2 (#5637)

Dynamic Instrumentation

• Fix sampling when log probe is evaluation at Exit (#5692)
• Add UDS support for the debugger by using OkHttpUtils.buildHttpClient (#5621)
• Add capture of inherited (static) fields (#5609)
• Add capture of static fields (#5588)

Metrics

• Enable/disable embedded JMXFetch with dynamic config (#5586)

Profiling

• Upgrade to ddprof 0.70.0 (#5676)
• Upgrade to ddprof 0.67.0 (#5639)
• Upgrade to ddprof 0.65.0 (#5590)
• Disable wallclock profiling during Socket.connect (#5587)
• Improve profiler config ergonomics (#5583)

Remote Configuration

• Add debug log when sending RC request (#5672)
• Enable/disable embedded JMXFetch with dynamic config (#5586)
• Avoid logging InterruptedIOExceptions from remote-config as parsing/processing failures (#5577)
• Change traceDebug with dynamic config (#5482)

Telemetry

• 🐛 Fix spans_created and spans_finished integration_name tags (#5681)
• ⚡ Fix #5640 Telemetry startup degradation (#5678)
• 🧹 Telemetry V2 preps (Serialization Refactoring) (#5640)
• 🐛 Fix span metric names for created and finished spans (#5600)

Tracer core

• Updated config parsing for integer ranges for grpc (#5683)
• Make partial flushing settings consistent with other tracer libraries (#5682)
• Only check CLIENT/SERVER_ERROR_STATUSES when we know we have a status to check (#5596)
• Support HTTP client header tagging (#5585)
• ✨ Add span links support (#5569)
• 🐛 Add config option to disable baggage as tag injection (#5563)

Instrumentations

Apache Spark instrumentation

• ✨ Capture more Spark parameters (#5630)
• ✨ Add support for spark structured streaming (#5629)
• Compute distribution of task metrics for each stage (#5542)
• Aggregate peak execution memory using the max of all stages (#5205)

AWS SDK instrumentation

• Avoid sending trace context twice when using JMS-over-SQS (#5626)

JDBC instrumentation

• 🐛 Add edb as supported postgres connection type (#5623)
• 💡 Add IBM Informix support to JDBC instrumentation (#5599)

JMS instrumentation

• Avoid sending trace context twice when using JMS-over-SQS (#5626)

Netty instrumentation

• ✨ Fix async propagation in some versions of undertow (#5649)

OpenTelemetry instrumentation

• ✨ Add support for OpenTelemetry Context.makeCurrent() (#5673)
• 🐛 Fix OpenTelemetry Context instrumentation activation (#5671)
• 🐛 Fix possible invalid parent span using OpenTelemetry API (#5644)
• 🐛 Fix empty string attribute value (#5574)

Spring instrumentation

• 💡 Add Spring Web Service error capture instrumentation (#5643)
• Instrument spring-messaging to reduce chance of disconnected traces (#5631)
• Disabling `spring-path-filter' integration should remove all path-related filters (#5578)
• Automatic user events tracking (Spring Security) (#5350)

1.18.3

Components

Application Security Management (IAST)

• 🐛 Fix missing HttpOnly cookie vulnerability detection (#5662)

Dynamic Instrumentation

• Add UDS support for the debugger by using OkHttpUtils.buildHttpClient (#5667)

Telemetry

• 🐛 Fix span metric names (#5665)

Instrumentations

OpenTelemetry instrumentation

• 🐛 Fix possible invalid parent span using OpenTelemetry API (#5666)

1.18.2

Components

Continuous Integration Visibility

• 🐛 Fix Maven instrumentation for parallel builds (#5607)
• 🐛 Fix TestNG instrumentation to use immutable ITestResult.getName() instead of mutable ITestResult.getTestName() (#5606)

1.18.1

Components

Continuous Integration Visibility

• 💡 Add support for tycho-surefire-plugin instrumentation in Maven builds (#5573)
• 🐛 Update TestNG instrumentation to differentiate between identical test cases executed concurrently (#5572)

1.18.0

Components

Application Security Management (IAST)

• Add support to XPath Injection vulnerability (#5459)
• Add missing IAST guards for response headers (#5537)
• Add required callsites for String.format (#5502)
• Update IAST exclusions (#5500)
• No SameSite Cookie vulnerability (#5438) (#5486)

Application Security Management (WAF)

• Remove warning about unknown grpc.server.request.metadata address (#5491)
• Support block on response on tomcat (#5393)

Continuous Integration Visibility

• 🐛 Fix maven dependency version parsing (#5547)
• 🐛 Fix incorrect current source root in RepoIndexSourcePathResolver (#5545)
• Implement ITR skippable tests request for Gradle (#5525)
• Implement ITR skippable tests request for Maven (#5524)
• 🧹 Encapsulate TestDecorator in agent-ci-visibility module (#5521)
• Implement tests skipping for TestNG (#5453)
• Implement tests skipping for JUnit 4 (#5452)
• Implement tests skipping for JUnit 5 (#5451)
• Implement passing module execution results from children processes to parent process (#5428)
• Implement a mechanism to report data from children processes to parent process (#5427)
• Implement Intelligent Test Runner skippable tests request (#5413)
• Implement remote settings fetching for CI Visibility (#5412)

Data Streams Monitoring

• ✨ calculate edge latency using message timestamp (#5507)

Dynamic Instrumentation

• Add support for distribution metrics (#5478)

GraalVM native-image

• Support native-image using latest GraalVM JDK (#5519)

Metrics

• JMXFetch 0.47.9 + DogStatsD 4.2.0 (#5522)

Profiling

• Upgrade ddprof to 0.63.0 (#5561)
• reduce direct allocation profiling rate limit (#5554)
• record time in netty SingleThreadEventExecutor queues (#5514)
• unwrapping tests and improvements (#5510)
• increase unwrapping depth, add new test (#5508)
• rework queue time profiling (#5504)

Remote Configuration

• Apply default tag name when setting header tags via dynamic-config (#5557)

Telemetry

• Telemetry app-heartbeat starts one interval after app-started (#5513)
• Provide instrumentation name context to span (#5492)
• Mitigate telemetry interval drift (#5476)

Trace context propagation

• 🔍 Add context propagation diagnostic information to debug logs (#5497)

Tracer core

• Add process health-check for Azure so we can re-use named-pipes… (#5541)
• Improve external agent process supervision on Azure (#5529)
• ⚡ Speed up HttpServerDecorator onRequest (#5523)

Instrumentations

Apache Spark instrumentation

• ✨ Instrument SparkSubmit to capture errors outside of SparkListener interface (#5505)

Netty instrumentation

• record time in netty SingleThreadEventExecutor queues (#5514)

OpenTelemetry instrumentation

• Provide instrumentation name context to span (#5492)

All other instrumentations

• opensearch: naming conventions for v1 (#5540)
• 🐛 avoid having duplicates in db.cassandra.contact.points (#5496)

1.17.0

Components

Application Security Management (IAST)

• Fix NoClassDefFoundError due to OSGI/servlet issues in IAST (#5446)
• Fix unvalidated redirect detection in Jetty (#5445)
• Unvalidated redirect not reported if Referer header is the source (#5424)
• Unvalidated redirect vulnerability detection in Vert.x 4 (#5381)

Application Security Management (WAF)

• 🐛 Added NPE checkers in Instrumentation Gateway (#5383)

Continuous Integration Visibility

• Implement Git repo unshallowing (#5434)
• 🐛 Do not send empty test suite spans (#5405)
• Implement auto-configuration for code-coverage in Gradle (#5399)
• Implement auto-configuration for code-coverage in Maven (#5398)
• Per test code coverage in CI Visibility (#5146)

Dynamic Instrumentation

• Add support for double values for metric probes (#5457)
• Fix inserting line probe before for-loops (#5450)
• Add special support for enum values (#5441)
• Add support for snapshot pruning (#5420)

Profiling

• upgrade ddprof to 0.57.0 (#5475)
• explicitly disable ddprof unsupported jdk versions (#5465)
• upgrade to ddprof 0.52.0 (#5455)
• track time in FJP shared queues (#5448)
• implement queue timing using Datadog profiler, remove JFR implementation (#5439)

Remote Configuration

• ✨ Support dynamic configuration of trace sampling rate (#5466)
• Bump default max remote config payload size limit to 5Mb (#5403)

Telemetry

• 🐛 Fix scanDependencies CLI (#5474)

Instrumentations

gRPC instrumentation

• ⚡ reduce number of scope activations in gRPC client instrumentation (#5470)

Spring instrumentation

• Avoid need to inject BeanDefinitionRepairer everywhere as a helper (#5365)

Other changes

• Allow trace flush interval to be configurable (#5435)
• expose cassandra contact points and use for peer.service (#5375)
• Add dynamic config support for log injection (#5221)

1.16.3

Fixes

• Profiling: add defensive flush checks in flight recorder

1.16.2

Fixes

• Profiling: unlink libgcc #5463

1.16.1

Improvements

Changes

Fixes

• Fix for buffer overflows in profiler #5456