3.6.0

Summary

• Adds support for .NET 9
• Adds DSM support for AWS SNS
• Add support for baggage propagation
• [CI Visibility] Add support for coverlet.msbuild coverage reporting
• [Dynamic Instrumentation] Collect code origin for exit spans
• [ASM] Fix shutdown bug
• [Continuous Profiler] Fix crash at shutdown

Changes

Tracer

• Baggage part 3/3: add public api to Datadog.Trace.Manual (#6190)
• Baggage part 2/3: propagation (#6158)
• Remove dependency on System.IO.Compression for .NET Framework build (#6192)
• Add default value to StringBuilderCache, and use in more places (#6232)
• Enable baggage propagator by default (#6258)
• Add support for AllowWriteStreamBuffering=false in WebRequest for .NET 9 (#6271)
• Add initial support for .NET 9 (#6265)
• Ensure that we never run any call target instrumentations in partial trust (#6290)

CI Visibility

• [CI Visibility] Add more checks for the object pack files (#6256)
• [CI Visibility] GitInfoProvider refactor (#6259)
• [CI Visibility] Add support for coverlet.msbuild coverage reporting (#6284)
• [CI Visibility] Fix GitCommandParser test (#6289)
• [CI Visibility] Catch some gitinfo exceptions. (#6297)

ASM

• [ASM] Avoid HttpRequestValidationException when reading body or namevalueCollection values (#6185)
• [ASM] Fix issue with waf disposing while it might concurrently be updating (#6250)
• [ASM] Serialize ASM tags and metrics (#6272)
• [ASM] Fix benchmarks AppSecBodyBenchmarks: have a trace context to avoid null reference exceptions (#6274)
• [ASM] IAST: Add web form tests (#6276)
• [ASM] iast: Fix Microsoft.Data.Sqlite database tainting (#6295)
• [IAST] Minor cleanup in IAST aspects (#6293)
• [IAST] Updated CallSite IL Dump (#6240)

Continuous Profiler

• [Profiler] CPU profiler: Check if the stackwalk lock was not already taken (#6198)
• [Profiler] Prevent StackSamplerLoop from crashing at shutdown (#6238)
• [Profiler] Add metrics for cpu and walltime profilers (#6267)
• [Profiler] Fix crash at shutdown with the timer_create-based CPU profiler (#6268)

Debugger

• [Dynamic Instrumentation] DEBUG-2916 Stabilize the probe processor (#6077)
• [Dynamic Instrumentation] DEBUG-3088 Add object pool (#6105)
• [Dynamic Instrumentation] DEBUG-2913 Fix runtime reflection exceptions when getting field value (#6078)
• [Dynamic Instrumentation] DEBUG-2602 Collection expressions fixes (#6087)
• [Dynamic Instrumentation] DEBUG-3076 Code origin for exit spans (#6216)
• [Dynamic Instrumentation] DEBUG-3110 Fix how we access span in probe processor (#6242)

Miscellaneous

• Add DSM support for AWS SNS (#6253)
• Downgrade error to warning (#6263)
• Improve docs for building on mac (APMSP-1425) (#6254)
• baggage propagator clean up (#6266)
• Add additional exclusions for dependency collection (#6282)

Build / Test

• [IAST] Macos compilation warning fix (#6255)
• [refacto] Unify SNS and SQS instrumentation code (#6199)
• Add additional exclusions to for obsolete libraries (#6231)
• Fix typo in create_draft_release.yml (#6246)
• [Test Package Versions Bump] Updating package versions (#6249)
• Make snapshot tests compatible with running on Docker v2 (#6260)
• Fix R2R build for OSX-ARM64 (#6264)
• Small fixes for .NET 9 (#6277)
• Exclude Paket from exploration tests for now (#6283)
• Fix r2r manual instrumentation issue in .NET 9 x86 (#6286)
• Add more smoke testing for .NET 9 (#6296)

Changes since 3.5.0

3.5.0

Summary

• Add support for Ready2Run and NGen behaviour with manual instrumentation
• Fix for IIS apps using CustomConfigurationBuilder with multiple apps in a pool
• [DBM] Fix DBM bugs (pgssql query plan hints ignored, DbDataSource issues, missing Transaction scope)
• [ASM] Only run RASP file operations on read operations
• Fix Remote Configuration values should be 64-bit not 32-bit

Changes

Tracer

• Make DD_TRACE_<INTEGRATION>_ENABLED Case Insensitive (#6175)
• Baggage part 1/3: change propagator signatures (#6157)

CI Visibility

• [CI Visibility] Fix errors detected from error tracking. (#6222)

ASM

• [ASM] remote configuration refactoring and simplifying updates (#6179)
• [ASM] Add rules version to all spans when ASM enabled (#6188)
• [ASM] Fix possible null reference exception in extracting headers (#6211)
• [ASM] Update ruleset to version 1.13.2 (#6218)
• [ASM] Restrict RASP Lfi operations to read operation only (#6221)

Continuous Profiler

• [Profiler] Make LibrariesInfoCache standalone (#6019)
• [Profiler] Make sure we log only once for DebugInfoStore errors (#6187)
• [Profiler] Improve EtwEventsManager cleanup (#6189)
• [Profiler] Fix bugs in the timer_create-based CPU profiler (#6229)

Fixes

• Add workaround for ASP.NET ConfigBuilder issue (#6147)
• Reject method NGEN image if there's a rejit request for that method. (#6184)
• Revert "Load the tracer/profiler after guardrails checks" (#6200)
• [DBM][fix] Do not prepend DBM injected comment when a pg plan hint is present (#6204)
• move all RC int values to long, to mirror RC backend (#6219)
• Fix InvalidOperationException in DBM propagation (#6233)

Build / Test

• [ASM] Fix TestExternalWafHeaders snapshot netcore 2.1 (#6202)
• [Test Package Versions Bump] Updating package versions (#6150)
• Inject startup hook preferentially into static constructor when available (#6154)
• add new integrations system tests scenario (#6177)
• Fix typo in create_draft_release.yml (#6194)
• Fix using the wrong pool for smoke tests (#6196)
• Pin Azure Functions version used in CI to get the integration tests running (#6203)
• [Test Package Versions Bump] Updating package versions (#6206)
• Fix some build warnings in sample apps (#6207)
• Fix IIS LoaderOptimisation tests not testing anything (#6209)
• Update CosmosDb snapshots (#6213)
• Fix flake in Ngen ManualInstrumentationTests (#6214)
• Fixes Clion build on OSX (#6215)
• Run aspnetcore tests in other TFMs (#6217)
• Convert WebRequestTests to snapshot tests (#6223)
• Add smoke test for config builder instrumentation issue (#6224)
• Update version conflict test (#6226)
• [Test Package Versions Bump] Updating package versions (#6230)
• Add more info when GenerateDumpIfDbgRequested fails (take 2) (#6197)
• Add profiling scenario to onboarding tests (#6201)
• [Profiler] Remove non open source third party reference (#6163)
• [Dynamic Instrumentation] Fix line exploration tests (#6089)

Miscellaneous

• [Crashtracking] Collect PDB info (#6176)
• Revert "[Crashtracking] Disable crashtracking on Windows by default" (#6220)
• [ASM] Add event rules version in telemetry (#6208)

Changes since 3.4.1

2.61.0

Summary

Fix Remote Configuration values are 64-bit not 32-bit

Changes

Fixes

• Move all RC int values to long, to mirror RC backend (#6228)

Build / Test

• Pin Azure Functions version used in CI to get the integration tests running (#6227)

Changes since 2.60.0

3.4.1

Summary

• Fix a crash when .NET Framework and .NET Core run in the same process, which can typically happen when using IIS an ".NET CLR Version" is not set to "No Managed Code". May also affect applications running in Azure App Service.

Changes

Fixes

• Revert "Load the tracer/profiler after guardrails checks" (#6200)

Changes since 3.4.0

2.60.0

Summary

• [Tracing] Add ability to disable additional ADO.NET Command Types using DD_TRACE_DISABLED_ADONET_COMMAND_TYPES (#6054)
• [Serverless] Add support for 128-bit trace IDs for Lambda step functions (#6181)

Changes

Tracer

• Add ability to disable additional ADO.NET Command Types (#6054)
• [Tracer] Set _dd.base_service tag whenever a span's service name is different than the default value (DD_SERVICE) (#6122)
• Add support for the "new" dev.azure.com style URLs in SourceLink URL parsing logic (#6178)

Continuous Profiler

• [Profiler] Make sure Watcher thread is started before Sampler thread (#6128)

Serverless

• Extract Upper64 bit trace ID from extension response (#6181)

Build / Test

• Trigger consolidated pipeline on tags(#6053)
• Add SSI denylist and tests (#6182)
• Fix requirements.json test (#6186)

Changes since 2.59.0

3.4.0

Warning

We've identified a bug in version 3.4.0 only that can crash applications that run .NET Framework and .NET Core in the same process, which can typically happen when using IIS. Please ensure you update to 3.4.1.

If you're using .NET Core in IIS, make sure to set ".NET CLR Version" to "No Managed Code" in the application pool settings, as described in the Microsoft documentation.

Summary

• [Tracing] Add ability to disable additional ADO.NET Command Types using DD_TRACE_DISABLED_ADONET_COMMAND_TYPES
• [Tracing] Add support for 3.x.x of log4net
• [CI Visibility] Automatic Test Retries
• [CI Visibility] Add support for session logical names
• [CI Visibility] Add extra tags for vcpu_count and in GitHub Action pull_requests runs
• [ASM] Enable API Security feature by default
• [ASM] Add support for attacker fingerprinting
• [ASM] Add support for suspicious attacker blocking
• [Continuous Profiler] Fix potential deadlock between watcher and sampler threads
• [Continuous Profiler] Improve performance for CPU profiler
• [Serverless] Add EventBridge and 128-bit trace ID support
• [DBM] Ensure context injection does not affect DBM injection

Changes

Tracer

• [Tracer] Set _dd.base_service tag whenever a span's service name is different than the default value (DD_SERVICE) (#5502)
• Add ability to disable additional ADO.NET Command Types (#6042)
• Add support for 3.* of log4net (#6075)
• [APMAPI-473] Making DD_HTTP_*_ERROR_STATUSES Config Keys Consistent (#6095)
• Subscribe to AssemblyLoadContext.Default.Resolving (#6148)
• Fix return value on error in delegate instrumentation (#6153)
• Add support for the "new" dev.azure.com style URLs in SourceLink URL parsing logic (#6159)
• Include pID in managed logs filename (#6161)
• Ensure we don't throw a null reference exception in Manual instrumentation (#6169)

CI Visibility

• [CI Visibility] Test session logical names (#6050)
• [CI Visibility] Add vcpu_count tag to tslv events (#6055)
• [CI Visibility] Automatic Test Retries (#6061)
• [CI Visibility] Avoid failing unfinished tests (#6063)
• [CI Visibility] Add support for MSTest 3.6.0 (#6080)
• [CI Visibility] Hide running command by default. (#6086)
• [CI Visibility] Fix code coverage enabled tag behavior (#6111)
• [CI Visibility] Add extra tags to GitHub Action pull_requests runs (#6141)
• [CI Visibility] Ensure commit messages are trimmed (#6170)

ASM

• [ASM] Segregate asm and iast contexts functionality (#6118)
• [ASM] Delete unused snapshots (#5758)
• [ASM] Attacker fingerprint (#5982)
• [ASM] Fix exception when accessing ReportedExternalWafsRequestHeaders (#6030)
• [ASM] Activate api sec by default (#6043)
• [ASM] Suspicious attacker blocking (#6057)
• [ASM] Fix bug RC empty key (#6058)
• [ASM] Fix one flakiness in rcm asm data integration tests and simplify some asm rcm code (#6119)
• [ASM] Update ruleset to version 1.13.1 and WAF to version 1.20.0 (#6129)
• [ASM] Update fingerprint rules (#6133)
• Refactoring and hardening of security coordinator (#6143)
• [ASM] Send header values as string to the WAF (#6144)
• [ASM] Remove httpcontext from context store at the end of the request (#6151)
• [ASM] Rename snapshots for ASM ownership (#6155)
• [ASM] Send cookie values as single string to the WAF (#6164)
• [ASM] Update WAF version to 1.20.1 (#6174)

Continuous Profiler

• [Profiler] Allow tests for .NET Framework (#5948)
• [Profiler] Bump to libdatadog 13 (#6031)
• Fix dlsym issue (#6048)
• [Profiler] Avoid too many syscall calls for timer-create-based CPU profiler (#6067)
• [Profiler][cleanup] Shorten libdatadog helper functions name (#6069)
• [Profiler] Download profiler debug symbols for integration tests (#6070)
• [Profiler] Add gen2 leak scenario (#6071)
• [Profiler] Bump libdatadog 13.1 (#6112)
• [Profiler] Code cleanup (#6114)
• [Profiler] Make sure Watcher thread is started before Sampler thread (#6134)

Debugger

• [Dynamic Instrumentation] DEBUG-2249 Line and method probes exploration tests (#5914)

Serverless

• Extract Upper64 bit trace ID from extension response (#6041)
• [serverless] trigger consolidated pipeline on tags (#6052)
• [serverless] Create EventBridge Instrumentation and Inject Trace Context (#6096)

Fixes

• Add proper error checking around GetModuleMetadata (#5985)
• [IAST] Avoid lock in method ctor. (#6115)
• Fix subtle WCF bug (#6131)
• Reorganize code around DBM injection to make sure comments get injected even if setting context fails (#6167)

Build / Test

• Run CallTargetNativeTests on Windows (#5754)
• Add SSI denylist and tests (#5928)
• [Test Package Versions Bump] Updating package versions (#5995)
• add aws credentials for system tests (#6040)
• Bump timeit to 0.1.21 (#6059)
• Move IDM up in CODEOWNERS (#6062)
• [TESTING] Fix missing snapshot (#6066)
• [CI] Push native debug symbols to Datadog Symbolication server (#6081)
• Disable debugger exploration tests (#6085)
• Fix GeneratePackageVersions (#6094)
• [Test Package Versions Bump] Updating package versions (#6098)
• Minor build fixes (#6099)
• Remove warning about non-serializable test data (#6102)
• Verify version of glibc targeted in native tracer/profiler (#6104)
• chore: prefix system tests env vars (#6108)
• Add more info when GenerateDumpIfDbgRequested fails (#6113)
• "Fix" timeouts in SSI run (#6117)
• [Test Package Versions Bump] Updating package versions (#6123)
• Remove nuke JSON file (#6126)
• Handle Nuke .NET 9 preview issue (#6130)
• Build against macos-13 as macos-12 is going to be deprecated (#6138)
• Fix crashes on .NET Core 2.1 CI (#6139)
• Fix .sln project ordering (#6156)

Miscellaneous

• Load the tracer/profiler after guardrails checks (#5968)
• [IAST] Change filtered cookie vuln hash (#6032)
• [IAST] Improve RestSharp SSRF detection (#6060)
• Ignore more processes (#6065)
• Add a outer startup hook catch block (#6068)
• [ASM][RCM] Read waf actions per file and remove per file (#6072)
• Add serverless examples (#6076)
• Allow forcing interface duck types to be classes, and update Datadog.Trace.Manual (#6082)
• Add ddprs to DBM injected comment + fix dddbs (#6084)
• [Crashtracking] Implement support for Windows (#6088)
• [IAST] Remove safe origin ranges (#6091)
• [IAST] Fix for VS Edit and Continue (#6097)
• [Crashtracking] Add registry key to installer (#6106)
• [Crashtracking] Remove exception types that are too broad (#6109)
• [IAST] Calculate method full name on demand always (#6127)
• Stop using current_path in the native loader (#6132)
• [Crashtracking] Disable crashtracking on Windows by default (#6152)

Changes since 3.3.1

3.3.1

Summary

• Fixes a bug introduced in 3.3.0 in which attempting to run some commands (e.g. cat) in some distros would give the error symbol lookup error: /opt/datadog/continuousprofiler/Datadog.Linux.ApiWrapper.x64.so: undefined symbol: dlsym

Changes

Continuous Profiler

• Fix dlsym issue (#6048)

Changes since 3.3.0

3.3.0

Warning

We've identified a bug with the .NET Tracer with the Continuous Profiler enabled that may cause applications to crash - please avoid 3.3.0 and instead use 3.2.0 for the time being. We are working on a hotfix for this ASAP.

Summary

• [ASM] Fix some minor bugs (#5943, #5955, #6017)
• [ASM] Improvements to stack trace reporting (#6011, #5997)
• [Dynamic Instrumentation] Add support for typeof expression
• [Continuous Profiler] Add support for heuristic-based activation (#5240, #6002, #6026)
• [DBM] Full propagation mode for SQL Server (#5859)

Changes

ASM

• [ASM] Avoid unhandled HttpRequestValidationExceptions (#5943)
• [ASM] Avoid reporting unknown matcher WAF errors (#5955)
• [ASM] RASP: add telemetry tag for shell injection (#5993)
• [ASM] Add new capabilities for RC (#6008)
• [ASM] Change stack trim proportion (#6011)
• [ASM]Fix InvalidOperationException in httpContext.Items (#6017)
• [ASM] Capabilities reporting against WAF versions. (#6028)
• [IAST] Add Stack trace to vuln location (#5997)
• [IAST] Fix system test weak_cipher system test (#6034)

Continuous Profiler

• [Profiler] Support Single Step Instrumentation deployment and activation (#5240)
• [Profiler] Contention profiling: add blocking thread name (#5981)
• [Profiler] Fix duplicated lifecycle telemetry (#6002)
• [Tool] update continuous profiler diagnostics (#6014)
• [Profiler] Disable timer_create-based CPU profiler when required (#6015)
• [Profiler] Send ssi info with profiles (#6026)

Debugger

• [Dynamic Instrumentation] DEBUG-2323 Add support for typeof expression in EL (#5539)

Build / Test

• [Profiler] Disable SSI telemetry by default (#6020)
• Fix SSI tests for profiler integration tests (#6016)
• [Profiler/CI] Disable Profiler Windows ASAN job (#5987)
• Add explicit permissions to all workflows (#5728)
• [Test Package Versions Bump] Updating package versions (#5873)
• [build] Build tracer with ReadyToRun (#5962)
• Display the crash tests stdout live (#5964)
• Timeit bump and fixes (#5971)
• Add linux-musl-arm64 standalone dd-trace to the v3 release artifacts (#5974)
• [CONTSEC-1501] Comment the action that uploads SARIF to Datadog (#5977)
• Include snapshot diff in snapshot body (#5988)
• Make sure we run all the TFMs on master builds (#5990)
• Minor CI fixes (#6000)
• Fix installer tests (#5994 => main) (#6004)
• Fix the trace pipeline stage (#6007)
• [Build] Update and fix linux debug symbols artifact (#6009)
• Fix bug in version bump task (#6022)
• [CI] Shorten too long snapshot file names (#6024)
• Fix gitlab build (#6025)
• [BUILD] Fix merge conflict (#6033)

Miscellaneous

• DSM Full propagation mode for SQL Server (#5859)
• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName (#5980)

Changes since 3.2.0

2.59.0

Summary

• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName preventing dump creation

Changes

Tracer

• [Tracer] Add proper error checking around GetModuleMetadata (#5985 => v2) (#5992)

Continuous Profiler

• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName (#5980 -> v2) (#6001)

Serverless

• [backport][build] Build tracer with ReadyToRun (5962 => v2) (#6005)

Build / Test

• [Profiler] Fix LinuxDlIteratePhdrDeadlock test (#5963 -> v2) (#6003)
• Add explicit permissions to all workflows (#5728 => v2) (#6013)
• Version Bump to 2.59.0 (#6021)
• Fix gitlab build (#6025 -> v2) (#6027)

Changes since 2.58.0

2.58.0

Summary

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5934)
• [Tracer] Fix bug in ADO.NET connection string extraction (#5960)
• [Exception Replay] Update configuration values (#5970)

Changes

Tracer

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5910 -> v2) (#5934)
• Protect the connection string tags extractor from an invalid connection string (#5956 -> v2) (#5960)

Debugger

• [Exception Replay] Update configuration and add test suite for ASP.NET Core (#5821 -> v2) (#5970)

Fixes

• Fix musl tags for dd-lib-dotnet-init image (#5899)

Build / Test

• Fix branch selection in version bump PR (#5895)
• Fix bug in verification stage of release (#5894 -> v2) (#5901)
• Skip the mass transit test to see if it solves flake issues (#5861 -> v2) (#5911)
• Fix v2 branch building (#5969)

Miscellaneous

• [IAST] Support for specifying aspect min version (#5931) [-> V2] (#5932)
• Normalize the environment variable names used by crashtracking (#5898 -> v2) (#5936)
• [IAST] Move analyzers init to an explicit call (#5920 -> v2) (#5937)
• Fix signature size check in ModifyLocalSig (#5921 -> v2) (#5938)
• Use a native logger for critical failures in the loader (#5929 -> v2) (#5939)
• Fix ToString and ToWString on large strings (#5930 -> v2) (#5940)
• Prevent the native loader from being unloaded while sending telemetry (#5944 => V2) (#5957)

Changes since 2.57.0