Releases: DataDog/dd-trace-java
Releases Β· DataDog/dd-trace-java
1.43.0
Components
Application Security Management (IAST)
- β¨ Add propagation to StringBuffer substring methods (#7992 - @Mariovido)
- π Fix issue with call sites in super calls to constructor (#7991 - @manuel-alvarez-alvarez)
- β¨ Add propagation to StringBuilder substring methods (#7980 - @Mariovido)
- π Reset IAST request context on root span published (#7969 - @manuel-alvarez-alvarez)
- β¨ Add propagation to String constructors with StringBuffer and StringBuilder (#7966 - @Mariovido)
- π Do not reset IAST concurrent request counter (#7963 - @smola)
- β¨ Exclude spark web from vulnerability locations (#7939 - @smola)
- π Exclude dev.failsafe from IAST instrumentation (#7938 - @smola)
- β¨ Exclude okio from vulnerability locations (#7937 - @smola)
- β¨ Expand SSRF support in IAST to java.net.http.HttpClient (#7877 - @Mariovido)
- Fix stack trace inconsistency between excluded frames in vulnerability location and metastruct stack trace (#7865 - @jandro996)
- β¨π§ͺ Add experimental taint propagation to the String replace, replaceFirst, replaceAll methods (#7741 - @Mariovido)
Application Security Management (WAF)
- Upgrade to libddwaf 1.21.0 (libddwaf-java 11.2.0) (#7993 - @ValentinZakharov)
- Updated ASM rules to 1.13.3 (#7976 - @ValentinZakharov)
- β¨ Prevent spans from having login success and failure events simultaneously (#7918 - @manuel-alvarez-alvarez)
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
- Extend support for SSRF in exploit prevention (#7376 - @jandro996)
Build & Tooling
- β¨ Add JMXFetch to SSI Guardrails denylist (#7970 - @PerfectSlayer)
- π Remove SSI guardrails entries for hbase and hive (#7916 - @PerfectSlayer)
Continuous Integration Visibility
- π Instrument Gradle Launcher to avoid overwriting org.gradle.jvmargs property (#8001 - @nikita-tkachenko-datadog)
- Add source line tags to test suites (#7964 - @daniel-mohedano)
Crash tracking
- π Improve crashtracking support for older Bash versions (#7956 - @PerfectSlayer)
- β¨ Adjust crash upload timeout (#7905 - @dougqh)
- β¨ Use telemetry 'is_sensitive' attribute instead of redacting the crash stacktrace (#7899 - @jbachorik)
Data Streams Monitoring
Dynamic Instrumentation
- π Fix integer json parsing probe definition (#7957 - @jpbempel)
- π Fix NullPointerException Extracting Class symbols (#7934 - @jpbempel)
- β¨ Avoid duplicate class symbol extraction (#7919 - @jpbempel)
- Add outer exceptions support for Exception Replay (#7897 - @jpbempel)
- π Fix memory leak in Exception Replay (#7885 - @jpbempel)
- β¨ Consult the environment variable when setting the max users frames in code origin probes (#7881 - @evanchooly)
JMX fetch
- π Bump JMXFetch to 0.49.6 (#7927 - @carlosroman)
Profiling
- β¨ Common temporary location manager for profiling product (#7971 - @jbachorik)
- πβ¨ Standardize some of the profiler sampling frequencies (#7961 - @MattAlp)
- β¨ enable SystemGC events (#7921 - @richardstartin)
- π Bump ddprof to 1.17.0 (#7915 - @jbachorik)
- β¨ paranoid exception handling when setting profiling thread context (#7903 - @richardstartin)
Telemetry
- β¨ Collect git metadata for telemetry (#7951 - @jpbempel)
- β¨ Fix dependency collection for new Spring Boot nested jars (#7931 - @smola)
Trace context propagation
- π Fix baggages mapping configuration when only keys are provided (#7972 - @cecile75)
- β¨ Updating Span Link creation due to header tag propagations for invalid spans (#7799 - @mhlidd)
Instrumentations
AWS Lambda instrumentation
AWS SDK instrumentation
Jetty instrumentation
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
Kafka instrumentation
- π Reenable kafka 3.8 by default (#8007 - @nayeem-kamal)
- π Avoid double instrumentation of kafka-clients 3.8+ (#8006 - @mcculls)
- π Fix Kafka lag instrumentation for version 2.7 of Kafka (#7941 - @piochelepiotr)
Netty instrumentation
- π Finish netty span when request is cancelled (#7900 - @amarziali)
Reactor instrumentation
- π Add reactor samples and doc (#7906 - @amarziali)
- π Protect currentContext access for reactor inner operators (#7883 - @amarziali)
Contributors
smola, mcculls, and 22 other contributors
Assets 6
1.42.2
v1.42.2
This tag was signed with the committerβs verified signature.
PerfectSlayer
Bruce Bujon
Components
Build & Tooling
- π Remove SSI guardrails entries for hbase and hive (#7935 - @PerfectSlayer)
JMX fetch
- π Bump JMXFetch to 0.49.6 (#7936 - @amarziali)
Instrumentations
Jetty instrumentation
Contributors
PerfectSlayer, vandonr, and amarziali
Assets 6
1.42.1
Potentially Breaking Changes
Warning
There is a known issue with Kafka instrumentation that causes double tracing. As a result, Kafka 3.8+ is disabled by default until the double tracing issue is resolved.
Components
Dynamic Instrumentation
Profiling
- π Bump ddprof to 1.17.0 (#7917 - @jbachorik)
- Crash handler registration does not work correctly by @jbachorik in DataDog/java-profiler#150
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
Reactor instrumentation
- π Protect currentContext access for reactor inner operators (#7895 - @amarziali)
Contributors
jbachorik, ygree, and 2 other contributors
Assets 6
1.42.0
Known Issues
This release contains a critical bug that may cause intermittent crashes when using profiler.
To avoid this bug you can either upgrade to v1.42.1, revert to v1.41.2, or:
- To greatly reduce the chance of crash, disable native stack collection via
-Ddd.profilng.ddprof.cstack=no - To completely eliminate the chance of crash, turn off Datadog Java profiler via
-Ddd.profiling.ddprof.enabled=falseand use only JFR, when available
Components
Application Security Management (IAST)
- Limit the visiting of objects for Trust Boundary Violation (#7847 - @manuel-alvarez-alvarez)
- π Update header injection exclusions (reduce false positives) (#7821 - @manuel-alvarez-alvarez)
- π Ensure vulnerabilities are reported with taintable values (#7801 - @manuel-alvarez-alvarez)
- Move SSRF support for IAST to HttpClientDecorator (#7792 - @Mariovido)
- π Fix String subsequence taint tracking bug (#7778 - @jandro996)
- Attach stacktrace to IAST vulnerabilities (#7757 - @jandro996)
Application Security Management (WAF)
- Update ASM rules to 1.13.2 (#7844 - @ValentinZakharov)
- Update ASM rules to 1.13.1 (#7831 - @ValentinZakharov)
- β¨ Upgrade to libddwaf 1.20.1 (libddwaf-java 11.1.0) (#7828 - @ValentinZakharov)
- Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)
Build & Tooling
- Remove hadoop from the denylist (#7866 - @andrewlock)
Configuration at Runtime
- π Fix remote config update operation (#7856 - @ValentinZakharov)
- β¨π Fix relying on configId for remote config log level tracer flare change (#7788 - @cecile75)
Continuous Integration Visibility
- Add codeowners tag to test suites (#7861 - @daniel-mohedano)
- π Fix skippable tests request in headless mode (#7860 - @nikita-tkachenko-datadog)
- π Fix code coverage percentage reporting for Android projects (#7815 - @nikita-tkachenko-datadog)
- Lower log level for duplicate repo index keys warning (#7814 - @nikita-tkachenko-datadog)
- π Throw exception when using repo index to resolve source path for classes with identical names (#7793 - @nikita-tkachenko-datadog)
- π Fix automatic coverage includes calculation for headless test sessions (#7784 - @nikita-tkachenko-datadog)
- π Fix Jacoco coverage exclusion (#7783 - @nikita-tkachenko-datadog)
- π Fix module name detection for headless sessions (#7779 - @nikita-tkachenko-datadog)
Database Monitoring
- Add _dd.dbm_trace_injected tag to SQL Server prepared statements (#7863 - @nenadnoveljic)
- Add DBM_TRACE_INJECTED tag to SQL Server (#7849 - @nenadnoveljic)
Dynamic Instrumentation
- Make SymDB upload enabled by default for DI (#7869 - @jpbempel)
- Fix
Whereconversion for CodeOrigin probes (#7858 - @jpbempel) - Add compression support for SymDB paylods (#7851 - @jpbempel)
- Split SymDB payload when too large (#7838 - @jpbempel)
- Add retry policy for uploading requests to agent (#7824 - @jpbempel)
- β‘ Avoid exception when capturing fields in jdk16+ (#7774 - @jpbempel)
JMX fetch
- Bump JMXFetch to 0.49.5 (#7853 - @carlosroman)
Profiling
- Do not force-disable TLAB allocation events on JDK 8 (#7878 - @jbachorik)
- Bump ddprof to 1.16.0 (#7871 - @jbachorik)
- Improve robustness of the crash signal handler by @jbachorik in DataDog/java-profiler#134
- Remove a looping allocation when updating threads by @r1viollet in DataDog/java-profiler#135
- Add a fail-safe when we encounter double-exit from crash handler by @jbachorik in DataDog/java-profiler#138
- Crash handler recursion protection - Fix by @r1viollet in DataDog/java-profiler#139
- Split java version to 'java version' and 'hotspot version' by @jbachorik in DataDog/java-profiler#142
- Do not patch jmethodIDs for newer than JDK 8 by @jbachorik in DataDog/java-profiler#148
- Delay queue time rate limiting until event is committed (#7867 - @richardstartin)
- π Apply rate limit to queue events (#7823 - @richardstartin)
- Unwrap netty writetask (#7822 - @richardstartin)
- β¨β‘ Introduce aggregated smap events (enabled by default) (#7820 - @MattAlp)
Telemetry
Tracer core
- π Prevent NPE setting null span baggage (#7848 - @PerfectSlayer)
- Widen catch blocks to make agent discovery more tolerant (#7796 - @mcculls)
- Fall back to ports when we cannot use auto-discovered unix domain sockets (#7794 - @mcculls)
- Improve isolation of embedded JFFI dependency (#7789 - @mcculls)
- β¨ Support DD_TRACE_<INTEGRATION>_ENABLED (#7718 - @mtoffl01)
- β¨
β οΈ Add support forTRACE_HTTP_CLIENT_TAG_QUERY_STRINGand change default value ofHTTP_CLIENT_TAG_QUERY_STRINGtotrue(#7677 - @mhlidd) - Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)
Instrumentations
Apache Spark instrumentation
- π Fix default value for long-running spans with DJM (#7795 - @paul-laffon-dd)
- Support for kafka lag metrics in spark streaming applications (#7474 - @kr-igor)
AWS SDK instrumentation
JAX-WS instrumentation
- Add Jakarta WebService Instrumentation (#7854 - @jordan-wong)
JDBC instrumentation
- π Avoid metadata access in driver connect advice for Oracle sharded connections (#7812 - @mcculls)
- π Do not parse DBInfo when no connection (#7800 - @amarziali)
Kafka instrumentation
- Enabled kafka-clients 3.8+ by default (#7818 - @nayeem-kamal)
Lettuce instrumentation
- β¨ Support lettuce 6.5 (#7876 - @amarziali)
Reactor instrumentation
- β¨ Support reactor context span propagation (#7864 - @amarziali)
Contributors
smola, mcculls, and 24 other contributors
Assets 6
1.41.2
Contributors
andrewlock
Assets 6
1.41.1
v1.41.1
This tag was signed with the committerβs verified signature.
nikita-tkachenko-datadog
Nikita Tkachenko
Components
Continuous Integration Visibility
- π Fix automatic coverage includes calculation for headless test sessions (#7809 - @nikita-tkachenko-datadog)
- π Fix Jacoco coverage exclusion (#7808 - @nikita-tkachenko-datadog)
- π Fix module name detection for headless sessions (#7807 - @nikita-tkachenko-datadog)
- π Throw exception when using repo index to resolve source path for classes with identical names (#7806 - @nikita-tkachenko-datadog)
Instrumentations
Apache Spark instrumentation
- π Fix default value for long-running spans with DJM (#7810 - @paul-laffon-dd)
Contributors
paul-laffon-dd and nikita-tkachenko-datadog
Assets 6
1.41.0
Components
Application Security Management (IAST)
- π Limit the collections that the iast visitor can handle (#7764 - @manuel-alvarez-alvarez)
- Add taint propagation to the String indent method (#7707 - @Mariovido)
- Add propagation to String strip methods (#7684 - @Mariovido)
Application Security Management (WAF)
- β‘ Prevent publishing the same usr.id to the WAF twice (#7699 - @manuel-alvarez-alvarez)
- β¨ Ensure 'attempt to replace context value' logs are set to debug (#7698 - @manuel-alvarez-alvarez)
- Add support for
waf_timeouttag in telemetry (#7696 - @jandro996)
Build & Tooling
- β¨ Enable Single Step Instrumentation Guardrails (#7568 - @PerfectSlayer)
Continuous Integration Visibility
- Ensure test session trace ID and span ID are the same (#7747 - @nikita-tkachenko-datadog)
- Update bundled Jacoco version (#7736 - @nikita-tkachenko-datadog)
- Revert HTTP client sharing in CI Vis components (#7734 - @nikita-tkachenko-datadog)
- Trace Maven and Gradle build tasks (#7721 - @nikita-tkachenko-datadog)
- Trace setup and teardown operations in JUnit 5 (#7714 - @nikita-tkachenko-datadog)
- Propagate module context from build system process to child JVM processes (#7710 - @nikita-tkachenko-datadog)
Crash tracking
- π Fix crashtracking log parser (#7697 - @PerfectSlayer)
Data Streams Monitoring
- Add avro schema object extraction (#7712 - @ericfirth)
- β‘ Improve data streams performance (#7749 - @piochelepiotr)
Dynamic Instrumentation
- π Fix hoisting local vars for Kotlin code (#7758 - @jpbempel)
- Fix mixed local vars for suspend funs in Kotlin (#7748 - @jpbempel)
- Rename the DebuggerProbe to TriggerProbe (#7737 - @evanchooly)
- π Fix Where signature (#7735 - @jpbempel)
- Update signatures to match symDB format (#7723 - @evanchooly)
- Update the config parameter name to enable code origin (#7695 - @evanchooly)
Telemetry
- Add support for
waf_timeouttag in telemetry (#7696 - @jandro996)
Testing
- Pin pubsub emulator docker version (#7767 - @amarziali)
Tracer core
- Avoid emission of endpoint events for client and producer root spans (#7732 - @richardstartin)
- β¨ Add support for
TRACE_HTTP_CLIENT_ERROR_STATUSES(#7694 - @mhlidd) - β¨ Remove
versionmetadata for nonDD_SERVICEspans (#7661 - @mhlidd)
Tracer public API
Instrumentations
Core Java language instrumentation
- Add taint propagation to the String indent method (#7707 - @Mariovido)
- Add propagation to String strip methods (#7684 - @Mariovido)
Eclipse Vert.x instrumentation
- π Avoid NPE on vertx end advice when parent span is not available (#7775 - @amarziali)
EventBridge instrumentation
gRPC instrumentation
- β¨
β οΈ Disable grpc client message span by default (#7708 - @amarziali)
JDBC instrumentation
- π Append comment on MySQL JDB callables (#7742 - @sethsamuel)
- β¨ Add Hikari Pool Name tag (#7672 - @jordan-wong)
Kafka instrumentation
- Support Kafka-clients 3.8+ (#7626 - @nayeem-kamal)
Micronaut instrumentation
- Update Gradle dependencies and support micronaut 4.7.0 (#7759 - @github-actions[bot])
Protocol Buffer instrumentation
- Fix schema tracking for nested messages (#7690 - @piochelepiotr)
- π Remove dependency on abstract message in schema extractor (#7260 - @piochelepiotr)
Reactor instrumentation
- β¨ Add proper context propagation for reactive streams (#7644 - @amarziali)
All other instrumentations
- π Finish spans for all handlers for Grizzly http client (#7772 - @amarziali)
Contributors
evanchooly, PerfectSlayer, and 14 other contributors
Assets 6
1.40.2
v1.40.2
This tag was signed with the committerβs verified signature.
manuel-alvarez-alvarez
Manuel Γlvarez Γlvarez
Components
Application Security Management (IAST)
- π Limit the collections that the iast visitor can handle (#7768 - @manuel-alvarez-alvarez)
Continuous Integration Visibility
- Update bundled Jacoco version (#7769 - @nikita-tkachenko-datadog)
Instrumentations
JDBC instrumentation
- π Append comment on MySQL JDBC callables (#7771 - @sethsamuel )
Contributors
manuel-alvarez-alvarez, sethsamuel, and nikita-tkachenko-datadog
Assets 6
1.40.1
v1.40.1
This tag was signed with the committerβs verified signature.
manuel-alvarez-alvarez
Manuel Γlvarez Γlvarez
35e4126
This commit was signed with the committerβs verified signature.
manuel-alvarez-alvarez
Manuel Γlvarez Γlvarez
Components
Application Security Management (WAF)
- β‘ Prevent publishing the same usr.id to the WAF twice (#7709 - @manuel-alvarez-alvarez)
- β¨ Ensure 'attempt to replace context value' logs are set to debug (#7705 - @manuel-alvarez-alvarez)
Crash tracking
- π Fix crashtracking log parser (#7703 - @PerfectSlayer)
Contributors
PerfectSlayer and manuel-alvarez-alvarez
Assets 6
1.40.0
Components
Application Security Management (IAST)
- β¨ Send IAST vulnerability secure marks to backend (#7645 - @jandro996)
- π§Ή Remove dependency with thread locals in jersey IAST instrumentation (#7619 - @manuel-alvarez-alvarez)
- π Fix jackson json parser propagation for field names (#7606 - @Mariovido)
- Add XSS support for Velocity (#7546 - @Mariovido)
- Add XSS support for Freemarker prior 2.3.24-incubating (#7497 #7532 - @Mariovido)
Application Security Management (WAF)
- π Fixed closing WAF context (#7681 - @ValentinZakharov)
- β¨ Reduce log level for "WAF object had not been closed" (#7657 - @smola)
- π Update libsqreen library to 11.0.1 fixing fingerprint generation (#7655 - @manuel-alvarez-alvarez)
- π Fix NullPointerException in RASP metrics (#7654 - @smola)
- β¨ Add support for user tracking in spring security (#7633 - @manuel-alvarez-alvarez)
- β‘ Short circuit for WAF/RASP calls (#7630 - @ValentinZakharov)
- β¨ Add support for session fingerprints to the WAF (#7591 - @manuel-alvarez-alvarez)
- π Fix Exploit Prevention capability announcement on remote config (#7586 - @smola)
- π§Ή Extract EventTracker logic to the appsec module (#7554 - @manuel-alvarez-alvarez)
- Add LFI exploit prevention support (#7487 - @jandro996)
Continuous Integration Visibility
- Use remote service to get CI provider info when configured to do so (#7689 - @nikita-tkachenko-datadog)
- β¨ Add CPU count tag to Test Visibility events (#7659 - @nikita-tkachenko-datadog)
- π Fix tracing skipped suites in MUnit 1.0.1 (#7605 - @nikita-tkachenko-datadog)
- Add pull_request extra tags for GitHub Actions (#7604 - @nikita-tkachenko-datadog)
- Set test session name on test/suite/module/session events (#7603 - @nikita-tkachenko-datadog)
- ITR code coverage support (#7367 - @nikita-tkachenko-datadog)
Dynamic Instrumentation
- Update Code Origin span tags (#7685 - @shatzi)
- Fix duplicated locals with arguments (#7683 - @jpbempel)
- π Fix number typing used in maps (#7676 - @jpbempel)
- π Fix evaluation errors sampling (#7656 - @jpbempel)
- Fix message for snapshots with evaluation errors (#7653 - @jpbempel)
- β¨ Add File and Path as string primitive (#7652 - @jpbempel)
- Refactor DI startup to make Exception Replay can be started up alone (#7648 - @jpbempel)
- Add Exception Replay config parameters (#7647 - @jpbempel)
- Add support of spring boot nested jar for SymDB (#7635 - @jpbempel)
- Fix local var hoisting (#7624 - @jpbempel)
- Implement the DebuggerProbe (#7588 - @evanchooly)
- β¨ Add support for Optional(Int|Double|Long) (#7581 - @jpbempel)
- Add exception_hash tag for span (#7574 - @jpbempel)
- β¨ Add watches support through probe tags (#7573 - @jpbempel)
- π Fix span decoration probe EMITTING status (#7569 - @jpbempel)
- π Add git commit sha and repostiory url in snapshot (#7566 - @jpbempel)
- β¨ Send telemetry log when Probe status queue is full (#7557 - @jpbempel)
- β¨ Add collection of local var for method probe (#7548 - @jpbempel)
- Add smoke test for Exception Replay (#7504 - @jpbempel)
GraalVM native-image
Profiling
- Bump profiler to 1.15.0 (#7682 - @MattAlp)
- π delay closing profiling state when scope reference count > 1 (#7639 - @richardstartin)
- Add JFR queuetime threshold to recording settings (#7609 - @richardstartin)
- π Enable profiling startForceFirst silently for native image builds (#7555 - @MattAlp)
- β¨ Improves info around smap parsing success/failure (#7461 - @MattAlp)
Telemetry
- Improved stack trace reporting via telemetry (#7632 - @ValentinZakharov)
- β¨ Enable telemetry logs by default (#7631 - @smola)
Tracer core
- β¨ Mute internal process start (#7572 - @PerfectSlayer)
Tracer internal logging
- Improved stack trace reporting via telemetry (#7632 - @ValentinZakharov)
Instrumentations
Akka instrumentation
- β¨ Add akka-http client 10.6+ support (#7680 - @amarziali)
Apache Spark instrumentation
- β¨ Add
spark.stagedetails attribute at the end of the stage (#7608 - @paul-laffon-dd)
AWS Lambda instrumentation
Eclipse Vert.x instrumentation
- π Vertx: wrap internal routes to let the context propagate for blocking handlers (#7563 - @amarziali)
GraphQL instrumentation
gRPC instrumentation
- make it possible to disable gRPC message spans (#7642 - @richardstartin)
JDBC instrumentation
- β¨ Add support for Intersystems IRIS jdbc driver (#7607 - @amarziali)
OpenTelemetry instrumentation
Reactor instrumentation
- Test Reactor Core latest versions (#7595 - @amarziali)
Redis instrumentation
- π Make redisson tracing the full request (#7571 - @amarziali)
Spring instrumentation
- π Spring scheduling: ensure spans have no parent (#7583 - @amarziali)
All other instrumentations
- β¨ Improve context propagation for rxjava1 observables (#7686 - @amarziali)
- β¨ Google PubSub: implement switchable legacy tracing mode (#7564 - @amarziali)
- π Tibco BW 5: fix child process parentship (#7414 - @amarziali)
Contributors
smola, evanchooly, and 15 other contributors