Skip to content

Releases: DataDog/dd-trace-java

1.24.0

15 Nov 21:24
9a567fb
Compare
Choose a tag to compare

Breaking Changes

Warning

Span operation and resource names issued from OpenTelemetry instrumentations will change according our new naming convention. Check #6104 for more details.

Warning

Regression in the continuous profiler when running on OpenJ9. All stacktraces appear as truncated.

Components

Application Security Management (IAST)

Continuous Integration Visibility

Database Monitoring

  • Fix SQL Server connection instrumentation driver class allow list (#6209 - @jmeunier28)

Dynamic Instrumentation

  • ✨ Add support for synthetic vars for metric probes (#6178 - @jpbempel)

Metrics

  • Revert setting dd.internal.card:none for UDS (#6220 - @mcculls)
  • Upgrade bundled metrics integrations to 7.49.0 (#6207 - @mcculls)

Profiling

Telemetry

  • Fix log message to debug level when DD_API_KEY missing to create Telemetry Intake connection (#6213 - @ygree)

Trace context propagation

Tracer core

Instrumentations

gRPC instrumentation

  • ✨ Expose remote peer info for grpc client spans (#6184 - @amarziali)

OpenTelemetry instrumentation

All other instrumentations

1.23.0

09 Nov 21:40
94ed1d0
Compare
Choose a tag to compare

Components

Application Security Management (IAST)

Application Security Management (WAF)

Continuous Integration Visibility

Database Monitoring

  • πŸ› Append sql comments instead of prepend to prevent exceptions on CallableStatements (#6034 - @jmeunier28)
  • DBM-APM: Selectively pre/append sql comments depending on DBMS typeq (#6160 - @jmeunier28)

Dynamic Instrumentation

Profiling

Telemetry

Tracer core

Instrumentations

Kafka instrumentation

  • ✨ Track payload size for Kafka integration (#6045 - @vandonr)

Other changes

  • instrument Exception and Error classes to avoid instrumenting generic throwables used for control flow (#6128 - @richardstartin)

1.22.0

26 Oct 11:22
848d377
Compare
Choose a tag to compare

Breaking Changes

⚠️ This release contains a change in the normalization of resource names with spaces.
See #5968 for further notes on details and the feature flag to revert back to the old behavior.

Components

Application Security Management (IAST)

Application Security Management (WAF)

Build & Tooling

  • Make sure internal 'datadog.trace.api.Functions' class is relocated in dd-trace-ot (#6005 - @mcculls)

Continuous Integration Visibility

Data Streams Monitoring

  • Avoid potential deadlock in DefaultDataStreamsMonitoring on tracer shutdown (#6011 - @mcculls)
  • ✨ Add DSM API changes to support kinesis use case (#6001 - @devinsba)
  • ✨ Add DSM implementation for kinesis in SDKv1 (#5981 - @devinsba)
  • ✨ Add DSM implementation for kinesis in SDKv2 (#5966 - @devinsba)

Dynamic Instrumentation

  • πŸ› Fix sampling with probe condition (#6086 - @jpbempel)
  • ✨ Add config for custom redacted types (#6059 - @jpbempel)
  • ✨ Add config fo custom redacted identifiers (#6053 - @jpbempel)
  • ✨ Introduce PII redaction based on keywords (#6048 - @jpbempel)
  • πŸ› Disable sampling for span decoration probe (#6006 - @jpbempel)
  • ✨ Introduce symbol extraction for debugger (#6004 - @jpbempel)
  • πŸ› Fix race condition for applying probe rate limits (#5988 - @jpbempel)
  • Fix boolean expression eval as template parameter (#5971 - @jpbempel)
  • πŸ› Prevent calling size method from unknown classes (#5946 - @jpbempel)

GraalVM native-image

  • Mark some default services as off during native-image build (#6079 - @mcculls)
  • Skip task scope creation for Graal VMOperation threads (#6078 - @mcculls)
  • Relocate OkHttp to avoid conflicts (#6018 - @luneo7 - thanks for the contribution!)
  • Register that we will reflect on ConcurrentHashMap constructor at runtime (#5924 - @mcculls)

Metrics

Profiling

Telemetry

Tracer core

Instrumentations

Apache Spark instrumentation

Armeria Instrumentation

AWS SDK instrumentation

  • πŸ› AWS set reponse status on error (#6055 - @ygree)
  • ✨ Add DSM implementation for kinesis in SDKv1 (#5981 - @devinsba)
  • ✨ Add DSM implementation for kinesis in SDKv2 (#5966 - @devinsba)
  • ✨ Extract trace context from embedded SQS message attribute '_datadog' (#5920 - @mcculls)

gRPC instrumentation

JDBC instrumentation

  • Add dd.trace.db.client.split-by-host Config (#4094 - @shunyy - thanks for the contribution!)

Lettuce instrumentation

Netty instrumentation

OpenTelemetry instrumentation

Play Framework instrumentation

Trace annotations instrumentation

  • ✨ Support @Trace(noParent=true) to always start a new trace at that method (#6032 - @mcculls)

All other instrumentations

  • Add weblogic.net.http.HttpURLConnection to list of traced connection classes (#6047 - @mcculls)
  • Support tracing of custom (non-JDK) HttpURLConnection implementations (#6046 - @mcculls)
  • Skip falling back to 'org.apache.jasper.servlet.JasperLoader.loadClass' (#5998 - @mcculls)
  • Use package prefix to direct search for helper dependencies in OSGi (#5973 - @mcculls)
  • Openliberty jakarta integration (#5652 - @nayeem-kamal)

1.21.0

20 Sep 12:02
v1.21.0
7ab7c4f
Compare
Choose a tag to compare

Components

Application Security Management (IAST)

  • Add Thymeleaf support to IAST XSS vulnerability (#5901)
  • πŸ› Improved IAST request sampling with more accurate configuration (#5879)
  • ⚑ Use bytes instead of strings in IAST metrics tags (#5872)
  • πŸ› Fix request body tainting in spring boot 2.7.5 (#5867)
  • Exclude net.jpountz.xxhash (#5856)
  • Add XSS detection for Spring's ResponseBody (#5813)
  • Add support for scala APIs (#5284)

Application Security Management (WAF)

  • Update to ASM rules 1.8.0 (#5902)
  • Make sure we close the AppSec default template resource after reading (#5876)
  • πŸ› Fix blocking for jetty 10.0.16 and 11.0.16 (#5857)
  • πŸ› Fix race condition in AppSec GatewayBridge (#5834)
  • Improve query obfuscation regular expression (#5824)

Continuous Integration Visibility

  • πŸ› Always populate test.command tag in session spans (#5885)
  • πŸ› Fix deadlock occuring when stopping SignalServer (#5884)
  • πŸ› Fix NullPointerException when calculating ITR skippable tests in TestNG (#5836)
  • πŸ› Correctly handle cases when there are multiple JVM forks per single test module (#5806)
  • Implement sending total coverage percentage for sessions and modules (#5769)
  • Allow specifying additional JVM arguments for children processes (#5628)

Data Streams Monitoring

  • ✨ Add version tag to data streams (#5866)
  • Allow data streams monitoring to be controlled by dynamic config (#5779)

Dynamic Instrumentation

  • Make @duration a float value in ms (#5823)

Metrics

  • Upgrade JMXFetch to 0.47.10 (#5878)
  • Upgrade JMXFetch integrations to 7.47.0 (#5877)

Profiling

  • Upgrade ddprof to 0.78.0 (#5914)
  • GA the profiling context API (#5830)
  • Restore exception profiling instrumentation enablement (#5826)

Remote Configuration

  • Allow data streams monitoring to be controlled by dynamic config (#5779)

Telemetry

  • Less verbose dependency collection debug logs (#5904)
  • πŸ› Fix Telemetry Config Collector to collect String and Map values (#5886)

Tracer core

  • πŸ§ͺ Make peer.service manually overridden by component (#5860)
  • Skip attaching the tracer when we know the JVM is running a JDK tool such as jstack (#5854)

Instrumentations

Apache Spark instrumentation

  • Add fallbacks when retrieving databricks ids (#5910)
  • Custom spark spans tags at runtime (#5870)
  • Add Spark SQL spans (#5820)

Eclipse Vert.x instrumentation

JDBC instrumentation

  • Preserve single line comment (--) prefixes when normalizing SQL (#5812)

JMS instrumentation

  • Support tracing jakarta.jms calls (#5868)
  • Avoid duplicate traces for nested JMS receive calls (#5863)

OpenTelemetry instrumentation

  • ✨ Add support for OpenTelemetry record exception span event (#5895)
  • ✨ Only invalidate current OTel context if we created it (#5880)

All other instrumentations

  • ✨ Add asynchronous type support for trace annotation instrumentation (#5802)
  • Add instrumentation support for Apache Pekko (#5858) -- thanks @scoquelin for the contribution!

Other changes

  • πŸ” Replace okio dependency (#5846)
  • Exclude JMXFetch jackson dependencies (#5821)

1.20.1

07 Sep 08:52
70cd67c
Compare
Choose a tag to compare

Components

Continuous Integration Visibility

  • πŸ› Fix NullPointerException when calculating ITR skippable tests in TestNG (#5842)

Other changes

  • Replace okio dependency with fork that backports the fix for CVE-2023-3635 (#5851)
  • Exclude JMXFetch jackson dependencies because we don't need them for our embedded usage (#5843)

1.20.0

30 Aug 16:21
6308c00
Compare
Choose a tag to compare

Breaking changes

  • βš οΈπŸ” Elasticsearch and Opensearch should omit params by default (#5749)
  • πŸ›βš οΈ httpasyncclient4: fix url parsing and make host/port extraction happening (#5543)

Components

Application Security Management (IAST)

  • ⚑ Use a NoOp tainted objects for vulnerabilities without context (#5786)
  • ⚑ Improve performance while computing IAST metrics (#5784)
  • ⚑ Check for overhead constraints in weak randomness module (#5783)
  • πŸ› Fix NullPointerException in unvalidated redirect detection (#5755)
  • πŸ› Set concrete types for the response instrumentation (#5714)
  • πŸ› Prevent IAST from creating empty spans for duplicated vulnerabilities (#5780)
  • Redact empty sensitive ranges (#5706)
  • Add URLEncoder tainting support (#5656)
  • Add JavaScriptUtils.javaScriptEscape tainting support (#5648)
  • Add unbescape escape functions tainting support (#5647)
  • Add freemarker.template.utility.StringUtil tainting support (#5645)
  • Weak cipher detection in javax.crypto.KeyGenerator (#5634)
  • Add more org.owasp.esapi.Encoder escape functions tainting support (#5624)
  • X-Content-Type missing header vulnerability (#5571)
  • HSTS missing header vulnerability detection (#5520)

Application Security Management (WAF)

  • πŸ› Fix timing of appsec.blocked tag setting and double finishes (#5777)
  • Enable user event tracking only when AppSec is enabled (#5756)
  • πŸ› Fixed NPE in user events tracking (#5732)
  • Response blocking in OpenLiberty (#5657)
  • Response blocking in Netty (#5650)
  • Reduce log level for WAF timeouts (#5733)

Continuous Integration Visibility

  • Add basic Scala MUnit support (#5781)
  • Update repo URL extraction logic for Bitbucket (#5766)
  • πŸ› Make Maven test module names unique (#5762)
  • 🧹 Refactor CI Visibility to better encapsulate internal APIs (#5747)
  • Use DD Javac Plugin metadata to resolve method lines (#5746)
  • πŸ› Exclude org.mockito package from CI Visibility code coverage by default (#5712)
  • Add git command line client builder to GitInfoProvider (#5711)

Dynamic Instrumentation

  • Merge span decoration and log instrumentation (#5809)
  • Reports instrumentation failure (#5795)
  • Enable ByteCode verification by default (#5774)
  • πŸ› Fix instrumentation when bytecode generation fails (#5767)
  • πŸ› Fix log template issue for duplicated line probes (#5620)

Metrics

  • Preserve tracer's default metrics namespace as "datadog.tracer" in dd-trace-ot (#5810)

Profiling

  • Do not attempt to use ddprof library on windows (#5793)
  • Rework Queue time tracking to avoid unwrapping the task type unless the event will be recorded (#5785)
  • Update ddprof to 0.71.0 (#5719)

Telemetry

  • Report dd-trace-java and its dependencies to telemetry (#5698)

Tracer core

  • ⚑ Type resolver's use of URL caches should be configurable (#5805)
  • ⚑ Avoid creating new ContinuingScope if the top scope is already keeping the span alive (#5739)
  • Add _dd.base_service to disambiguate service map (#5701)

Instrumentations

Apache Spark instrumentation

  • Capture app, job and databricks parameters in spark streaming spans (#5796)
  • Get databricks cluster name from spark conf, if absent in job properties (#5775)
  • Unify spark metrics naming (#5723)

Eclipse Vert.x instrumentation

  • πŸ› Fix for Vert.x 4.0 instrumentation to close span on timeout (#5772)

Elasticsearch instrumentation

  • Separate config for Elasticsearch body and params (#5771)

JDBC instrumentation

  • ✨ Add redshift support to JDBC URL parser (#5792)

Jetty instrumentation

  • πŸ› Fix simultaneous jetty 10/11 instrumentation when jakarta/javax servlet are both present (#5787)
  • ✨ Add tracing support for Jetty 12 (#5744)

OpenTelemetry instrumentation

  • ✨ Add RxJava async result types support for OpenTelemetry annotations (#5801)
  • ✨ Add Reactor async result types support for OpenTelemetry annotations (#5800)
  • ✨ Add Guava async result type support for OpenTelemetry annotations (#5799)
  • ✨ Add generic async result type support for OpenTelemetry annotations and its Reactive Streams extension (#5737)
  • πŸ› Ensure OpenTelemetry spans are not modifiable when finished (#5722)
  • ✨ Add OpenTelemetry annotations support (#5593)

RabbitMQ instrumentation

  • πŸ› Fix exception in reactor-rabbit (#5707)

Reactor instrumentation

  • πŸ› Fix exception in reactor-rabbit (#5707)

All other instrumentations

  • Support java.util.Timer once scheduling (#5708)

1.19.3

23 Aug 15:41
b3eaa8a
Compare
Choose a tag to compare

Components

Application Security Management (IAST)

  • πŸ› Fix NullPointerException in unvalidated redirect detection (#5755) (#5759)

Application Security Management (WAF)

  • πŸ› Enable user event tracking only when AppSec is enabled (#5756) (#5765)
  • πŸ› Fix NPE in user events tracking (#5732) (#5757)

Continuous Integration Visibility

  • πŸ› Make Maven test module names unique (#5761)

1.19.2

22 Aug 15:47
3bf7058
Compare
Choose a tag to compare

Components

Profiling

  • Upgrade to ddprof 0.70.1 (#5754)

1.19.1

16 Aug 14:37
9208c05
Compare
Choose a tag to compare

Warning

Do not use this version for profiling, the excessive resource usage was introduced in 1.19.0 and fixed in v1.19.2

Components

Application Security Management (IAST)

  • πŸ› Set concrete types for the response instrumentation (#5729)

Continuous Integration Visibility

  • πŸ› Fix automatic Javac plugin configuration in Maven projects that use annotation processors (#5727)
  • πŸ› Fix automatic tracer configuration for Maven projects that use Jacoco (#5726)

Instrumentations

OpenTelemetry instrumentation

  • πŸ› Ensure OpenTelemetry spans are not modifiable when finished (#5728)

1.19.0

08 Aug 21:07
b023c07
Compare
Choose a tag to compare

Warning

Do not use this version for profiling, the excessive resource usage was introduced in this version and fixed in v1.19.2

Components

Application Security Management (IAST)

  • Extend apache commons StringEscapeUtils tainting support (#5638)
  • Update IAST exclusions to not filter JSPs and hdiv related classes (#5625)
  • πŸ› Fix HttpOnly cookie detection and add small refactorings (#5615)
  • Implemented trust boundary violation vulnerability detection (#5612)
  • Support escape functions used in OWASP Benchmark for Trust Boundary Violation (#5608)
  • Add support for XSS vulnerability (#5589)
  • Add String#split taint tracking (#5584)
  • Add String#toCharArray taint tracking (#5576)
  • Update IAST redaction algorithm (#5528)

Application Security Management (WAF)

  • Upgrade to libddwaf 1.12.0/libsqreen 7.1.0 (#5658)
  • πŸ› More accurately report whether the request was blocked (#5594)
  • Add Fastly and CloudFlare headers to ASM attacks (#5579)
  • Response substitution on undertow (#5536)
  • Response header substitution in jetty (#5467)
  • Automatic user events tracking (Spring Security) (#5350)

Continuous Integration Visibility

  • πŸ› Close outstanding APM spans before finishing test span (#5689)
  • Disable code coverage segments data gathering by default (#5627)
  • Report test framework data from child processes instead of parsing project dependencies (#5613)
  • Add Cucumber support to CI Visibility (#5611)
  • ⚑ Replace reflection calls with method handle invocations in test utils (#5610)
  • Send test session events when build system is not instrumented (#5603)
  • Implement Intelligent Test Runner metadata tags (#5602)
  • πŸ› Fix Maven instrumentation for parallel builds (#5598)
  • πŸ› Fix TestNG instrumentation to use immutable ITestResult.getName() instead of mutable ITestResult.getTestName() (#5595)
  • Pass skippable tests from parent to children with signal server (#5581)
  • Support test framework version extraction for legacy TestNG (#5580)
  • 🧹 Move ITR skipping logic to test events handler (#5575)
  • Tag test spans with method description (#5564)
  • 🧹 Split DDTestModuleImpl into parent process and child process implementations (#5549)
  • Implement repository index sharing between processes (#5512)
  • Update signal server and client with mechanism to send/receive signal responses (#5511)

Data Streams Monitoring

  • Add DSM Context Propagation for SQS v2 (#5637)

Dynamic Instrumentation

  • Fix sampling when log probe is evaluation at Exit (#5692)
  • Add UDS support for the debugger by using OkHttpUtils.buildHttpClient (#5621)
  • Add capture of inherited (static) fields (#5609)
  • Add capture of static fields (#5588)

Metrics

  • Enable/disable embedded JMXFetch with dynamic config (#5586)

Profiling

  • Upgrade to ddprof 0.70.0 (#5676)
  • Upgrade to ddprof 0.67.0 (#5639)
  • Upgrade to ddprof 0.65.0 (#5590)
  • Disable wallclock profiling during Socket.connect (#5587)
  • Improve profiler config ergonomics (#5583)

Remote Configuration

  • Add debug log when sending RC request (#5672)
  • Enable/disable embedded JMXFetch with dynamic config (#5586)
  • Avoid logging InterruptedIOExceptions from remote-config as parsing/processing failures (#5577)
  • Change traceDebug with dynamic config (#5482)

Telemetry

  • πŸ› Fix spans_created and spans_finished integration_name tags (#5681)
  • ⚑ Fix #5640 Telemetry startup degradation (#5678)
  • 🧹 Telemetry V2 preps (Serialization Refactoring) (#5640)
  • πŸ› Fix span metric names for created and finished spans (#5600)

Tracer core

  • Updated config parsing for integer ranges for grpc (#5683)
  • Make partial flushing settings consistent with other tracer libraries (#5682)
  • Only check CLIENT/SERVER_ERROR_STATUSES when we know we have a status to check (#5596)
  • Support HTTP client header tagging (#5585)
  • ✨ Add span links support (#5569)
  • πŸ› Add config option to disable baggage as tag injection (#5563)

Instrumentations

Apache Spark instrumentation

  • ✨ Capture more Spark parameters (#5630)
  • ✨ Add support for spark structured streaming (#5629)
  • Compute distribution of task metrics for each stage (#5542)
  • Aggregate peak execution memory using the max of all stages (#5205)

AWS SDK instrumentation

  • Avoid sending trace context twice when using JMS-over-SQS (#5626)

JDBC instrumentation

  • πŸ› Add edb as supported postgres connection type (#5623)
  • πŸ’‘ Add IBM Informix support to JDBC instrumentation (#5599)

JMS instrumentation

  • Avoid sending trace context twice when using JMS-over-SQS (#5626)

Netty instrumentation

  • ✨ Fix async propagation in some versions of undertow (#5649)

OpenTelemetry instrumentation

  • ✨ Add support for OpenTelemetry Context.makeCurrent() (#5673)
  • πŸ› Fix OpenTelemetry Context instrumentation activation (#5671)
  • πŸ› Fix possible invalid parent span using OpenTelemetry API (#5644)
  • πŸ› Fix empty string attribute value (#5574)

Spring instrumentation

  • πŸ’‘ Add Spring Web Service error capture instrumentation (#5643)
  • Instrument spring-messaging to reduce chance of disconnected traces (#5631)
  • Disabling `spring-path-filter' integration should remove all path-related filters (#5578)
  • Automatic user events tracking (Spring Security) (#5350)