1.44.1

Components

Continuous Integration Visibility

• 🐛 Fix tracing JUnit5 tests in Maven projects with multiple forks (#8089 - @nikita-tkachenko-datadog)

1.44.0

Known Issues

Warning

This release contains a known issue that causes failures when using Test Optimization to trace JUnit 5 tests in a Maven project where Maven Surefire is configured with forkCount > 1.
The issue is fixed in v1.44.1

Breaking Changes

Warning

Support for X-Forwarded header is dropped from default client IP resolution.
It can still be re-activated using the dd.trace.client-ip-header=x-forwarded system property, or the DD_TRACE_CLIENT_IP_HEADER=x-forwarded environment variable. See #7946.

Components

Application Security Management (IAST)

• ✨ Set unexpected IAST exceptions to debug log level (#8044 - @smola)
• ✨ Increase IAST propagation to StringBuffer subSequence (#8038 - @Mariovido)
• ✨ Increase IAST propagation to StringBuilder subSequence (#8026 - @Mariovido)
• ✨ Add IAST propagation to String valueOf (#8013 - @Mariovido)
• ✨ Increase IAST propagation to StringBuilder append (#8010 - @Mariovido)
• ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 (#7920 - @Mariovido)

Build & Tooling

• ✨ Generate Muzzle classes for Groovy instrumentations (#8004 - @nikita-tkachenko-datadog)

Continuous Integration Visibility

• ✨ Support distributed traces in tests (#8078 - @nikita-tkachenko-datadog)
• ✨ Implement fail-fast tests ordering for JUnit 5 (#8055 - @nikita-tkachenko-datadog)
• ✨ Mark JUnit 5 setup and teardown action spans as failed if there is an error (#8033 - @nikita-tkachenko-datadog)
• ✨ Add tracing of setup and teardown actions in JUnit 4 (#8030 - @daniel-mohedano)

Crash tracking

• ✨ Improve crash tracking install logging (#8045 - @PerfectSlayer)

Data Streams Monitoring

• 🐛 Add Data Streams support in AWS SQS without raw message delivery (#8071 - @piochelepiotr)
• ✨ Add new tag for enabled products / features to DSM checkpoints (#8051 - @kr-igor)
• 💡 Instrument self hosted Kafka connectors (#7959 - @piochelepiotr)

Dynamic Instrumentation

• ✨ Add Micronaut 4 support for code origin for spans (#8039 - @jpbempel)
• ✨ Refactor probe matching for methods (#8021 - @jpbempel)
• ✨ Update the CodeOriginProbe fingerprint to not rely on a stack walk (#8016 - @evanchooly)
• ✨ Implement code origin support for grpc server entry spans (#7942 - @evanchooly)

GraalVM native-image

• 🐛 Update Graal build-time instrumentation config for TracePropagationStyle (#8065 - @MattAlp)
• 🐛 Fix NoClassDefFoundError: Could not initialize class DDSpanLink$EncoderHolder in Graal native-image (#8036 - @mcculls)
• 🐛🧹 Fix native-image generation of reactive applications (#8012 - @mcculls)

OpenTracing

• 🧹 Custom ScopeManagers are deprecated and will be removed in a future release of dd-trace-ot (#8058 - @mcculls)

Tracer core

• ✨🧪 Service naming: split by jee deployment (#8064 - @amarziali)
• ✨ Exclude jboss mdb proxies from instrumenting (#8061 - @amarziali)
• ✨ Add a built-in trace interceptor for keeping traces depending of their latency (#8040 - @cecile75)
• 💡 Introduce marker mechanism for eagerly initializing helpers (#8028 - @mcculls)
• 💡 Add JSON component (#7973 - @PerfectSlayer)
• ✨⚠️ Remove support for X-Forwarded in client IP resolution (#7946 - @smola)

Instrumentations

Apache HttpComponents

• ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 (#7920 - @Mariovido)

gRPC instrumentation

• 🐛 Use lower priorities for grpc server errors (#8043 - @amarziali)

JDBC instrumentation

• ✨ Add trace injection for prepared statements in Postgres (#7940 - @nenadnoveljic)

JMS instrumentation

• 🐛 Protect mdb from instrumenting multiple time the same event (#8062 - @amarziali)

Kafka instrumentation

• 💡 Instrument self hosted Kafka connectors (#7959 - @piochelepiotr)

OpenTelemetry instrumentation

• 🐛 Support using OpenTelemetry Event API inside @WithSpan annotated method (#8019 - @mcculls)

Reactor instrumentation

• 🐛🧹 Fix native-image generation of reactive applications (#8012 - @mcculls)

Spring instrumentation

• 🐛 Avoid double instrumenting lambdas on latest spring scheduling (#8005 - @amarziali)

All other instrumentations

• 🐛 Twilio: allow service name flattening (#8025 - @amarziali)
• ✨ Instrument Mulesoft 4.5.0+ (#7981 - @amarziali)

1.43.0

Components

Application Security Management (IAST)

• ✨ Add propagation to StringBuffer substring methods (#7992 - @Mariovido)
• 🐛 Fix issue with call sites in super calls to constructor (#7991 - @manuel-alvarez-alvarez)
• ✨ Add propagation to StringBuilder substring methods (#7980 - @Mariovido)
• 🐛 Reset IAST request context on root span published (#7969 - @manuel-alvarez-alvarez)
• ✨ Add propagation to String constructors with StringBuffer and StringBuilder (#7966 - @Mariovido)
• 🐛 Do not reset IAST concurrent request counter (#7963 - @smola)
• ✨ Exclude spark web from vulnerability locations (#7939 - @smola)
• 🐛 Exclude dev.failsafe from IAST instrumentation (#7938 - @smola)
• ✨ Exclude okio from vulnerability locations (#7937 - @smola)
• ✨ Expand SSRF support in IAST to java.net.http.HttpClient (#7877 - @Mariovido)
• Fix stack trace inconsistency between excluded frames in vulnerability location and metastruct stack trace (#7865 - @jandro996)
• ✨🧪 Add experimental taint propagation to the String replace, replaceFirst, replaceAll methods (#7741 - @Mariovido)

Application Security Management (WAF)

• Upgrade to libddwaf 1.21.0 (libddwaf-java 11.2.0) (#7993 - @ValentinZakharov)
• Updated ASM rules to 1.13.3 (#7976 - @ValentinZakharov)
• ✨ Prevent spans from having login success and failure events simultaneously (#7918 - @manuel-alvarez-alvarez)
• Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
• Extend support for SSRF in exploit prevention (#7376 - @jandro996)

Build & Tooling

• ✨ Add JMXFetch to SSI Guardrails denylist (#7970 - @PerfectSlayer)
• 🐛 Remove SSI guardrails entries for hbase and hive (#7916 - @PerfectSlayer)

Continuous Integration Visibility

• 🐛 Instrument Gradle Launcher to avoid overwriting org.gradle.jvmargs property (#8001 - @nikita-tkachenko-datadog)
• Add source line tags to test suites (#7964 - @daniel-mohedano)

Crash tracking

• 🐛 Improve crashtracking support for older Bash versions (#7956 - @PerfectSlayer)
• ✨ Adjust crash upload timeout (#7905 - @dougqh)
• ✨ Use telemetry 'is_sensitive' attribute instead of redacting the crash stacktrace (#7899 - @jbachorik)

Data Streams Monitoring

• Support service name overrides for DSM (#7798 - @kr-igor)

Dynamic Instrumentation

• 🐛 Fix integer json parsing probe definition (#7957 - @jpbempel)
• 🐛 Fix NullPointerException Extracting Class symbols (#7934 - @jpbempel)
• ✨ Avoid duplicate class symbol extraction (#7919 - @jpbempel)
• Add outer exceptions support for Exception Replay (#7897 - @jpbempel)
• 🐛 Fix memory leak in Exception Replay (#7885 - @jpbempel)
• ✨ Consult the environment variable when setting the max users frames in code origin probes (#7881 - @evanchooly)

JMX fetch

• 🐛 Bump JMXFetch to 0.49.6 (#7927 - @carlosroman)

Profiling

• ✨ Common temporary location manager for profiling product (#7971 - @jbachorik)
• 🐛✨ Standardize some of the profiler sampling frequencies (#7961 - @MattAlp)
• ✨ enable SystemGC events (#7921 - @richardstartin)
• 🐛 Bump ddprof to 1.17.0 (#7915 - @jbachorik)
• ✨ paranoid exception handling when setting profiling thread context (#7903 - @richardstartin)

Telemetry

• ✨ Collect git metadata for telemetry (#7951 - @jpbempel)
• ✨ Fix dependency collection for new Spring Boot nested jars (#7931 - @smola)

Trace context propagation

• 🐛 Fix baggages mapping configuration when only keys are provided (#7972 - @cecile75)
• ✨ Updating Span Link creation due to header tag propagations for invalid spans (#7799 - @mhlidd)

Instrumentations

AWS Lambda instrumentation

• ✨ Increase lambda extension request timeout (#7986 - @nhulston)

AWS SDK instrumentation

• 🐛 Fix AWS Payload Tagging prefix generation related to SdkPojo (#7882 - @ygree)

Jetty instrumentation

• Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)

Kafka instrumentation

• 🐛 Reenable kafka 3.8 by default (#8007 - @nayeem-kamal)
• 🐛 Avoid double instrumentation of kafka-clients 3.8+ (#8006 - @mcculls)
• 🐛 Fix Kafka lag instrumentation for version 2.7 of Kafka (#7941 - @piochelepiotr)

Netty instrumentation

• 🐛 Finish netty span when request is cancelled (#7900 - @amarziali)

Reactor instrumentation

• 📖 Add reactor samples and doc (#7906 - @amarziali)
• 🐛 Protect currentContext access for reactor inner operators (#7883 - @amarziali)

1.42.2

Components

Build & Tooling

• 🐛 Remove SSI guardrails entries for hbase and hive (#7935 - @PerfectSlayer)

JMX fetch

• 🐛 Bump JMXFetch to 0.49.6 (#7936 - @amarziali)

Instrumentations

Jetty instrumentation

• 🐛 Finish netty span when request is cancelled (#7945 - @vandonr)

1.42.1

Potentially Breaking Changes

Warning

There is a known issue with Kafka instrumentation that causes double tracing. As a result, Kafka 3.8+ is disabled by default until the double tracing issue is resolved.

Components

Dynamic Instrumentation

• 🐛 Fix memory leak in Exception Replay (#7892 - @jpbempel)

Profiling

• 🐛 Bump ddprof to 1.17.0 (#7917 - @jbachorik)
  • Crash handler registration does not work correctly by @jbachorik in DataDog/java-profiler#150

Instrumentations

AWS SDK instrumentation

• 🐛 Fix AWS Payload Tagging prefix generation related to SdkPojo (#7901 - @ygree)

Kafka instrumentation

• Disable Kafka 3.8+ instrumentation by default (#7909 - @ygree)

Reactor instrumentation

• 🐛 Protect currentContext access for reactor inner operators (#7895 - @amarziali)

1.42.0

Known Issues

This release contains a critical bug that may cause intermittent crashes when using profiler.

To avoid this bug you can either upgrade to v1.42.1, revert to v1.41.2, or:

• To greatly reduce the chance of crash, disable native stack collection via -Ddd.profilng.ddprof.cstack=no
• To completely eliminate the chance of crash, turn off Datadog Java profiler via -Ddd.profiling.ddprof.enabled=false and use only JFR, when available

Components

Application Security Management (IAST)

• Limit the visiting of objects for Trust Boundary Violation (#7847 - @manuel-alvarez-alvarez)
• 🐛 Update header injection exclusions (reduce false positives) (#7821 - @manuel-alvarez-alvarez)
• 🐛 Ensure vulnerabilities are reported with taintable values (#7801 - @manuel-alvarez-alvarez)
• Move SSRF support for IAST to HttpClientDecorator (#7792 - @Mariovido)
• 🐛 Fix String subsequence taint tracking bug (#7778 - @jandro996)
• Attach stacktrace to IAST vulnerabilities (#7757 - @jandro996)

Application Security Management (WAF)

• Update ASM rules to 1.13.2 (#7844 - @ValentinZakharov)
• Update ASM rules to 1.13.1 (#7831 - @ValentinZakharov)
• ✨ Upgrade to libddwaf 1.20.1 (libddwaf-java 11.1.0) (#7828 - @ValentinZakharov)
• Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)

Build & Tooling

• Remove hadoop from the denylist (#7866 - @andrewlock)

Configuration at Runtime

• 🐛 Fix remote config update operation (#7856 - @ValentinZakharov)
• ✨🔍 Fix relying on configId for remote config log level tracer flare change (#7788 - @cecile75)

Continuous Integration Visibility

• Add codeowners tag to test suites (#7861 - @daniel-mohedano)
• 🐛 Fix skippable tests request in headless mode (#7860 - @nikita-tkachenko-datadog)
• 🐛 Fix code coverage percentage reporting for Android projects (#7815 - @nikita-tkachenko-datadog)
• Lower log level for duplicate repo index keys warning (#7814 - @nikita-tkachenko-datadog)
• 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7793 - @nikita-tkachenko-datadog)
• 🐛 Fix automatic coverage includes calculation for headless test sessions (#7784 - @nikita-tkachenko-datadog)
• 🐛 Fix Jacoco coverage exclusion (#7783 - @nikita-tkachenko-datadog)
• 🐛 Fix module name detection for headless sessions (#7779 - @nikita-tkachenko-datadog)

Database Monitoring

• Add _dd.dbm_trace_injected tag to SQL Server prepared statements (#7863 - @nenadnoveljic)
• Add DBM_TRACE_INJECTED tag to SQL Server (#7849 - @nenadnoveljic)

Dynamic Instrumentation

• Make SymDB upload enabled by default for DI (#7869 - @jpbempel)
• Fix Where conversion for CodeOrigin probes (#7858 - @jpbempel)
• Add compression support for SymDB paylods (#7851 - @jpbempel)
• Split SymDB payload when too large (#7838 - @jpbempel)
• Add retry policy for uploading requests to agent (#7824 - @jpbempel)
• ⚡ Avoid exception when capturing fields in jdk16+ (#7774 - @jpbempel)

JMX fetch

• Bump JMXFetch to 0.49.5 (#7853 - @carlosroman)

Profiling

• Do not force-disable TLAB allocation events on JDK 8 (#7878 - @jbachorik)
• Bump ddprof to 1.16.0 (#7871 - @jbachorik)
  • Improve robustness of the crash signal handler by @jbachorik in DataDog/java-profiler#134
  • Remove a looping allocation when updating threads by @r1viollet in DataDog/java-profiler#135
  • Add a fail-safe when we encounter double-exit from crash handler by @jbachorik in DataDog/java-profiler#138
  • Crash handler recursion protection - Fix by @r1viollet in DataDog/java-profiler#139
  • Split java version to 'java version' and 'hotspot version' by @jbachorik in DataDog/java-profiler#142
  • Do not patch jmethodIDs for newer than JDK 8 by @jbachorik in DataDog/java-profiler#148
• Delay queue time rate limiting until event is committed (#7867 - @richardstartin)
• 🐛 Apply rate limit to queue events (#7823 - @richardstartin)
• Unwrap netty writetask (#7822 - @richardstartin)
• ✨⚡ Introduce aggregated smap events (enabled by default) (#7820 - @MattAlp)

Telemetry

• 🐛 Fix telemetry logs default flag (#7833 - @smola)

Tracer core

• 🐛 Prevent NPE setting null span baggage (#7848 - @PerfectSlayer)
• Widen catch blocks to make agent discovery more tolerant (#7796 - @mcculls)
• Fall back to ports when we cannot use auto-discovered unix domain sockets (#7794 - @mcculls)
• Improve isolation of embedded JFFI dependency (#7789 - @mcculls)
• ✨ Support DD_TRACE_<INTEGRATION>_ENABLED (#7718 - @mtoffl01)
• ✨⚠️ Add support for TRACE_HTTP_CLIENT_TAG_QUERY_STRING and change default value of HTTP_CLIENT_TAG_QUERY_STRING to true (#7677 - @mhlidd)
• Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)

Instrumentations

Apache Spark instrumentation

• 🐛 Fix default value for long-running spans with DJM (#7795 - @paul-laffon-dd)
• Support for kafka lag metrics in spark streaming applications (#7474 - @kr-igor)

AWS SDK instrumentation

• ✨ Extract AWS payload tags (#7811 - @ygree)

JAX-WS instrumentation

• Add Jakarta WebService Instrumentation (#7854 - @jordan-wong)

JDBC instrumentation

• 🐛 Avoid metadata access in driver connect advice for Oracle sharded connections (#7812 - @mcculls)
• 🐛 Do not parse DBInfo when no connection (#7800 - @amarziali)

Kafka instrumentation

• Enabled kafka-clients 3.8+ by default (#7818 - @nayeem-kamal)

Lettuce instrumentation

• ✨ Support lettuce 6.5 (#7876 - @amarziali)

Reactor instrumentation

• ✨ Support reactor context span propagation (#7864 - @amarziali)

1.41.2

Components

Build & Tooling

• 🐛 Remove hadoop from the denylist (#7868 - @andrewlock)

1.41.1

Components

Continuous Integration Visibility

• 🐛 Fix automatic coverage includes calculation for headless test sessions (#7809 - @nikita-tkachenko-datadog)
• 🐛 Fix Jacoco coverage exclusion (#7808 - @nikita-tkachenko-datadog)
• 🐛 Fix module name detection for headless sessions (#7807 - @nikita-tkachenko-datadog)
• 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7806 - @nikita-tkachenko-datadog)

Instrumentations

Apache Spark instrumentation

• 🐛 Fix default value for long-running spans with DJM (#7810 - @paul-laffon-dd)

1.41.0

Components

Application Security Management (IAST)

• 🐛 Limit the collections that the iast visitor can handle (#7764 - @manuel-alvarez-alvarez)
• Add taint propagation to the String indent method (#7707 - @Mariovido)
• Add propagation to String strip methods (#7684 - @Mariovido)

Application Security Management (WAF)

• ⚡ Prevent publishing the same usr.id to the WAF twice (#7699 - @manuel-alvarez-alvarez)
• ✨ Ensure 'attempt to replace context value' logs are set to debug (#7698 - @manuel-alvarez-alvarez)
• Add support for waf_timeout tag in telemetry (#7696 - @jandro996)

Build & Tooling

• ✨ Enable Single Step Instrumentation Guardrails (#7568 - @PerfectSlayer)

Continuous Integration Visibility

• Ensure test session trace ID and span ID are the same (#7747 - @nikita-tkachenko-datadog)
• Update bundled Jacoco version (#7736 - @nikita-tkachenko-datadog)
• Revert HTTP client sharing in CI Vis components (#7734 - @nikita-tkachenko-datadog)
• Trace Maven and Gradle build tasks (#7721 - @nikita-tkachenko-datadog)
• Trace setup and teardown operations in JUnit 5 (#7714 - @nikita-tkachenko-datadog)
• Propagate module context from build system process to child JVM processes (#7710 - @nikita-tkachenko-datadog)

Crash tracking

• 🐛 Fix crashtracking log parser (#7697 - @PerfectSlayer)

Data Streams Monitoring

• Add avro schema object extraction (#7712 - @ericfirth)
• ⚡ Improve data streams performance (#7749 - @piochelepiotr)

Dynamic Instrumentation

• 🐛 Fix hoisting local vars for Kotlin code (#7758 - @jpbempel)
• Fix mixed local vars for suspend funs in Kotlin (#7748 - @jpbempel)
• Rename the DebuggerProbe to TriggerProbe (#7737 - @evanchooly)
• 🐛 Fix Where signature (#7735 - @jpbempel)
• Update signatures to match symDB format (#7723 - @evanchooly)
• Update the config parameter name to enable code origin (#7695 - @evanchooly)

Telemetry

• Add support for waf_timeout tag in telemetry (#7696 - @jandro996)

Testing

• Pin pubsub emulator docker version (#7767 - @amarziali)

Tracer core

• Avoid emission of endpoint events for client and producer root spans (#7732 - @richardstartin)
• ✨ Add support for TRACE_HTTP_CLIENT_ERROR_STATUSES (#7694 - @mhlidd)
• ✨ Remove version metadata for non DD_SERVICE spans (#7661 - @mhlidd)

Tracer public API

• ✨ Add support for TRACE_HTTP_SERVER_ERROR_STATUSES (#7716 - @mhlidd)

Instrumentations

Core Java language instrumentation

• Add taint propagation to the String indent method (#7707 - @Mariovido)
• Add propagation to String strip methods (#7684 - @Mariovido)

Eclipse Vert.x instrumentation

• 🐛 Avoid NPE on vertx end advice when parent span is not available (#7775 - @amarziali)

EventBridge instrumentation

• 💡 Inject trace context into EventBridge detail (#7613 - @nhulston)

gRPC instrumentation

• ✨⚠️ Disable grpc client message span by default (#7708 - @amarziali)

JDBC instrumentation

• 🐛 Append comment on MySQL JDB callables (#7742 - @sethsamuel)
• ✨ Add Hikari Pool Name tag (#7672 - @jordan-wong)

Kafka instrumentation

• Support Kafka-clients 3.8+ (#7626 - @nayeem-kamal)

Micronaut instrumentation

• Update Gradle dependencies and support micronaut 4.7.0 (#7759 - @github-actions[bot])

Protocol Buffer instrumentation

• Fix schema tracking for nested messages (#7690 - @piochelepiotr)
• 🐛 Remove dependency on abstract message in schema extractor (#7260 - @piochelepiotr)

Reactor instrumentation

• ✨ Add proper context propagation for reactive streams (#7644 - @amarziali)

All other instrumentations

• 🐛 Finish spans for all handlers for Grizzly http client (#7772 - @amarziali)

1.40.2

Components

Application Security Management (IAST)

• 🐛 Limit the collections that the iast visitor can handle (#7768 - @manuel-alvarez-alvarez)

Continuous Integration Visibility

• Update bundled Jacoco version (#7769 - @nikita-tkachenko-datadog)

Instrumentations

JDBC instrumentation

• 🐛 Append comment on MySQL JDBC callables (#7771 - @sethsamuel )