1.38.0
github-actions
released this
05 Aug 17:35
·
810 commits
to master
since this release
Potentially Breaking Changes
Warning
When setting up the client library using the Single Step Instrumentation feature (SSI), the library will now check the presence of multiple Java Virtual Machine (JVM) agents and won't install it if is not the only one.
This behavior can be disabled by forcing the injection using the DD_INJECT_FORCE
environment variable to TRUE
.
Components
Application Security Management (IAST)
- Improve SSRF detection in apache http client (#7359 - @manuel-alvarez-alvarez)
- Add Untrusted Deserialization vulnerability (#7345 - @Mariovido)
- 🐛 Fix session rewriting false positives (#7323 - @jandro996)
- Create new ranges for vulns to prevent GC issues (#7309 - @manuel-alvarez-alvarez)
- Update URI and URL call sites for precise taint tracking (#7299 - @manuel-alvarez-alvarez)
Application Security Management (WAF)
- ✨ Upgrade to libddwaf 1.19.0 (libddwaf-java 10.1.0) (#7369 - @ValentinZakharov)
- Report telemetry metrics for Exploit Prevention (#7314 - @ValentinZakharov)
- Report span metrics for Exploit Prevention (#7273 - @ValentinZakharov)
- Exploit prevention for SQL injection (blocking support) (#7231 - @ValentinZakharov)
- Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)
- Use three modes for auto user id collection: identification (default), anonymization and disabled (#7135 - @manuel-alvarez-alvarez)
Build & Tooling
- Use unified Gitlab pipeline for APM libraries (#7151 - @randomanderson)
Cloud Workload Security (CWS)
Configuration at Runtime
- Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)
Continuous Integration Visibility
- 🐛 Fix built-in retries tracking in Karate framework (#7379 - @nikita-tkachenko-datadog)
- 🐛 Fix package resolution for non-Java source files (#7356 - @nikita-tkachenko-datadog)
- 🐛 Fix null JvmInfo exception in Maven instrumentation (#7354 - @nikita-tkachenko-datadog)
- 🐛 Fix tracer freeze when CI Visibility is enabled (#7325 - @nikita-tkachenko-datadog)
- 🐛 Fix Gradle v8.9 instrumentation (#7319 - @nikita-tkachenko-datadog)
- ⚡ Optimize per-test code coverage (#7315 - @nikita-tkachenko-datadog)
- Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)
Crash tracking
- Add severity tag to crash upload (#7375 - @jbachorik)
Data Streams Monitoring
- Separate manual & automatic checkpoints when aggregating (#7351 - @piochelepiotr)
- Add pathway propagation for SNS (#7341 - @nayeem-kamal)
- Add tag to differentiate manually created checkpoints (#7331 - @piochelepiotr)
Dynamic Instrumentation
- Add support for
any
/all
(#7346 - @jpbempel) - 🐛 Fix exception thrown for distribution metric (#7344 - @jpbempel)
- Add
Set
support forhasAny
/hasAll
expression (#7340 - @jpbempel) - ✨ Extend
contains
EL expression (#7337 - @jpbempel) - Fix EL function behavior for null values (#7328 - @jpbempel)
- 🐛 Fix
instanceof
as predicate for value expression (#7313 - @jpbempel) - ⚡ Add high rate queue for log template snapshots (#7310 - @jpbempel)
- Fix service version and sanitize tags (#7293 - @ojung)
- Implement debug context propagation to enable live debugging of java applications (#7286 - @evanchooly)
- ⚡ Remove explicit capture of fields (#7282 - @jpbempel)
- ⚡ Move snapshot UUID generation at serialization (#7280 - @jpbempel)
- Serialize restricted collections as regular object (#7274 - @jpbempel)
- Fix mixing log/span decoration probes (#7246 - @jpbempel)
JMX fetch
- Support Websphere JMX admin metrics (#7235 - @amarziali)
Library Injection
- ✨
⚠️ Add lib-injection multiple JVM agents guardrails (#7122 - @PerfectSlayer)
Profiling
- Capture the auto-injection related settings in JFR recording (#7317 - @jbachorik)
- Track JVM RSS in JDK 21+ (#7227 - @MattAlp)
Tracer core
- Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)
- ✨ Add tracer log file to tracer flare when datadog.slf4j.simpleLogger.logFile is NOT defined (#7085 - @cecile75)
Instrumentations
Apache Spark instrumentation
- ✨ Add Parameter to only inject data jobs for particular java commands (#7366 - @paul-laffon-dd)
- Add shutdown hook to finish the spark application trace (#7357 - @paul-laffon-dd)
- Use spark application name when service is set to hadoop (#7294 - @paul-laffon-dd)
AWS SDK instrumentation
- 🐛 Fix parsing of binary datadog headers in SQS (#7324 - @vandonr)
- 🐛 Remove binary
_datadog
attribute if present in JMS SQS instrumentation to avoid crash (#7283 - @vandonr)
GraphQL instrumentation
- 🐛 Fix advices for GraphQl 22+ (#7295 - @amarziali)
Jetty instrumentation
- 💡 Support jetty client 12 (#7305 - @amarziali)
Spring instrumentation
- 🐛 Rollback wrapping of runnables on each schedule for Spring Scheduling (#7290 - @amarziali)