Releases: DataDog/dd-trace-java
1.45.0
Breaking changes
Warning
Support for custom scope manager using OpenTelemetry tracer artifact (dd-trace-ot
) is dropped.
Tracing with OpenTracing API and custom scope manager will continue to work on 1.44.x releases.
Components
Application Security Management (IAST)
- ✨ Add propagation to URI#toURL method (#8146 - @manuel-alvarez-alvarez)
- ✨ Increase IAST propagation to StringBuilder setLength (#8119 - @Mariovido)
- ✨ Increase IAST propagation to StringBuffer append (#8082 - @Mariovido)
- ✨ Handle IAST security controls custom validation and sanitization methods (#7997 - @jandro996)
Application Security Management (WAF)
- ✨ Update user lifecycle tracking to V3 (#8108 - @manuel-alvarez-alvarez)
- ✨ Exploit prevention for Shell Injection / Command Injection (#7615 - @jandro996)
Build & Tooling
- 💡 Support instrumentation of repackaged libraries (#8153 - @mcculls)
- ✨ Configure native image build setting for JDK-22 based GraalVM (#8092 - @MattAlp)
Database Monitoring
- ✨ Add full APM/DBM mode for Oracle (#8090 - @nenadnoveljic)
Dynamic Instrumentation
- 🐛 make local var hoisting disabled by default (#8158 - @jpbempel)
- 🐛 Fix var hoisting issue when no previous store (#8122 - @jpbempel)
- ✨ Only decorate spans without code origin information (#8105 - @evanchooly)
- 🐛 Fix suspend Kotlin methods instrumentation (#8080 - @jpbempel)
- 🐛 Fix class file version detection (#8057 - @jpbempel)
GraalVM native-image
ML Observability (LLMObs)
- ✨🧪 Add LLMObs configuration (#8076 - @gary-huang)
Metrics
- Bump integrations-core submodule to 7.60.0 (#8098 - @mcculls)
- Upgrade to java-dogstatsd-client v4.4.3 (#8096 - @mcculls)
OpenTracing
⚠️ 🧹 Remove custom scope manager support (#8164 - @PerfectSlayer)
Telemetry
- ✨ Retry telemetry requests if CI Visibility is enabled (#8147 - @nikita-tkachenko-datadog)
- ✨ Add configurable Dependency service resolution period (#8079 - @jandro996)
Testing
Tracer core
- ✨ Defer remote components to avoid OkHttp class-loading side-effects (#8131 - @mcculls)
- ✨ Improve Context API null handling and Javadoc (#8129 - @PerfectSlayer)
- 🐛⚡ Avoid performing blocking I/O operation on application thread (#8120 - @mcculls)
- 💡 Introduce a shared context component, independent of tracing (#8117 - @mcculls)
- ✨ Improves ServiceNameCollector (#8109 - @amarziali)
- Upgrade to ASM 9.7.1 (adds new constant for Java 24) (#8097 - @mcculls)
- 🐛 Dynamically evaluate service name for message consumers (#8088 - @amarziali)
Serverless
- 🐛 Add avoid double instrumenting lambda non-streaming handlers. (#8073 - @purple4reina)
Instrumentations
AWS SDK instrumentation
Eclipse Vert.x instrumentation
JDBC instrumentation
- ✨ Add full APM/DBM mode for Oracle (#8090 - @nenadnoveljic)
Jetty instrumentation
- 🐛 Ensure jetty 12 has servlet.path starting with / (#8093 - @github-actions[bot])
JMS instrumentation
- 🧹 Re-use
javax
JMS module forjakarta
namespace (#8155 - @mcculls) - 🧹 Group
javax.jms
instrumentations under a single module (#8154 - @mcculls)
Reactor instrumentation
- 🐛 Reactor: early propagate span in context when subscribing (#8166 - @amarziali)
1.44.1
Components
Continuous Integration Visibility
- 🐛 Fix tracing JUnit5 tests in Maven projects with multiple forks (#8089 - @nikita-tkachenko-datadog)
1.44.0
Known Issues
Warning
This release contains a known issue that causes failures when using Test Optimization to trace JUnit 5 tests in a Maven project where Maven Surefire is configured with forkCount
> 1.
The issue is fixed in v1.44.1
Breaking Changes
Warning
Support for X-Forwarded
header is dropped from default client IP resolution.
It can still be re-activated using the dd.trace.client-ip-header=x-forwarded
system property, or the DD_TRACE_CLIENT_IP_HEADER=x-forwarded
environment variable. See #7946.
Components
Application Security Management (IAST)
- ✨ Set unexpected IAST exceptions to debug log level (#8044 - @smola)
- ✨ Increase IAST propagation to StringBuffer subSequence (#8038 - @Mariovido)
- ✨ Increase IAST propagation to StringBuilder subSequence (#8026 - @Mariovido)
- ✨ Add IAST propagation to String valueOf (#8013 - @Mariovido)
- ✨ Increase IAST propagation to StringBuilder append (#8010 - @Mariovido)
- ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 (#7920 - @Mariovido)
Build & Tooling
- ✨ Generate Muzzle classes for Groovy instrumentations (#8004 - @nikita-tkachenko-datadog)
Continuous Integration Visibility
- ✨ Support distributed traces in tests (#8078 - @nikita-tkachenko-datadog)
- ✨ Implement fail-fast tests ordering for JUnit 5 (#8055 - @nikita-tkachenko-datadog)
- ✨ Mark JUnit 5 setup and teardown action spans as failed if there is an error (#8033 - @nikita-tkachenko-datadog)
- ✨ Add tracing of setup and teardown actions in JUnit 4 (#8030 - @daniel-mohedano)
Crash tracking
- ✨ Improve crash tracking install logging (#8045 - @PerfectSlayer)
Data Streams Monitoring
- 🐛 Add Data Streams support in AWS SQS without raw message delivery (#8071 - @piochelepiotr)
- ✨ Add new tag for enabled products / features to DSM checkpoints (#8051 - @kr-igor)
- 💡 Instrument self hosted Kafka connectors (#7959 - @piochelepiotr)
Dynamic Instrumentation
- ✨ Add Micronaut 4 support for code origin for spans (#8039 - @jpbempel)
- ✨ Refactor probe matching for methods (#8021 - @jpbempel)
- ✨ Update the CodeOriginProbe fingerprint to not rely on a stack walk (#8016 - @evanchooly)
- ✨ Implement code origin support for grpc server entry spans (#7942 - @evanchooly)
GraalVM native-image
- 🐛 Update Graal build-time instrumentation config for TracePropagationStyle (#8065 - @MattAlp)
- 🐛 Fix NoClassDefFoundError: Could not initialize class DDSpanLink$EncoderHolder in Graal native-image (#8036 - @mcculls)
- 🐛🧹 Fix native-image generation of reactive applications (#8012 - @mcculls)
OpenTracing
- 🧹 Custom ScopeManagers are deprecated and will be removed in a future release of dd-trace-ot (#8058 - @mcculls)
Tracer core
- ✨🧪 Service naming: split by jee deployment (#8064 - @amarziali)
- ✨ Exclude jboss mdb proxies from instrumenting (#8061 - @amarziali)
- ✨ Add a built-in trace interceptor for keeping traces depending of their latency (#8040 - @cecile75)
- 💡 Introduce marker mechanism for eagerly initializing helpers (#8028 - @mcculls)
- 💡 Add JSON component (#7973 - @PerfectSlayer)
- ✨
⚠️ Remove support for X-Forwarded in client IP resolution (#7946 - @smola)
Instrumentations
Apache HttpComponents
- ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 (#7920 - @Mariovido)
gRPC instrumentation
- 🐛 Use lower priorities for grpc server errors (#8043 - @amarziali)
JDBC instrumentation
- ✨ Add trace injection for prepared statements in Postgres (#7940 - @nenadnoveljic)
JMS instrumentation
- 🐛 Protect mdb from instrumenting multiple time the same event (#8062 - @amarziali)
Kafka instrumentation
- 💡 Instrument self hosted Kafka connectors (#7959 - @piochelepiotr)
OpenTelemetry instrumentation
Reactor instrumentation
Spring instrumentation
- 🐛 Avoid double instrumenting lambdas on latest spring scheduling (#8005 - @amarziali)
All other instrumentations
- 🐛 Twilio: allow service name flattening (#8025 - @amarziali)
- ✨ Instrument Mulesoft 4.5.0+ (#7981 - @amarziali)
1.43.0
Components
Application Security Management (IAST)
- ✨ Add propagation to StringBuffer substring methods (#7992 - @Mariovido)
- 🐛 Fix issue with call sites in super calls to constructor (#7991 - @manuel-alvarez-alvarez)
- ✨ Add propagation to StringBuilder substring methods (#7980 - @Mariovido)
- 🐛 Reset IAST request context on root span published (#7969 - @manuel-alvarez-alvarez)
- ✨ Add propagation to String constructors with StringBuffer and StringBuilder (#7966 - @Mariovido)
- 🐛 Do not reset IAST concurrent request counter (#7963 - @smola)
- ✨ Exclude spark web from vulnerability locations (#7939 - @smola)
- 🐛 Exclude dev.failsafe from IAST instrumentation (#7938 - @smola)
- ✨ Exclude okio from vulnerability locations (#7937 - @smola)
- ✨ Expand SSRF support in IAST to java.net.http.HttpClient (#7877 - @Mariovido)
- Fix stack trace inconsistency between excluded frames in vulnerability location and metastruct stack trace (#7865 - @jandro996)
- ✨🧪 Add experimental taint propagation to the String replace, replaceFirst, replaceAll methods (#7741 - @Mariovido)
Application Security Management (WAF)
- Upgrade to libddwaf 1.21.0 (libddwaf-java 11.2.0) (#7993 - @ValentinZakharov)
- Updated ASM rules to 1.13.3 (#7976 - @ValentinZakharov)
- ✨ Prevent spans from having login success and failure events simultaneously (#7918 - @manuel-alvarez-alvarez)
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
- Extend support for SSRF in exploit prevention (#7376 - @jandro996)
Build & Tooling
- ✨ Add JMXFetch to SSI Guardrails denylist (#7970 - @PerfectSlayer)
- 🐛 Remove SSI guardrails entries for hbase and hive (#7916 - @PerfectSlayer)
Continuous Integration Visibility
- 🐛 Instrument Gradle Launcher to avoid overwriting org.gradle.jvmargs property (#8001 - @nikita-tkachenko-datadog)
- Add source line tags to test suites (#7964 - @daniel-mohedano)
Crash tracking
- 🐛 Improve crashtracking support for older Bash versions (#7956 - @PerfectSlayer)
- ✨ Adjust crash upload timeout (#7905 - @dougqh)
- ✨ Use telemetry 'is_sensitive' attribute instead of redacting the crash stacktrace (#7899 - @jbachorik)
Data Streams Monitoring
Dynamic Instrumentation
- 🐛 Fix integer json parsing probe definition (#7957 - @jpbempel)
- 🐛 Fix NullPointerException Extracting Class symbols (#7934 - @jpbempel)
- ✨ Avoid duplicate class symbol extraction (#7919 - @jpbempel)
- Add outer exceptions support for Exception Replay (#7897 - @jpbempel)
- 🐛 Fix memory leak in Exception Replay (#7885 - @jpbempel)
- ✨ Consult the environment variable when setting the max users frames in code origin probes (#7881 - @evanchooly)
JMX fetch
- 🐛 Bump JMXFetch to 0.49.6 (#7927 - @carlosroman)
Profiling
- ✨ Common temporary location manager for profiling product (#7971 - @jbachorik)
- 🐛✨ Standardize some of the profiler sampling frequencies (#7961 - @MattAlp)
- ✨ enable SystemGC events (#7921 - @richardstartin)
- 🐛 Bump ddprof to 1.17.0 (#7915 - @jbachorik)
- ✨ paranoid exception handling when setting profiling thread context (#7903 - @richardstartin)
Telemetry
- ✨ Collect git metadata for telemetry (#7951 - @jpbempel)
- ✨ Fix dependency collection for new Spring Boot nested jars (#7931 - @smola)
Trace context propagation
- 🐛 Fix baggages mapping configuration when only keys are provided (#7972 - @cecile75)
- ✨ Updating Span Link creation due to header tag propagations for invalid spans (#7799 - @mhlidd)
Instrumentations
AWS Lambda instrumentation
AWS SDK instrumentation
Jetty instrumentation
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
Kafka instrumentation
- 🐛 Reenable kafka 3.8 by default (#8007 - @nayeem-kamal)
- 🐛 Avoid double instrumentation of kafka-clients 3.8+ (#8006 - @mcculls)
- 🐛 Fix Kafka lag instrumentation for version 2.7 of Kafka (#7941 - @piochelepiotr)
Netty instrumentation
- 🐛 Finish netty span when request is cancelled (#7900 - @amarziali)
Reactor instrumentation
- 📖 Add reactor samples and doc (#7906 - @amarziali)
- 🐛 Protect currentContext access for reactor inner operators (#7883 - @amarziali)
1.42.2
Components
Build & Tooling
- 🐛 Remove SSI guardrails entries for hbase and hive (#7935 - @PerfectSlayer)
JMX fetch
- 🐛 Bump JMXFetch to 0.49.6 (#7936 - @amarziali)
Instrumentations
Jetty instrumentation
1.42.1
Potentially Breaking Changes
Warning
There is a known issue with Kafka instrumentation that causes double tracing. As a result, Kafka 3.8+ is disabled by default until the double tracing issue is resolved.
Components
Dynamic Instrumentation
Profiling
- 🐛 Bump ddprof to 1.17.0 (#7917 - @jbachorik)
- Crash handler registration does not work correctly by @jbachorik in DataDog/java-profiler#150
Instrumentations
AWS SDK instrumentation
Kafka instrumentation
Reactor instrumentation
- 🐛 Protect currentContext access for reactor inner operators (#7895 - @amarziali)
1.42.0
Known Issues
This release contains a critical bug that may cause intermittent crashes when using profiler.
To avoid this bug you can either upgrade to v1.42.1
, revert to v1.41.2
, or:
- To greatly reduce the chance of crash, disable native stack collection via
-Ddd.profilng.ddprof.cstack=no
- To completely eliminate the chance of crash, turn off Datadog Java profiler via
-Ddd.profiling.ddprof.enabled=false
and use only JFR, when available
Components
Application Security Management (IAST)
- Limit the visiting of objects for Trust Boundary Violation (#7847 - @manuel-alvarez-alvarez)
- 🐛 Update header injection exclusions (reduce false positives) (#7821 - @manuel-alvarez-alvarez)
- 🐛 Ensure vulnerabilities are reported with taintable values (#7801 - @manuel-alvarez-alvarez)
- Move SSRF support for IAST to HttpClientDecorator (#7792 - @Mariovido)
- 🐛 Fix String subsequence taint tracking bug (#7778 - @jandro996)
- Attach stacktrace to IAST vulnerabilities (#7757 - @jandro996)
Application Security Management (WAF)
- Update ASM rules to 1.13.2 (#7844 - @ValentinZakharov)
- Update ASM rules to 1.13.1 (#7831 - @ValentinZakharov)
- ✨ Upgrade to libddwaf 1.20.1 (libddwaf-java 11.1.0) (#7828 - @ValentinZakharov)
- Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)
Build & Tooling
- Remove hadoop from the denylist (#7866 - @andrewlock)
Configuration at Runtime
- 🐛 Fix remote config update operation (#7856 - @ValentinZakharov)
- ✨🔍 Fix relying on configId for remote config log level tracer flare change (#7788 - @cecile75)
Continuous Integration Visibility
- Add codeowners tag to test suites (#7861 - @daniel-mohedano)
- 🐛 Fix skippable tests request in headless mode (#7860 - @nikita-tkachenko-datadog)
- 🐛 Fix code coverage percentage reporting for Android projects (#7815 - @nikita-tkachenko-datadog)
- Lower log level for duplicate repo index keys warning (#7814 - @nikita-tkachenko-datadog)
- 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7793 - @nikita-tkachenko-datadog)
- 🐛 Fix automatic coverage includes calculation for headless test sessions (#7784 - @nikita-tkachenko-datadog)
- 🐛 Fix Jacoco coverage exclusion (#7783 - @nikita-tkachenko-datadog)
- 🐛 Fix module name detection for headless sessions (#7779 - @nikita-tkachenko-datadog)
Database Monitoring
- Add _dd.dbm_trace_injected tag to SQL Server prepared statements (#7863 - @nenadnoveljic)
- Add DBM_TRACE_INJECTED tag to SQL Server (#7849 - @nenadnoveljic)
Dynamic Instrumentation
- Make SymDB upload enabled by default for DI (#7869 - @jpbempel)
- Fix
Where
conversion for CodeOrigin probes (#7858 - @jpbempel) - Add compression support for SymDB paylods (#7851 - @jpbempel)
- Split SymDB payload when too large (#7838 - @jpbempel)
- Add retry policy for uploading requests to agent (#7824 - @jpbempel)
- ⚡ Avoid exception when capturing fields in jdk16+ (#7774 - @jpbempel)
JMX fetch
- Bump JMXFetch to 0.49.5 (#7853 - @carlosroman)
Profiling
- Do not force-disable TLAB allocation events on JDK 8 (#7878 - @jbachorik)
- Bump ddprof to 1.16.0 (#7871 - @jbachorik)
- Improve robustness of the crash signal handler by @jbachorik in DataDog/java-profiler#134
- Remove a looping allocation when updating threads by @r1viollet in DataDog/java-profiler#135
- Add a fail-safe when we encounter double-exit from crash handler by @jbachorik in DataDog/java-profiler#138
- Crash handler recursion protection - Fix by @r1viollet in DataDog/java-profiler#139
- Split java version to 'java version' and 'hotspot version' by @jbachorik in DataDog/java-profiler#142
- Do not patch jmethodIDs for newer than JDK 8 by @jbachorik in DataDog/java-profiler#148
- Delay queue time rate limiting until event is committed (#7867 - @richardstartin)
- 🐛 Apply rate limit to queue events (#7823 - @richardstartin)
- Unwrap netty writetask (#7822 - @richardstartin)
- ✨⚡ Introduce aggregated smap events (enabled by default) (#7820 - @MattAlp)
Telemetry
Tracer core
- 🐛 Prevent NPE setting null span baggage (#7848 - @PerfectSlayer)
- Widen catch blocks to make agent discovery more tolerant (#7796 - @mcculls)
- Fall back to ports when we cannot use auto-discovered unix domain sockets (#7794 - @mcculls)
- Improve isolation of embedded JFFI dependency (#7789 - @mcculls)
- ✨ Support DD_TRACE_<INTEGRATION>_ENABLED (#7718 - @mtoffl01)
- ✨
⚠️ Add support forTRACE_HTTP_CLIENT_TAG_QUERY_STRING
and change default value ofHTTP_CLIENT_TAG_QUERY_STRING
totrue
(#7677 - @mhlidd) - Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)
Instrumentations
Apache Spark instrumentation
- 🐛 Fix default value for long-running spans with DJM (#7795 - @paul-laffon-dd)
- Support for kafka lag metrics in spark streaming applications (#7474 - @kr-igor)
AWS SDK instrumentation
JAX-WS instrumentation
- Add Jakarta WebService Instrumentation (#7854 - @jordan-wong)
JDBC instrumentation
- 🐛 Avoid metadata access in driver connect advice for Oracle sharded connections (#7812 - @mcculls)
- 🐛 Do not parse DBInfo when no connection (#7800 - @amarziali)
Kafka instrumentation
- Enabled kafka-clients 3.8+ by default (#7818 - @nayeem-kamal)
Lettuce instrumentation
- ✨ Support lettuce 6.5 (#7876 - @amarziali)
Reactor instrumentation
- ✨ Support reactor context span propagation (#7864 - @amarziali)
1.41.2
1.41.1
Components
Continuous Integration Visibility
- 🐛 Fix automatic coverage includes calculation for headless test sessions (#7809 - @nikita-tkachenko-datadog)
- 🐛 Fix Jacoco coverage exclusion (#7808 - @nikita-tkachenko-datadog)
- 🐛 Fix module name detection for headless sessions (#7807 - @nikita-tkachenko-datadog)
- 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7806 - @nikita-tkachenko-datadog)
Instrumentations
Apache Spark instrumentation
- 🐛 Fix default value for long-running spans with DJM (#7810 - @paul-laffon-dd)
1.41.0
Components
Application Security Management (IAST)
- 🐛 Limit the collections that the iast visitor can handle (#7764 - @manuel-alvarez-alvarez)
- Add taint propagation to the String indent method (#7707 - @Mariovido)
- Add propagation to String strip methods (#7684 - @Mariovido)
Application Security Management (WAF)
- ⚡ Prevent publishing the same usr.id to the WAF twice (#7699 - @manuel-alvarez-alvarez)
- ✨ Ensure 'attempt to replace context value' logs are set to debug (#7698 - @manuel-alvarez-alvarez)
- Add support for
waf_timeout
tag in telemetry (#7696 - @jandro996)
Build & Tooling
- ✨ Enable Single Step Instrumentation Guardrails (#7568 - @PerfectSlayer)
Continuous Integration Visibility
- Ensure test session trace ID and span ID are the same (#7747 - @nikita-tkachenko-datadog)
- Update bundled Jacoco version (#7736 - @nikita-tkachenko-datadog)
- Revert HTTP client sharing in CI Vis components (#7734 - @nikita-tkachenko-datadog)
- Trace Maven and Gradle build tasks (#7721 - @nikita-tkachenko-datadog)
- Trace setup and teardown operations in JUnit 5 (#7714 - @nikita-tkachenko-datadog)
- Propagate module context from build system process to child JVM processes (#7710 - @nikita-tkachenko-datadog)
Crash tracking
- 🐛 Fix crashtracking log parser (#7697 - @PerfectSlayer)
Data Streams Monitoring
- Add avro schema object extraction (#7712 - @ericfirth)
- ⚡ Improve data streams performance (#7749 - @piochelepiotr)
Dynamic Instrumentation
- 🐛 Fix hoisting local vars for Kotlin code (#7758 - @jpbempel)
- Fix mixed local vars for suspend funs in Kotlin (#7748 - @jpbempel)
- Rename the DebuggerProbe to TriggerProbe (#7737 - @evanchooly)
- 🐛 Fix Where signature (#7735 - @jpbempel)
- Update signatures to match symDB format (#7723 - @evanchooly)
- Update the config parameter name to enable code origin (#7695 - @evanchooly)
Telemetry
- Add support for
waf_timeout
tag in telemetry (#7696 - @jandro996)
Testing
- Pin pubsub emulator docker version (#7767 - @amarziali)
Tracer core
- Avoid emission of endpoint events for client and producer root spans (#7732 - @richardstartin)
- ✨ Add support for
TRACE_HTTP_CLIENT_ERROR_STATUSES
(#7694 - @mhlidd) - ✨ Remove
version
metadata for nonDD_SERVICE
spans (#7661 - @mhlidd)
Tracer public API
Instrumentations
Core Java language instrumentation
- Add taint propagation to the String indent method (#7707 - @Mariovido)
- Add propagation to String strip methods (#7684 - @Mariovido)
Eclipse Vert.x instrumentation
- 🐛 Avoid NPE on vertx end advice when parent span is not available (#7775 - @amarziali)
EventBridge instrumentation
gRPC instrumentation
- ✨
⚠️ Disable grpc client message span by default (#7708 - @amarziali)
JDBC instrumentation
- 🐛 Append comment on MySQL JDB callables (#7742 - @sethsamuel)
- ✨ Add Hikari Pool Name tag (#7672 - @jordan-wong)
Kafka instrumentation
- Support Kafka-clients 3.8+ (#7626 - @nayeem-kamal)
Micronaut instrumentation
- Update Gradle dependencies and support micronaut 4.7.0 (#7759 - @github-actions[bot])
Protocol Buffer instrumentation
- Fix schema tracking for nested messages (#7690 - @piochelepiotr)
- 🐛 Remove dependency on abstract message in schema extractor (#7260 - @piochelepiotr)
Reactor instrumentation
- ✨ Add proper context propagation for reactive streams (#7644 - @amarziali)
All other instrumentations
- 🐛 Finish spans for all handlers for Grizzly http client (#7772 - @amarziali)