Releases: DataDog/dd-trace-java
Releases · DataDog/dd-trace-java
0.114.0
Breaking Changes
- Do not collect http.client_ip and IP forwarding headers in tags by default #4038
Previous releases collected client IP in the http.client_ip tag, as well as X-Forwarded-For (and similar) headers. This behavior is now disabled by default. It is always enabled for users who enable ASM (DD_APPSEC_ENABLED=true) or for any user by setting DD_TRACE_CLIENT_IP_ENABLED=true or the system property -Ddd.trace.client-ip.enabled=true.
Changes
Profiling
- Always invoke scope listeners #4109
- Replace async-profiler context tracker with async-profiler scope listener #4096
- Ignore netty resource leak monitoring in exception profiling #4089
- Add span context to exception samples #4085
- Bump async-profiler to 20221024_1 #4082
- Add asyncprofiler configuration settings (loglevel, toggle thread filtering) #4074
- Emit a profiler settings event with perf_events_paranoid setting #4069
- Register ContextThreadListener earlier to capture all tracing interactions #4063
- Do not throw exception on systems not supported by async-profiler #4061
- Upgrade async-profiler, simplify tracing context filtering #4044
AppSec
- Fix fallback for empty dd.appsec.enabled/DD_APPSEC_ENABLED #4075
Remote Config
- Do not log exceptions when remote config returns 404 #4087
- Make remote config quiet until endpoint is discovered #4078
- Delay feature discovery in configuration poller #4042
- Sanitize env version in remote config request #4025
Miscellaneous
- Upgrade to dogstatsd v4.1.0 #4101
Fixes
0.113.0
Improvements
Changes
AppSec
- Fix ASM 1-click de-activation #4040
Profiling
- Enable/disable profiler events with ergonomic flags #4041
- Add config knob for collapsing wallclock samples #4028
- Disable
jdk.ClassLoaderStatisticsunless running on JDK17 or later #4026
Telemetry
- Improved loading Telemetry (reduce startup time) #4029
Miscelaneous
- Add slf4j REQUESTED_API_VERSION check to satisfy GraalVM's static analysis #4032
Fixes
0.112.0
Changes
AppSec
Debugger
- Fixed issue with Datadog instrumentations #4005
Integrations
- Instrument JBoss Modules to relax visibility rules during transform requests #3896
- Avoid potential ClassNotFoundException when using resteasy-spring in modular environments #3890
Profiling
- Updated async-profiler to 20221010 #4009
0.111.0
Improvements
Changes
Core
- JSON Trace Sampling Rules #3876
Integrations
- [Aws-sdk] Populate epoch timestamp part of
X-Amzn-Trace-Idtracing header #3955
Metrics
- [Metrics] Improve tracer stats behavior #3946
Performance
- Type parsing: avoid creating annotation ArrayLists that will never get populated #3994
- Reduce allocation when matching types with no annotations #3984
Profiling
Debugger
Fixes
AppSec
- Fix IP blocking (added default AppSec action) #3967
0.110.0
Improvements
Changes
Core
- Byte-buddy 1.12.17 #3902
Integrations
- Move ShutdownHelper to agent-bootstrap… #3913
- Add defensive check to Netty 3.8 advice in case future.getChannel() is null #3901
- Simplify OSGi helper to only check the first-level of bundle wiring #3899
- Split AWS SQS receive request instrumentation #3889
- Update Servlet2 "sendError" matcher to reflect expectations in its advice #3888
Appsec
- Implement blocking servlet/tomcat/jetty #3701
- Updated AppSec WAF to 1.5.1 #3943
- Updated AppSec rules (v1.4.1) #3931
CIAPP
- Fix NPE on Cucumber JUnit4 tests #3930
Debugger
- Add support conditions for duplicated probes #3858
Performance
- Track instrumentation state #3939
Profiling
- Disable async-profiler except on Linux #3918
Remote config
- Remote config improvements (signature verification, report errors, send capabilities) #3832
0.109.1
0.109.0
Changes
Core
- Skip dropped upstream_services tag value validation #3794
Integrations
- Add missing argument constraint to ThreadPoolExecutorInstrumentation.execute #3844
- Added v3 class names for MariaDB Connector/J #3799
- Introduced GraphQL integration #3703
- Record storage class for S3 PutObject requests #3835
Performance
- Avoid these
Instrumenteranonymous inner classes… #3860 - Simplify Muzzle side-classes to make them easier to unload... #3854
- Separate optimising class-loader matchers from required matchers #3802
- Rework context store injection #3797
- Simplify Throwable instrumentation as its target is a known-type #3796
- Introduce class loader masks #3789
- Turn off URL connection cache when locating class resources… #3843
Profiling
- Disabled
jdk.ExceptionStatisticsevent which can be confusing #3882 - Added direct allocation profiling #3817
- Upload profile on JVM exit #3763
AppSec
- Updated AppSec rules (v1.4.0) #3841
- Updated AppSec WAF to 1.5.0 #3795
- Apply AppSec instrumentation if remote config is enabled #3642
Debugger
- Rename debugger config properties #3839
IAST
0.108.2
Fixes
- [Security] Upgrade snakeyaml to 1.32 to mitigate CVE-2022-38752 #3840
- [Security] Exclude jcommander to avoid vulnerable dependencies #3698
0.108.1
5d2b67b
This commit was signed with the committer’s verified signature.
bantonsson
Björn Antonsson
Fixes
- [Security] Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857 #3791
0.108.0
Improvements
Integrations
- Couchbase Client 3.1+ support #3625
Changes
Core
- Handle invalid URL at HTTP client creation #3775
- Introduce a hard limit for in-flight spans with tracked context #3759
- Allow some tags to not be used for pathway hash computations #3752
- Implemented dependency detection for multi-pom fat jars #3776