Summary

In this release, dd-trace-go moves from go 1.17 to go 1.18 as the lowest supported Go version.

Application Performance Monitoring (APM) ships various new features, bug fixes, and hardening measures, such as the addition of new tags for database and messaging integrations, middleware registration changes for the Gin example, and the addition of fuzzing and benchmarking for injection and extraction in the tracer. It also includes bug fixes for W3C trace context propagation and better error handling and retry functionality. Other changes include the ability to modify resource names in the Go-Chi integration, tag spans when execution trace is enabled, and more.

Application Security Management (ASM) introduces authenticated user blocking thanks to its new public appsec.SetUser() API, allowing to block requests based on the authenticated user ID. This change also affects the previously released user login events, where appsec.TrackUserLoginSuccessEvent() is now also able to block the given user.

Changes

General

• README: Clarify Legacy Go Compilation Guarantees by @felixge in #1721
• all: Move to 1.18 for lowest supported version by @ajgajg1134 in #1709
• sci: add git metadata from artifacts support by @sashacmc in #1646

Application Performance Monitoring (APM)

• contrib/go-chi/chi.v5: add an option to modify the resource name by @kpurdon in #1615
• contrib: add db.system tag for all db integrations by @rarguelloF in #1711
• contrib: adds 'messaging.system' tag by @zhamza99 in #1697
• ddtrace/tracer: Add fuzzing and benchmarking for injection and extraction by @lievan in #1704
• ddtrace/tracer: add usr.id span tag even with propagation by @Julio-Guerra in #1702
• ddtrace/tracer: enable trace writer to optionally retry on failure. by @purple4reina in #1636
• ddtrace/tracer: replace Windows path characters in fake UDS host by @nsrip-dd in #1713
• ddtrace/tracer: update origin substitution in composeTracestate by @lievan in #1694

Application Security Management (ASM)

• internal/appsec: request blocking based on user ID by @Hellzy in #1706
• internal/appsec: update security rules to v1.5.1 by @Hellzy in #1750

Fixes & Improvements

General

• internal/telemetry: uniformize language name with other ways it's reported by @paullegranddc in #1692

Application Performance Monitoring (APM)

• Rename partition tag from kafka integrations to follow unified naming conventions by @rarguelloF in #1684
• contrib/gin-gonic/gin/example: middleware must be registered before registering routes by @maxday in #1698
• contrib/miekg/dns: fix span kind for dns server traces by @rarguelloF in #1696
• contrib/net/http: Add an example for wrap client by @ajgajg1134 in #1695
• ddtrace/tracer: fix UDS/http url configuration and error messages by @knusbaum in #1604
• ddtrace/tracer/textmap: always extract baggage when using w3c for compatability by @ajgajg1134 in #1759
• tracer: small refactor for single span sampling by @katiehockman in #1718

Application Security Monitoring (ASM)

• contrib/echo: fix status code reporting when blocking users by @Hellzy in #1757
• contrib/echo: wrap appsec error in echo.HTTPError by @Hellzy in #1744
• contrib: stop caching appsec.Enabled() value for gin/echo by @Hellzy in #1732

New Contributors 🎉

• @paullegranddc made their first contribution in #1692
• @sashacmc made their first contribution in #1646
• @kpurdon made their first contribution in #1615
• @purple4reina made their first contribution in #1636

Full Changelog: v1.47.0...v1.48.0