Summary
Application Security Management (ASM) now provides an In-App WAF (Web Application Firewall) which allows you to block suspicious HTTP requests based on your security rules. The main difference with a classic WAF comes from the fact we leverage the full run-time application context and not only the raw wire-format HTTP protocol payloads (eg. the actual Go values parsed from the raw HTTP request). This release also allows you to remotely configure your ASM configuration on the fly, without redeploying your Go services. This makes it possible to customize the In-App WAF rules to apply to each of your services and configure them in blocking mode. You can read more about our new In-App WAF feature in our documentation, and check out the new In-App WAF configuration page.
Application Performance Monitoring (APM) has added several new larger features: support for 128-bit trace IDs, as well as an Open Telemetry compatible tracer provider API. Note this wrapper is a "beta" feature, it may contain bugs and is not recommended for production use yet.
Changes
Breaking changes
- bump k8s.io/client-go from v0.17.0 to v0.23.17 by @ahmed-mez in #1886
General
- go.mod: upgrade gorm.io/driver/postgres to resolve downstream vuln by @ajgajg1134 in #1865
- contrib: upgrade labstack/echo/v4 from v4.2.0 to v4.9.0 by @ahmed-mez in #1891
- contrib: upgrade emicklei/go-restful to v2.16.0 by @ahmed-mez in #1885
- internal/telemetry: collect telemetry info for gorilla/mux integration by @lievan in #1861
Application Performance Monitoring (APM)
- tracer: support 128-bit trace ids by @katiehockman in #1833
- tracer/option: Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection by @ajgajg1134 in #1857
- tracer: add debug log for finished spans by @ahmed-mez in #1877
- tracer: merge support for OTel API by @dianashevchenko in #1839
- contrib/go-redis: add redis db index tag by @rarguelloF in #1755
- contrib/kafka: use naming schema by @rarguelloF in #1827
- contrib: implement mandatory rpc tags by @rarguelloF in #1768
- contrib: load telemetry info for all integrations by @lievan in #1882
- contrib/hashicorp/consul: use naming schema by @rarguelloF in #1821
- contrib/hashicorp/vault: use naming schema by @rarguelloF in #1868
- contrib/database/sql: add WithIgnoreQueryTypes option by @daisuzu in #1823
- contrib/database/sql: use naming schema by @rarguelloF in #1895
- contrib/go-redis/redis.v8: Add example for ClusterClient by @ajgajg1134 in #1864
- contrib/google.golang.org/grpc: Add WithMetadataTags & WithRequestTags to stream interceptor by @radykal-com in #1632
- contrib/gorm.io/gorm.v1: add tracing of raw queries by @NicklasWallgren in #1593
- contrib/elasticsearch: use naming schema by @rarguelloF in #1897
- contrib/bradfitz/gomemcache/memcache: use naming schema by @rarguelloF in #1820
- internal/gitmetadata: Log unknown VCS as debug to reduce confusion by @ajgajg1134 in #1875
- internal/namingschema: add package for selecting and working with the naming schema by @rarguelloF in #1819
Application Security Management (ASM)
- appsec: add blocking SDK body operation (#1901) by @eliottness in #1917
- appsec: suspicious request blocking by @Hellzy in #1797
- internal/appsec: add server.request.method address by @eliottness in #1893
- internal/appsec: update security rules to v1.6.0 by @Julio-Guerra in #1862
- internal/appsec/dyngo: atomic instrumentation swapping by @Julio-Guerra in #1873
New Contributors
- @radykal-com made their first contribution in #1632
- @NicklasWallgren made their first contribution in #1593
- @zekth made their first contribution in #1890
- @daisuzu made their first contribution in #1823
Full Changelog: v1.49.1...v1.50.0