Changes

Core

• Avoid calling ClassLoader.getParent() once we've found a class resource #5414
• Add dynamic config smoke test #5360
• Wait for traces to be published before exiting if CI Visibility is enabled #5377
• [Telemetry] Support app_client_configuration_change telemetry event #5335
• Apply any dynamically overridden header-tags to response headers as well #5349
• [Remote-config] Apply APM tracing overrides from remote-config #5327

Integrations

• [Elasticsearch/Opensearch] Add feature-flag to control tagging of search request body/parameters #5423
• [Elasticsearch/Opensearch] Include search body in spans #5273
• Couchbase 3.x: extract seed nodes info #5104
• [Apache-spark] [Spark] Separate the error stack trace from the error message #5256
• Handle when Servlet3 AsyncEvent was initialized without any ServletRequest #5373
• [Jms] Reset oldest capture time on JMS message-ack #5319
• [Apache-spark] [Spark] Compute available executor time per stage #5310

Profiling

• Add tag to local root span to indicate whether profiling is enabled #5395
• Update the live heap profiling config keys #5380
• Enable contextual allocation profiler by default #5378
• Get stack depth from Throwable stackTrace to avoid copy #5362
• Use Datadog profiler on Oracle JDK8u361+ #5351
• Change JFR event config defaults #5331
• Upgrade ddprof 0.49.0, disable on OpenJDK8/aarch64 #5374

Debugger

• Fix null values for lists or maps #5389
• Fix this duplicate serialization in snapshot #5379
• Introduced separate global rate limiter for logs #5348
• Fix mixing global and per probe rate limiting #5332
• Avoid having infinite recursive loop serialization #5321
• Fix handling of local variable table #5306
• Fix NullPointerException in map/list serialization #5309
• Fix Collection/Map serialization #5318

Native Image

• Enable reloading of Config in Quarkus Native #5394
• Minor fixes for Quarkus Native #5384

Application Security Management (ASM)

• [IAST] Unvalidated redirect vertx-3.4 #5352
• [IAST] Fix request tainted metric and simplify code #5347
• [IAST] IAST no HttpOnly cookie vulnerability detection #5345
• [IAST] Improve insecure cookie detection in Vert.x 3.9 #5329
• [IAST] Spring MVC unvalidated redirect instrumentation #5308
• [IAST] IAST insecure cookie - vertx instrumentation #5209
• [IAST] IAST Insecure cookie detection for JAX-RS frameworks #5163
• [WAF] Upgrade to libddwaf 1.11.0 #5300
• [WAF] Less verbose AppSec start log #5355
• [WAF] Grizzly: fix req blocking not skipping handler #5353
• [WAF] Multipart form parameters supported on more servers for AppSec #5275

AWS

• [SDK] Consistent APM span tags for AWS requests to aws-java-sdk-1.11.0 #5192

Diagnostics

• Generate useful error that includes the bad agent URL instead of unhelpful NullPointerExceptions #5372

Dependencies

• Byte-buddy 1.14.5 #5356

Build

• integrate APM Test Agent within CircleCI instrumentation tests #5149

Fixes

• Break potentially circular dependency between Config and TPEHelper #5401
• Add priorities for server set errors #5359
• [Ci-visibility] Fix TestNG onBeforeClass/onAfterClass notifications for cases when only a portion of class' test methods is executed #5320