Components

Application Security Management (IAST)

• Fix NoClassDefFoundError due to OSGI/servlet issues in IAST (#5446)
• Fix unvalidated redirect detection in Jetty (#5445)
• Unvalidated redirect not reported if Referer header is the source (#5424)
• Unvalidated redirect vulnerability detection in Vert.x 4 (#5381)

Application Security Management (WAF)

• 🐛 Added NPE checkers in Instrumentation Gateway (#5383)

Continuous Integration Visibility

• Implement Git repo unshallowing (#5434)
• 🐛 Do not send empty test suite spans (#5405)
• Implement auto-configuration for code-coverage in Gradle (#5399)
• Implement auto-configuration for code-coverage in Maven (#5398)
• Per test code coverage in CI Visibility (#5146)

Dynamic Instrumentation

• Add support for double values for metric probes (#5457)
• Fix inserting line probe before for-loops (#5450)
• Add special support for enum values (#5441)
• Add support for snapshot pruning (#5420)

Profiling

• upgrade ddprof to 0.57.0 (#5475)
• explicitly disable ddprof unsupported jdk versions (#5465)
• upgrade to ddprof 0.52.0 (#5455)
• track time in FJP shared queues (#5448)
• implement queue timing using Datadog profiler, remove JFR implementation (#5439)

Remote Configuration

• ✨ Support dynamic configuration of trace sampling rate (#5466)
• Bump default max remote config payload size limit to 5Mb (#5403)

Telemetry

• 🐛 Fix scanDependencies CLI (#5474)

Instrumentations

gRPC instrumentation

• ⚡ reduce number of scope activations in gRPC client instrumentation (#5470)

Spring instrumentation

• Avoid need to inject BeanDefinitionRepairer everywhere as a helper (#5365)

Other changes

• Allow trace flush interval to be configurable (#5435)
• expose cassandra contact points and use for peer.service (#5375)
• Add dynamic config support for log injection (#5221)