Breaking changes

• ⚠️🔐 Elasticsearch and Opensearch should omit params by default (#5749)
• 🐛⚠️ httpasyncclient4: fix url parsing and make host/port extraction happening (#5543)

Components

Application Security Management (IAST)

• ⚡ Use a NoOp tainted objects for vulnerabilities without context (#5786)
• ⚡ Improve performance while computing IAST metrics (#5784)
• ⚡ Check for overhead constraints in weak randomness module (#5783)
• 🐛 Fix NullPointerException in unvalidated redirect detection (#5755)
• 🐛 Set concrete types for the response instrumentation (#5714)
• 🐛 Prevent IAST from creating empty spans for duplicated vulnerabilities (#5780)
• Redact empty sensitive ranges (#5706)
• Add URLEncoder tainting support (#5656)
• Add JavaScriptUtils.javaScriptEscape tainting support (#5648)
• Add unbescape escape functions tainting support (#5647)
• Add freemarker.template.utility.StringUtil tainting support (#5645)
• Weak cipher detection in javax.crypto.KeyGenerator (#5634)
• Add more org.owasp.esapi.Encoder escape functions tainting support (#5624)
• X-Content-Type missing header vulnerability (#5571)
• HSTS missing header vulnerability detection (#5520)

Application Security Management (WAF)

• 🐛 Fix timing of appsec.blocked tag setting and double finishes (#5777)
• Enable user event tracking only when AppSec is enabled (#5756)
• 🐛 Fixed NPE in user events tracking (#5732)
• Added blocking attacks capability for OpenLiberty (#5657)
• Added blocking attacks capability for Netty (#5650)

Continuous Integration Visibility

• Add basic Scala MUnit support (#5781)
• Update repo URL extraction logic for Bitbucket (#5766)
• 🐛 Make Maven test module names unique (#5762)
• 🧹 Refactor CI Visibility to better encapsulate internal APIs (#5747)
• Use DD Javac Plugin metadata to resolve method lines (#5746)
• 🐛 Exclude org.mockito package from CI Visibility code coverage by default (#5712)
• Add git command line client builder to GitInfoProvider (#5711)

Dynamic Instrumentation

• Merge span decoration and log instrumentation (#5809)
• Reports instrumentation failure (#5795)
• Enable ByteCode verification by default (#5774)
• 🐛 Fix instrumentation when bytecode generation fails (#5767)
• 🐛 Fix log template issue for duplicated line probes (#5620)

Metrics

• Preserve tracer's default metrics namespace as "datadog.tracer" in dd-trace-ot (#5810)

Profiling

• Do not attempt to use ddprof library on windows (#5793)
• Rework Queue time tracking to avoid unwrapping the task type unless the event will be recorded (#5785)
• Update ddprof to 0.71.0 (#5719)

Telemetry

• Report dd-trace-java and its dependencies to telemetry (#5698)

Tracer core

• ⚡ Type resolver's use of URL caches should be configurable (#5805)
• ⚡ Avoid creating new ContinuingScope if the top scope is already keeping the span alive (#5739)
• Add _dd.base_service to disambiguate service map (#5701)

Instrumentations

Apache Spark instrumentation

• Capture app, job and databricks parameters in spark streaming spans (#5796)
• Get databricks cluster name from spark conf, if absent in job properties (#5775)
• Unify spark metrics naming (#5723)

Eclipse Vert.x instrumentation

• 🐛 Fix for Vert.x 4.0 instrumentation to close span on timeout (#5772)

Elasticsearch instrumentation

• Separate config for Elasticsearch body and params (#5771)

JDBC instrumentation

• ✨ Add redshift support to JDBC URL parser (#5792)

Jetty instrumentation

• 🐛 Fix simultaneous jetty 10/11 instrumentation when jakarta/javax servlet are both present (#5787)
• ✨ Add tracing support for Jetty 12 (#5744)

OpenTelemetry instrumentation

• ✨ Add RxJava async result types support for OpenTelemetry annotations (#5801)
• ✨ Add Reactor async result types support for OpenTelemetry annotations (#5800)
• ✨ Add Guava async result type support for OpenTelemetry annotations (#5799)
• ✨ Add generic async result type support for OpenTelemetry annotations and its Reactive Streams extension (#5737)
• 🐛 Ensure OpenTelemetry spans are not modifiable when finished (#5722)
• ✨ Add OpenTelemetry annotations support (#5593)

RabbitMQ instrumentation

• 🐛 Fix exception in reactor-rabbit (#5707)

Reactor instrumentation

• 🐛 Fix exception in reactor-rabbit (#5707)

All other instrumentations

• Support java.util.Timer once scheduling (#5708)