Warning
This is a release candidate and is not intended for use in production.
Please open an issue regarding any problems in this release candidate.
Components
Application Security Management (IAST)
- Add XSS support for JSP (#6944 - @jandro996)
- Detect a vulnerability when a default application is deployed (#6885 - @jandro996)
Application Security Management (WAF)
- ๐ Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
- ๐ Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
- ๐ Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
- Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
- Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
- Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
- Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)
Build & Tooling
- โจ Update lib-injection docker image tags (#7057 - @andrewlock)
Cloud Workload Security (CWS)
Configuration at Runtime
Continuous Integration Visibility
- Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
- ๐ Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
- ๐ Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
- ๐ Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
- ๐ Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
Database Monitoring
Data Streams Monitoring (DSM)
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
- Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
- Add product tags to each span if products are enabled (#6990 - @kr-igor)
Dynamic Instrumentation
- ๐ Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
- Remove too generic redaction keywords (#7117 - @jpbempel)
- ๐ Fix line probe in method with inline lambdas (#7099 - @jpbempel)
- Report exception when deserializing config (#7092 - @jpbempel)
- Add option to limit number of frames captured (#7083 - @jpbempel)
- Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
- ๐ Fix short circuiting of boolean expressions (#7060 - @jpbempel)
- Add
EXCEPTION_REPLAY_ENABLEDconfig token (#7054 - @jpbempel) - ๐โก Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
- โจ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
- ๐ Add fingerprint info into Tracer flare (#7043 - @jpbempel)
- ๐โก Fix expensive folding only in debug level (#7042 - @jpbempel)
- Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
- Remove debug log on sampling (#7021 - @jpbempel)
- ๐ Fix support of literals in Expression Language (#7018 - @jpbempel)
- Fix log level and message for SymDB extraction (#7016 - @jpbempel)
- ๐ Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
- Filter out Errors for Exception Debugging (#6997 - @jpbempel)
- Add support of Set in Expression Language (#6992 - @jpbempel)
GraalVM native-image
Metrics
OpenTracing
- Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
- Bump opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)
Profiling
- ๐ Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
- Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
- ๐ Fix the ddprof safety check (#7037 - @jbachorik)
- Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
- Extend gRPC context propagation into
WriteQueue, add queue timing toWriteQueuecommands (#7110 - @richardstartin)
Telemetry
- Report updated
trace.sampling.rulesto telemetry (#7106 - @mcculls) - Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
- Adding support for reporting remote config id (#7012 - @stanistan)
- โจ Add log file if size is not too big (#6993 - @cecile75)
Tracer core
- ๐ Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
- Preserve
unix:agent URLs (#7094 - @mcculls) - Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
- Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
- Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
- ๐ก Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
- Implement span origin for JVM applications (#7001 - @evanchooly)
- Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)
Instrumentations
AWS SDK instrumentation
- Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)
Core Java language instrumentation
- โจ Disable URL instrumentation by default (#7073 - @mcculls)
- โจ๐งน Improve loom features support (#7045 - @PerfectSlayer)
JDBC instrumentation
Kafka instrumentation
- Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
Micronaut instrumentation
- Support micronaut 4.x (#7035 - @amarziali)
Netty instrumentation
- ๐ Don't finish parent span when instrumenting a client (#7126 - @amarziali)
OpenTelemetry instrumentation
- Support custom OpenTelemetry context (#7118 - @mcculls)
- โก Avoid creating unnecessary OtelSpanContext when extracting context from OTel wrapper around Datadog span (#7116 - @mcculls)
- Track OpenTelemetry propagated context (#7114 - @mcculls)
- Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)
Spring instrumentation
- โ ๏ธ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)