Components
Application Security Management (IAST)
- ✨ Add propagation to StringBuffer substring methods (#7992 - @Mariovido)
- 🐛 Fix issue with call sites in super calls to constructor (#7991 - @manuel-alvarez-alvarez)
- ✨ Add propagation to StringBuilder substring methods (#7980 - @Mariovido)
- 🐛 Reset IAST request context on root span published (#7969 - @manuel-alvarez-alvarez)
- ✨ Add propagation to String constructors with StringBuffer and StringBuilder (#7966 - @Mariovido)
- 🐛 Do not reset IAST concurrent request counter (#7963 - @smola)
- ✨ Exclude spark web from vulnerability locations (#7939 - @smola)
- 🐛 Exclude dev.failsafe from IAST instrumentation (#7938 - @smola)
- ✨ Exclude okio from vulnerability locations (#7937 - @smola)
- ✨ Expand SSRF support in IAST to java.net.http.HttpClient (#7877 - @Mariovido)
- Fix stack trace inconsistency between excluded frames in vulnerability location and metastruct stack trace (#7865 - @jandro996)
- ✨🧪 Add experimental taint propagation to the String replace, replaceFirst, replaceAll methods (#7741 - @Mariovido)
Application Security Management (WAF)
- Upgrade to libddwaf 1.21.0 (libddwaf-java 11.2.0) (#7993 - @ValentinZakharov)
- Updated ASM rules to 1.13.3 (#7976 - @ValentinZakharov)
- ✨ Prevent spans from having login success and failure events simultaneously (#7918 - @manuel-alvarez-alvarez)
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
- Extend support for SSRF in exploit prevention (#7376 - @jandro996)
Build & Tooling
- ✨ Add JMXFetch to SSI Guardrails denylist (#7970 - @PerfectSlayer)
- 🐛 Remove SSI guardrails entries for hbase and hive (#7916 - @PerfectSlayer)
Continuous Integration Visibility
- 🐛 Instrument Gradle Launcher to avoid overwriting org.gradle.jvmargs property (#8001 - @nikita-tkachenko-datadog)
- Add source line tags to test suites (#7964 - @daniel-mohedano)
Crash tracking
- 🐛 Improve crashtracking support for older Bash versions (#7956 - @PerfectSlayer)
- ✨ Adjust crash upload timeout (#7905 - @dougqh)
- ✨ Use telemetry 'is_sensitive' attribute instead of redacting the crash stacktrace (#7899 - @jbachorik)
Data Streams Monitoring
Dynamic Instrumentation
- 🐛 Fix integer json parsing probe definition (#7957 - @jpbempel)
- 🐛 Fix NullPointerException Extracting Class symbols (#7934 - @jpbempel)
- ✨ Avoid duplicate class symbol extraction (#7919 - @jpbempel)
- Add outer exceptions support for Exception Replay (#7897 - @jpbempel)
- 🐛 Fix memory leak in Exception Replay (#7885 - @jpbempel)
- ✨ Consult the environment variable when setting the max users frames in code origin probes (#7881 - @evanchooly)
JMX fetch
- 🐛 Bump JMXFetch to 0.49.6 (#7927 - @carlosroman)
Profiling
- ✨ Common temporary location manager for profiling product (#7971 - @jbachorik)
- 🐛✨ Standardize some of the profiler sampling frequencies (#7961 - @MattAlp)
- ✨ enable SystemGC events (#7921 - @richardstartin)
- 🐛 Bump ddprof to 1.17.0 (#7915 - @jbachorik)
- ✨ paranoid exception handling when setting profiling thread context (#7903 - @richardstartin)
Telemetry
- ✨ Collect git metadata for telemetry (#7951 - @jpbempel)
- ✨ Fix dependency collection for new Spring Boot nested jars (#7931 - @smola)
Trace context propagation
- 🐛 Fix baggages mapping configuration when only keys are provided (#7972 - @cecile75)
- ✨ Updating Span Link creation due to header tag propagations for invalid spans (#7799 - @mhlidd)
Instrumentations
AWS Lambda instrumentation
AWS SDK instrumentation
Jetty instrumentation
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
Kafka instrumentation
- 🐛 Reenable kafka 3.8 by default (#8007 - @nayeem-kamal)
- 🐛 Avoid double instrumentation of kafka-clients 3.8+ (#8006 - @mcculls)
- 🐛 Fix Kafka lag instrumentation for version 2.7 of Kafka (#7941 - @piochelepiotr)
Netty instrumentation
- 🐛 Finish netty span when request is cancelled (#7900 - @amarziali)
Reactor instrumentation
- 📖 Add reactor samples and doc (#7906 - @amarziali)
- 🐛 Protect currentContext access for reactor inner operators (#7883 - @amarziali)