Features
- iast: Unvalidated redirect analyzer (#3204)
- tracer: Tedious - service naming (#3061)
- tracer: MySQL databases - service naming (#3057)
- iast: Taint cookies and headers (#3232)
- iast: No HttpOnly vulnerability detection (#3228)
- iast: No SameSite cookie vulnerability detection (#3246)
- tracer: add external log writer (#3201)
- tracer: Auto-instrument @opentelemetry/sdk-trace-node (#3248)
- tracer: add support for global fetch (#3258)
Improvements
- tracer: make tracer config available to plugins (#3235)
- iast: Add
_dd.iast.enabled=1
metric out of request vulnerabilities tags (#3231) - ci-visibility: Better git commands (#3236)
- tracer: Add test in shimmer wrap to preserve function name (#3237)
- tracer: add environment variable to disable instrumentations completely (#3234)
- profiling: Add debug log listing found source maps (#3242)
Bug Fixes
- ci-visibility: Fix agentless exporter test (#3241)
- ci-visibility: Fix windows tracing test (#3243)
- tracer: fix grpc custom errors not being reported (#3230)
- tracer: Disable metrics.spec.js tests for windows (#3250)
- ci-visibility: Use correct repository URL for git metadata upload (#3253)
- ci-visibility: Fix random cypress integration tests timeouts (#3255)
- iast: Check
store
has value before use it (#3257) - tracer: Fix setup in integration tests (#3254)