Prelude
Application Security Management (ASM) has added Django support for blocking malicious IPs using one click within Datadog.
Note
One click blocking for ASM is currently in beta.
Application Security Management (ASM) has added Flask support for blocking malicious IPs using one click within Datadog.
Note
One click blocking for ASM is currently in beta.
Deprecation Notes
- grpc: Deprecates
ddtrace.contrib.grpc.constants.GRPC_PORT_KEY
. Useddtrace.ext.net.TARGET_PORT
instead. - dbapi:
ddtrace.ext.sql.ROWS
is deprecated. Useddtrace.ext.db.ROWCOUNT
instead. - cassandra:
ddtrace.ext.cassandra.ROW_COUNT
is deprecated. Useddtrace.ext.db.ROWCOUNT
instead.
New Features
-
Enable traces to be sent before an impending timeout for
datadog_lambda>=4.66.0
. UseDD_APM_FLUSH_DEADLINE
to override the default flush deadline. The default is the AWS Lambda function configured timeout limit. -
debugger: Add dynamic log probes to that generate a log message and optionally capture local variables, return value and exceptions
-
tracing: Add support for enabling collecting of HTTP request client IP addresses as the
http.client_ip
span tag. You can set theDD_TRACE_CLIENT_IP_ENABLED
environment variable totrue
to enable. This feature is disabled by default. -
ASM: add support for one click blocking of IPs with the Django framework using Remote Configuration Management.
-
ASM: add support for one click blocking of IPs with the Flask framework using
Remote Configuration Management. -
ASM: also fetch loopback IPs if client IP fetching is enabled (either via ASM or DD_TRACE_CLIENT_IP_ENABLED).
-
ASM: Enable ability to remotely activate and configure ASM features. To enable, check the Python Security page in your account. Note that this is a beta feature.
-
profiling: Collects endpoint invocation counts.
-
dynamic instrumentation: Python 3.11 is now supported.
-
graphene: Adds support for Python 3.11.
-
graphql: Adds support for Python 3.11.
-
httpx: Add support for
httpx<0.14.0,>=0.9.0
. -
tracer/span: Add
Span.finish_with_ancestors
method to enable the abrupt
finishing of a trace in cases where the trace or application must be immediately terminated.
Known Issues
- remote config: There is a known issue with remote configuration management (RCM) when paired with gevent which can cause child processes to deadlock. If you are experiencing issues, we recommend disabling RCM with
DD_REMOTE_CONFIGURATION_ENABLED=false
. Note, this will disable one click activation for ASM. - gunicorn: ddtrace-run does not work with gunicorn. To instrument a gunicorn application, follow the instructions here.
Bug Fixes
-
fastapi: Previously, custom fastapi middlewares configured after application startup were not traced. This fix ensures that all fastapi middlewares are captured in the fastapi.request span.
-
tracing: Pads trace_id and span_ids in b3 headers to have a minimum length of 16.
-
Fix full stacktrace being sent to the log on remote config connection errors.
-
httpx: Only patch
httpx.AsyncClient
forhttpx>=0.11.0
. -
tracing: This fix resolves an issue with the encoding of traces when using the v0.5 API version with the Python optimization option flag
-O
or thePYTHONOPTIMIZE
environment variable. -
pylons: This fix resolves an issue where
str.decode
could cause critical unicode decode errors when ASM is enabled. ASM is disabled by default. -
gevent: This fix resolves incompatibility under 3.8>=Python<=3.10 between
ddtrace-run
and applications that depend ongevent
, for examplegunicorn
servers. It accomplishes this by keeping copies that have not been monkey patched bygevent
of most modules used byddtrace
. This "module cloning" logic can be controlled by the environment variableDD_UNLOAD_MODULES_FROM_SITECUSTOMIZE
. Valid values for this variable are "1", "0", and "auto". "1" tellsddtrace
to run its module cloning logic unconditionally, "0" tells it never to run that logic, and "auto" tells it to run module cloning logic only ifgevent
is accessible from the application's runtime. The default value is "0". -
lib-injection: Use package versions published to PyPI to install the
library. Formerly the published image was installing the package from source using the tagged commit SHA which resulted in slow and potentially failing installs. -
profiler: Handles potential
AttributeErrors
which would arise while collecting frames during stack unwinding in Python 3.11. -
remote config: ensure proper validation of responses from the agent.