Features
- Prevent cross-organization trace continuation (#5136)
- By default, the SDK now extracts the organization ID from the DSN (e.g.
o123.ingest.sentry.io) and compares it with thesentry-org_idvalue in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations. - New option
enableStrictTraceContinuation(defaultfalse): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)),sentry.properties(enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true). - New option
orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")),sentry.properties(org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
- By default, the SDK now extracts the organization ID from the DSN (e.g.
- Android: Attachments on the scope will now be synced to native (#5211)
- Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)
Improvements
- Do not retrieve
ActivityManagerif API < 35 on SDK init (#5275)