open-telemetry/opentelemetry-cpp v1.27.0

v1.27.0 release

on GitHub

v1.27.0 release

Release of:

• opentelemetry-api
• opentelemetry-sdk
• exporter packages

Security fix

• [EXPORTER] OTLP HTTP exporters read unbounded HTTP response
  #4078

  • When exporting OTLP HTTP data to a misconfigured or malicious endpoint,
    the exporter could allocate an arbitrary amount of memory when getting
    the endpoint HTTP response back.
  • The size of HTTP responses is now limited to 4MiB by default,
    following the opentelemetry-proto recommendations.
  • See CVE-2026-44967

Breaking changes

• [SDK] env var durations non conforming to spec
  #4020

  • Environment variables for durations can accept two formats, with units
    (15s, 15000ms) or without units (15000).
  • When parsing environment variables that represent durations,
    and only in the case no unit is provided,
    for example OTEL_METRIC_EXPORT_INTERVAL=15000,
    the code interpreted the value, 15000,
    in seconds instead of milliseconds per the specifications.
  • Parsing duration without units has been fixed to use milliseconds.
  • As a consequence, every duration environment variable set
    without a unit is now interpreted differently, which is a breaking change.
  • For example, OTEL_EXPORTER_OTLP_TRACES_TIMEOUT=30 meant 30 seconds
    before, and now means 30 milliseconds.
    To preserve the same behavior, existing values must be adjusted,
    to either 30000 or 30000ms or 30s in this case.
  • The following variables are affected:
    • OTEL_EXPORTER_OTLP_TRACES_TIMEOUT
    • OTEL_EXPORTER_OTLP_METRICS_TIMEOUT
    • OTEL_EXPORTER_OTLP_LOGS_TIMEOUT
    • OTEL_EXPORTER_OTLP_TIMEOUT
    • OTEL_BLRP_SCHEDULE_DELAY
    • OTEL_BLRP_EXPORT_TIMEOUT
    • OTEL_METRIC_EXPORT_INTERVAL
    • OTEL_METRIC_EXPORT_TIMEOUT
    • OTEL_BSP_SCHEDULE_DELAY
    • OTEL_BSP_EXPORT_TIMEOUT

Important changes

• [SDK] Move inline implementation from SDK headers to .cc files.
  #3887

  • Note: GetEmptyAttributes() now requires linking opentelemetry_common.

• Enable WITH_OTLP_RETRY_PREVIEW by default
  #3953

  • CMake flag WITH_OTLP_RETRY_PREVIEW is now enabled by default.
  • This flag is deprecated, planned for removal.

• Enable WITH_OTLP_GRPC_SSL_MTLS_PREVIEW by default
  #3970

  • CMake flag WITH_OTLP_GRPC_SSL_MTLS_PREVIEW is now enabled by default.
  • This flag is deprecated, planned for removal.
  • Bazel now always builds with ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW.
  • grpc properties for ssl KEY and CERT are always available,
    adjust the application code to initialize all members in grpc options.

• [EXPORTER] implement non-utf8 string to bytes in OTLP exporters
  #3991

  • Add WITH_OTLP_UTF8_VALIDITY for CMake
    and enable ENABLE_OTLP_UTF8_VALIDITY for Bazel
    to export non-UTF-8 strings as bytes in OTLP.

• Enable ENABLE_OTLP_RETRY_PREVIEW for bazel
  #4010

  • Bazel now always builds with ENABLE_OTLP_RETRY_PREVIEW.

• [API] Deprecate opentelemetry::plugin
  #4021

  • namespace opentelemetry::plugin is deprecated
  • See file DEPRECATED.md for details.

• [SDK] Fix cardinality-limit overflow attribute name to match the
  specification
  #4060

  • The synthetic overflow data point attribute is now exported as
    otel.metric.overflow (singular) per the
    Metrics SDK specification.
  • Previously the SDK exported otel.metrics.overflow (plural), which
    diverged from the spec and from every other language SDK
    (Go, Java, JS, .NET).
  • Downstream consumers (dashboards, alerts, queries) that filtered on
    the old name must be updated to the spec-correct name.

Deprecations

This release contains deprecations, see file DEPRECATED.md

What's Changed

• [RELEASE] Bump main branch to 1.27.0-dev by @marcalff in #3947
• [CODE HEALTH] Fix clang tidy warnings in API common and context by @dbarker in #3948
• Bump github/codeql-action from 4.33.0 to 4.34.1 by @dependabot[bot] in #3949
• [CODE HEALTH] Fix more clang-tidy warnings in sdk by @dbarker in #3951
• [CODE HEALTH] Fix more clang-tidy warnings in api by @dbarker in #3950
• [CODE HEALTH] Fix clang-tidy warnings in ext, exporters, and examples by @dbarker in #3952
• Bump grpc from 1.78.0 to 1.80.0 by @dependabot[bot] in #3955
• Bump codecov/codecov-action from 5.5.3 to 6.0.0 by @dependabot[bot] in #3954
• Bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #3957
• Bump step-security/harden-runner from 2.16.0 to 2.16.1 by @dependabot[bot] in #3960
• Bump fossas/fossa-action from 1.8.0 to 1.9.0 by @dependabot[bot] in #3961
• Move implementation from SDK header files to SDK cc by @perhapsmaple in #3887
• Bump bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml from 1.1.0 to 1.2.0 by @dependabot[bot] in #3962
• Bump benchmark-action/github-action-benchmark from 1.21.0 to 1.22.0 by @dependabot[bot] in #3963
• [CODE HEALTH] Fix clang-tidy param-not-moved in otlp grpc exporters by @dbarker in #3956
• Enable WITH_OTLP_RETRY_PREVIEW by default by @marcalff in #3953
• Add Doug Barker as maintainer by @dbarker in #3969
• [CODE HEALTH] Cleanup nostd variant access for noexcept methods in api and sdk by @dbarker in #3965
• [chore]: update readme by @maryliag in #3971
• Adjust emeritus status by @marcalff in #3972
• Enable WITH_OTLP_GRPC_SSL_MTLS_PREVIEW by default by @marcalff in #3970
• Bump step-security/harden-runner from 2.16.1 to 2.17.0 by @dependabot[bot] in #3976
• Bump actions/github-script from 8.0.0 to 9.0.0 by @dependabot[bot] in #3975
• [SDK] Reduce lock contention in SyncMetricStorage for concurrent metric recording by @perhapsmaple in #3959
• [Bazel] Add ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW define to otlp_grpc_log_record_exporter by @ThomsonTan in #3988
• [TEST] Only run the multi_observer_test when building with ABI v2 by @dbarker in #3982
• [CODE HEALTH] Fix gcc warnings in release maintainer build by @dbarker in #3984
• Bump docker/build-push-action from 7.0.0 to 7.1.0 by @dependabot[bot] in #3992
• [CODE HEALTH] Fix clang-tidy misc-use-internal-linkage warnings by @mateenali66 in #3985
• [CODE HEALTH] Fix clang-tidy narrowing conversions in baggage by @thc1006 in #3989
• [CODE HEALTH] Fix clang-tidy narrowing-conversions warnings in tests by @mateenali66 in #3987
• Bump actions/cache from 5.0.4 to 5.0.5 by @dependabot[bot] in #3994
• [CODE HEALTH] Fix misc clang-tidy warnings by @marcalff in #3993
• [TEST] Replace routable IP with RFC 5737 TEST-NET address in curl test by @ThomsonTan in #4001
• [TEST] set a maximum thread count for the metrics stress test by @dbarker in #4003
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in #4005
• Bump step-security/harden-runner from 2.17.0 to 2.18.0 by @dependabot[bot] in #4004
• [CODE HEALTH] Fix clang-tidy warnings in base2 exponential histogram aggregation by @thc1006 in #3997
• [CI] Build third-party dependencies in release with ninja by @dbarker in #3995
• [CI] Update ci scripts and documentation by @dbarker in #4000
• [SDK] Rename parameters in logger_provider by @saphal1998 in #4006
• Enable ENABLE_OTLP_RETRY_PREVIEW for bazel by @marcalff in #4010
• [CODE HEALTH] Fix clang-tidy misc-no-recursion warnings by @marcalff in #4009
• [CI] upgrade bazelisk by @dbarker in #4015
• [SDK] Add destructor to PeriodicExportingMetricReader to fix shutdown race by @jnillius in #4008
• [CODE HEALTH] Fix clang-tidy narrowing-conversions warnings in sync_instruments by @thc1006 in #4013
• [CI] Enable Bazel asan and ubsan jobs by @dbarker in #4014
• [CI] update code.coverage job to report on all components and preview features by @dbarker in #4002
• [OTLP GRPC] Allow user use custom grpc::ChannelArguments by @owent in #3990
• Bump step-security/harden-runner from 2.18.0 to 2.19.0 by @dependabot[bot] in #4016
• Bump rules_cc from 0.2.17 to 0.2.18 by @dependabot[bot] in #4022
• [CMAKE] upgrade opentelemetry-proto to 1.10.0 by @dbarker in #4025
• [CI] upgrade grpc to 1.80.0 for CMake by @dbarker in #4026
• [CONFIGURATION] File configuration - composable samplers by @DCchoudhury15 in #3966
• [CHORE] Fix warnings in publish-to-bcr workflow by @dbarker in #4032
• [API] Deprecate opentelemetry::plugin by @marcalff in #4021
• [CI] remove old protobuf vcpkg port files by @dbarker in #4029
• [ADMIN] remove .vscode from the repo by @dbarker in #4030
• [SDK] env var durations non conforming to spec by @marcalff in #4020
• Bump curl from 8.12.0 to 8.12.0.bcr.1 by @dependabot[bot] in #4036
• fix examples/configuration by @rishitha957 in #4041
• fix: noexcept for Observer by @proost in #4039
• Bump platforms from 1.0.0 to 1.1.0 by @dependabot[bot] in #4050
• Bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in #4048
• Bump step-security/harden-runner from 2.19.0 to 2.19.1 by @dependabot[bot] in #4049
• [DOC] Document adding attributes on span creation by @niledas in #4053
• [SDK] Enable W3C Trace Context v2 by @saphal1998 in #4012
• Bump step-security/harden-runner from 2.18.0 to 2.19.1 by @dependabot[bot] in #4056
• [CODE HEALTH] fix nondeterministic pointer iteration order warnings by @dbarker in #4035
• Bump benchmark-action/github-action-benchmark from 1.22.0 to 1.22.1 by @dependabot[bot] in #4059
• [EXPORTER] Fix PrometheusExporter to propagate new options to collector by @jaehyeong-cho in #4055
• [SDK] Fix overflow attribute name to match the spec (otel.metric.overflow) by @cijothomas in #4060
• [EXPORTER] Implement non-utf8 string to bytes in OTLP by @owent in #3991
• [Docs] Fix Read the Docs configuration by @lalitb in #4058
• [API] Fix Logger.Enabled() by @proost in #4011
• [CI] Use fixed versions in iwyu CI & dev container by @proost in #4051
• docs: Expand SIG meeting welcoming language by @cijothomas in #4064
• [CI] update clang-tidy config by @dbarker in #4066
• [TEST] Assert overflow attribute value is boolean true by @cijothomas in #4063
• Bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in #4067
• chore: Move inactive members to emeritus by @opentelemetrybot in #4040
• [EXAMPLE] Add manual asynchronous context propagation example by @jgomezselles in #3935
• [DOC] Fix extra blank line in GettingStarted example by @Cloud-Architect-Emma in #4074
• [SEMANTIC CONVENTIONS] Upgrade to semantic conventions 1.41.1 by @marcalff in #4075
• [BUILD] Upgrade to rapidyaml 0.12.1 by @marcalff in #4076
• [EXPORTER] OTLP HTTP exporter reads unbounded response by @marcalff in #4078
• [SDK] Fix Base2ExponentialHistogramAggregation count dropped by @dbarker in #4072
• [RELEASE] Release opentelemetry-cpp 1.27.0 by @marcalff in #4080

New Contributors

• @maryliag made their first contribution in #3971
• @mateenali66 made their first contribution in #3985
• @thc1006 made their first contribution in #3989
• @saphal1998 made their first contribution in #4006
• @jnillius made their first contribution in #4008
• @DCchoudhury15 made their first contribution in #3966
• @rishitha957 made their first contribution in #4041
• @proost made their first contribution in #4039
• @niledas made their first contribution in #4053
• @jaehyeong-cho made their first contribution in #4055
• @cijothomas made their first contribution in #4060
• @jgomezselles made their first contribution in #3935
• @Cloud-Architect-Emma made their first contribution in #4074

Full Changelog: v1.26.0...v1.27.0