open-telemetry/opentelemetry-ebpf-instrumentation v0.9.0

on GitHub

Highlights

v0.9.0 is a minor release with expanded protocol and AI instrumentation coverage, broader metrics and configuration controls, significant runtime and exporter fixes, and a set of security hardening changes merged ahead of the release.

New instrumentation and extraction coverage

• Added support for NATS, AMQP 1.0, and MSSQL protocol detection and extraction by @marctc in #1712, by @marctc in #1921, and by @Orenico10 in #1533
• Added embedding, rerank, Qwen, and MCP extraction support, and expanded OpenAI-related HTTP extraction coverage by @NameHaibinZhang in #1885, by @NameHaibinZhang in #2056, by @NameHaibinZhang in #1892, and by @NameHaibinZhang in #1867
• Added Couchbase full query capture in db.query.text by @NimrodAvni78 in #1824
• Added Go generic TLS support by @grcevski in #1980
• Added TCP failed connection metrics and later added the network.tcp.handshake.role attribute by @pinoOgni in #1825 and by @pinoOgni in #2009
• Added debug events to netolly and statsolly userspace by @pinoOgni in #1884

Security hardening

• Hardened Java TLS ioctl handling against unsafe user-space reads and oversized payloads, added validation around payload buffers, and added dedicated adversarial integration coverage by @MrAlias in 4db1bde
• Guarded PostgreSQL BIND parsing against malformed and truncated payloads that could previously panic protocol processing by @MrAlias in 8ac96fa
• Added overflow, bounds, and type checks to Memcached and MongoDB parsing so malformed traffic is rejected safely instead of triggering unsafe parsing paths by @MrAlias in 2374e15 and by @MrAlias in 376ee7a
• Clamped log enricher writev reads and hardened fast ELF parsing to avoid incorrect reads or panics on malformed inputs and binaries by @MrAlias in bf8060c and by @rafaelroquetto in 735af17
• Clamped the fallback message buffer size on CPU mismatch in k_tracer by @MrAlias in 5d375cb
• Hardened internal metrics handling and added new internal metrics coverage by @MrAlias in 6be66f3
• Removed committed Rails credentials and updated github.com/jackc/pgx/v5 to a security-fixed version by @MrAlias in #1929 and by @renovate[bot] in #1900

Runtime, tracing, and protocol fixes

• Fixed shared PID namespace disambiguation, preserved multiple PID tracer types, and fixed signed length handling in the netFdReadRet uprobe by @NimrodAvni78 in #1875, by @MrAlias in #1899, and by @MrAlias in #1880
• Fixed race conditions and shutdown behavior in netolly, including packet stats handling, port guesser protocol inference, runner-stop shutdown, and false-positive TCP failed connection events by @pinoOgni in #1873, by @pinoOgni in #1896, by @MrAlias in #1909, by @MrAlias in #2000, and by @pinoOgni in #1919
• Fixed appolly selector and export-mode behavior, including cmd_args-only regex selectors, PID match preservation, proc stat buffer race handling, and idempotent export-mode enablement by @MrAlias in #1910, by @MrAlias in #1911, by @MrAlias in #1995, and by @MrAlias in #1996
• Fixed kube and cache handling, including kube reconnect initial interval logic and k8s-cache event timestamp refresh and informer timeout enforcement by @MrAlias in #1907, by @MrAlias in #2001, and by @itsprdp in #1934
• Fixed traceparent parsing for large HTTP requests, restored full URL path reporting, improved service name resolution, and delayed SSL request cleanup until HTTP processing completes by @mkedjour in #1977, by @NameHaibinZhang in #2069, by @Orenico10 in #2065, and by @grcevski in #1952
• Fixed iter_tcp, handled unknown-protocol TCP large buffers, and improved Go tracer offset handling and constant naming by @rafaelroquetto in #1981, by @grcevski in #1998, by @hectar-glitches in #2002, by @hectar-glitches in #2004, by @hectar-glitches in #2047, by @hectar-glitches in #2054, and by @hectar-glitches in #2055
• Added shared context for async Python and extracted a larger buffer from Java by @mmat11 in #1940 and by @esara in #1944
• Fixed buggy register spill behavior by @rafaelroquetto in #1945
• Demoted Error attaching tcx to a warning by @skl in #1895
• Fixed the duplicate colon in the ExportModes error message by @anngdinh in #1936
• Fixed randomly failing Qwen behavior by @NameHaibinZhang in #1915
• Rejected malformed service responses in the generator by @MrAlias in #1912

Metrics, exporters, and configuration

• Added BatchMaxSize and QueueSize controls by @pinoOgni in #1806
• Added configurable OTEL histogram aggregation and Prometheus native histogram settings for better metrics cost and precision control by @mariomac in #1966 and by @mariomac in #1968
• Restored Prometheus BPF internal metrics and fixed OTEL job and instance attribute keys by @MrAlias in #1992 and by @MrAlias in #1993
• Fixed span metric labeling and metric-instance cleanup behavior, and fixed cloud_host_id overriding in the Prometheus exporter by @MrAlias in #1930, by @MrAlias in #1898, and by @mariomac in #1939
• Enabled the traces exporter from an override endpoint by @MrAlias in #1999
• Made database error response reporting optional and disabled by default by @grcevski in #2066
• Generated configuration docs and later defined the OBI telemetry schema registry and improved weaver schema/tooling by @NimrodAvni78 in #1754, by @NimrodAvni78 in #1963, and by @NimrodAvni78 in #2059

Java and process instrumentation updates

• Fixed Java agent injection, skipped $$Lambda classes during agent loading, added multi-architecture Java agent build support, and restored non-fatal startup when the embedded Java agent is missing by @mariomac in #1894, by @NimrodAvni78 in #1878, by @grcevski in #1931, and by @MrAlias in #1991
• Fixed a queue leak in the Java agent CappedConcurrentHashMap, replaced it with a ring-buffer-backed implementation, and added concurrency tests and a benchmark by @grcevski in 3244259
• Fixed Go 1.26 symbol resolution for binaries without debug info by @rafaelroquetto in #1851

Performance and validation improvements

• Improved ring buffer throughput by splitting the reader and parser into separate goroutines and reducing mutex contention by @rafaelroquetto in #1975
• Skipped loading unused eBPF programs when StatsO11y features are disabled by @pinoOgni in #2058
• Added integration coverage for Go MQTT and expanded integration coverage around Java TLS hardening and log enricher regressions by @marctc in #2060, by @MrAlias in 4db1bde, and by @MrAlias in bf8060c

Build, CI, tests, and tooling

• Added bpf2go as a dependency of make generate/all, fixed the statsolly generate target, and added nativeOnly to additional make targets by @MrAlias in #1864, by @rafaelroquetto in #1932, and by @grcevski in #1953
• Updated major Go dependencies and notices handling, including containerized notices generation for amd64 and arm64 by @mmat11 in #1887 and by @mmat11 in #1888
• Bumped dockertest to v4 and fixed Prometheus unit tests by @pellared in #1916 and by @mariomac in #1942
• Added a lint analyzer to catch CollectT misuse and fixed existing tests to use CollectT correctly by @skl in #1857 and by @skl in #1855
• Improved CI and test reporting by consolidating supervisor PR comments, adding daily test reporting, grouping similar daily-report failures, hardening the OATS test matrix, bounding compose.Close(), and reducing scrape interval during CI runs by @skl in #1856, by @skl in #1807, by @skl in #1972, by @MrAlias in #1954, by @skl in #1949, and by @skl in #1948
• Updated build toolchains and CI wiring, including bumps to Go 1.25.9 and the obi-generator base image, and a fix for workflow line continuation by @skl in #2011, by @skl in #2010, and by @MrAlias in #1997

Docs and project maintenance

• Generated NGINX-Rails-SQL TLS certificates at runtime, documented excluded OTEL-instrumented services, added NetO11y/AppO11y/StatsO11y metrics docs, and updated JNA references to JNI by @MrAlias in #1874, by @NimrodAvni78 in #1983, by @pinoOgni in #1959, and by @skl in #2089
• Added issue templates, stale workflow, and component auto-labeler by @NimrodAvni78 in #1852
• Added human-managed renovate policy and fixture maintenance updates, and promoted Rafael Roquetto to maintainer by @MrAlias in #2062, by @MrAlias in #2074, by @MrAlias in #2075, and by @MrAlias in #2063

Dependency updates

• chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.150.1 by @renovate[bot] in #1847
• chore(deps): update grafana/otel-lgtm docker tag to v0.25.0 by @renovate[bot] in #1868
• chore(deps): update otel/ebpf-instrument docker tag to v0.8.0 by @renovate[bot] in #1869
• chore(deps): update otel/ebpf-instrument docker tag to v0.8.0 by @renovate[bot] in #1870
• chore(deps): update nginx:1.30.0-alpine docker digest to 0272e46 by @renovate[bot] in #1879
• chore(deps): update github actions by @renovate[bot] in #1891
• chore(deps): update otel/weaver docker tag to v0.23.0 by @renovate[bot] in #1902
• chore(deps): update mysql docker tag by @renovate[bot] in #1904
• chore(deps): update curlimages/curl:8.19.0 docker digest to c03110c by @renovate[bot] in #1897
• fix(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security] by @renovate[bot] in #1900
• chore(deps): update grafana/otel-lgtm docker tag to v0.26.0 by @renovate[bot] in #1918
• chore(deps): update docker.io/nats docker tag to v2.12.7 by @renovate[bot] in #1922
• chore(deps): update prom/prometheus docker tag to v3.11.2 by @renovate[bot] in #1924
• chore(deps): update quay.io/prometheus/prometheus docker tag to v3.11.2 by @renovate[bot] in #1927
• chore(deps): update grafana/grafana docker tag to v13 by @renovate[bot] in #1928
• chore(deps): update dependency bootsnap to v1.24.0 by @renovate[bot] in #1937
• chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.150.1 by @renovate[bot] in #1923
• chore(deps): update github actions by @renovate[bot] in #1955
• chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.151.0 by @renovate[bot] in #1957
• chore(deps): update curlimages/curl docker tag to v8.20.0 by @renovate[bot] in #1958
• chore(deps): update python by @renovate[bot] in #1961
• chore(deps): update rust crate tokio to v1.52.1 by @renovate[bot] in #1962
• chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.151.0 by @renovate[bot] in #1974
• chore(deps): update docker.io/nats docker tag to v2.14.0 by @renovate[bot] in #1978
• chore(deps): update grafana/otel-lgtm docker tag to v0.27.0 by @renovate[bot] in #1979
• chore(deps): update apache/activemq-artemis docker tag to v2.44.0 by @renovate[bot] in #1973
• chore(deps): lock file maintenance by @renovate[bot] in #1984
• chore(deps): refresh pip-compile outputs by @renovate[bot] in #1985
• chore(deps): update docker.elastic.co/elasticsearch/elasticsearch docker tag to v9.4.0 by @renovate[bot] in #2006
• build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 by @dependabot[bot] in #2012
• chore(deps): update httpd docker tag to v2.4.67 by @renovate[bot] in #2048
• chore(deps): update github actions by @renovate[bot] in #2050
• Update mongo Docker tag to v8.3.1 by @renovate[bot] in #2053
• Update Github Actions (major) by @renovate[bot] in #2051
• Update Go by @renovate[bot] in #1801
• Update Java by @renovate[bot] in #1901
• Update grafana/otel-lgtm Docker tag to v0.27.1 by @renovate[bot] in #2072
• Lock file maintenance by @renovate[bot] in #2083
• Refresh pip-compile outputs by @renovate[bot] in #2084

New Contributors

• @Orenico10 made their first contribution in #1533
• @anngdinh made their first contribution in #1936
• @itsprdp made their first contribution in #1934
• @hectar-glitches made their first contribution in #2002
• @mkedjour made their first contribution in #1977

Full Changelog: v0.8.0...v0.9.0