New Features
-
ASM
- Adds support for session fingerprints.
-
LLM Observability
- When not using a provider integration (OpenAI, Anthropic, or Bedrock) with the LangChain integration, token metrics will be appended to the LLM Observability
llmspan. - When langchain's
chat_model.with_structured_output(..., method="json_mode")is used, orresponse_format={"type": "json_object"}is passed into a langchain chat model invocation, the LLM Observability span will be anllmspan instead of aworkflowspan.
- When not using a provider integration (OpenAI, Anthropic, or Bedrock) with the LangChain integration, token metrics will be appended to the LLM Observability
-
Single Step Instrumentation
- Adds
requirements.jsonto SSI artifact for bailing out on unsupported systems.
- Adds
-
Tracing
- Adds support for expanding AWS request/response payloads into flattened span tags.
- Updates the service naming algorithm to infer the base service name when
DD_SERVICEis not set, replacing instances ofunnamed-python-service. Ensures that a more meaningful service name is used whenever possible, enhancing clarity in service identification.
Bug Fixes
-
ASM/Threats
- The new user events policy is preventing users PII to be added by default as span tags. To allow customers using the Django auto instrumentation to still have those information, new environment variables have been added. In particular
DD_DJANGO_INCLUDE_EMAIL(false by default), will tag user events with user email as before.
- The new user events policy is preventing users PII to be added by default as span tags. To allow customers using the Django auto instrumentation to still have those information, new environment variables have been added. In particular
-
Code Security/IAST
- Adds googlecloudsdk and google auth to the Code Security deny list.
- Resolves an issue where importing the
google.cloud.storage.batchmodule would fail raising anImportError.
-
Crashtracking
- Fixes an issue where the use of the crashtracking component could result in zombie processes.
-
Lib-Injection
- Adds more commands to the auto-injection denylist.
- Ensures we do not import the user installed
ddtraceif it is present. - Fixes injection guardrail check when
sys.argvis not available.
-
LLM Observability
- Resolves an issue where annotating spans with non-ASCII language input/output values resulted in encoded unicode being submitted.
-
Profiling
- Fixes a data race where span information associated with a thread was read and updated concurrently, leading to segfaults
- Fixes an issue where cpu-time was not profiled for services using gunicorn, when
DD_PROFILING_STACK_V2_ENABLEDwas set. - Fixes an issue where enabling native exporter via
DD_PROFILING_EXPORT_LIBDD_ENABLED,DD_PROFILING_TIMELINE_ENABLEDorDD_PROFILING_STACK_V2_ENABLEDturned off live heap profiling. - The lock profiler would log a warning if it couldn't determine a name for a lock, and it would try determining a name multiple times for the same lock. This lead to excessive log spam. Downgrade this to a debug log and only try to determine the name once.
- Fixes an issue where the profiler was allocating too much memory from
ensure_binary_or_empty()function, on Python versions before 3.12, withDD_PROFILING_EXPORT_LIBDD_ENABLEDorDD_PROFILING_TIMELINE_ENABLED. - Fixes an issue where the sample pool could deadlock after
fork()by clearing it in the child process. - When a Python thread finishes, this change frees memory used for mapping its thread id to
Span. The mapping is populated and used whenDD_PROFILING_ENDPOINT_COLLECTION_ENABLEDandDD_PROFILING_STACK_V2_ENABLEDwere set to enable grouping of profiles for endpoints.
-
Tracing
- pymongo: Adds type checking to solve an issue where
NoneTypeinstead of expectedPinobject would throw an error inTracedTopologymethod.
- pymongo: Adds type checking to solve an issue where