1.42.0

Components

Application Security Management (IAST)

• Limit the visiting of objects for Trust Boundary Violation (#7847 - @manuel-alvarez-alvarez)
• 🐛 Update header injection exclusions (reduce false positives) (#7821 - @manuel-alvarez-alvarez)
• 🐛 Ensure vulnerabilities are reported with taintable values (#7801 - @manuel-alvarez-alvarez)
• Expand SSRF support in IAST to apache-httpclient, commons-httpclient and okhttp (#7792 - @Mariovido)
• 🐛 Fix String subsequence taint tracking bug (#7778 - @jandro996)
• Attach stacktrace to IAST vulnerabilities (#7757 - @jandro996)

Application Security Management (WAF)

• Update ASM rules to 1.13.2 (#7844 - @ValentinZakharov)
• Update ASM rules to 1.13.1 (#7831 - @ValentinZakharov)
• ✨ Upgrade to libddwaf 1.20.1 (libddwaf-java 11.1.0) (#7828 - @ValentinZakharov)
• Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)

Build & Tooling

• Remove hadoop from the denylist (#7866 - @andrewlock)

Configuration at Runtime

• 🐛 Fix remote config update operation (#7856 - @ValentinZakharov)
• ✨🔍 Fix relying on configId for remote config log level tracer flare change (#7788 - @cecile75)

Continuous Integration Visibility

• Add codeowners tag to test suites (#7861 - @daniel-mohedano)
• 🐛 Fix skippable tests request in headless mode (#7860 - @nikita-tkachenko-datadog)
• 🐛 Fix code coverage percentage reporting for Android projects (#7815 - @nikita-tkachenko-datadog)
• Lower log level for duplicate repo index keys warning (#7814 - @nikita-tkachenko-datadog)
• 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7793 - @nikita-tkachenko-datadog)
• 🐛 Fix automatic coverage includes calculation for headless test sessions (#7784 - @nikita-tkachenko-datadog)
• 🐛 Fix Jacoco coverage exclusion (#7783 - @nikita-tkachenko-datadog)
• 🐛 Fix module name detection for headless sessions (#7779 - @nikita-tkachenko-datadog)

Database Monitoring

• Add _dd.dbm_trace_injected tag to SQL Server prepared statements (#7863 - @nenadnoveljic)
• Add DBM_TRACE_INJECTED tag to SQL Server (#7849 - @nenadnoveljic)

Dynamic Instrumentation

• Make SymDB upload enabled by default for DI (#7869 - @jpbempel)
• Fix Where conversion for CodeOrigin probes (#7858 - @jpbempel)
• Add compression support for SymDB paylods (#7851 - @jpbempel)
• Split SymDB payload when too large (#7838 - @jpbempel)
• Add retry policy for uploading requests to agent (#7824 - @jpbempel)
• ⚡ Avoid exception when capturing fields in jdk16+ (#7774 - @jpbempel)

JMX fetch

• Bump JMXFetch to 0.49.5 (#7853 - @carlosroman)

Profiling

• Do not force-disable TLAB allocation events on JDK 8 (#7878 - @jbachorik)
• Bump ddprof to 1.16.0 (#7871 - @jbachorik)
  • Improve robustness of the crash signal handler by @jbachorik in DataDog/java-profiler#134
  • Remove a looping allocation when updating threads by @r1viollet in DataDog/java-profiler#135
  • Add a fail-safe when we encounter double-exit from crash handler by @jbachorik in DataDog/java-profiler#138
  • Crash handler recursion protection - Fix by @r1viollet in DataDog/java-profiler#139
  • Split java version to 'java version' and 'hotspot version' by @jbachorik in DataDog/java-profiler#142
  • Do not patch jmethodIDs for newer than JDK 8 by @jbachorik in DataDog/java-profiler#148
• Delay queue time rate limiting until event is committed (#7867 - @richardstartin)
• 🐛 Apply rate limit to queue events (#7823 - @richardstartin)
• Unwrap netty writetask (#7822 - @richardstartin)
• ✨⚡ Introduce aggregated smap events (enabled by default) (#7820 - @MattAlp)

Telemetry

• 🐛 Fix telemetry logs default flag (#7833 - @smola)

Tracer core

• 🐛 Prevent NPE setting null span baggage (#7848 - @PerfectSlayer)
• Widen catch blocks to make agent discovery more tolerant (#7796 - @mcculls)
• Fall back to ports when we cannot use auto-discovered unix domain sockets (#7794 - @mcculls)
• Improve isolation of embedded JFFI dependency (#7789 - @mcculls)
• ✨ Support DD_TRACE_<INTEGRATION>_ENABLED (#7718 - @mtoffl01)
• ✨⚠️ Add support for TRACE_HTTP_CLIENT_TAG_QUERY_STRING and change default value of HTTP_CLIENT_TAG_QUERY_STRING to true (#7677 - @mhlidd)
• Propagate AppSec blocking exceptions from bytebuddy supressions (#7516 - @manuel-alvarez-alvarez)

Instrumentations

Apache Spark instrumentation

• 🐛 Fix default value for long-running spans with DJM (#7795 - @paul-laffon-dd)
• Support for kafka lag metrics in spark streaming applications (#7474 - @kr-igor)

AWS SDK instrumentation

• ✨ Extract AWS payload tags (#7811 - @ygree)

JAX-WS instrumentation

• Add Jakarta WebService Instrumentation (#7854 - @jordan-wong)

JDBC instrumentation

• 🐛 Avoid metadata access in driver connect advice for Oracle sharded connections (#7812 - @mcculls)
• 🐛 Do not parse DBInfo when no connection (#7800 - @amarziali)

Kafka instrumentation

• Enabled kafka-clients 3.8+ by default (#7818 - @nayeem-kamal)

Lettuce instrumentation

• ✨ Support lettuce 6.5 (#7876 - @amarziali)

Reactor instrumentation

• ✨ Support reactor context span propagation (#7864 - @amarziali)

Other changes

1.41.2

Components

Build & Tooling

• 🐛 Remove hadoop from the denylist (#7868 - @andrewlock)

1.41.1

Components

Continuous Integration Visibility

• 🐛 Fix automatic coverage includes calculation for headless test sessions (#7809 - @nikita-tkachenko-datadog)
• 🐛 Fix Jacoco coverage exclusion (#7808 - @nikita-tkachenko-datadog)
• 🐛 Fix module name detection for headless sessions (#7807 - @nikita-tkachenko-datadog)
• 🐛 Throw exception when using repo index to resolve source path for classes with identical names (#7806 - @nikita-tkachenko-datadog)

Instrumentations

Apache Spark instrumentation

• 🐛 Fix default value for long-running spans with DJM (#7810 - @paul-laffon-dd)

1.41.0

Components

Application Security Management (IAST)

• 🐛 Limit the collections that the iast visitor can handle (#7764 - @manuel-alvarez-alvarez)
• Add taint propagation to the String indent method (#7707 - @Mariovido)
• Add propagation to String strip methods (#7684 - @Mariovido)

Application Security Management (WAF)

• ⚡ Prevent publishing the same usr.id to the WAF twice (#7699 - @manuel-alvarez-alvarez)
• ✨ Ensure 'attempt to replace context value' logs are set to debug (#7698 - @manuel-alvarez-alvarez)
• Add support for waf_timeout tag in telemetry (#7696 - @jandro996)

Build & Tooling

• ✨ Enable Single Step Instrumentation Guardrails (#7568 - @PerfectSlayer)

Continuous Integration Visibility

• Ensure test session trace ID and span ID are the same (#7747 - @nikita-tkachenko-datadog)
• Update bundled Jacoco version (#7736 - @nikita-tkachenko-datadog)
• Revert HTTP client sharing in CI Vis components (#7734 - @nikita-tkachenko-datadog)
• Trace Maven and Gradle build tasks (#7721 - @nikita-tkachenko-datadog)
• Trace setup and teardown operations in JUnit 5 (#7714 - @nikita-tkachenko-datadog)
• Propagate module context from build system process to child JVM processes (#7710 - @nikita-tkachenko-datadog)

Crash tracking

• 🐛 Fix crashtracking log parser (#7697 - @PerfectSlayer)

Data Streams Monitoring

• Add avro schema object extraction (#7712 - @ericfirth)
• ⚡ Improve data streams performance (#7749 - @piochelepiotr)

Dynamic Instrumentation

• 🐛 Fix hoisting local vars for Kotlin code (#7758 - @jpbempel)
• Fix mixed local vars for suspend funs in Kotlin (#7748 - @jpbempel)
• Rename the DebuggerProbe to TriggerProbe (#7737 - @evanchooly)
• 🐛 Fix Where signature (#7735 - @jpbempel)
• Update signatures to match symDB format (#7723 - @evanchooly)
• Update the config parameter name to enable code origin (#7695 - @evanchooly)

Telemetry

• Add support for waf_timeout tag in telemetry (#7696 - @jandro996)

Testing

• Pin pubsub emulator docker version (#7767 - @amarziali)

Tracer core

• Avoid emission of endpoint events for client and producer root spans (#7732 - @richardstartin)
• ✨ Add support for TRACE_HTTP_CLIENT_ERROR_STATUSES (#7694 - @mhlidd)
• ✨ Remove version metadata for non DD_SERVICE spans (#7661 - @mhlidd)

Tracer public API

• ✨ Add support for TRACE_HTTP_SERVER_ERROR_STATUSES (#7716 - @mhlidd)

Instrumentations

Core Java language instrumentation

• Add taint propagation to the String indent method (#7707 - @Mariovido)
• Add propagation to String strip methods (#7684 - @Mariovido)

Eclipse Vert.x instrumentation

• 🐛 Avoid NPE on vertx end advice when parent span is not available (#7775 - @amarziali)

EventBridge instrumentation

• 💡 Inject trace context into EventBridge detail (#7613 - @nhulston)

gRPC instrumentation

• ✨⚠️ Disable grpc client message span by default (#7708 - @amarziali)

JDBC instrumentation

• 🐛 Append comment on MySQL JDB callables (#7742 - @sethsamuel)
• ✨ Add Hikari Pool Name tag (#7672 - @jordan-wong)

Kafka instrumentation

• Support Kafka-clients 3.8+ (#7626 - @nayeem-kamal)

Micronaut instrumentation

• Update Gradle dependencies and support micronaut 4.7.0 (#7759 - @github-actions[bot])

Protocol Buffer instrumentation

• Fix schema tracking for nested messages (#7690 - @piochelepiotr)
• 🐛 Remove dependency on abstract message in schema extractor (#7260 - @piochelepiotr)

Reactor instrumentation

• ✨ Add proper context propagation for reactive streams (#7644 - @amarziali)

All other instrumentations

• 🐛 Finish spans for all handlers for Grizzly http client (#7772 - @amarziali)

1.40.2

Components

Application Security Management (IAST)

• 🐛 Limit the collections that the iast visitor can handle (#7768 - @manuel-alvarez-alvarez)

Continuous Integration Visibility

• Update bundled Jacoco version (#7769 - @nikita-tkachenko-datadog)

Instrumentations

JDBC instrumentation

• 🐛 Append comment on MySQL JDBC callables (#7771 - @sethsamuel )

1.40.1

Components

Application Security Management (WAF)

• ⚡ Prevent publishing the same usr.id to the WAF twice (#7709 - @manuel-alvarez-alvarez)
• ✨ Ensure 'attempt to replace context value' logs are set to debug (#7705 - @manuel-alvarez-alvarez)

Crash tracking

• 🐛 Fix crashtracking log parser (#7703 - @PerfectSlayer)

1.40.0

Components

Application Security Management (IAST)

• ✨ Send IAST vulnerability secure marks to backend (#7645 - @jandro996)
• 🧹 Remove dependency with thread locals in jersey IAST instrumentation (#7619 - @manuel-alvarez-alvarez)
• 🐛 Fix jackson json parser propagation for field names (#7606 - @Mariovido)
• Add XSS support for Velocity (#7546 - @Mariovido)
• Add XSS support for Freemarker prior 2.3.24-incubating (#7497 #7532 - @Mariovido)

Application Security Management (WAF)

• 🐛 Fixed closing WAF context (#7681 - @ValentinZakharov)
• ✨ Reduce log level for "WAF object had not been closed" (#7657 - @smola)
• 🐛 Update libsqreen library to 11.0.1 fixing fingerprint generation (#7655 - @manuel-alvarez-alvarez)
• 🐛 Fix NullPointerException in RASP metrics (#7654 - @smola)
• ✨ Add support for user tracking in spring security (#7633 - @manuel-alvarez-alvarez)
• ⚡ Short circuit for WAF/RASP calls (#7630 - @ValentinZakharov)
• ✨ Add support for session fingerprints to the WAF (#7591 - @manuel-alvarez-alvarez)
• 🐛 Fix Exploit Prevention capability announcement on remote config (#7586 - @smola)
• 🧹 Extract EventTracker logic to the appsec module (#7554 - @manuel-alvarez-alvarez)
• Add LFI exploit prevention support (#7487 - @jandro996)

Continuous Integration Visibility

• Use remote service to get CI provider info when configured to do so (#7689 - @nikita-tkachenko-datadog)
• ✨ Add CPU count tag to Test Visibility events (#7659 - @nikita-tkachenko-datadog)
• 🐛 Fix tracing skipped suites in MUnit 1.0.1 (#7605 - @nikita-tkachenko-datadog)
• Add pull_request extra tags for GitHub Actions (#7604 - @nikita-tkachenko-datadog)
• Set test session name on test/suite/module/session events (#7603 - @nikita-tkachenko-datadog)
• ITR code coverage support (#7367 - @nikita-tkachenko-datadog)

Dynamic Instrumentation

• Update Code Origin span tags (#7685 - @shatzi)
• Fix duplicated locals with arguments (#7683 - @jpbempel)
• 🐛 Fix number typing used in maps (#7676 - @jpbempel)
• 🐛 Fix evaluation errors sampling (#7656 - @jpbempel)
• Fix message for snapshots with evaluation errors (#7653 - @jpbempel)
• ✨ Add File and Path as string primitive (#7652 - @jpbempel)
• Refactor DI startup to make Exception Replay can be started up alone (#7648 - @jpbempel)
• Add Exception Replay config parameters (#7647 - @jpbempel)
• Add support of spring boot nested jar for SymDB (#7635 - @jpbempel)
• Fix local var hoisting (#7624 - @jpbempel)
• Implement the DebuggerProbe (#7588 - @evanchooly)
• ✨ Add support for Optional(Int|Double|Long) (#7581 - @jpbempel)
• Add exception_hash tag for span (#7574 - @jpbempel)
• ✨ Add watches support through probe tags (#7573 - @jpbempel)
• 🐛 Fix span decoration probe EMITTING status (#7569 - @jpbempel)
• 🐛 Add git commit sha and repostiory url in snapshot (#7566 - @jpbempel)
• ✨ Send telemetry log when Probe status queue is full (#7557 - @jpbempel)
• ✨ Add collection of local var for method probe (#7548 - @jpbempel)
• Add smoke test for Exception Replay (#7504 - @jpbempel)

GraalVM native-image

• 🐛 Enable profiling startForceFirst silently for native image builds (#7555 - @MattAlp)

Profiling

• Bump profiler to 1.15.0 (#7682 - @MattAlp)
• 🐛 delay closing profiling state when scope reference count > 1 (#7639 - @richardstartin)
• Add JFR queuetime threshold to recording settings (#7609 - @richardstartin)
• 🐛 Enable profiling startForceFirst silently for native image builds (#7555 - @MattAlp)
• ✨ Improves info around smap parsing success/failure (#7461 - @MattAlp)

Telemetry

• Improved stack trace reporting via telemetry (#7632 - @ValentinZakharov)
• ✨ Enable telemetry logs by default (#7631 - @smola)

Tracer core

• ✨ Mute internal process start (#7572 - @PerfectSlayer)

Tracer internal logging

• Improved stack trace reporting via telemetry (#7632 - @ValentinZakharov)

Instrumentations

Akka instrumentation

• ✨ Add akka-http client 10.6+ support (#7680 - @amarziali)

Apache Spark instrumentation

• ✨ Add spark.stage details attribute at the end of the stage (#7608 - @paul-laffon-dd)

AWS Lambda instrumentation

• ✨ Parse 128 bit trace Id retuned by lambda extension (#7620 - @agocs)

Eclipse Vert.x instrumentation

• 🐛 Vertx: wrap internal routes to let the context propagate for blocking handlers (#7563 - @amarziali)

GraphQL instrumentation

• 🐛 prevent errors when dealing with MinimalStage in graphql (#7560 - @vandonr)

gRPC instrumentation

• make it possible to disable gRPC message spans (#7642 - @richardstartin)

JDBC instrumentation

• ✨ Add support for Intersystems IRIS jdbc driver (#7607 - @amarziali)

OpenTelemetry instrumentation

• ✨ Support addEvent Otel API (#7408 - @mtoffl01)

Reactor instrumentation

• Test Reactor Core latest versions (#7595 - @amarziali)

Redis instrumentation

• 🐛 Make redisson tracing the full request (#7571 - @amarziali)

Spring instrumentation

• 🐛 Spring scheduling: ensure spans have no parent (#7583 - @amarziali)

All other instrumentations

• ✨ Improve context propagation for rxjava1 observables (#7686 - @amarziali)
• ✨ Google PubSub: implement switchable legacy tracing mode (#7564 - @amarziali)
• 🐛 Tibco BW 5: fix child process parentship (#7414 - @amarziali)

1.39.1

Components

Application Security Management (WAF)

• 🐛 Fix Exploit Prevention capability announcement on remote config (#7670 - @smola)
• 🐛 Update libsqreen library to 11.0.1 fixing fingerprint generation (#7669 - @smola)
• 🐛 Fix NPE in RASP metrics (#7668 - @smola)
• ✨ Reduce log level for "WAF object had not been closed" (#7667 - @smola)

Dynamic Instrumentation

• 🐛 Add support of spring boot nested jar for SymDB (#7678 - @jpbempel)

Profiling

• ✨ Bump profiler to 1.15.0 (#7671 - @MattAlp)

1.39.0

Components

Application Security Management (IAST)

• 🐛 Do not skip ErrorReportValve.report in any case (#7489 - @smola)
• ✨ Suppress internal exceptions in tomcat stacktrace leak detection (#7488 - @smola)
• 🐛 Add exclusions for openid4java and seasar frameworks (#7417 - @manuel-alvarez-alvarez)
• Add detection of untrusted deserialization in snakeyaml library (#7406 - @Mariovido)
• ✨ Fix progagation for Untrusted Deserialization vulnerability (#7374 - @Mariovido)
• Map JSP stack traces to file names (#7005 - @jandro996)

Application Security Management (WAF)

• Free AppSecRequestContext resources when the request ends (#7535 - @manuel-alvarez-alvarez)
• 🐛 Make RASP addresses ephemeral (#7529 - @manuel-alvarez-alvarez)
• ✨ Set DD_APPSEC_RASP_ENABLED to true by default (#7528 - @smola)
• 🐛 Fix call depth counter for sqli blocking (#7522 - @ValentinZakharov)
• Enable WAF generate_stack action by default (#7518 - @smola)
• ✨ Remove warning whenever we receive an unknown WAF address (#7482 - @smola)
• Add fingerprint support to the WAF (#7436 - @manuel-alvarez-alvarez)
• Upgrade to AppSec rules v1.13.0 (#7424 - @manuel-alvarez-alvarez)
• Add support for suspicious attacker blocking to appsec (#7401 - @manuel-alvarez-alvarez)
• Exploit prevention for SSRF (in java.net.URL) (#7373 - @manuel-alvarez-alvarez)

Cloud Workload Security (CWS)

• Make cws-tls use the same JNA dependency as instrumentations (#7412 - @bantonsson)

Continuous Integration Visibility

• 🐛 Fix Gradle Daemon process detection (#7524 - @nikita-tkachenko-datadog)
• 🧹 Split Gradle instrumentations into different modules (#7523 - @nikita-tkachenko-datadog)
• 🐛 Implement a fallback method for getting effective JVM for Maven Surefire executions (#7493 - @nikita-tkachenko-datadog)
• 🐛 Fix Cucumber JUnit 4 instrumentation to support empty scenario names (#7470 - @nikita-tkachenko-datadog)
• Implement telemetry and global per-JVM limit for auto test retries (#7458 - @nikita-tkachenko-datadog)
• 🐛 Fix Cucumber JUnit 4 instrumentation to correctly handle feature and scenario names with brackets (#7446 - @nikita-tkachenko-datadog)
• 🐛 Fix Gradle instrumentation to support v8.10 (#7443 - @nikita-tkachenko-datadog)
• 🐛 Fix Maven instrumentation to support command-line plugin goals invocation (#7430 - @nikita-tkachenko-datadog)

Crash tracking

• Make the warning in ScriptInitializer less scary (#7514 - @jbachorik)
• 🧹 Improving crash tracking script initialization error handling (#7427 - @PerfectSlayer)
• 🐛 Fix crash-tracking uploader script overwrite warning (#7386 - @jbachorik)

Data Streams Monitoring

• ⚡ Don't recompute DSM pathway hash for known tags (#7307 - @vandonr)

Database Monitoring

• Full mode for SQL Server (#7186 - @nenadnoveljic)

Dynamic Instrumentation

• 🐛 Fix concurrent modification (#7469 - @jpbempel)
• 🐛 Fix considering directory as jar file (#7459 - @jpbempel)
• ✨ Add exclusion predefined redaction keywords (#7457 - @jpbempel)
• 🐛 fix freeze context only for capturing line probe (#7456 - @jpbempel)
• 🐛 Fix SymDB upload dropped requests (#7442 - @jpbempel)
• ✨ Add protobuf collections as safe ones (#7438 - @jpbempel)
• 🐛 Fix Fingerprinter thread safety (#7429 - @jpbempel)
• 🐛 Add modifiers for extracting symbols (#7420 - @jpbempel)
• ✨ Add support for enum value comparison (#7418 - @jpbempel)

GraalVM native-image

• Avoid RemoteHostnameAdder.config resolution error when building Quarkus native images (#7480 - @mcculls)
• Fix ClassNotFoundException: net.jpountz.lz4.LZ4JavaSafeCompressor when instrumenting Kafka 3.7 with Quarkus native (#7404 - @mcculls)
• Fix unresolved field error when instrumenting Kafka 3.7 with Quarkus native (#7403 - @mcculls)

JMX fetch

• Bump JmxFetch to 0.49.4 (#7501 - @amarziali)

Metrics

• Bump integrations-core submodule to 7.55.3 (#7416 - @mcculls)

Profiling

• Log a warning when profiling enablement is misconfigured. (#7511 - @jbachorik)
• Emit recording setting events for SSI details (#7507 - @jbachorik)
• 🐛 Update ddprof to 1.13.0 (#7471 - @r1viollet)
• Allow subsampling the liveheap profiling data (#7380 - @jbachorik)

Telemetry

• 🔍 Enable telemetry logs for services using AppSec (#7534 - @smola)
• 🔍 Enable telemetry logs for a subset of Java versions (#7475 - @PerfectSlayer)
• Tag span metrics with 'otel.library' when we know it was created by an OTel extension (#7463 - @mcculls)
• ✨ Reduce telemetry log messages per minute to 10 (#7410 - @smola)
• ✨ Add Otel env var telemetry (#7391 - @cecile75)
• ✨ Add telemetry app product change message (#7348 - @jandro996)
• Adding InitializationTelemetry - e.g. guard rails reporting (#7287 - @dougqh)

Trace context propagation

• ✨ Use W3C Trace Context trace ID as parent ID regardless of propagation style order (#7355 - @mtoffl01)

Tracer core

• 🐛 Avoid using stdout to report bootstrapping errors (#7432 - @PerfectSlayer)
• Add _dd.tracer_host to local root spans (#7388 - @amarziali)

Instrumentations

Apache Spark instrumentation

• Allow instrumented Spark trace linked to Openlineage originated context (#7450 - @yiliangzhou)

Armeria Instrumentation

• OpenTelemetry drop-in fixes for Armeria HTTP (#7498 - @mcculls)

AWS SDK instrumentation

• Avoid NullPointerException when publishing SNS messages to phone numbers (#7448 - @mcculls)

gRPC instrumentation

• 🐛 Fix grpc server error mark (#7505 - @amarziali)

JDBC instrumentation

• 🐛 Don't leak calldepth threadlocal on statements (#7472 - @amarziali)
• 🐛 Do not leak call depth threadlocal in jdbc instrumentation (#7468 - @amarziali)
• 🐛 Fix exception handling for SQL Server full mode (#7405 - @nenadnoveljic)
• Full mode for SQL Server (#7186 - @nenadnoveljic)

OpenTelemetry instrumentation

• OpenTelemetry drop-in fixes for Apache Pulsar (#7500 - @mcculls)
• OpenTelemetry drop-in fixes for Apache Dubbo (#7499 - @mcculls)
• OpenTelemetry drop-in fixes for Armeria HTTP (#7498 - @mcculls)
• Tag span metrics with 'otel.library' when we know it was created by an OTel extension (#7463 - @mcculls)
• OpenTelemetry drop-in fixes for r2dbc (#7444 - @mcculls)

All other instrumentations

• OpenTelemetry drop-in fixes for Apache Pulsar (#7500 - @mcculls)
• OpenTelemetry drop-in fixes for Apache Dubbo (#7499 - @mcculls)
• 🐛 Apache http client 4: do not copy all request headers on redirect (#7483 - @amarziali)
• 🐛 Avoid finishing twice a servlet 3 async dispatch span (#7395 - @amarziali)

Other changes

• Bump byte-buddy to 1.14.18 (#7415 - @mcculls)

1.38.1

Components

Application Security Management (IAST)

• 🐛 Add exclusions for openid4java and seasar frameworks (#7423 - @manuel-alvarez-alvarez)

Continuous Integration Visibility

• 🐛 Fix Cucumber JUnit 4 instrumentation to correctly handle feature and scenario names with brackets (#7447 - @nikita-tkachenko-datadog)
• 🐛 Fix Maven instrumentation to support command-line plugin goals invocation (#7431 - @nikita-tkachenko-datadog)

Dynamic Instrumentation

• 🐛 Fix Fingerprinter thread safety (#7434 - @jpbempel)

GraalVM native-image

• 🐛 Fix ClassNotFoundException: net.jpountz.lz4.LZ4JavaSafeCompressor when instrumenting Kafka 3.7 with Quarkus native (#7422 - @mcculls)
• 🐛 Fix unresolved field error when instrumenting Kafka 3.7 with Quarkus native (#7421 - @mcculls)

Tracer core

• 🐛 Avoid using stdout to report bootstrapping errors (#7433 - @PerfectSlayer)
• Add _dd.tracer_host to local root spans (#7426 - @amarziali)

Instrumentations

AWS SDK instrumentation

• 🐛 Avoid NullPointerException when publishing SNS messages to phone numbers (#7449 - @mcculls)

OpenTelemetry instrumentation

• OpenTelemetry drop-in fixes for r2dbc (#7445 - @mcculls)