1.38.0

Potentially Breaking Changes

Warning

When setting up the client library using the Single Step Instrumentation feature (SSI), the library will now check the presence of multiple Java Virtual Machine (JVM) agents and won't install it if is not the only one.
This behavior can be disabled by forcing the injection using the DD_INJECT_FORCE environment variable to TRUE.

Components

Application Security Management (IAST)

• Improve SSRF detection in apache http client (#7359 - @manuel-alvarez-alvarez)
• Add Untrusted Deserialization vulnerability (#7345 - @Mariovido)
• 🐛 Fix session rewriting false positives (#7323 - @jandro996)
• Create new ranges for vulns to prevent GC issues (#7309 - @manuel-alvarez-alvarez)
• Update URI and URL call sites for precise taint tracking (#7299 - @manuel-alvarez-alvarez)

Application Security Management (WAF)

• ✨ Upgrade to libddwaf 1.19.0 (libddwaf-java 10.1.0) (#7369 - @ValentinZakharov)
• Report telemetry metrics for Exploit Prevention (#7314 - @ValentinZakharov)
• Report span metrics for Exploit Prevention (#7273 - @ValentinZakharov)
• Exploit prevention for SQL injection (blocking support) (#7231 - @ValentinZakharov)
• Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)
• Use three modes for auto user id collection: identification (default), anonymization and disabled (#7135 - @manuel-alvarez-alvarez)

Build & Tooling

• Use unified Gitlab pipeline for APM libraries (#7151 - @randomanderson)

Cloud Workload Security (CWS)

• Switch to 128-bit trace ID tracking (#7259 - @spikat)

Configuration at Runtime

• Add remote config support for auto user id collection mode (#7205 - @manuel-alvarez-alvarez)

Continuous Integration Visibility

• 🐛 Fix built-in retries tracking in Karate framework (#7379 - @nikita-tkachenko-datadog)
• 🐛 Fix package resolution for non-Java source files (#7356 - @nikita-tkachenko-datadog)
• 🐛 Fix null JvmInfo exception in Maven instrumentation (#7354 - @nikita-tkachenko-datadog)
• 🐛 Fix tracer freeze when CI Visibility is enabled (#7325 - @nikita-tkachenko-datadog)
• 🐛 Fix Gradle v8.9 instrumentation (#7319 - @nikita-tkachenko-datadog)
• ⚡ Optimize per-test code coverage (#7315 - @nikita-tkachenko-datadog)
• Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)

Crash tracking

• Add severity tag to crash upload (#7375 - @jbachorik)

Data Streams Monitoring

• Separate manual & automatic checkpoints when aggregating (#7351 - @piochelepiotr)
• Add pathway propagation for SNS (#7341 - @nayeem-kamal)
• Add tag to differentiate manually created checkpoints (#7331 - @piochelepiotr)

Dynamic Instrumentation

• Add support for any/all (#7346 - @jpbempel)
• 🐛 Fix exception thrown for distribution metric (#7344 - @jpbempel)
• Add Set support for hasAny/hasAll expression (#7340 - @jpbempel)
• ✨ Extend contains EL expression (#7337 - @jpbempel)
• Fix EL function behavior for null values (#7328 - @jpbempel)
• 🐛 Fix instanceof as predicate for value expression (#7313 - @jpbempel)
• ⚡ Add high rate queue for log template snapshots (#7310 - @jpbempel)
• Fix service version and sanitize tags (#7293 - @ojung)
• Implement debug context propagation to enable live debugging of java applications (#7286 - @evanchooly)
• ⚡ Remove explicit capture of fields (#7282 - @jpbempel)
• ⚡ Move snapshot UUID generation at serialization (#7280 - @jpbempel)
• Serialize restricted collections as regular object (#7274 - @jpbempel)
• Fix mixing log/span decoration probes (#7246 - @jpbempel)

JMX fetch

• Support Websphere JMX admin metrics (#7235 - @amarziali)

Library Injection

• ✨⚠️ Add lib-injection multiple JVM agents guardrails (#7122 - @PerfectSlayer)

Profiling

• Capture the auto-injection related settings in JFR recording (#7317 - @jbachorik)
• Track JVM RSS in JDK 21+ (#7227 - @MattAlp)

Tracer core

• Refactor buffering of pending traces for CI Visibility (#7207 - @nikita-tkachenko-datadog)
• ✨ Add tracer log file to tracer flare when datadog.slf4j.simpleLogger.logFile is NOT defined (#7085 - @cecile75)

Instrumentations

Apache Spark instrumentation

• ✨ Add Parameter to only inject data jobs for particular java commands (#7366 - @paul-laffon-dd)
• Add shutdown hook to finish the spark application trace (#7357 - @paul-laffon-dd)
• Use spark application name when service is set to hadoop (#7294 - @paul-laffon-dd)

AWS SDK instrumentation

• 🐛 Fix parsing of binary datadog headers in SQS (#7324 - @vandonr)
• 🐛 Remove binary _datadog attribute if present in JMS SQS instrumentation to avoid crash (#7283 - @vandonr)

GraphQL instrumentation

• 🐛 Fix advices for GraphQl 22+ (#7295 - @amarziali)

Jetty instrumentation

• 💡 Support jetty client 12 (#7305 - @amarziali)

Spring instrumentation

• 🐛 Rollback wrapping of runnables on each schedule for Spring Scheduling (#7290 - @amarziali)

All other instrumentations

• ✨ Fetch uri information correctly when httphost argument is null (#7276 - @abagavat - thanks for the contribution!)

1.37.1

Components

Continuous Integration Visibility

• 🐛 Fix Gradle v8.9 instrumentation (#7336 - @nikita-tkachenko-datadog)
• 🐛 Fix tracer freeze when CI Visibility is enabled (#7335 - @nikita-tkachenko-datadog)

1.37.0

Components

Application Security Management (WAF)

• 🐛 Add missing appsec propagation tag on appsec events (#7262 - @jandro996)
• 🐛 Set appsec.blocked in local root span (#7251 - @smola)

Continuous Integration Visibility

• 🐛 Fix -DargLine propagation for Maven builds (#7269 - @nikita-tkachenko-datadog)
• Update default versions of DD Javac plugin and Jacoco plugin used by CI Visibility (#7248 - @nikita-tkachenko-datadog)
• 🐛 Fix language detection logic (#7245 - @nikita-tkachenko-datadog)

Crash tracking

• Add support for sending OOME events (#7253 - @jbachorik)

Profiling

• Collapse wall samples by default (#7272 - @richardstartin)
• Add support for 'auto' value in DD_PROFILING_ENABLED (#7264 - @jbachorik)
• Add support for sending OOME events (#7253 - @jbachorik)

Instrumentations

Apache Spark instrumentation

• Capture all spark conf parameter (#7242 - @paul-laffon-dd)

JMS instrumentation

• ✨ Trace JMS Queue and Topic producers when destination is explicit (#7266 - @amarziali)

All other instrumentations

• Add ServiceTalk async context propagation instrumentation (#7241 - @ygree)
• 🧪 Instrument Tibco BusinessWorks 5 and 6 (#7155 - @amarziali)

1.36.0

Components

Application Security Management (IAST)

• Add builder for vulnerability types and fix insecure auth protocol (#7216 - @manuel-alvarez-alvarez)

Application Security Management (WAF)

• Apply appsec rate limiter on event instead of when request end (#7221 - @jandro996)
• Preserve original types before passing data to the WAF (#7220 - @smola)
• Set _dd.p.dm to -5 for IAST and AppSec spans (#7219 - @jandro996)
• Update missing RFC parts for user event tacking (#7213 - @manuel-alvarez-alvarez)
• Upgrade to AppSec rules v1.12.0 (#7192 - @ValentinZakharov)
• Collect and report RASP events (+Stack traces) (#7162 - @ValentinZakharov)
• Add grpc.server.method to WAF addresses with FQN of the grpc method (#7079 - @manuel-alvarez-alvarez)
• Add standalone ASM billing support (#7040 - @jandro996)

Continuous Integration Visibility

• Do not report code coverage for skipped tests (#7244 - @nikita-tkachenko-datadog)
• 🐛 Fix TestNG tracing for parameterized tests that modify parameters (#7226 - @nikita-tkachenko-datadog)
• Add more metrics and tags to CI Visibility telemetry (#7223 - @nikita-tkachenko-datadog)
• 🧹 Replace string constants with a dedicated enum for test statuses (#7218 - @nikita-tkachenko-datadog)
• Ignore exception when trying to remove Git data upload shutdown hook during JVM shutdown (#7204 - @nikita-tkachenko-datadog)
• Do not include system-properties in test session command tag (#7187 - @nikita-tkachenko-datadog)

Data Streams Monitoring

• Add Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)

Dynamic Instrumentation

• 🐛 Fix debugger batch upload URL when using UDS (#7166 - @mcculls)

Metrics

• Bump JMXFetch to 0.49.2 (#6935 - @carlosroman)

Profiling

• Update ddpfrof to 1.9.0 (#7229 - @jbachorik)
• Enable timeline events by default when ddprof disabled (#7224 - @richardstartin)
• Add configuration parameter for GC generation count tracking (#7210 - @jbachorik)

Testing

• Fix spring-messaging tests (#7157 - @amarziali)

Tracer internal logging

• 🐛 Start Datadog appender when doing agentless log submission for Log4j2 (#7160 - @nikita-tkachenko-datadog)
• Support DD_LOG_LEVEL (#7159 - @mcculls)

Instrumentations

AWS SDK instrumentation

• 🐛 Do not modify readonly message attributes map on SNS integration (#7150 - @vandonr)

Kafka instrumentation

• 🐛 Fix NPE when kafka consumer info is not available (#7190 - @amarziali)

OpenTelemetry instrumentation

• Improve config mapping for OpenTelemetry extensions (#7193 - @mcculls)
• Map OpenTelemetry environment variables to their Datadog equivalents (#7184 - @mcculls)
• Add more tests about OpenTelemetry attributes conventions (#7163 - @PerfectSlayer)
• Map OpenTelemetry muzzle references to Datadog equivalent (#7142 - @mcculls)
• Map OpenTelemetry VirtualField to Datadog ContextStore (#7129 - @mcculls)

All other instrumentations

• Avro instrumentation for schema tracking (#7236 - @nayeem-kamal)
• 🐛 Fix Protobuf schema sampling logic (#7197 - @piochelepiotr)
• Support graphql 22 (#7176 - @amarziali)

1.35.2

Components

Application Security Management (IAST)

• 🐛 Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)

Dynamic Instrumentation

• 🐛 Fix debugger batch upload URL when using UDS (#7167 - @mcculls)

Tracer internal logging

• Support DD_LOG_LEVEL (#7169 - @mcculls)

Instrumentations

AWS SDK instrumentation

• 🐛 SNS integration: do not modify readonly message attributes map (#7174 - @vandonr)

Kafka instrumentation

• 🐛 Fix NPE when kafka consumer info is not available (#7195 - @amarziali)

OpenTelemetry instrumentation

• Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
• Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
• Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
• Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)

Log4J2 instrumentation

• 🐛 Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)

1.35.1

This patch release was published as 1.35.2

Components

Application Security Management (IAST)

• 🐛 Removed scala converter lambdas and ensure they are added as helpers (#7168 - @manuel-alvarez-alvarez)

Dynamic Instrumentation

• 🐛 Fix debugger batch upload URL when using UDS (#7167 - @mcculls)

Tracer internal logging

• Support DD_LOG_LEVEL (#7169 - @mcculls)

Instrumentations

AWS SDK instrumentation

• 🐛 SNS integration: do not modify readonly message attributes map (#7174 - @vandonr)

Kafka instrumentation

• 🐛 Fix NPE when kafka consumer info is not available (#7195 - @amarziali)

OpenTelemetry instrumentation

• Improve config mapping for OpenTelemetry extensions (#7194 - @mcculls)
• Map OpenTelemetry environment variables to their Datadog equivalents (#7185 - @mcculls)
• Map OpenTelemetry muzzle references to Datadog equivalent (#7172 - @mcculls)
• Map OpenTelemetry VirtualField to Datadog ContextStore (#7171 - @mcculls)

Log4J2 instrumentation

• 🐛 Start Datadog appender when doing agentless log submission for Log4j2 (#7180 - @nikita-tkachenko-datadog)

1.35.0

Known Issues

This release contains a critical bug that may break applications using AWS SNS with immutable message attributes.

To avoid this bug you can either upgrade to v1.35.2, revert to v1.34.0, or turn off the SNS integration with this JVM option
-Ddd.integration.sns.enabled=false or this environment variable DD_INTEGRATION_SNS_ENABLED=false.

Turning off the SNS integration won't change the traces collected, but may cause some SNS traces to become disconnected.

Potentially Breaking Changes

Warning

Enable by default the Spring Boot environment instrumentation that infers the service name to the value of spring.application.name if the user did not provide any DD_SERVICE configuration.
Check #7029 for more details and how to revert it.

Components

Application Security Management (IAST)

• Add XSS support for JSP (#6944 - @jandro996)
• Detect a vulnerability when a default application is deployed (#6885 - @jandro996)

Application Security Management (WAF)

• 🐛 Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
• 🐛 Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
• 🐛 Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
• Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
• Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
• Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
• Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
• Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
• Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)

Build & Tooling

• ✨ Update lib-injection docker image tags (#7057 - @andrewlock)

Cloud Workload Security (CWS)

• 🐛 Fix the cws tracer on systems using musl libc (like alpine) (#7066 - @spikat)

Configuration at Runtime

• ⚡ Only rebuild tracer tags when the remote-config 'tracing_tags' change (#6996 - @mcculls)

Continuous Integration Visibility

• ⚡ Do not gather coverage for skippable tests (#7139 - @nikita-tkachenko-datadog)
• 🐛 Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
• 🐛 Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
• 🐛 Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
• 🐛 Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
• 🐛 Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)
• Implement agentless log submission for Log4j2 (#7082 - @nikita-tkachenko-datadog)

Data Streams Monitoring

• Use backend parameters for histograms (#7050 - @piochelepiotr)
• Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
• Add product tags to each span if products are enabled (#6990 - @kr-igor)
• Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)

Database Monitoring

• Apply configured service name mapping to DBM-injected dddbs (#7064 - @vandonr)

Dynamic Instrumentation

• 🐛 Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
• Remove too generic redaction keywords (#7117 - @jpbempel)
• 🐛 Fix line probe in method with inline lambdas (#7099 - @jpbempel)
• Report exception when deserializing config (#7092 - @jpbempel)
• Add option to limit number of frames captured (#7083 - @jpbempel)
• Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
• 🐛 Fix short circuiting of boolean expressions (#7060 - @jpbempel)
• Add EXCEPTION_REPLAY_ENABLED config token (#7054 - @jpbempel)
• 🐛⚡ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
• ✨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
• 🔍 Add fingerprint info into Tracer flare (#7043 - @jpbempel)
• 🐛⚡ Fix expensive folding only in debug level (#7042 - @jpbempel)
• Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
• Remove debug log on sampling (#7021 - @jpbempel)
• 🐛 Fix support of literals in Expression Language (#7018 - @jpbempel)
• Fix log level and message for SymDB extraction (#7016 - @jpbempel)
• 🐛 Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
• Filter out Errors for Exception Debugging (#6997 - @jpbempel)
• Add support of Set in Expression Language (#6992 - @jpbempel)

GraalVM native-image

• Relocate JCTools (#7004 - @luneo7 - thanks for the contribution!)

Metrics

• Bump java-dogstatsd-client to 4.4.0 (fix potential file-descriptor leak) (#7089 - @mcculls)

OpenTracing

• Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
• Bumps opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)

Profiling

• 🔍 Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
• Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
• 🐛 Fix the ddprof safety check (#7037 - @jbachorik)
• Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)

Telemetry

• Report updated trace.sampling.rules to telemetry (#7106 - @mcculls)
• Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
• Adding support for reporting remote config id (#7012 - @stanistan)
• ✨ Add log file if size is not too big (#6993 - @cecile75)

Trace context propagation

• Encode the last seen Datadog span ID within tracestate (#7067 - @am312)

Tracer core

• 🔍 Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
• Preserve unix: agent URLs (#7094 - @mcculls)
• Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
• Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
• Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
• 💡 Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
• Implement span origin for JVM applications (#7001 - @evanchooly)
• Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)

Instrumentations

AWS SDK instrumentation

• Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)

Core Java language instrumentation

• ✨ Disable URL instrumentation by default (#7073 - @mcculls)
• ✨🧹 Improve loom features support (#7045 - @PerfectSlayer)

gRPC instrumentation

• Extend gRPC context propagation into WriteQueue, add queue timing to WriteQueue commands (#7110 - @richardstartin)

JDBC instrumentation

• Add extra connection params as tags for JDBC statements (#7055 - @kr-igor)

Kafka instrumentation

• Add Kafka poll span when DSM is enabled (#6969 - @piochelepiotr)

Micronaut instrumentation

• Support micronaut 4.x (#7035 - @amarziali)

Netty instrumentation

• 🐛 Don't always finish parent span in Netty client (#7126 - @amarziali)

OpenTelemetry instrumentation

• Ensure manually created OpenTelemetry spans are compliant with trace metrics (#7138 - @mcculls)
• Support custom OpenTelemetry context (#7118 - @mcculls)
• ⚡ Avoid creating unnecessary OtelSpanContext… (#7116 - @mcculls)
• Track OpenTelemetry propagated context (#7114 - @mcculls)
• Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)

Spring instrumentation

• ⚠️ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)

Other changes

1.35.0-RC1

Warning

This is a release candidate and is not intended for use in production.
Please open an issue regarding any problems in this release candidate.

Components

Application Security Management (IAST)

• Add XSS support for JSP (#6944 - @jandro996)
• Detect a vulnerability when a default application is deployed (#6885 - @jandro996)

Application Security Management (WAF)

• 🐛 Fix HandleVisitor instrumentation for jetty >= 11.16.0 (avoids logged error) (#7100 - @manuel-alvarez-alvarez)
• 🐛 Fix IP denylist parsing when expiration date does not fit an integer (#7097 - @smola)
• 🐛 Prevent AppSec context from being closed more than once on partial flush (#7059 - @smola)
• Added support for SQLi exploit prevention (#7051 - @ValentinZakharov)
• Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
• Collect WAF headers on user sdk events (#7014 - @manuel-alvarez-alvarez)
• Collect common WAF request header values by default (#7010 - @manuel-alvarez-alvarez)
• Always collect accept, content-type and user-agent when appsec is enabled (#7009 - @manuel-alvarez-alvarez)
• Upgrade to libddwaf 1.18.0 (libddwaf-java 10.0.0) (#7006 - @ValentinZakharov)

Build & Tooling

• ✨ Update lib-injection docker image tags (#7057 - @andrewlock)

Cloud Workload Security (CWS)

• 🐛 Fix the cws tracer on systems using musl libc (like alpine) (#7066 - @spikat)

Configuration at Runtime

• ⚡ Only rebuild tracer tags when the remote-config 'tracing_tags' change (#6996 - @mcculls)

Continuous Integration Visibility

• Fix 'polynomial regular expression used on uncontrolled data' vulnerability in Git config parsing logic (#7053 - @nikita-tkachenko-datadog)
• 🐛 Do not transform Mockito-generated classes (#7048 - @nikita-tkachenko-datadog)
• 🐛 Fix JUnit 4 integration to support PowerMock (#7046 - @nikita-tkachenko-datadog)
• 🐛 Fix Gradle instrumentation: do not fail if Jacoco excluded CL list is immutable (#7044 - @nikita-tkachenko-datadog)
• 🐛 Fix instrumentation for legacy JUnit 3.8 tests (#7041 - @nikita-tkachenko-datadog)

Database Monitoring

• 🐛 Apply configured service name mapping to DBM-injected dddbs (#7064 - @vandonr)

Data Streams Monitoring (DSM)

• Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)
• Tag every span with the product tag if it is enabled (#7011 - @kr-igor)
• Add product tags to each span if products are enabled (#6990 - @kr-igor)

Dynamic Instrumentation

• 🐛 Ensure locals are in scope when generating metrics (#7121 - @jpbempel)
• Remove too generic redaction keywords (#7117 - @jpbempel)
• 🐛 Fix line probe in method with inline lambdas (#7099 - @jpbempel)
• Report exception when deserializing config (#7092 - @jpbempel)
• Add option to limit number of frames captured (#7083 - @jpbempel)
• Add circuit breaker for Exception Debugging (#7074 - @jpbempel)
• 🐛 Fix short circuiting of boolean expressions (#7060 - @jpbempel)
• Add EXCEPTION_REPLAY_ENABLED config token (#7054 - @jpbempel)
• 🐛⚡ Fix perf issue when accessing fields by reflection (#7052 - @jpbempel)
• ✨ Add Throwable capturing fields support for JDK16+ (#7047 - @jpbempel)
• 🔍 Add fingerprint info into Tracer flare (#7043 - @jpbempel)
• 🐛⚡ Fix expensive folding only in debug level (#7042 - @jpbempel)
• Protect Map and Set accesses to be only in-memory (#7032 - @jpbempel)
• Remove debug log on sampling (#7021 - @jpbempel)
• 🐛 Fix support of literals in Expression Language (#7018 - @jpbempel)
• Fix log level and message for SymDB extraction (#7016 - @jpbempel)
• 🐛 Fix ArrayIndexOutOfBoundsException in adjustLocalVarsBasedOnArgs (#7013 - @jpbempel)
• Filter out Errors for Exception Debugging (#6997 - @jpbempel)
• Add support of Set in Expression Language (#6992 - @jpbempel)

GraalVM native-image

• Relocate JCTools (#7004 - @luneo7 - thanks for the contribution!)

Metrics

• Bump java-dogstatsd-client to 4.4.0 (fix potential file-descriptor leak) (#7089 - @mcculls)

OpenTracing

• Add a TracingFactory (since opentracing-tracerresolver 0.1.5) which resolves our tracer (#7102 - @mcculls)
• Bump opentracing-tracerresolver to 0.1.6 (#7093 - @fedefernandez - thanks for the contribution!)

Profiling

• 🔍 Add detailed debug logging for tracing/profiler context integration (#7115 - @richardstartin)
• Emit rate limited JFR events when RejectedExecutionHandlers run (#7076 - @richardstartin)
• 🐛 Fix the ddprof safety check (#7037 - @jbachorik)
• Upgrade ddprof to 1.7.0 (#7033 - @richardstartin)
• Extend gRPC context propagation into WriteQueue, add queue timing to WriteQueue commands (#7110 - @richardstartin)

Telemetry

• Report updated trace.sampling.rules to telemetry (#7106 - @mcculls)
• Enable telemetry logs for IAST, CI Visibility and Dynamic Instrumentation users (#7017 - @smola)
• Adding support for reporting remote config id (#7012 - @stanistan)
• ✨ Add log file if size is not too big (#6993 - @cecile75)

Tracer core

• 🔍 Improve agentServiceCheck to handle scenarios where the tracer is configured to use UDS (#7098 - @mcculls)
• Preserve unix: agent URLs (#7094 - @mcculls)
• Move backend communication logic to common module (#7081 - @nikita-tkachenko-datadog)
• Bump byte-buddy to 1.14.16 (#7077 - @mcculls)
• Add support for meta_struct field in API v4 (#7031 - @manuel-alvarez-alvarez)
• 💡 Support loading trace extensions from a comma-separated list of jars, or directories containing jars (#7030 - @mcculls)
• Implement span origin for JVM applications (#7001 - @evanchooly)
• Add tracer log file to tracer flare if datadog.slf4j.simpleLogger.logFile is defined (#6999 - @cecile75)

Instrumentations

AWS SDK instrumentation

• Add aws sns instrumentation for AWS lambda (#6908 - @joeyzhao2018)

Core Java language instrumentation

• ✨ Disable URL instrumentation by default (#7073 - @mcculls)
• ✨🧹 Improve loom features support (#7045 - @PerfectSlayer)

JDBC instrumentation

• Extra connection params as tags for JDBC statements (#7055 - @kr-igor)

Kafka instrumentation

• Add poll span for kafka when DSM is enabled (#6969 - @piochelepiotr)

Micronaut instrumentation

• Support micronaut 4.x (#7035 - @amarziali)

Netty instrumentation

• 🐛 Don't finish parent span when instrumenting a client (#7126 - @amarziali)

OpenTelemetry instrumentation

• Support custom OpenTelemetry context (#7118 - @mcculls)
• ⚡ Avoid creating unnecessary OtelSpanContext when extracting context from OTel wrapper around Datadog span (#7116 - @mcculls)
• Track OpenTelemetry propagated context (#7114 - @mcculls)
• Runtime drop-in support for OpenTelemetry instrumentations (#7086 - @mcculls)

Spring instrumentation

• ⚠️ Enable spring boot service name detection from spring.application.name (#7029 - @amarziali)

1.34.0

Components

Application Security Management (IAST)

• Report servlet misconfiguration vulnerabilities with opt-out configuration (#6970 - @jandro996)
• ⚡ Only enable byte[] or char[] call sites in full detection mode (#6960 - @manuel-alvarez-alvarez)
• 🔍 Report via telemetry if _dd.iast.json tag exceeds max tag size (#6930 - @jandro996)
• Add environment variable to activate SCA (#6902 - @jandro996)
• 🐛 Add option to disable IAST instrumenter for anonymous classes (#6898 - @manuel-alvarez-alvarez)
• 🧹 Refactor propagation module with APIs for strings and objects (#6820 - @manuel-alvarez-alvarez)

Application Security Management (WAF)

• Exclude non username and password authentication from user tracking (#6995 - @manuel-alvarez-alvarez)
• Skip auto user events when sign-up logic fails (#6964 - @manuel-alvarez-alvarez)

Configuration

• Add single parameter dd.data.jobs.enabled to enable DJM (#6972 - @paul-laffon-dd)

Configuration at Runtime

• 💡 Accept trace sampling rules via remote-config (#6987 - @mcculls)

Continuous Integration Visibility

• 🐛 Flush on tracer close if CI Visibility enabled (#6985 - @nikita-tkachenko-datadog)
• 🐛 Fix Selenium instrumentation to avoid trying to set cookies for about:blank and other similar pages (#6973 - @nikita-tkachenko-datadog)
• 🐛 Do not trace processes spawned by internal shell command executor (#6927 - @nikita-tkachenko-datadog)
• 🐛 Fix CI Visibility Gradle plugin to be compatible with Gradle build scans (#6913 - @nikita-tkachenko-datadog)

Data Streams Monitoring (DSM)

• Set DSM checkpoints for S3 put / get operations (#6859 - @kr-igor)

Dynamic Instrumentation

• Capture exception snapshots only once an hour (#6983 - @jpbempel)
• Consolidate PII redaction keys for all libraries. (#6980 - @shurivich)
• Add coordinated sampling for Exception Debugging (#6974 - @jpbempel)
• Only capture stacktrace for snapshot probes (#6955 - @jpbempel)
• Optimize Redaction detection when capturing values (#6947 - @jpbempel)
• Integrate initial list of third party libraries (#6928 - @ojung)

OpenTracing

• Process 'sampling.priority' tags (#6971 - @mcculls)

Profiling

• Upgrade to ddprof 1.5.0 (#6978 - @richardstartin)
  • Remove unnecessary cache for custom context encodings by @richardstartin in DataDog/java-profiler#86
  • Prevent race condition in LivenessTracker by @jbachorik in DataDog/java-profiler#88
  • Drop bad queue time events by @richardstartin in DataDog/java-profiler#89
  • Trust ticks parameters by @richardstartin in DataDog/java-profiler#90
• Make tasks wrapped by grpc-context unwrappable (#6977 - @richardstartin)
• Use real time threshold for queue times (#6976 - @richardstartin)
• Unwrap akka TaskInvocation and scala CallbackRunnable (#6975 - @richardstartin)
• Ensure time waiting for CyclicBarrier and CountDownLatch is eligible for wallclock profiling (#6941 - @richardstartin)

Testing

• Add test set for tomcat 11 (#6966 - @amarziali)

Tracer core

• 💡 Adding sampling provenance/mechanism to SamplingRules (#6989 - @dougqh)
• ⚡ Check target super-class implements FieldBackedContextAccessor before delegating to it (#6950 - @mcculls)
• 🧪 Support deferred matching and transformation for particular class-loaders (#6887 - @mcculls)
• Add enabledProducts tag to all spans (APM / DSM / DJM) (#6967 - @kr-igor)

Instrumentations

Akka instrumentation

• Anwrap akka TaskInvocation and scala CallbackRunnable (#6975 - @richardstartin)

Apache Spark instrumentation

• Increase spark listener max collection size (#6979 - @paul-laffon-dd)
• Finish pyspark-shell trace using SparkListenerApplicationEnd (#6956 - @paul-laffon-dd)
• Add logs on datadog spark listener lifecycle (#6943 - @paul-laffon-dd)

OpenTelemetry instrumentation

• Process 'sampling.priority' tags (#6971 - @mcculls)

Protobuf Instrumentation

• Instrument Google protobuf serialization/deserialization (#6865 - @piochelepiotr)

Scala instrumentation

• Unwrap akka TaskInvocation and scala CallbackRunnable (#6975 - @richardstartin)

Other changes

• Remove sampling_rules from StatusLogger (#7003 - @bm1549)

1.33.0

Components

Application Security Management (IAST)

• Admin Console Active vulnerability hash calculation (#6897 - @jandro996)
• Remove deduplication for session rewriting vulnerability report (#6895 - @jandro996)
• Exclude oracle.j2ee from vulnerability locations (#6888 - @smola)
• Add directory listing support to WEBLOGIC, WEBSPHERE and JETTY (#6871 - @jandro996)
• Detect Tomcat's host manager tomcat application as admin console (#6867 - @jandro996)
• Add session rewriting detection (#6692 - @jandro996)

Application Security Management (WAF)

• Introduced trace post-processing (#6800 - @ValentinZakharov)

Continuous Integration Visibility

• 🐛 Do not abort CI Visibility spans dispatch on interrupt (#6926 - @nikita-tkachenko-datadog)
• Disable retry instrumentations if both Early Flakiness Detection and Flaky Test Retries are turned off (#6925 - @nikita-tkachenko-datadog)
• 🐛 Fix Karate instrumentation to handle parallel tests execution (#6924 - @nikita-tkachenko-datadog)
• Increase default timeout for requests made to CI Visibility backend through EVP proxy (#6884 - @nikita-tkachenko-datadog)
• Implement Selenium support in CI Visibility (#6799 - @nikita-tkachenko-datadog)

Data Streams Monitoring

• Enable Data Streams without adding context into Kafka headers (#6533 - @piochelepiotr)

GraalVM native-image

• Register SpanLinkAdapter and SpanLinkJson for reflection (#6892 - @luneo7 - thanks for the contribution!)

Profiling

• Update ddprof to 1.4.0 (#6914 - @jbachorik)
  • Fix a pair of slow memory leaks
  • Be defensive when working with potentially unitialized thread structures

Tracer core

• Introduced trace post-processing (#6800 - @ValentinZakharov)

Instrumentations

Kafka instrumentation

• Enable Data Streams without adding context into Kafka headers (#6533 - @piochelepiotr)