v1.49.1

What's Changed

• contrib/google.golang.org/grpc: Add WithMetadataTags & WithRequestTags to grpc server stream interceptor. It differs with the unary interceptor implementation only in the span the data is added to. Thanks @radykal-com for the contribution!

Full Changelog: v1.49.0...v1.49.1

v1.49.0

Summary

Application Performance Monitoring (APM) ships various new features and bug fixes such as support for elastic/go-elasticsearch/v8 and for dimfeld/httptreemux/v5. Additional features include new tags for mssql in database/sql, and new tags for mgo. This release also includes a bug fix to how baggage is propagated when using W3C trace context injection/extraction.

Application Security Monitoring (ASM) adds support for multiple IP-related HTTP headers as well as fixing HTTP status code reporting for blocked users in labstack/echo.

Telemetry information is now enabled by default, to disable set DD_INSTRUMENTATION_TELEMETRY_ENABLED to false. Additional information can be found here.

Breaking Changes

• Fix returned OS name on Linux by @albertvaka in #1791

This change fixes our lookup of OS name in linux systems that is used for our startup logging. If you are parsing those startup logs and relying on the value of os_name you may experience a breaking change as the value may shift from "Linux (Unknown Distribution)" to the now correctly identified OS name.

• profiler: deprecate PprofDiff by @nsrip-dd in #1806

The PprofDiff function is deprecated and will be removed from the profiler package in the next release.

Changes

General

• .github/workflows: integrate APM E2E tests in Github Actions CI by @lambrospetrou in #1784

Application Performance Monitoring (APM)

• contrib/database/sql: add mssql instance name tag by @rarguelloF in #1731
• contrib/globalsign/mgo: add mongodb collection tag by @rarguelloF in #1725
• contrib/elastic/go-elasticsearch: Add support for elasticsearch v8 (Follow-up) by @VJean in #1763
• tracer: small refactor for SQL tracing by @katiehockman in #1777
• database/sql: Export TracedConn, as we need it when using the db.Conn Raw() API call. by @samsm in #1779
• contrib/google.golang.org/{grpc, grpc.v12}: add support for WithSpanOptions by @mackjmr in #1159
• internal/telemetry: enable instrumentation telemetry in the tracer and profiler by @lievan in #1769
• contrib/julienschmidt/httprouter: add http.route tag to span by @asdftamir in #1795
• contrib/dimfeld/httptreemux/v5: add support for httptreemux by @devillexio in #1546
• contrib/net/http: errCheck function by @johanneswuerbach in #1716

Application Security Management (ASM)

• httpsec: handle client ip with multiple HTTP headers by @Julio-Guerra in #1796
• internal/appsec: update security rules to v1.6.0 (#1863)

Profiling

• profiler: increase timestamp precision by @felixge in #1689
• profiler: record timestamp at the start execution tracing by @nsrip-dd in #1766
• profiler: deprecate PprofDiff by @nsrip-dd in #1806

Fixes & Improvements

General

• go.mod: upgrade golang.org/x/net by @katiehockman in #1747
• internal/hostname: Add tracer side hostname detection by @ajgajg1134 in #1712 This can be disabled by setting DD_CLIENT_HOSTNAME_ENABLED to false
• go.mod: Bump deps that used otel to not need v0 of otel by @ajgajg1134 in #1787
• .gitlab/scripts: add more benchmarks to benchmarking platform by @lievan in #1672
• profiler: document/test that Start restarts the profiler by @nsrip-dd in #1805
• ci: run pull request workflows for merge groups by @nsrip-dd in #1809
• internal/log: allow RecordLogger to ignore certain logs by @lievan in #1810
• go.mod: upgrade datadog-agent/pkg/obfuscate by @felixge in #1774
• ddtrace/tracer: fix a race condition on span.SetUser by @pobo380 in #1564

Application Performance Monitoring (APM)

• contrib/database/sql: Fix sample code in document to prevent panic on OpenDB by @tsbkw in #1635
• ddtrace/tracer/textmap: always extract baggage when using w3c for compatability by @ajgajg1134 in #1759
• ddtrace/tracer: fix traceparent length check by @ahmed-mez in #1815

Application Security Monitoring (ASM)

• contrib/echo: appsec: fix status code reporting when blocking users by @Hellzy in #1757

New Contributors 🎉

• @VJean made their first contribution in #1763
• @samsm made their first contribution in #1779
• @lambrospetrou made their first contribution in #1784
• @albertvaka made their first contribution in #1791
• @tsbkw made their first contribution in #1635
• @johanneswuerbach made their first contribution in #1716
• @asdftamir made their first contribution in #1795
• @devillexio made their first contribution in #1546
• @pobo380 made their first contribution in #1564

Full Changelog: v1.48.0...v1.49.0

v1.48.0

Summary

In this release, dd-trace-go moves from go 1.17 to go 1.18 as the lowest supported Go version.

Application Performance Monitoring (APM) ships various new features, bug fixes, and hardening measures, such as the addition of new tags for database and messaging integrations, middleware registration changes for the Gin example, and the addition of fuzzing and benchmarking for injection and extraction in the tracer. It also includes bug fixes for W3C trace context propagation and better error handling and retry functionality. Other changes include the ability to modify resource names in the Go-Chi integration, tag spans when execution trace is enabled, and more.

Application Security Management (ASM) introduces authenticated user blocking thanks to its new public appsec.SetUser() API, allowing to block requests based on the authenticated user ID. This change also affects the previously released user login events, where appsec.TrackUserLoginSuccessEvent() is now also able to block the given user.

Changes

General

• README: Clarify Legacy Go Compilation Guarantees by @felixge in #1721
• all: Move to 1.18 for lowest supported version by @ajgajg1134 in #1709
• sci: add git metadata from artifacts support by @sashacmc in #1646

Application Performance Monitoring (APM)

• contrib/go-chi/chi.v5: add an option to modify the resource name by @kpurdon in #1615
• contrib: add db.system tag for all db integrations by @rarguelloF in #1711
• contrib: adds 'messaging.system' tag by @zhamza99 in #1697
• ddtrace/tracer: Add fuzzing and benchmarking for injection and extraction by @lievan in #1704
• ddtrace/tracer: add usr.id span tag even with propagation by @Julio-Guerra in #1702
• ddtrace/tracer: enable trace writer to optionally retry on failure. by @purple4reina in #1636
• ddtrace/tracer: replace Windows path characters in fake UDS host by @nsrip-dd in #1713
• ddtrace/tracer: update origin substitution in composeTracestate by @lievan in #1694

Application Security Management (ASM)

• internal/appsec: request blocking based on user ID by @Hellzy in #1706
• internal/appsec: update security rules to v1.5.1 by @Hellzy in #1750

Fixes & Improvements

General

• internal/telemetry: uniformize language name with other ways it's reported by @paullegranddc in #1692

Application Performance Monitoring (APM)

• Rename partition tag from kafka integrations to follow unified naming conventions by @rarguelloF in #1684
• contrib/gin-gonic/gin/example: middleware must be registered before registering routes by @maxday in #1698
• contrib/miekg/dns: fix span kind for dns server traces by @rarguelloF in #1696
• contrib/net/http: Add an example for wrap client by @ajgajg1134 in #1695
• ddtrace/tracer: fix UDS/http url configuration and error messages by @knusbaum in #1604
• ddtrace/tracer/textmap: always extract baggage when using w3c for compatability by @ajgajg1134 in #1759
• tracer: small refactor for single span sampling by @katiehockman in #1718

Application Security Monitoring (ASM)

• contrib/echo: fix status code reporting when blocking users by @Hellzy in #1757
• contrib/echo: wrap appsec error in echo.HTTPError by @Hellzy in #1744
• contrib: stop caching appsec.Enabled() value for gin/echo by @Hellzy in #1732

New Contributors 🎉

• @paullegranddc made their first contribution in #1692
• @sashacmc made their first contribution in #1646
• @kpurdon made their first contribution in #1615
• @purple4reina made their first contribution in #1636

Full Changelog: v1.47.0...v1.48.0

v1.47.0

Summary

In this release, Application Performance Monitoring (APM) adds W3C trace context propagation support. The new default propagation list is tracecontext,Datadog for injection and extraction. See the docs for more configuration details.
APM also re-introduces the collection of client ip address as an opt-in feature, even when ASM isn't configured. This can be enabled by setting DD_TRACE_CLIENT_IP_ENABLED.

Application Security Management (ASM) introduces IP blocking to Gin and Echo, along with a new public API to log security-related events.

The profiler now uses the faster delta profile implementation by default, first introduced in version 1.44.0. This significantly reduces the memory allocations from profile manipulation.

Changes

Application Performance Monitoring (APM)

• ddtrace/tracer: add W3C context propagator support by @dianashevchenko in #1630
• ddtrace/tracer : allowed equals sign in propagated tag values by @dianashevchenko in #1650
• ddtrace/tracer: remove some networking from unit tests by @nsrip-dd in #1656
• contrib/bradfitz/gomemcache/memcache: bump client TO in tests by @ahmed-mez in #1673
• tracer: enable stats flushing when Flush() is called by @lievan in #1661
• ddtrace/tracer: annotate execution trace with span IDs by @nsrip-dd in #1674
• tracer: add PII protection for runtime/trace data by @felixge in #1690
• contrib/internal/httptrace: collect client ip if DD_TRACE_CLIENT_IP_ENABLED is set to true by @lievan in #1679

Application Security Management (ASM)

• contrib/gin-gonic: add IP blocking by @Hellzy in #1665
• contrib/labstack/echo: add IP blocking by @Hellzy in #1654
• appsec: add user login and custom events tracking API by @Julio-Guerra in #1648
• internal/appsec: update security rules to v1.4.3 by @Julio-Guerra in #1683

Profiler

• profiler: enable fastdelta by default by @felixge in #1657
• profiler: return copy of delta profile data to avoid race by @nsrip-dd in #1660

Fixes

Application Performance Monitoring (APM)

• contrib/{aws/*,net/http}: fix encoding of http.url by @knusbaum in #1662
• ddtrace/tracer: fixed propagator not updating the tracestate header by @dianashevchenko in #1676

Full Changelog: v1.46.1...v1.47.0

v1.46.1

Summary

This is a patch release containing a minor fix that ensures userinfo strings are not present in URLs sent in the http.url tag.

What's Changed

Application Performance Monitoring (APM)

• contrib/{aws/*,net/http}: fix encoding of http.url (#1662) by @knusbaum in #1671

Full Changelog: v1.46.0...v1.46.1

v1.46.0

Summary

• This release changes how header extraction and injection are configured. The DD_PROPAGATION_STYLE_INJECT and DD_PROPAGATION_STYLE_EXTRACT environment variables are now deprecated. Prefer the new environment variables DD_TRACE_PROPAGATION_STYLE_INJECT, DD_TRACE_PROPAGATION_STYLE_EXTRACT, and DD_TRACE_PROPAGATION_STYLE (which generally applies to both inject and extract).
  For example, the environment variables would take the following precedence:
  • DD_TRACE_PROPAGATION_STYLE_INJECT
  • DD_PROPAGATION_STYLE_INJECT (deprecated)
  • DD_TRACE_PROPAGATION_STYLE (applies to both inject and extract)
  • If none of the above, use default values

What's Changed

• tracer: replaces INJECT/EXTRACT environment variable names by @katiehockman in #1603

Full Changelog: v1.45.1...v1.46.0

v1.45.1

Fix the version number reported by dd-trace-go to avoid the release candidate label.

v1.45.0

Summary

Application Security Monitoring now becomes Application Security Management (ASM) with the release of IP blocking for HTTP and gRPC servers, which allows you to block attackers based on their IP addresses, managed from your denylist. You can request a private beta access to this feature here.

Changes

Application Performance Monitoring (APM)

• General tag changes by @zhamza99 in #1562
• ddtrace/tracer/textmap: Added none as a supported propagator for trace context extraction and injection by @dianashevchenko in #1610
• tracer: support b3multi alias for b3 carrier by @katiehockman in #1594
• contrib/google.golang.org/grpc: clarify use of UnaryInterceptor in grpc example by @katiehockman in #1601
• contrib/labstack/{echo, echo.v4}: improve error detection by @knusbaum in #1000
• ddtrace/ext: rename tag error.msg into error.message by @zhamza99 in #1605

Application Security Monitoring Management (ASM)

• internal/appsec: ip blocking for http and grpc by @Hellzy in #1533

Others

• ci: QoL improvements for benchmarks by @ddyurchenko in #1609
• ci: introduce continuous smoke testing by @Julio-Guerra in #1611
• ci: add a nightly govulncheck workflow by @dianashevchenko in #1599

Fixes

Profiler

• Fix duration in (fast)delta profiles by @pmbauer in #1612

Full Changelog: v1.44.1...v1.45.0

v1.44.1

This patch release fixes an issue with Go modules version selection when dd-trace-go is updated using go get -u all, where an unstable indirect dependency was unexpectedly upgrading to an incompatible version and therefore leading to a compilation error.

Full Changelog: v1.44.0...v1.44.1

v1.44.0

Summary

This version notably brings:

• gofiber trace propagation: Users of the gofiber package will now have fully connected traces.
• The profiler adds a new, efficient profile delta computation algorithm, which eliminates almost all of the memory allocation caused by the profiler when delta profiles are enabled. This algorithm can be enabled with the DD_PROFILING_DELTA_METHOD=fastdelta environment variable. It will become the default in a future release.
• The profiler no longer adds an env tag to profiles unless one is explicitly configured, either through the DD_ENV environment variable or through the WithEnv option. This allows profiles to be tagged with the env value configured by the agent, if one is available, rather than getting the previous env:none default tag.
• Remotely enable Application Security Monitoring through Datadog's remote configuration (private beta access required).

A list of minor improvements and fixes can be found in the list below:

Changes

General

• ddtrace/tracer, profiler: add support for DD_TRACE_AGENT_URL by @mackjmr in #1199

Application Performance Monitoring (APM)

• ddtrace/tracer: removed restriction of non-empty fields in sampling rules by @dianashevchenko in #1510
• contrib/aws/aws-sdk-go: expose handler names as const by @mstumpfx in #1524
• ddtrace/tracer: removed dependency between discovery flag and single span sampling by @dianashevchenko in #1509
• contrib/cloud.google.com/go/pubsub.v1: add Option to Publish by @hakankutluay in #1332
• contrib/google.golang.org/grpc: add support for WithUntracedMethods by @mackjmr in #1535
• contrib/database/sql: Rename SQLCommentInjection to DBMPropagation by @alexandre-normand in #1556
• contrib/gomodule/redigo: add support for context by @pedro-tiple in #1463
• contrib/k8s.io/client-go: Add logic to parse additional API calls by @geezyx in #1574
• contrib/gofiber: add gofiber trace propagation by @mckeown-dd in #1487
• contrib/99designs/gqlgen: avoid adding the example dependencies into our go.mod by @Julio-Guerra in #1499

Application Security Monitoring (ASM)

• Remote ASM activation through remote configuration by @Hellzy in #1503
• Update security rules to v1.4.2 by @Hellzy in #1573

Profiler

• profiler: don't add an env tag if the user didn't configure env by @nsrip-dd in #1560
• Fast Delta Profiling by @pmbauer in #1511

Other

• CI: Add automated benchmarking for PRs: #1589 #1588 #1591
• internal/container: add support for PCF containers by @NouemanKHAL in #1549

Fixes

Application Performance Monitoring (APM)

• contrib/database/sql: Fix bad import path in mockdriver.go by @alexandre-normand in #1579
• contrib/net/http: nil transport should default to http.DefaultTransport by @dillonstreator in #1572

Application Security Monitoring (ASM)

• Fix macos 10.15 missing symbols by @Julio-Guerra in #1569
• Fix memory release condition by @Julio-Guerra in #1583

Full Changelog: v1.43.1...v1.44.0