1.43.0
·
204 commits
to master
since this release
Components
Application Security Management (IAST)
- β¨ Add propagation to StringBuffer substring methods (#7992 - @Mariovido)
- π Fix issue with call sites in super calls to constructor (#7991 - @manuel-alvarez-alvarez)
- β¨ Add propagation to StringBuilder substring methods (#7980 - @Mariovido)
- π Reset IAST request context on root span published (#7969 - @manuel-alvarez-alvarez)
- β¨ Add propagation to String constructors with StringBuffer and StringBuilder (#7966 - @Mariovido)
- π Do not reset IAST concurrent request counter (#7963 - @smola)
- β¨ Exclude spark web from vulnerability locations (#7939 - @smola)
- π Exclude dev.failsafe from IAST instrumentation (#7938 - @smola)
- β¨ Exclude okio from vulnerability locations (#7937 - @smola)
- β¨ Expand SSRF support in IAST to java.net.http.HttpClient (#7877 - @Mariovido)
- Fix stack trace inconsistency between excluded frames in vulnerability location and metastruct stack trace (#7865 - @jandro996)
- β¨π§ͺ Add experimental taint propagation to the String replace, replaceFirst, replaceAll methods (#7741 - @Mariovido)
Application Security Management (WAF)
- Upgrade to libddwaf 1.21.0 (libddwaf-java 11.2.0) (#7993 - @ValentinZakharov)
- Updated ASM rules to 1.13.3 (#7976 - @ValentinZakharov)
- β¨ Prevent spans from having login success and failure events simultaneously (#7918 - @manuel-alvarez-alvarez)
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
- Extend support for SSRF in exploit prevention (#7376 - @jandro996)
Build & Tooling
- β¨ Add JMXFetch to SSI Guardrails denylist (#7970 - @PerfectSlayer)
- π Remove SSI guardrails entries for hbase and hive (#7916 - @PerfectSlayer)
Continuous Integration Visibility
- π Instrument Gradle Launcher to avoid overwriting org.gradle.jvmargs property (#8001 - @nikita-tkachenko-datadog)
- Add source line tags to test suites (#7964 - @daniel-mohedano)
Crash tracking
- π Improve crashtracking support for older Bash versions (#7956 - @PerfectSlayer)
- β¨ Adjust crash upload timeout (#7905 - @dougqh)
- β¨ Use telemetry 'is_sensitive' attribute instead of redacting the crash stacktrace (#7899 - @jbachorik)
Data Streams Monitoring
Dynamic Instrumentation
- π Fix integer json parsing probe definition (#7957 - @jpbempel)
- π Fix NullPointerException Extracting Class symbols (#7934 - @jpbempel)
- β¨ Avoid duplicate class symbol extraction (#7919 - @jpbempel)
- Add outer exceptions support for Exception Replay (#7897 - @jpbempel)
- π Fix memory leak in Exception Replay (#7885 - @jpbempel)
- β¨ Consult the environment variable when setting the max users frames in code origin probes (#7881 - @evanchooly)
JMX fetch
- π Bump JMXFetch to 0.49.6 (#7927 - @carlosroman)
Profiling
- β¨ Common temporary location manager for profiling product (#7971 - @jbachorik)
- πβ¨ Standardize some of the profiler sampling frequencies (#7961 - @MattAlp)
- β¨ enable SystemGC events (#7921 - @richardstartin)
- π Bump ddprof to 1.17.0 (#7915 - @jbachorik)
- β¨ paranoid exception handling when setting profiling thread context (#7903 - @richardstartin)
Telemetry
- β¨ Collect git metadata for telemetry (#7951 - @jpbempel)
- β¨ Fix dependency collection for new Spring Boot nested jars (#7931 - @smola)
Trace context propagation
- π Fix baggages mapping configuration when only keys are provided (#7972 - @cecile75)
- β¨ Updating Span Link creation due to header tag propagations for invalid spans (#7799 - @mhlidd)
Instrumentations
AWS Lambda instrumentation
AWS SDK instrumentation
Jetty instrumentation
- Add support for session tracking in jetty (#7837 - @manuel-alvarez-alvarez)
Kafka instrumentation
- π Reenable kafka 3.8 by default (#8007 - @nayeem-kamal)
- π Avoid double instrumentation of kafka-clients 3.8+ (#8006 - @mcculls)
- π Fix Kafka lag instrumentation for version 2.7 of Kafka (#7941 - @piochelepiotr)
Netty instrumentation
- π Finish netty span when request is cancelled (#7900 - @amarziali)
Reactor instrumentation
- π Add reactor samples and doc (#7906 - @amarziali)
- π Protect currentContext access for reactor inner operators (#7883 - @amarziali)
Contributors
smola, mcculls, and 22 other contributors