v1.42.1

Summary

This release fixes a compilation issue when building with appsec on some macOS versions.

Fixes

Application Security Monitoring (ASM)

• appsec: fix libddwaf stripping on macOS (#1481)

Full Changelog: v1.42.0...v1.42.1

v1.42.0

Summary

This release has several exciting features:

• Adds support for Go 1.19. Please note that this means Go 1.17 has maintenance support, and Go 1.16 has legacy support. See our version support policy for more details.
• Introduces support for propagation of trace context via SQL commenting. This experimental feature injects trace context information via sql comments in the sqlcommenter format. It is disabled by default and can be configured via the DD_TRACE_SQL_COMMENT_INJECTION_MODE environment variable or via the WithSQLCommentInjection() option.
• Introduces a WithHostname option for the profiler, which allows overriding the value used for the "host" tag

Changes

General

• all: support latest go version 1.19 by @ajgajg1134 in #1410

APM

• contrib: Adding WithCustomTag to various integrations by @ajgajg1134 in #1359
• internal/telemetry: give user config priority over environment by @nsrip-dd in #1429
• contrib/database/sql: Add WithErrorCheck options by @soh335 in #1315

Database Management

• contrib/database/sql: add db service name tag and _dd.dbm_trace_injected span tag by @alexandre-normand in #1448
• contrib/database/sql: move trace context info to w3c trace context tags by @alexandre-normand in #1454

ASM

• appsec: update the security event rules to v1.4.0 by @Julio-Guerra in #1464
• appsec/waf: update libddwaf to v1.5.0 by @Julio-Guerra in #1460

Profiler

• profiler: add WithHostname option by @nsrip-dd in #1442
• profiler: log when profiler is stopped by @nsrip-dd in #1433

Full Changelog: v1.41.1...v1.42.0

v1.41.1

Summary

This release fixes a bug in the tracer library which incorrectly calculated client-side stats for dropped P0 traces.

Changes

Tracer

• ddtrace/tracer: Always count dropped p0 traces and spans by @ajgajg1134 in #1461

Full Changelog: v1.41.0...v1.41.1

v1.41.0

Summary

This release introduces rule based span sampling for the tracer which can be configured through the env var DD_SPAN_SAMPLING_RULES. For configuration details, see the docs.
Additionally it is now possible to propagate an HTTP request's user id across services when using the SetUser() tracer function, thanks to the WithPropagation() option.
Also, the tracer now flushes trace stats when stopping, and some changes to contribs were also made:

• For net/http the RoundTripper has a new option to ignore outgoing requests
• For segmentio/kafka.go.v0 the message's topic name is used when the writer's topic name is unavailable
• For 99designs/gqlgen, basic support was added for tracing GraphQL functions

The profiler fixed a bug which caused the first minute of activity to be missing from profiles. The profiler now respects the DD_TRACE_STARTUP_LOGS environment variable, which can be set to false to turn off start-up logging. Profiles are now tagged with the seq_id tag, which counts how many profiles have been uploaded so far.

Some more improvements and fixes can also be found in the list of changes below.

Changes

Tracer

• contrib/net/http: Add new option to RoundTripper to ignore outgoing request (#1403)
• contrib/segmentio: reading topic name from message if writer topic is empty (#1400)
• contrib: support tracing for GraphQL (#1380)
• ddtrace/tracer: add an option to propagate user id over services (#1387)
• ddtrace/tracer: add support for single span matching (#1357)
• ddtrace/tracer: force trace stats flush on Stop, thanks @Kyle-Verhoog (#1393)

Profiler

• profiler: implement profile_seq tag (#1391)
• profiler: respect DD_TRACE_STARTUP_LOGS environment variable (#1385)
• profiler: start collecting profiles immediately (#1417)

Full Changelog: v1.40.1...v1.41.0

v1.40.1

Summary

This release updates the version.go file so that the version is not a release candidate anymore, but a full release one.
This will be reflected in the tracer's startup logs. There is no changelog since this release is just a version bump to correct the content of version.go.

v1.40.0

Summary

This release adds the http.url tag to the list of collected security tags (documentation). This tag will now hold the full http request's URL for server requests instead of the http request's path, so be sure to check that it doesn't break anything on your side when switching over to this version.

Additionally, some more changes were made to a few contribs:

• echo.v4: it is now possible to skip tracing for some endpoints using the WithIgnoreRequest option.
• gocql: errors can now be selectively ignored using the WithErrorCheck option.
• kafka-go: tracing of the FetchMessage() reader method is now possible.

A couple of improvements and fixes can also be found in the list of changes below.

Changes

General

• go.mod: update github.com/gin-gonic/gin to v1.7.7 (#1341)
• go.mod: bump several dependency versions to avoid vulnerabilities (#1338)

Tracer

• contrib/gocql/gocql: add WithErrorCheck option (#1316)
• contrib/labstack/echo.v4: add WithIgnoreRequest option (#1356), thanks @chrusty
• contrib/segmentio/kafka-go: add tracing of FetchMessage() calls (#1283), thanks @roccoblues
• contrib/net/http: copy request in RoundTrip (#1254)
• ddtrace/tracer: fix race in SetOperationName (#1376)

ASM

• contrib: store the http request's URL in span tags (#1350)

Full Changelog: v1.39.1...v1.40.0

v1.39.1

Summary

This release fixes a bug in the profiler library which caused the service tag to sometimes be missing from uploaded profiles. This resulted in profiles appearing on Datadog with the service name unnamed-service.

Changes

Profiler

• profiler: don't clobber tags when uploading profiles or metrics by @nsrip-dd in #1377

Full Changelog: v1.39.0...v1.39.1

v1.39.0

Summary

With this release, the Go tracer now starts reporting a set of security monitoring tags for each server request without the need to enable ASM. Currently, the collected tags are http.client_ip, http.useragent, http.status_code and http.method, and more will come with future releases. More information about this can be found in the Datadog documentation.
Other additions include a new integration for the logrus logging package, and overriding the sampling decision of a trace
in downstream services is now possible. Additionally, a new tag aws.request_id was added to spans for the aws-sdk-go
integration. On top of this the tracer has a new option, WithUniversalVersion, which removes the limitation of having the service name
match the name defined when starting the tracer for version tracking.
Some more fixes and improvements were made which you can find in the changelog below.

Changes

Repo

• ci: rename branch v1 into main (#1313)
• go.mod: update DataDog/sketches-go to 1.2.1 (#1051)
• go.mod: update several modules to avoid security flaws (#1330)

APM

• contrib/gorm.io/gorm.v1: add context example (#1221)
• ddtrace/tracer: fixed precedence ordering of configuration options (#1232)
• ddtrace/tracer: allow changes of priority even when the root is non-local (#1241)
• contrib/net/http: add dynamic resource naming (#1142)
• aws: add request id to trace (#1266)
• ddtrace/tracer: add WithUniversalVersion option (#1272)
• contrib/sirupsen/logrus: Add context logging hook (#1240)
• ddtrace/tracer: add sample_rate_limit field to startup log. (#1230)
• ddtrace/tracer: handle parent-id header of 0 for synthetics (#1285)
• contrib/internal/httptrace: set http.host tag on request Host not URL.host (#1327)
• contrib/database/sql: sql comment tag injection experimental feature (#1226)
• internal/telemetry: add missing fields to match spec (#1354)

ASM

• contrib: store http.route in span tags (#1342)
• contrib/internal/httptrace: store IP related request headers in span tags (#1346)
• contrib/internal/httptrace: store client ip in span tags (#1328)
• contrib: refactor http request span tags and store user agent in span tags (#1286)

Profiler

• profiler: collect profiles concurrently (#1282)
• profiler: rename pid tag to process_id (#1296)

Full Changelog: v1.38.1...v1.39.0

v1.38.1

This release contains a set of small fixes for Application Security Monitoring (ASM) and Profiler.

• ASM: fix compilation errors when CGO is disabled or when using MacOS 12.3.1 (#1261)
• Profiler: get the correct profile for the experimental goroutine wait profile (#1262)

Full Changelog: v1.38.0...v1.38.1

v1.38.0

This release comes with new Application Security Monitoring capabilities including sensitive data obfuscation for security events, a new set of metrics to monitor the WAF execution and security rules processing, as well as the latest version of the security rules which includes NoSQL-injection monitoring.
On a side note, AppSec has been renamed to ASM (Application Security Monitoring) and will be referred to as such in the future.

On the Tracer side, the service.name tag was removed from the spans for kubernetes and the resource.name tag is now set using the context's route for gofiber/fiber.

The Profiler introduces a new CPUProfileRate option to allow users to use a specific CPU profiling rate.

Features

Tracer

• contrib/k8s.io/client-go/kubernetes: remove the tracer service tag (#1211) (thanks @meowfaceman)
• contrib/gofiber/fiber.v2: resource name should use route instead of path (#1215) (thanks @AsgerNoer)

Application Security Monitoring

• internal/appsec: security events obfuscation (#1237)
• internal/appsec/waf: add WAF and security rules monitoring metrics (#1225)
• internal/appsec: update security rules to v1.3.1 including NoSQL-injection monitoring (#1244)

Profiler

• profiler: add CPUProfileRate option (#1243)

Fixes

Tracer

• contrib/go-chi: remove the chi.v4 package in favor of chi.v5 (#1233)
• contrib/net/http: fix status reporting for empty replies (#1140)
• contrib/gin-gonic/gin: fix incomplete examples (#1212) (thanks @ajones)

Profiler

• ddtrace/tracer: update profile endpoint label when SetTag updates resource name for a span (#1203)

Full Changelog: v1.37.1...v1.38.0