v1.62.0

Summary

In this release, Application Performance Monitoring (APM) improves header tag normalization, expands support for dynamic instrumentation

Application Security Management (ASM) adds support for passlist security events on gRPC.

What's Changed

Application Performance Monitoring (APM)

• [DSM] Close span on produce error in ckgo by @mborst in #2558
• contrib/database/sql: add in ddh, dddb propagation by @tabgok in #2550
• contrib/google.golang.org/grpc: fix flaky tests by removing arbitrary sleeps by @Julio-Guerra in #2584
• contrib/gofiber/fiber.v2: add possibility to exclude spans generation for specific requests by @nsakharenko in #2583
• ddtrace/tracer: added UnmarshalJSON method to sampling rules by @dianashevchenko in #2563
• tracer/remote-config: Subscribe to dynamic instrumentation configs via remote config by @grantseltzer in #2510
• ddtrace/tracer: go tracer tests lint. by @yuanyuanzhao3 in #2587
• statsdtest: Move mock statsd client for testing into its own package by @mtoffl01 in #2564
• normalizer: expand "header tag" normalization by @mtoffl01 in #2549

Application Security Management (ASM)

• appsec: fix remote security rules update by @Hellzy in #2568
• appsec: remove byte slices from WAF input by @eliottness in #2591
• appsec: DD_APPSEC_WAF_TIMEOUT default value: 4ms -> 1ms @eliottness in #2591
• contrib/google.golang.org/grpc: security rule passlist support by @Julio-Guerra in #2589

General

• Replace Go version 1.18+1.19 with 1.19+1.22.0 by @ddyurchenko in #2572

Fixes

• contrib/gorm.io/gorm.v1: do not panic on open by @bendiknesbo in #2560

New Contributors

• @mborst made their first contribution in #2558
• @bendiknesbo made their first contribution in #2560
• @tabgok made their first contribution in #2550
• @grantseltzer made their first contribution in #2510
• @yuanyuanzhao3 made their first contribution in #2587
• @nsakharenko made their first contribution in #2583

Full Changelog: v1.61.0...v1.62.0

v1.61.0

Summary

In this release, Application Performance Monitoring (APM) adds support for Span Links (a highly requested feature!). This feature is currently supported within Datadog's OpenTelemetry API implementation.

The default trace context propagation order, which is used for traces in distributed workflows, will become datadog,tracecontext (previously it was tracecontext,datadog). This is not a breaking change, and customers should not experience any negative changes in behavior. If you experience any issues, please reach out to Datadog support.

Other APM features include out-of-the-box library integration support for github.com/jackc/pgx/v5 and the ability to ignore specific error types in the github.com/labstack/echo/v4 integration.

Changes

Application Performance Monitoring (APM)

• ddtrace/tracer: Switch default context propagation order by @JianyiGao in #2368
• tracing: Adds support for Span Links by @mabdinur in #2502
• ddtrace/tracer: added tracing_enabled option to remote config by @dianashevchenko in #2513
• contrib/labstack/echo.v4: add option to ignore errors by @mrkagelui in #1567
• contrib/jackc/pgx.v5: add pgx support by @renanferr in #2410
• dyngo: dynamically register listeners only if they're needed by @RomainMuller in #2394

Application Security Management (ASM)

ASM Customers upgrading to Go 1.22 should upgrade dd-trace-go or at least upgrade github.com/DataDog/go-libddwaf to version v2.3.1. Otherwise ASM Threats won't start with the following error:

appsec: threats detection cannot be enabled for the following reasons: 1 error occurred:
	* unsupported Go version: go1.22.0

• appsec: support for go 1.22 by @Julio-Guerra in go-libddwaf#64
• appsec: DataDog's WAF ignore field with ddwaf:"ignore" by @eliottness in go-libddwaf#68
• chore: go-libddwaf v2.3.1 by @eliottness (Release Notes)

Profiling

• profiler: add pgo tag by @felixge in #2556

Data Streams Monitoring (DSM)

• [data streams] Track high watermark offsets by @piochelepiotr in #2511

General

• profiler: skip flaky TestExecutionTraceRandom by @nsrip-dd in #2531
• ci/appsec: refresher by @Julio-Guerra in #2537
• internal/namingschema: simplify the namingschema by @knusbaum in #2129
• interna/version: bump version.go to v1.61.0-dev by @katiehockman in #2501
• .github/workflows: fixes apm:ecosystem label for issues and PRs by @katiehockman in #2525
• opentelemetry: refactor span links code for clarity by @katiehockman in #2538
• chore: make the smoke-test workflow usable as go-libddwaf integ test by @RomainMuller in #2546
• chore: fix smoke test workflow_call situation by @RomainMuller in #2547
• chore: make git available in smoke-test docker image by @RomainMuller in #2548
• ci/system-tests: add graphql system tests by @Julio-Guerra in #2554

New Contributors

• @Juneezee made their first contribution in #2437
• @mabdinur made their first contribution in #2502
• @renanferr made their first contribution in #2410

Full Changelog: v1.60.3...v1.61.0

v1.60.3

Fix the version number reported by dd-trace-go to avoid the release candidate label.

Full Changelog: v1.60.2...v1.60.3

v1.60.2

Summary

Removed inet.af/netaddr dependency after domain removal.

Changes

Fixes

• go.mod: remove inet.af/netaddr dependency #2553 by @darccio @eliottness

Full Changelog: v1.60.1...v1.60.2

v1.60.1

Summary

A few minor bug fixes in this release.

Changes

Fixes

• ddtrace/opentelemetry: add RWMutex to handle concurrent calls to setters by @darccio in #2521
• tracer: verify that hostname reporting is honored regardless of stats calculation by @katiehockman #2533

Full Changelog: v1.60.0...v1.60.1

v1.60.0

Summary

In this release, Application Performance Monitoring (APM) adds tracing instrumentation support for valyala/fasthttp. This release also fixes a bug with beta-level remote configuration of the tracer, ensuring that config deletion triggers reverting the configuration option to its original value. Startup logs will also be expanded to describe configured feature flags.

This release also adds Beta support for resource-based and tag-based sampling. This can be configured using the new trace SamplingRule called TagResourceRule or by setting "resource" or "tags" in the trace sampling rules JSON, e.g. DD_TRACE_SAMPLING_RULES=[{"service": "test.?", "resource": "ec2.*", "tags": {"aws.operation":"DescribeInstances"}, "sample_rate": 1.0}]

Application Security Management (ASM) adds support for Threat Monitoring on GraphQL operations, and trusted IPs can now be added to your ASM passlist.

The Profiler add the WithCustomProfilerLabelKeys API, which enables using profiler labels as attributes to filter flame graphs in the Continuous Profiler UI. The Profiler also improves execution trace coverage over time for apps which are deployed simultaneously across several instances, by randomizing when execution traces are collected. An execution trace is collected on average once every 15 minutes by default, but the time between execution traces is now randomized.

Changes

Application Performance Monitoring (APM)

• contrib/valyala/fasthttp.v1: add a fasthttp integration to ddtrace by @mtoffl01 in #2305
• contrib/google.golang.org/grpc: add error details to span tags by @eyasy1217 in #2228
• Send the Datadog-Entity-ID header, containing either the container-id or the cgroup inode if available by @AliDatadog in #2402
• Fix build on linux and do not send cgroup node inode if in host cgroup namespace by @AliDatadog in #2453
• ddtracer/tracer: fix flaky TestReportHealthMetrics on Windows by @darccio in #2439
• Configure parametric test to get the golang tracer in same way as system-tests by @robertomonteromiguel in #2462
• ddtrace/tracer: only listen on localhost in TestTransportResponse by @nsrip-dd in #2463
• ddtrace/tracer: clear global headers in remote config tests by @nsrip-dd in #2466
• ddtrace/tracer: adding sampling by resource and tags by @dianashevchenko in #2448
• tracer: fix example and add SamplingRule function tests by @katiehockman in #2493
• tracer/log: Add feature flags to startup logs by @ajgajg1134 in #2495
• tracer: handle rc deletion in dynamic config by @ahmed-mez in #2468

Application Security Management (ASM)

• appsec/graphql: add support for Threat Monitoring by @RomainMuller in #2309
• appsec: register ASM_TRUSTED_IPS capability to RC by @RomainMuller in #2460

Profiling

• profiler: randomize when execution traces are collected by @nsrip-dd in #2401
• profiler: deduplicate test profiler setup logic by @nsrip-dd in #2428
• Update gotraceui to v0.3.0. by @darccio in #2443
• profiler: support using custom profiler labels in our UI by @nsrip-dd in #2282
• profiler/internal/pprofutils: work around breaking pprof change by @nsrip-dd in #2515

General

• CI: Only mark PRs as stale by @ajgajg1134 in #2423
• readme: Add example for running just one integration container by @ajgajg1134 in #2429
• system-tests: add the uds-echo variant by @Julio-Guerra in #2438
• ci: setup smoke tests by @Julio-Guerra in #2441
• Revert "Update gotraceui to v0.3.0." by @darccio in #2457
• maitenance: new GitHub Triage Badger by @RomainMuller in #2451
• internal/datastreams: Improve performance by @piochelepiotr in #2455
• .github/workflows: adapting last v2 CI changes by @darccio in #2435
• ci: don't send issue body in triager by @nsrip-dd in #2472
• CODEOWNERS: Update for new gh team structure by @felixge in #2477
• Clean parametric tests pipeline by @robertomonteromiguel in #2485
• CODEOWNERS: Reduce go.mod/go.sum related pings by @felixge in #2484
• remoteconfig: fine grained locking by @Hellzy in #2458
• Don't ask for triage of issues from @DataDog/dd-trace-go-guild by @RomainMuller in #2489
• Use PAT to read team member list by @RomainMuller in #2491
• remoteconfig: remove mutex underscore prefixes by @Hellzy in #2497
• .github/workflows: generalize GH workflow for adding apm:ecosystems label by @katiehockman in #2496
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #2445
• internal/telemetry: export Products field by @katiehockman in #2500
• internal/telemetry: remove DetectLibDl by @katiehockman in #2517
• internal/telemetry: do not send empty container and entity headers by @ahmed-mez in #2506
• go.mod: upgrade purego v0.5.0 => upgrade purego v0.5.2 by @eliottness in #2524

New Contributors

• @AliDatadog made their first contribution in #2402
• @robertomonteromiguel made their first contribution in #2462
• @eyasy1217 made their first contribution in #2228

Full Changelog: v1.59.0...v1.60.0

v1.59.1

Patch Release Notes

Application Security Management (ASM)

• Upgrade github.com/ebitengine/purego: v0.5.0 -> v0.5.2 to forward ebitengine/purego#189 fix to upstream

⚠️ If you are encoutering the following error (#2504), please upgrade to v1.59.1:

dlopen: unhandled relocation for purego_dlopen (type 46 (SDYNIMPORT) rtype 7 (R_CALL))
dlsym: unhandled relocation for purego_dlsym (type 46 (SDYNIMPORT) rtype 7 (R_CALL))
dlerror: unhandled relocation for purego_dlerror (type 46 (SDYNIMPORT) rtype 7 (R_CALL))
dlclose: unhandled relocation for purego_dlclose (type 46 (SDYNIMPORT) rtype 7 (R_CALL))

This bug can appear for all users of ASM (using the build tag appsec) starting from v1.53.0 and for all users of dd-trace-go starting from v1.59.0.

v1.59.0

Highlights

Important Information

⚠️ Starting with this release, dd-trace-go requires libdl.so.2¹ and libm.so.6 to be present in the deployment environment (except Windows, where Application Security Management is not supported). This should be the case for the vast majority of environments (e.g: Redhat, Debian, Alpine, Amazon Linux, Ubuntu) but might not be the case in some minimal-footprint environments (e.g: BusyBox, docker images from scratch). In situations when these requirements aren't met, you might see errors similar to (the exact error may be slightly different depending on the platform):

• If ld.so is missing (the environment is unable to load dynamic executables) or is not the expected flavor (the binary was built on one platform, and runs on another which uses a different interpreter):

  exec /path/to/binary: no such file or directory
  

• When one of the required shared libraries is missing (libdl.so.2 in this example):

  /path/to/binary: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
  

If this happens, please create a GitHub issue so we can reconsider this new default requirement. In the meantime, you can work around the problem by adding the datadog.no_waf build tag (go build -tags='datadog.no_waf' ...), which completely disables all Application Security Management features and removes these new requirements.

Application Security Management (ASM) Remote Activation

Application Security Management (ASM) can now be remotely activated by APM Tracing users via Datadog Remote Configuration, granted that the application was built either:

• with CGO enabled;
• with CGO_ENABLED=0 and with the appsec build tag (this setup already required libdl.so.2¹ and libm.so.6 to be present in the deployment environment on previous releases — this remains true).

Remote activation can be performed from different places in Datadog UI, such as ASM's Service Setup or APM's Service Catalog (hovering the ASM Status column).

ASM features can still be enabled locally using the DD_APPSEC_ENABLED=1 environment variable.

Setting the datadog.no_waf build tag completely disables all ASM features, removing the ability for local as well as remote activation.

Application Performance Monitoring (APM)

This release includes a fix to several library integrations which could have previously caused data races related to start options. This was fixed in database/sql, gin-gonic/gin, go-chi/chi.v5, go-chi/chi, google.golang.org/grpc.v12, google.golang.org/grpc, gorilla/mux, julienschmidt/httprouter, k8s.io/client-go/kubernetes, labstack/echo.v4, labstack/echo, net/http, and urfave/negroni. We recommend you update to this version if you are using any of these integrations.

Beta: In-app APM library configuration of trace sampling rate, HTTP header tags and custom tags.
This feature has a known bug: deleting the configuration entry in-app won't reset the configuration locally, this will be fixed in the next version of dd-trace-go (v1.60.0).

What's Changed

Application Security Management (ASM)

• appsec: remove the "appsec" build tag requirement by @RomainMuller in #2354
• go.mod: go-libddwaf v2.2.2 including major perf improvements and bug fixes by @eliottness in #2417
• appsec/api-security: http request schema collection and sensitive data scanning by @Hellzy in #2381
• appsec: support server.response.headers.no_cookies WAF address by @eliottness in #2347

Application Performance Monitoring (APM)

• contrib/google.golang.org/grpc: improve the memory efficiency of threats detection for grpc by @RomainMuller in #2338
• contrib: header_tags support on julienschmidt/httprouter by @mtoffl01 in #2331
• contrib/kafka: take env variable into account to enable DSM by @vandonr in #2353
• contrib/aws/{aws-sdk-go/aws, aws-sdk-go-v2/aws}: add context example by @mackjmr in #1504
• contrib/dimfeld/httptreemux.v5: parameterize redirects due to trailing slash by @laughingman-hass in #2332
• contrib/google.golang.org/grpc: add hostname tag by @rarguelloF in #2361
• contrib/database/sql: prevent DBM propagation full mode with incompatible dbs by @rarguelloF in #2328
• contrib: fix span start option races by @eliottness in #2418
• tracer: Fix race in spanContext.setSamplingPriority by @evanj in #2271
• tracer: report config-change telemetry in dynamic config by @ahmed-mez in #2350
• tracer: check for (service,env) matching in dynamic config by @ahmed-mez in #2365
• ddtrace/opentelemetry,opentracing: fixed the format of telemetry tags by @dianashevchenko in #2367
• tracer: report rc capabilities for dynamic config by @ahmed-mez in #2369
• tracer: configure global tags via remote-config by @ahmed-mez in #2378
• tracer: support dot notation for tags with array values by @katiehockman in #2253
• build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #2373
• tracer: improve debug message for propagating tag length limit reached by @katiehockman in #2405

General

• {telemetry,remoteconfig}: support fraction of second intervals by @ahmed-mez in #2364
• remoteconfig: add Subscribe function by @ahmed-mez in #2380
• remoteconfig: fix products reporting by @ahmed-mez in #2384

New Contributors

• @RomainMuller made their first contribution in #2338
• @vandonr made their first contribution in #2353
• @laughingman-hass made their first contribution in #2332

Full Changelog: v1.58.0...v.1.59.0

1. In some build environments, libdl functionality is provided by libc; the ldd <binary> command can be used to determine the exact runtime requirements ↩ ↩²

v1.58.1

Patch Release Notes

Application Performance Monitoring (APM)

• contrib/dimfeld/httptreemux.v5: parameterize redirects due to trailing slash by @laughingman-hass in #2332
• contrib: fix span start option races by @katiehockman in #2418
• tracer: Fix race in spanContext.setSamplingPriority by @evanj in #2271
• ddtrace/opentelemetry,opentracing: fixed the format of telemetry tags by @dianashevchenko in #2367

v1.59.0-rc.3

What's Changed

This release includes a fix to several library integrations which could have previously caused data races related to start options. This was fixed in database/sql, gin-gonic/gin, go-chi/chi.v5, go-chi/chi, google.golang.org/grpc.v12, google.golang.org/grpc, gorilla/mux, julienschmidt/httprouter, k8s.io/client-go/kubernetes, labstack/echo.v4, labstack/echo, net/http, and urfave/negroni. We recommend you update to this version if you are using any of these integrations.

Application Security Management (ASM) now can be remotely activated by APM Tracing users with Datadog Remote Configuration, without requiring the appsec build tag or DD_APPSEC_ENABLED environment variable. This can be achieved from different places in our UI such as ASM's Service Setup or APM's Service Catalog (hovering the ASM Status column). Non-remote-configuration users still need to deploy their services with the DD_APPSEC_ENABLED opt-in environment variable to enable ASM. Users of CGO_ENABLED=0 will still have to rely on the appsec build tag for now, as it results into a dependency to libdl.so.2 to have on your deployment environment in this precise case, but not when CGO_ENABLED=1.
This release also includes the latest ASM private beta feature, API Security (public documentation still in progress).

Beta: In-app APM library configuration of trace sampling rate, HTTP header tags and custom tags.
This feature has a known bug: deleting the configuration entry in-app won't reset the configuration locally, this will be fixed in the next version of dd-trace-go (v1.60.0).

Application Security Management (ASM)

• appsec: remove the "appsec" build tag requirement by @RomainMuller in #2354
• go.mod: go-libddwaf v2.2.2 including major perf improvements and bug fixes by @eliottness in #2417
• appsec/api-security: http request schema collection and sensitive data scanning by @Hellzy in #2381
• appsec: support server.response.headers.no_cookies WAF address by @eliottness in #2347

Application Performance Monitoring (APM)

• contrib/google.golang.org/grpc: improve the memory efficiency of threats detection for grpc by @RomainMuller in #2338
• contrib: header_tags support on julienschmidt/httprouter by @mtoffl01 in #2331
• contrib/kafka: take env variable into account to enable DSM by @vandonr in #2353
• contrib/aws/{aws-sdk-go/aws, aws-sdk-go-v2/aws}: add context example by @mackjmr in #1504
• contrib/dimfeld/httptreemux.v5: parameterize redirects due to trailing slash by @laughingman-hass in #2332
• contrib/google.golang.org/grpc: add hostname tag by @rarguelloF in #2361
• contrib/database/sql: prevent DBM propagation full mode with incompatible dbs by @rarguelloF in #2328
• contrib: fix span start option races by @eliottness in #2418
• tracer: Fix race in spanContext.setSamplingPriority by @evanj in #2271
• tracer: report config-change telemetry in dynamic config by @ahmed-mez in #2350
• tracer: check for (service,env) matching in dynamic config by @ahmed-mez in #2365
• ddtrace/opentelemetry,opentracing: fixed the format of telemetry tags by @dianashevchenko in #2367
• tracer: report rc capabilities for dynamic config by @ahmed-mez in #2369
• tracer: configure global tags via remote-config by @ahmed-mez in #2378
• tracer: support dot notation for tags with array values by @katiehockman in #2253
• build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #2373
• tracer: improve debug message for propagating tag length limit reached by @katiehockman in #2405

General

• {telemetry,remoteconfig}: support fraction of second intervals by @ahmed-mez in #2364
• remoteconfig: add Subscribe function by @ahmed-mez in #2380
• remoteconfig: fix products reporting by @ahmed-mez in #2384

New Contributors

• @RomainMuller made their first contribution in #2338
• @vandonr made their first contribution in #2353
• @laughingman-hass made their first contribution in #2332

Full Changelog: v1.58.0...v.1.59.0