2.17.0

Highlights

This release adds support for Rails 8.0, improves dynamic instrumentation
user interface and upgrades libdatadog dependency to version 18.1.

The on_error warning emitted by dd-trace-rb 2.16.0 has also been fixed.

Added

• Tracing: Add support for Rails 8.0. (#4455)

Changed

• Core: Improve tracer error reporting when agent responds with error responses to remote configuration requests (#4669)
• Core: Profiling: Upgrade libdatadog dependency to version 18.1 (#4577)
• Dynamic Instrumentation: Improve UI reporting of application and host status (#4678)
• Tracing: Mark AWS integration spans as errored when AWS requests fail (#4672)

Fixed

• Error Tracking: remove error tracking support on Ruby 2.6 (#4665)
• Profiling: Fix profiling scheduler reporting corner case during shutdown (#4679)
• Tracing: Fix: The on_error warning for HTTP instrumentations (#4673)

Read the full changeset and the release milestone.

2.16.0

Highlights

This release includes improvements to AppSec, with support for session tracking and attacker fingerprinting in applications using devise and rails. The integration leverages business logic events, such as sign-in attempts, to provide better visibility and protection for your applications.

This release also repairs several issues in Live Debugger and Dynamic Instrumentation having to do with source code display.

If you use datadog-ci-rb with webmock, please update datadog-ci-rb to version 1.17.0 or later to ensure compatibility.

Added

• Core: Add new configuration precedence value environment (#4610)
• Core: Add Source Code Integration (SCI) tags in Telemetry app-started event and in each Remote Config request (#4653)
• Core: Tracing: ErrorTracking: Add automatic reporting of handled errors (#4604)
• AppSec: Integrations: Add session tracking and attacker fingerprinting to devise and rails (#4644, #4625)
• Profiling: Add support for Ruby 3.5.0-preview1 (#4600)
• Tracing: Add warning when on_error handler is not a Proc (#4611)
• Tracing: Integrations: Add option to serialize MongoDB command as JSON (#4403)
• Tracing: Integrations: Add baggage to karafka list of propagation styles (#4614)

Changed

• Tracing: Adjust trace sampling formula (#4616)
• Profiling: Replace JSON.fast_generate with JSON.generate (#4602)

Fixed

• Core: Fix Ruby warnings when providing a custom time provider (#4613)
• Core: Fix Telemetry configuration in agentless mode to respect the timeout specified for the Agent (#4590)
• Profiling: Fix profiler compatibility with ruby-head (3.5) (#4656)

Removed

• Core: Remove duplicated classes from Telemetry transport (#4575)

Read the full changeset and the release milestone.

2.15.0

Added

• AppSec: Add auto-patching for activerecord with sql injection detection (#4581)
• Tracing: Add option for opensearch to set resource with relative path (#4509)

Changed

• AppSec: Update In-App WAF rules, processors, and scanners (#4568)

Fixed

• AppSec: Fix blocked requests not marked correctly when using custom redirect blocking action (#4580)
• AppSec: Fix UTF-8 unsafe payloads in InApp-WAF causing runtime exceptions (#4573)

Read the full changeset and the release milestone.

2.14.0

Highlights

• Tracing: Add Karafka integration for distributed tracing. Minimum supported karafka version is 2.3.0. (#4147)
• Core: Tracing: default logger arguments for compatibility with previous dd-trace-rb versions (#4558)

Added

• Tracing: Add karafka instrumentation with 2.3.0 as the minimum supported version. (#4147)

Fixed

• Core: Tracing: default logger arguments for compatibility with previous dd-trace-rb versions (#4558)
• AppSec: Fix Datadog::Kit::AppSec::Events SDK methods to correctly handle given string key usr.login. (#4552)

Read the full changeset and the release milestone.

2.13.0

Highlights

In this release, devise instrumentation was refreshed to track authenticated users, in addition to sign-in and sign-up events. A new anonymization collection mode allows sensitive data to be anonymized.

Following the W3C Baggage specification, Baggage support has been implemented with OpenTelemetry compatibility.

APM tracing can now be disabled independently while maintaining traces for other Datadog products.

Added

• Core: Add DD_TRACE_EXPERIMENTAL_RUNTIME_ID_ENABLED experimental option to enable runtime ID collection for runtime metrics. (#4473)
• Tracing: Add support for W3C Baggage API along with automatic extraction and injection, and OpenTelemetry support. (#4493, #4505)
• Tracing: Add DD_APM_TRACING_ENABLED option to disable APM tracing while keeping other products traces. (#4498)
• Tracing: Add DD_TRACE_NATIVE_SPAN_EVENTS option to override span events serialization for agent-less environments. (#4507)
• AppSec: Add stack trace reporting for security events. (#4526)
• AppSec: Improve devise instrumentation to support latest Account Takeover (ATO) detection. (#4433)

Changed

• Core: Improve DD_TAGS configuration handling to be more consistent across Datadog libraries and Agent. (#4530)
• Tracing: Enable by default 128-bit trace ID logging so that trace IDs are consistent across logs and the Datadog UI. (#4528)

Fixed

• Core: Fix initialization when the library is partially loaded. (#4498)
• Tracing: Fix trace ID propagation by ensuring extraction of 16-character hex values from the _dd.p.tid tag in x-datadog-tags header. (#4534)
• Tracing: Profiling: Fix warnings printed by ruby -w. (#4547, #4549)

Read the full changeset and the release milestone.

2.12.2

Fixed

• AppSec: Fix custom In-App WAF blocking response that was configured in the UI is now applied correctly (#4497)

Read the full changeset and the release milestone.

2.12.1

Highlights

Fixed

• AppSec: Fix ArgumentError from ActiveRecord for Ruby < 2.7 (#4437)

Read the full changeset and the release milestone.

2.12.0

Added

• AppSec: Add detection of Server-Side Request Forgery attacks for rest-client (#4424)
• Dynamic Instrumentation: Add support for unix domain sockets (#4426)

Read the full changeset and the release milestone.

2.11.0

Highlights

Here are some important changes introduced in 2.11.0 and we recommend upgrading.

• Remove peer services by default. This change is to ensure compatibility with Inferred services, allowing for automatic discovery of instrumented dependencies such as databases, queues, or third-party APIs. If you need the previous peer service behavior back, set the environment variable DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED=true.

• Fix a memory leak issue for Runtime Application Self-Protection (RASP)

GVL Profiling is now enabled by default on Ruby 3.2+

GVL profiling means the profiler gathers information from threads waiting to acquire the Ruby "Global VM Lock" (GVL).

This waiting can be a big a source of latency for Ruby applications: a thread "Waiting on the GVL" is a thread that's ready to make progress, but can't start because Ruby is busy doing something else.

For more details on why GVL profiling is relevant, check out How the Ruby Global VM Lock impacts app performance and #3929.

Added

• Tracing: Support graphql multiple query errors report via Span Events (#4177)
• Profiling: Enable GVL profiling by default on Ruby 3.2+ (#4406)
• Profiling: Support correlating profiling with OTel API 1.5+ (#4425)
• AppSec: Add detection of Server-Side Request Forgery attacks for excon (#4399)
• AppSec: Add detection of Server-Side Request Forgery attacks for faraday (#4391)
• AppSec: Deprecate appsec.track_user_events configuration setting in favor of appsec.auto_user_instrumentation (#4352)
• Dynamic Instrumentation: Add optional trace logging (#4283)

Changed

• Increase default timeout for unix domain socket to 30 seconds (#4411)
• Upgrade libdatadog to 16.0.1 (#4353)
• Dynamic Instrumentation: Improve path matching with prefixes of probe paths (#4346)
• Dynamic Instrumentation: Improve event reporting with combing status and snapshot events (#4360)

Fixed

• Tracing: Fix rack to continue trace if only distributed trace is present (#4398)
• AppSec: Fix a memory leak issue for RASP (#4422)
• Dynamic Instrumentation: Fix event submission on forked servers (#4363)

Removed

• Tracing: Remove peer services by default (#3846)

Read the full changeset and the release milestone.

2.10.0

Added

• AppSec: Add configuration option(Datadog.configuration.appsec.rasp_enabled) to enable/disable Runtime Application Self-Protection checks (#4311)
• AppSec: Add stack trace when SQL Injection attack is detected (#4321) (Edit: Cannot be enabled yet, needs an extra change that will be shipped with 2.11.0 release)

Changed

• Add logger gem as dependency (#4257)
• Bump minimum version of datadog-ruby_core_source to 3.4 (#4323)

Fixed

• Dynamic instrumentation: Fix report probe status when dynamic instrumentation probes fail to instrument (#4301)
• Dynamic instrumentation: Include variables named env in probe snapshots (#4292)
• Fix a concurrency issue during application boot (#4303)

Read the full changeset and the release milestone.