2.53.1

Summary

• Fix crash at shutdown when runtime metrics enabled due to bug in the .NET runtime
• Fix occasional crash with Continuous Profiler
• Various other minor bug fixes

Changes

Tracer

• Handle NullReferenceException in EF6 (#5668)
• Don't allow enabling UDS on < .NET Core 3.1 and .NET Framework (#5686)
• Prevent NullReferenceException when Activity IDs are null (#5690)

ASM

• [ASM] Fix Null reference exception error (#5664)
• [ASM] Protect NativeLibrary.CloseLibrary (#5682)
• [ASM] Fix null exception security coordinator (#5685)
• [ASM] Fix Security module failed error (#5694)

Continuous Profiler

• [Profiler] Fix possible crash when SSI deployed (#5684)
• [Profiler] Fix crash when different threads are trying to set a class description (#5691)
• [Profiler] Fix typo in crash fix (#5692)

Miscellaneous

• [SSI] Fix some of the single step injection forwarder code (#5678)
• Single-step guard rails: Use stdin instead of args to invoke telemetry (#5677)
• Fix crash at shutdown in runtime metrics (#5696)
• [CrashTracking] Add more exception types (#5697)

Build / Test

• Single-step guard rails: Fix the path of the log file in tests (#5700)

Changes since 2.53.0

2.53.0

Summary

• [Tracing] Add support for ActivityLinks/OTEL Span Links
• [Tracing] Add support for OpenTelemetry's AddEvent and RecordException API's, and environment variables
• [Tracing] Add support for Serilog v4 and NLog 5.3.0
• [Tracing] Add support for remote configuration of sampling rules and Adaptive Sampling
• [CI Visibility] Add support for Microsoft.CodeCoverage
• [CI Visibility] Add support for UDS and NamedPipes
• [ASM] Enable Runtime Application Self-Protection (RASP) by default
• [Dynamic Instrumentation] Support using Boolean literals in the expression language
• [DBM] Add injection support for Oracle queries (service mode only)

Changes

Tracer

• [Tracer] Support remote config for DD_TRACE_SAMPLING_RULES and Adaptive Sampling (#5453)
• [Tracer] Finishes Adding Support for ActivityLink (#5627)
• [Tracing] Add standardized support for OpenTelemetry AddEvent and RecordException API's (#5630)
• Add support for Serilog v4 (#5649)
• Remap http.response.status_code to http.status_code (#5654)
• Exclude vsdbg from tracing (#5657)
• [Tracing] Adds support for mapping stable OpenTelemetry environment variables to their Datadog equivalents (#5661)
• Don't allocate very large buffers when deserializing responses (#5665)
• [Tracer] SpanLinks Permissive null Clean Up (#5674)

CI Visibility

• [CI Visibility] Automatic reporting of Microsoft.CodeCoverage percentage (#5633)
• [CI Visibility] UDS and NamedPipes support (#5634)

ASM

• [ASM] Update WAF log messages (#5571)
• [ASM] Improved Unsafe Encoder readability (#5587)
• [ASM] Add the span id to the RASP events (#5588)
• [ASM] Add test for null response in aspnet core (#5590)
• [ASM] RASP: Add stack trace bottom and top filtering (#5621)
• [ASM] Enable RASP by default (#5625)
• [ASM] Capture exception to avoid errors (#5662)
• [ASM] Fix CloseLibrary condition (#5667)
• [ASM][IAST] Add _dd.iast.json.tag.size.exceeded telemetry metric (#5641)

Continuous Profiler

• [Profiler] Fix services start/stop (#5616)
• [Profiler] Few missing changes for IService startup/stop (#5619)
• [Profiler] Improve configuration aroung SSI/non-SSI (#5620)
• Add a space before |fg: in case of an unknown type (#5624)
• Normalize the profiler thread names (#5626)
• [Profiler] Investigate and fix profiler benchmarks failures (#5631)

Debugger

• [Dynamic Instrumentation] Aligned the line probe snapshot to fix System Tests failures (#5628)
• [Dynamic Instrumentation] Check specific path for diagnostics upload (#5461)
• [Dynamic Instrumentation] Cleansing third party module names to avoid conflicts with customer's modules (#5622)

Fixes

• Fix RCM Capabilities bugs (#5606)
• Fix NLog direct log shipping 5.3+ when no config is present (#5609)

Miscellaneous

• [DBM] add injection support for oracle queries (but only service mode) (#5506)
• [CrashTracking] Check if native crashes are caused by Datadog (#5573)
• Make crash tracking opt-out (#5582)
• [Test Package Versions Bump] Updating package versions (#5605)
• Fix NLog direct log shipping 5.3+ when no config is present (#5609)
• Record SSI injection values in configuration (#5611)
• Single-step guard rails: Move version.h to shared code (#5635)
• Single-step guard rails: Update RuntimeInformation to include "inferred" runtime version (#5636)
• Single-step guard rails: telemetry (#5637)
• Normalize the tracer thread names (#5644)
• Update libdatadog to v10 (#5653)
• [CrashTracking] Let libdatadog set the endpoint (#5666)
• [Crashtracking] Mark DD_* threads as suspicious (#5647)

Build / Test

• Display C++ static analysis errors in the CI output (#5608)
• chore(lib-injection): update base image to alpine 3.20 (#5613)
• Set LD_PRELOAD in integration tests (#5617)
• [SINT-1401] update windows code signer to v0.2.3 (#5629)
• Ensure we catch exceptions in named pipe mock agent (#5646)
• Fix broken tests that only run on main (#5670)
• chore(serverless): update CODEOWNERS (#5672)
• [Profiler/Tracer] Bump FluentAssertions to 6.12.0 (#5599)
• [Profiler] Capture dump on timeout in wrapper tests (#5602)
• [Profiler] Fix race condition in SocketTimeout (#5648)

Changes since 2.52.0

2.52.0

Summary

• [CIVisibility] Fixes for test.command tag value and version-conflict scenarios
• [ASM] Adds support for session-timeout vulnerability
• [ASM] Adds support for Grpc.AspNetCore source tainting and exclusion marks
• [Tracing] Single step instrumentation no longer instruments EOL runtimes by default

Changes

Tracer

• [Tracer] Delay sampling decisions (#5306)
• [Tracer] Only set _dd.agent_psr tag when using sampling rates from Agent (#5545)
• Refactor LifetimeManager callbacks for UnhandledException (#5557)

CI Visibility

• [CIVisibility] Add SourceLink support to CIEnvironmentValues (#5535)
• [CI Visibility] IPC subsystem (#5537)
• [CI Visibility] - Close and flush incomplete TSLV objects before exiting (#5549)
• [CI Visibility] Send data to the test session using IPC (#5551)
• [CIVisibility] Fix test.command tag value (#5560)
• [CIVisibility] Add a code coverage injection session tag (#5561)
• [CIVisibility] Tag profiles created by BenchmarkDotnet integration and add the IgnoreProfileAttribute (#5568)
• [CIVisibility] Fix support for custom spans with version mismatch (#5578)

ASM

• [ASM][IAST] Add source tainting for Grpc dotnet (#5473)
• [ASM] Rasp sinks instrumentation (#5512)
• [ASM][IAST] Add vulnerability marks to Range + Add the mark to Escaped XSS (#5531)
• [ASM] RASP span metrics (#5542)
• [ASM] Upgrade WAF to version 1.18 (#5546)
• [ASM] Remove the need to pass httpcontext to SecurityCoordinators (#5548)
• [ASM][IAST] Session Timeout vulnerability (#5559)
• [ASM][IAST] Fix System.Text.Json: Properly implement GetRawText() aspect (#5572)
• [ASM] Fix null ref (#5596)

Miscellaneous

• Bail out of instrumentation in SSI when an unsupported platform is detected (#5524)
• Don't instrument most dotnet SDK calls (#5564)
• [Test Package Versions Bump] Updating package versions (#5569)
• [Test Package Versions Bump] Updating package versions (#5585)
• Crash tracking (#5451)

Build / Test

• Update CODEOWNERS for APM SDK IDM ownership (#5525)
• [All Natives] Fix C5105 Warning for Windows Native Projects (#5541)
• Update lib-injection docker image tags (#5544)
• Try fixing flake in TelemetryControllerShouldUpdateGitMetadataWithTelemetry on macOS (#5547)
• "Manually" install MSI dependencies instead of using choco install (#5553)
• Update the .DotSettings in _build (#5555)
• Remove span count assertions from Azure Function tests (#5556)
• [Tracer] scrub _dd.agent_psr from test snapshots (#5562)
• If a lot of snapshots have changed, we should check them all (#5563)
• [Build] Fix chiseled smoke tests jobs + capture coredump when crashing in all smoke tests jobs (#5570)
• Failing serverless tests are not reported in CI (#5574)
• [Tests] add null checks in VerifyHelper (#5575)
• Fix dependabot and improve GeneratePackageVersions (#5579)
• Disable automatic flush in AgentWriterTests.FaultyApi (#5581)
• Improve lib-injection tagging script (#5598)
• Bump Fody from 6.8.0 to 6.8.1 in /tracer/src/Datadog.Trace (#5576)
• [Tracer][Tests] scrub _dd.agent_psr tag from TraceAnnotationsTests snapshots only (#5591)

Changes since 2.51.0

2.51.0

Summary

• [APM] Fix rare TypeLoadException when running instrumented code
• [APM] Fix issue with runtime metrics that could cause memory usage to be reported as negative on x86
• [IAST] Directory listing leak vulnerability detection (Kestrel)
• [ASM] RASP: SSRF blocking. LFi reporting.
• [CI Visibility] Early Flake Detection
• [CI Visibility] Selenium + RUM support
• [Dynamic Instrumentation] Supporting putting a probe in a method which uses a pointer and pinned local variable
• [Profiler] Several fixes

Changes

Tracer

• Encode the last seen Datadog span ID within tracestate (#5176)
• Check to ignore Activity when creating TraceID (#5318)
• read variable responsible for enabling SCA (#5432)
• Fix sending Content-Length: 0 when using chunked-encoding (#5445)
• Add full support for multipart form requests (#5448)
• Avoid batching updates in runtime metrics (#5469)
• Update RegexBuilder to accept a Timeout so we can reduce flake (#5471)
• [Tracing] sampling code cleanup (#5477)
• Switch memory mapped counters to unsigned (#5480)
• Fix nullable reference bugs in Kinesis integration (#5528)

CI Visibility

• [CI Visibility] Early Flake Detection (#5320)
• [CI Visibility] - Improvements to the dd-trace ci ... commands (#5468)
• [CI Visibility] - Selenium + RUM support (#5505)
• [CI Visibility] - Ensure continuous profiler flush on CI Visibility close method (#5513)
• [CI Visibility] - Fix force Evp proxy environment variable (#5526)
• [CI Visibility] Add linux whereis command as a fallback to locate the target binary. (#5532)

ASM

• [ASM][IAST] Add Directory listing leak vulnerability (kestrel) (#5475)
• [ASM] change env variable name to remove experimental keyword (#5478)
• [ASM][IAST] Add exception for Vary: Origin (#5486)
• Send Rasp settings. Change codeowner file for snapshots. (#5490)
• [ASM] RASP: Lfi reporting (#5491)
• [ASM] Rasp: Block SSRF attacks (#5507)
• [ASM] Add stack traces to the span for RASP vulnerabilities (#5515)
• [ASM] Add RASP telemetry (#5527)
• Update WAF to version 1.17 (#5463)
• Fix RegisterIastAspects signature (#5474)

Continuous Profiler

• [Profiler] Fix crash in Sampler at shutdown (#5483)
• [Profiler] Fix various thing in the profiler testing infrastructure (#5495)
• [Profiler] Fix bug debug info store & line of code (Code viewer) (#5496)

Debugger

• [Dynamic Instrumentation] Fix System.ArgumentNullException while processing span decoration probes with empty tags (#5444)
• [Debugger][Test] skip some tests that fail in DEBUG mode (#5452)
• [Dynamic Instrumentation] DEBUG-2320 Support pointer and pinned local (#5464)
• [Dynamic Instrumentation] DEBUG-2321 Add local pinned and pointer for instrumentation verification (#5465)
• [Dynamic Instrumentation] DEBUG-2322 Find correct member ref based on best candidate (#5467)
• [Dynamic Instrumentation] Fix PinnedLocalTest (#5511)
• [Dynamic Instrumentation] Add 'connectionString' to the list of redacted values (#5487)
• [Dynamic Instrumentation] Do not create probe processor and rate limiting for unbound line probes (#5503)
• [Dynamic Instrumentation] Consolidate PII redaction keys for all libraries. (#5522)

Serverless

• [Serverless] add CI_COMMIT_TAG to be sent downstream (#5460)

Build / Test

• Avoid more flake in smoke tests (#5413)
• Try again to fix dd-trace build (#5429)
• Refactor test infrastructure to support chunked encoding/gzip correctly (#5446)
• Add testing of IMultipartApiRequest for UDS, streams and gzip (#5447)
• [CI] Minor cleanup (#5450)
• Fix dotnet_tool build (#5470)
• Fix some flaky tests in IAST and sampling (#5472)
• Ignore expected CI Visibility error (#5482)
• [CLI Tool] Updated COMPlus_EnableDiagnostics Message (#5485)
• Simplify CI Visibility snapshot names (#5488)
• [CI] Fix flake in Git Telemetry (#5497)
• Remove direct references to Datadog.Trace from Security samples (#5500)
• Fix DSM SQS tests (#5530)

Miscellaneous

• Calltarget ref struct support (#5442)
• [APM] Add git reference to application telemetry (#5459)
• Don't send errors from Exceptions during requests to RCM (#5466)
• Fix git metadata collection (#5489)
• Fix race condition when initializing metadata (#5508)
• Remove some write flags from GetModuleMetaData calls (#5517)
• Prefix dynamic assemblies with "Datadog." (#5523)
• Include inner exceptions in the telemetry logs (#5529)

Changes since 2.50.0

2.50.0

Summary

• [CI Visibility] - Improvements for MSTest: custom TestMethod, custom DisplayName, and missing tests
• [IAST] - NHibernate SQLI vulnerability detection
• [ASM] - Add support for null-returning controller actions
• [Dynamic Instrumentation] - Improvements to async method handling
• [Dynamic Instrumentation] - Improvements to symbol database
• [Profiler] Performance improvements have been made and reduce the profiler overhead

Changes

Tracer

• [ASM] Report external wafs headers (#5178)
• Add rate limit for the log written by TraceRateLimiter (#5229)
• Optimize HttpMessage.GetContentEncoding using spans (#5301)
• Use TraceId128 in log instead of TraceId (#5312)
• Use vendored span in HexString (#5313)
• Add support for span links (#5354)
• [Tracing] Add IsRemote to SpanContext (#5385)
• Adding nullability to CallTarget code and null checks to the ducktyping constraints proxy (#5393)
• Add try/finally to Msmq integration (#5457)

CI Visibility

• [CI Visibility] - New CI Visibility code coverage algorithm (#5254)
• [CI Visibility] Fix some test to avoid flakiness on retries. (#5325)
• [CI Visibility] - MSTest2 Improvements and Fixes (#5381)
• [CI Visibility] - Fix ITR Code Coverage collector attach algorithm (#5412)
• [CI Visibility] - Find .git folder when using GetFrom method as a fallback (#5425)

ASM

• [ASM][ApiSecurity] Change Api Securitysampling algorithm (#5257)
• [ASM] never log WAF at debug level, since (#5295)
• [ASM] Dont deserialize rcm payloads until they are needed for memory optimization (#5296)
• [ASM] Fix our legacy encoder benchmarks memory leak (#5308)
• Fix how security settings are read (#5317)
• [ASM] Ensure new sample and agent are used on each test (#5339)
• [ASM][IAST] NHibernate support (SQLI Vuln) (#5347)
• [ASM] Fix nullreference exception escalation on response body instrumentation for NET Fx (#5365)

Continuous Profiler

• [Profiler] Use a homemade implementation of linked-list (#5284)
• [Profiler] Add FlushProfile public method (#5303)
• [Profiler] Remove flakiness for GC CPU comsumption (#5323)
• [Profiler] Add callstack provider (#5328)
• [Profiler] Avoid named pipe test flackiness (#5331)
• [Profiler] Bump to libdatadog 8 (#5348)
• Update libunwind to 1.8.1 (#5358)
• [Profiler] Fix bug in case of Agent error with .NET Framework (#5368)
• Include the libunwind double-free fix (#5397)
• [Profiler] Upgrade cppcheck to 2.12 (#5398)
• Fix profiler integration tests (#5423)
• [Profiler] Move GetAppDomain to ManagedThreadInfo (#5427)
• [Profiler] Pass memory_resource around (#5434)
• [Profiler] Fix possible crash when Agent does not answer namedpipe connection (#5437)
• [Profiler] Fix use-after-free ASAN diagnostic (#5441)

Debugger

• [Dynamic Instrumentation] Consider 3rd party assemblies on SymDB (#5380)
• [Dynamic Instrumentation] Support legacy endpoint for diagnostics uploading (#5456)
• [Dynamic Instrumentation] Reduce allocations in probe processing (#5132)
• [Dynamic Instrumentation] Handle Out Of Range exception in SymDB (#5162)
• [Dynamic Instrumentation] Fix number of locals in async method (#5131)
• [Dynamic Instrumentation] Add NotCapturedReason for unreachable local var value in async method (#5161)
• [Dynamic Instrumentation] Normalize redaction keywords + add missing keywords (#5350)
• [Dynamic Instrumentation] Acknowledge log probe capture limits (#5364)
• [Dynamic Instrumentation] Added emitting status for probes (#5372)
• [Dynamic Instrumentation] Introduce diagnostics endpoint (#5373)
• [Dynamic Instrumentation] Temporary disable system tests (#5411)
• [Dynamic Instrumentation] Fix type of local in async method (#5414)
• [Dynamic Instrumentation] Fix probe status upload + refactor upload process (#5422)

Exception Debugging

• [Exception Debugging] Introducing the Exception Debugging product (#5163)
• [Exception Debugging] Minor post-merge fix to Exception Debugging unwinding logic (#5327)
• [Exception Debugging] Better communicate non-captured exceptions (#5371)
• [Exception Debugging] Enhanced the reporting of non-captured exceptions (#5391)

Serverless

• [Serverless] add serverless benchmarks (#5374)
• [Serverless] update benchmark variables (#5409)

Fixes

• Add some more #nullable enable (#5332)

Build / Test

• Fix 2.7.0 XUnit tests (#5341)
• Update CI support for release branches (#4811)
• Add explicit "clean" step to clone repo (#5309)
• Clean dangling AgentWriter instances in unit tests (#5311)
• Fix lib-injection container images (#5322)
• Increase the margin for the number of threads in RuntimeMetricsWriterTests (#5329)
• Remove automatic deploy to di (#5330)
• [Test] Running AspNetCore5IastTestsFullSampling Tests Serially (#5333)
• Disable inlining for restsharp exploration tests (#5335)
• Start pushing latest_snapshot images for lib-injection images (#5336)
• Filtering out Timer ExitApp span (#5337)
• [Test Package Versions Bump] Updating package versions (#5338)
• [ci] Add oci package build (#5340)
• Update CODEOWNERS file for MethodSymbolResolver.cs (#5342)
• [Build] Extend Azure Service Bus testing from versions 7.4.x - 7.17.x (#5343)
• Disable Inlining to 0 for both Cake & swashbuckle tests (#5344)
• Disabling ASM Throughput Job (#5345)
• Running all WafLibraryRequiredTest tests serially (#5346)
• Exclude known error from smoke tests (#5349)
• Update some packages (#5353)
• Fix some warnings in the samples (#5366)
• separate DSM tests for more clarity (#5367)
• Fix smoke test issue and pin versions (#5376)
• Fix some more build warnings from the samples (#5378)
• Don't print snapshots diff unless running in CI (#5379)
• [Auto instrumentation generator] Add support for nested types (#5382)
• K8s Lib Injection: Migration (#5383)
• Try fix macos unit test crash (#5384)
• Try working around missing Docker Compose v1 in hosted runners (#5386)
• Really clean up before doing anything (#5387)
• Only publish :latest lib-injection container images on merges to master (#5388)
• Temporarily disable profiler CppCheck (#5389)
• Split the macos build into 2 jobs and parallelise (#5390)
• Ensure we also clean hidden folders (#5399)
• Use docker mirror image in GitLab instead of dockerhub (#5401)
• Remove direct reference to Samples.AspNetCore.RazorPages from integration test project (#5402)
• Set the obfuscation querystring regex to something large to avoid flake in integration tests (#5403)
• Don't specify port for Yarp test to avoid flake (#5404)
• [Test Package Versions Bump] Updating package versions (#5405)
• Update approvals for debugger async tests (#5406)
• Update GitHub token to one that's not about to expire (#5407)
• Ignore complaints from NuGet about out of support packages (#5415)
• Add an explicit "clean docker" step (#5417)
• Don't re-build everything when building the runner in CI (#5424)
• Bump the timeout of the integration_tests_windows stage (#5426)
• Bump the macos timeout (#5430)

Miscellaneous

• [Tracer][Logs] ILogger sample in Azure Functions (#4065)
• [DSM] - Use the same header adapter on get and put (#5361)

Changes since 2.49.0

2.49.0

Summary

• Significantly improved runtime metrics performance
• Fixes for MSTestV2 integration on .NET Framework
• Fixes for IbmMq instrumentation for DSM
• Added additional integration and improvements for IAST
• Added DD_TAGS to snapshot query parameter for Dynamic Instrumentation

Changes

Tracer

• [Tracing] Support configuring DD_TRACE_ENABLED remotely (#5181)
• Add support for DD_DOGSTATSD_URL (#5224)
• Minor (potential) fixes for NullReferenceException (#5230)
• Warm up the query string obfuscator regex (#5266)
• Include the trace sampling priority in the span debug log (#5274)
• [Tracer] Include propagation style in the configuration log (#5275)
• Fix errors identified from telemetry (#5279)
• Allow skipping span generation in ProcessStart integration (#5280)
• Don't allow adding null to the GRPC headers (#5286)
• Add meta_struct capability to the tracer (#5287)
• Handle case where SetExceptionTags() throws (#5291)
• Use vendored spans in tags generation (#5298)
• Optimize runtime metrics (#5304)
• [Tracing] Update instrumentation point for DD_TRACE_DELAY_WCF_INSTRUMENTATION_ENABLED=true (#5206)

CI Visibility

• [CI Visibility] - Enable snapshot testing of current testing framework implementations (#5226)
• [CI Visibility] - Add a rate limit to the warning message of the OriginTagTraceProcessor (#5261)
• Disable profiling in benchmarks (#5262)
• [CI Visibility] Fix MSTestV2 integration on .NET Framework (#5269)

ASM

• [ASM][IAST] Insecure Auth Vulnerability (#5148)
• [IAST] Added tests cases for Custom Manual and Attribute spans (#5218)
• [ASM][IAST] Support manual JSON deserialisation (System.Text.Json) (#5223)
• [IAST] XSS vulnerability (#5231)
• [ASM] Rework encoder telemetry and logs (#5234)
• [ASM][IAST] Support manual JSON deserialisation (Newtonsoft.Json) (#5238)
• [IAST] Set redaction config values according to documentation (#5242)
• [ASM] Add processors and scanners to ruleset (#5248)
• [ASM][IAST] Support manual JSON deserialisation (JavaScriptSerializer) #5238 (#5251)
• [ASM] Exclude NHibernate from callsite instrumentation (#5265)
• [ASM][IAST] Configure maximum IAST Ranges (#5292)
• [ASM] Deactivate benchmark for legacy encoder to help CI (#5299)
• [IAST] Vulnerability and Evidence truncation (#5302)
• [ASM] Try fix memory buildup in asm benchmarks removing destructor in Obj (#5305)
• [ASM] Add dummy agent writer for benchmarks (#5307)
• [ASM] - Fix HttpRequestValidationException Error (#5221)
• [IAST] Path in location is always the fully qualified type name (#5256)
• [IAST] Fix version parsing in Dataflow (#5263)

Continuous Profiler

• [Profiler] Force gen2 GCs to avoid test flakyness (#5273)
• [Profiler] Exclude export error message from flaky test (#5277)

Debugger

• [Dynamic Instrumentation] Fix not equal (ne!=) operator in EL (#5212)
• [Dynamic Instrumentation] Remove async void in SymbolsUploader (#5155)
• [Dynamic Instrumentation] Adding ddtags to snapshot query parameter (#5210)

Build / Test

• Enable Datadog static analysis (#5057)
• Try play asm benchmark only on appsec changed (#5066)
• Report library configuration through telemetry (#5126)
• Removing check to allow the test to create snapshots (#5246)
• [Tracer] Adding Optional Parameter for MockTraceAgent's WaitForSpans (#5253)
• [Tracer] Fixing Missing Query String for CleanUri_HttpUrlTag Tests (#5258)
• [Tracer] Updating GrpcLegacy Sample App and Tests (#5264)
• Add analyzer to avoid implicitly capturing parameters with primary constructors (#5276)
• add a test case where message attributes are null (integration tests) (#5282)
• Skip .NET Core 2.1 tests on ARM64 (#5283)
• Set big regex timeouts for tests (#5297)
• Running All Datadog.Trace.ClrProfiler.IntegrationTests Tests Serially (#5310)
• Fix: Skip System.Text.Json tainting tests on netcore3.0 (#5314)
• Skipping 3.0 Snapshot Check (#5316)
• [Tracer] Increasing GraphQL ObfuscationQueryStringRegexTimeout To Prevent Flakes (#5255)

Miscellaneous

• [DSM] - Fixes for IbmMq instrumentation (#5271)
• Add db name & host to sql injected tags (#5278)

Changes since 2.48.0

2.48.0

Summary

• [Tracing] Swap default propagation styles from tracecontext,Datadog to Datadog,tracecontext
  • This change informs the .NET Tracer to first attempt to extract incoming Datadog distributed tracing headers then to extract W3C trace context headers. This provides a better end-to-end experience by preferring that services instrumented by Datadog remain connected and should, in the large majority of scenarios, not affect existing traces.
• [Tracing] Fix bug where dogstatsd tries to send to the wrong hostname
• [Tracing] Fix bug when trace-agent uses chunked responses
• [ASM/IAST] Add detection of Reflection injection vulnerability
• [Continuous Profiler] Enable exception profiling by default
• [Continuous Profiler] Fix race condition in stack unwind
• [DSM] Add DSM support for SQS

Changes

Tracer

• Swap default propagation styles from tracecontext,Datadog to Datadog,tracecontext (#5115)
• [Tracing] special-case the "any" pattern in sampling rules (#5142)
• Remove non-backtracking regular expressions (#5194)
• Fix scenario where dogstatsd tries to send to the wrong hostname (#5222)
• Fix product data collected for tracer flare (#5228)
• Add a ChunkedEncodingReadStream to use when talking to the agent (#5241)
• Update DatadogHttpClient to support chunked encoding (#5244)
• Remove usage of ArrayPool<T> from ChunkedEncodingReadStream (#5247)

CI Visibility

• [CI Visibility] Sanitize git get-objects output (#5232)

ASM

• [ASM] Rasp callsite instrumentation (#5186)
• [ASM] increase waf timeout on flaky unit tests (#5196)
• [IAST] Enabled hash in integration tests (#5205)
• [IAST] Add support to AspectMethodReplace with struct arguments (#5213)
• [ASM][IAST] Reflection Injection (#5219)
• [ASM] Update RASP snapshots (#5233)
• [ASM] handle array list in legacy encoder (#5239)
• [ASM] Fix null reference exception (#5243)

Continuous Profiler

• [Profiler] Refactor to optimize samples collection (#5174)
• [Profiler] Optimize AppDomainStore (#5175)
• [Profiler] Detect Single Step Instrumentation (#5184)
• [Profiling] Reduce available symbols (#5195)
• [Profiler] On linux we may crash if we unwind a thread that was already unwinding its own callstack (#5197)
• [Profiler] Cleanup compilation warnings (#5201)
• [Profiler] Enable exception profiling by default (#5202)

Miscellaneous

• [Test Package Versions Bump] Updating package versions (#4972)
• DSM support for SQS (#4973)
• refactor SQS send/receive instrumentation code (#5120)
• [Documentation] Add a sample that configures an ASP.NET Core app with OpenTelemetry (#5203)
• Support DOTNET_EnableDiagnostics in dd-dotnet (#5208)
• Move DSM checkpointing responsibility for Kafka from API method to integration (#5211)
• Use vendored unsafe class instead of emitting IL (#5215)
• IntegrationMapper.ConvertType simplification and Ducktype optimization (#5216)

Build / Test

• Add testing for AWS Lambda on .NET 8 (#5236)
• Don't require additional Windows SDK for Nuke desktop notification (#5192)
• Tweak OpenTelemetry sample (#5204)
• Add IntegrationIdExtensions.cs to codeowners common files (#5217)
• Force update to latest Octokit version (#5249)
• Missing generated aspects (#5225)

Changes since 2.47.0

2.47.0

Summary

• [CI Visibility] - Add configure jenkins command in dd-trace
• [CI Visibility] - Add GAC installation feature for .NET Framework
• [ASM] - Add API Security for .NET Framework
• [ASM] - Add nosql (Mongo), stack trace leak, and xpath injection vulnerability detection
• [Profiler] - Add high/low thread count metrics
• [Dynamic Instrumentation] - Add instanceof, isDefined, parent type, static, public, and protected members to expression language
• [DSM] - Simplify DSM pathway context inheritance

Changes

Tracer

• Make MessagePack compatible with AOT compilation (#5092)
• Fix JSON.NET warnings for NativeAOT (#5122)
• Change AsyncManualResetEvent to use a TaskCompletionSource (#5165)
• [Tracing][ASM] http query string obfuscation should be case-insensitive (#5188)

CI Visibility

• [CI Visibility] - Add intelligent test runner CorrelationId support (#5111)
• [CI Visibility] - Add support for event proxy v4 endpoint (gzip support) (#5114)
• [CI Visibility] - Include GAC installation feature to fix compatibility with .NET Framework (#5129)
• [CI Visibility] - Update CI specs (#5137)
• [CI Visibility] - Add configure jenkins command in dd-trace ci (#5158)
• [CI Visibility] Small optimizations (#5160)
• [CI Visibility] GAC commands in dd-trace (#5167)
• [CI Visibility] - Add netcoreapp2.x support for dd-trace GAC commands (#5173)
• [CI Visibility] - Fix DiscoveryService Agent configuration callback (#5187)
• [CI Visibility] Fix MakeRelativePathFromSourceRoot method when the path is invalid (#5189)
• Changes missing on the SCI git metadata spec (#5082)

ASM

• [ASM] Add timeouts to the tokenizers regex (#5083)
• [ASM] Allow 0 values for iast regex timeout (#5139)
• [ASM] Fix of Context's disposing too early + new encoder's limits bug (#4884)
• [ASM] Api security for netfx (#4942)
• [ASM][IAST] MongoDB Integration (#4995)
• [ASM] Adapt ASM benchmarks (#5010)
• [ASM][IAST] New scrubbing for location data (#5047)
• [ASM] Concatenate the results of multi-WAF runs (#5055)
• [ASM] Stack trace leak vulnerability detection (#5067)
• [ASM] Xpath injection vulnerability (#5113)
• [ASM][IAST] Test IAST enum (#5116)
• [ASM] Exposes and test ephemeral address (#5121)
• [ASM] Fix flaky test (#5123)
• [ASM] Prevent null references: harden ControllerExtensions integration (#5124)
• [ASM] Fix log messaage for sys tests (#5135)
• [ASM] Add RASP configuration settings (#5136)
• [ASM][IAST] Fix Tests Location (#5143)
• [ASM] Update waf to 1.16.0 (#5164)
• [ASM] Fix building IAST instrumented tests on macOS + increase QoL on macOS (#5169)
• [ASM] when appsec rules files is not found, dont continue init process and log confusing messages (#5171)
• [ASM][IAST] Fix weakcipher on macos (#5172)

Continuous Profiler

• [Profiler] Refactor with a support for named pipes to communicate with Datadog Agent (#4820)
• [Profiler] Remove unused statistics method in StackSamplerLoop (#5101)
• [Profiler] Add high/low thread count metrics (#5138)

Debugger

• [Dynamic Instrumentation] Add probe-id tag to metric probe (#5023)
• [Dynamic Instrumentation] Send metric duration in case of evaluation error (#5059)
• [Dynamic Instrumentation] Support isDefined in expression language (#5021)
• [Dynamic Instrumentation] Fix EL operation names (#5022)
• [Dynamic Instrumentation] Add instanceof expression to EL (#5024)
• [Dynamic Instrumentation] Support parent type static public and protected members in EL (#5026)
• [Dynamic Instrumentation] Add @exception to locals (like @return) (#5051)
• [Dynamic Instrumentation] Replace @Exceptions with @exception in template tests (#5140)
• [Dynamic Instrumentation] Scrub stacktrace value in probe tests snapshots (#5149)

Build / Test

• Update OpenTelemetry snapshots for 1.7.0 (#4978)
• Update CosmosDb snapshots and csproj to ignore .NET Standard warning (#4979)
• Update PublishAotCompressed and enable LZMA compression (#5070)
• Fix Non-serializable data ('System.Object[]') found in tests (#5089)
• Stop rebuilding dddotnet (#5103)
• Fix instrumentation definitions source generator IDE performance (#5108)
• Test source generators for incrementality (#5109)
• [Build] Update the ubuntu Microsoft-hosted agents (#5117)
• Fix Debugger's snapshot tests (#5125)
• Avoid using dotnet run in nuke (#5127)
• [Build] Finish updating recent snapshots (#5130)
• fix unit test broket on master after merge in wrong order (#5133)
• Force execute permissions on OSX (#5145)
• Fix the issue of not having branch name when azure pipeline works with a detached HEAD (#5146)
• Output branch name to console output (#5150)
• [APM] Move common (more) files ownership on tracer folder to APM group (#5151)
• Add a fast developer loop option to the build project. (#5152)
• Create and publish arm64 version for docker image latest_snapshot (#5170)
• Default to .net core runtime on Linux in dd-dotnet (#5177)
• [Build] Fix dd-trace-dotnet:latest_snapshot image for system-tests (#5182)
• [APM] Move common files ownership on tracer folder to APM group (#5147)
• [tests] remove unused front-end files in sample/test web apps (jQuery, Bootstrap, fonts) (#4797)

Miscellaneous

• simplify & fix DSM pathway context inheritance (#5074)

Changes since 2.46.0

2.46.0

Summary

• [Tracing] Add support for matching sampling rules by resource name and span tags, and for using glob patterns
• [Tracing] Add support for tracer flare for faster support resolution
• [Tracing] Add support for container tagging over TCP on cgroup v2
• [CI Visibility] Reduce overhead of intelligent test runner, payload upload, and git unshallow
• [IAST] Add support for header injection vulnerability
• [IAST] Fix false-positive related to small-integer string cache
• [Serverless] Report exception details to Lambda extension

Changes

Tracer

• Add DD_TRACE_SAMPLING_RULES_FORMAT setting (#4984)
• [tracer] Match sampling rules by resource name and span tags (#5013)
• [Tracer] Update signature parsing in the tracer's native library to account for ELEMENT_TYPE_PTR byte (#5042)
• [Tracer] Send the Datadog-Entity-ID header, containing either the container-id or the cgroup inode if available (AIT-9281) (#5058)
• NullConfigurationSource should implement ITelemetredConfigurationSource (#5033)

CI Visibility

• [CI Visibility] - Update Code Coverage percentage reporting (#5032)
• [CI Visibility] - Improve git upload logic (#5039)
• [CI Visibility] - Intelligent Test Runner: reduce overhead of the default branch (#5041)
• [CI Visibility] - Enable AutomaticDecompression on CI Visibility http clients (#5043)
• [CI Visibility] - Add support for GZip compression in Multipart payloads (#5060)
• [CI Visibility] - Fix exception when the CodeCoverage environment variable value is null (#5063)
• [CI Visibility] - TestPlatform AssemblyResolver .ctor integration (#5088)
• Ignore TestPlatform SDK assembly resolve error from CI CheckBuildLogs (#5084)

ASM

• [ASM] IAST Header injection vulnerability detection. (#4981)
• [ASM] Dont catch CallTargetBubbleUpException native side, like on managed side (#5034)
• [IAST] SourceType refactor (#5037)
• [ASM] Add max concurrent request setting for api sec (#5048)
• [IAST] String cache bugfix (#5064)

Dynamic Instrumentation

• [Dynamic Instrumentation] Upload symbols to SymDB (with System.Reflection.Metadata) (#4782)
• [Dynamic Instrumentation] Made the captured members size flexible due to IndexOutOfRangeException (#5099)

Serverless

• Fix AWS Lambda tests (#5050)
• [SLES-1357] set exception on the aws.lambda span (#5054)

Build / Test

• [Build] adds a notification on build end (#5008)
• Add an API to create a suspended process (#5015)
• Convert integration tests to async (#5018)
• bump default kafka lib version in sample app to solve a bug with mac (#5028)
• AutoGenerator bug fixes (#5029)
• [IAST] Folder casing fix (#5035)
• Use native debugging for procdump (#5046)
• [IAST] Removed Activator calls in SourceGenerator for performance reasons (#5052)
• Minor CI fixes (#5056)
• Fix BenchmarkTests civisibility reporting (#5069)
• Fix failing GraphQL tests on .NET Core 2.1 on alpine (#5075)
• Source generator refactor (#5078)
• Shorting the symbol extractor tests approval names (#5079)
• Fix trimming file (#5080)
• Disable code coverage unless forced (#5090)
• Suppress build warnings we don't care about (#5096)
• Skip debugger SymbolExtractorTest tests (#5095)

Miscellaneous

• Reenable tracer flare and handle debug request (#5040)
• Fix - Change DelegateInstrumentation set continuations behaviour to copy Calltarget (#5049)
• Disable remote configuration in Serverless and CI scenarios (#5053)
• Always log rejit errors (#5061)
• Include telemetry data in tracer flare (#5062)
• Update some Github docs (#5077)

Changes since 2.45.0

2.45.0

Summary

• [Tracing] Fix trace context propagation when instrumenting a YARP reverse proxy
• [dd-dotnet tool] Detect when aspnetcore out-of-process is not initialized
• [ASM] Update waf 1.15.1 and rules 1.10.0
• [ASM] Fix incorrect encoding of route data in WAF

Changes

Tracer

• [Tracing] Fix trace context propagation when instrumenting a YARP reverse proxy (#5025)
• [Tracer] Update SNS integration (#4712)
• Add PushStream support to IApiRequest and support chunked-encoding (#4989)
• Add peer.hostname tag to grpc clients (#4992)
• Make custom sampling rules case-insensitive (#4999)

ASM

• [ASM] Update waf 1.15.1 and rules 1.10.0 (#4958)
• [ASM] Fix path params not being all transformed to waf encodable values (#5011)
• [ASM] Division by zero could happen if param was 0 and apisecurity is enabled (#4975)

Tools

• Detect when aspnetcore out-of-process is not initialized (#5012)

Build / Test

• [ASM][IAST] Fix macOS build for IAST Instrumented tests (#4993)
• [Build] Fix Tracer Native Build on MacOS ARM64 (#4969)
• Change the echo output in Samples.Console (#4982)
• More workarounds for Rider/NuGet bug (#4986)
• Try to fix the RedirectInput test (#4998)
• Explicitly sort files before generating missing nullability csv (#5000)
• speedup CI step verify_files_without_nullability (#5003)
• Disable inlining on automapper tests (#5004)
• Remove SA1010 exclusions (#5007)
• Make sure OsX ITests don't require dd_dotnet stuff (#5009)
• little quality of life improvements on integration tests (#5016)
• Fix OSX solution filter (#5027)
• Small fixes for MockTracerAgent and MockHttpParser parsing (#4988)
• Refactor MockTracerAgent to allow sending custom responses for any endpoint (#4997)

Miscellaneous

• Making RCM async (#4996)
• Add helpers for creating a sentinel file and for zipping debug logs (#4987)
• Add TracerFlareApi implementation for sending requests to endpoint (#4990)
• Add remote-configuration + manager support for tracer flare (#4991)
• Add nullable annotations to the datadog logging files (#4994)
• Add install signature to app-started telemetry event (#5002)
• Restore log level after tracer flare (#5017)
• Temporarily disable the tracer flare functionality (#5036)

Changes since 2.44.0