2.20.0

This release introduces several improvements, including the ability to add W3C Baggage headers, such as user.id, session.id, and account.id.

Additionally, AppSec has reworked how Remote Config updates are applied, reducing thread blocking operations in multi-threaded environments.

Added

• Tracing: Add capability to add W3C Baggage headers to the local root span as span tags (#4716)
• AppSec: Add WAF analysis of the responses with JSON body (#4848)
• Dynamic Instrumentation: Live Debugger: Add support for specifying probes in a file via DD_DYNAMIC_INSTRUMENTATION_PROBE_FILE environment variable (#4838)

Changed

• Core: Expand generated warning and error messages during libdatadog build (#4831)
• AppSec: Rework handling of Remote Config updates for multi-threaded web servers (#4833)
• AppSec: Update security tags for Business Logic Events and User Events SDK v1 and v2 (#4851)

Fixed

• Tracing: Fix constants resolution for Rails runner (#4863)

2.19.0

Highlights

Single Step Instrumentation (SSI) for Ruby is now GA. This ambient mode of operation automatically installs the Datadog SDKs with no additional configuration required, reducing onboarding time from days to minutes.

Starting with this release, SSI is supported for Ruby 2.6 to 3.4 and will automatically instrument Rails and Hanami applications. Rubygems 3.4+ and Bundler 2.4+ are officially supported. Note that frozen bundles - including deployment mode and explicitly setting BUNDLE_PATH - are currently unsupported.

See the SSI documentation for more information.

Added

• AppSec: Added Business Logic Events SDK v2. (#4802)
• Tracing: Add record_exception API to capture and attach error information to spans via span events. (#4771)
• Tracing: Add :cache_store option to ActiveSupport integration to allow tracing only specified cache backends. (#4693)
• SSI: Rework SSI from the ground up. (#4366)

Changed

• Profiling: Switch profiler stack truncation strategy and improve sampling performance (#4819)
• Profiling: Report GC tuning environment variables with profiles (#4813)
• Profiling: Tag profiles with sequence number (#4794)
• Profiling: Enable sample from inside signal handler by default on modern Rubies (#4786, #4785)

Fixed

• Core: Fix emitting duplicate warnings on agent configuration mismatch (#4814)
• AppSec: Fix an error in AppSec route extractor for not-found routes in Rails 8 (#4793)
• Live Debugger: Fix serialization of instance variables (#4808)
• Profiling: Add workaround for Ruby VM bug (#4787)
• Profiling: Fix checking for dladdr in profiling (#4783)
• Profiling: Fix potential profiler compilation issue. (#4783)
• Tracing: The mysql integration now only sets the db.name tag if there is a valid value (#4776)
• Tracing: The Rails Runner instrumentation should now create Rails Runner spans. (#4681)
• Tracing: Fix sampling rules and sample rate reporting in environment logger. (#4772)

Removed

2.18.0

Highlights

Heap Profiling is now in Preview

The heap profiling feature is now in preview. With this release, we've done extensive performance improvements and improved data accuracy.

This feature requires Ruby 3.1+. You can enable it by using the DD_PROFILING_EXPERIMENTAL_HEAP_ENABLED=true environment variable, or via code:

Datadog.configure do |c|
  # ... existing configuration ...
  c.profiling.advanced.experimental_heap_enabled = true
end

(Note that this feature requires that allocation profiling is also enabled. To do so, set DD_PROFILING_ALLOCATION_ENABLED=true or c.profiling.allocation_enabled = true via code).

App & API Protection feature is now enabled by default

It provides unified visibility and security for your applications and APIs, helping you detect, investigate, and prevent threats.

Note

This feature billed as a part of Application Security and only if Application Security is enabled.

Added

• Core: Add support for tracer configuration through Fleet Automation (#4651)
• Core: Add Service Discovery capability, enabling the tracer to reliably determine which process are instrumented
• AppSec: Add API Security with new sampling algorithm to the Rack, Rails, Sinatra and Grape frameworks (#4699)
• Dynamic Instrumentation: Add instance variable capture to method and line probes (#4668)
• Tracing: Add Rails view render times and database query times to the spans, when available (#4697)

Changed

• AppSec: Enable API Security feature by default (#4756)
• AppSec: Improve overall threat detection (#4757)
• AppSec: Deprecate config.appsec.ip_passlist, config.appsec.ip_denylist, and config.appsec.user_id_denylist (#4757)
• Profiling: Graduate Heap Profiling from alpha to preview (#4401, #4460)
• Profiling: Add capturing of native filenames in backtraces (#4745)
• Profiling: Clean up profiler logging (#4728)
  Tracing: Add support for DD_RUNTIME_METRICS_RUNTIME_ID_ENABLED to tag runtime metrics with the current runtime ID, allowing correlation across processes (#4718)
• Tracing: Improve performance of http.route tag computation for Rails (#4688)

Fixed

• AppSec: Fix authenticated users tracking in anonymization mode for Devise (#4731)
• Dynamic Instrumentation: Fix source code display in live debugger (#4743)
• Profiling: Fix profiler stopping due to bug in heap profiling serialization (#4721)

Read the full changeset and the release milestone.

2.17.0

Highlights

This release adds support for Rails 8.0, improves dynamic instrumentation
user interface and upgrades libdatadog dependency to version 18.1.

The on_error warning emitted by dd-trace-rb 2.16.0 has also been fixed.

Added

• Tracing: Add support for Rails 8.0. (#4455)

Changed

• Core: Improve tracer error reporting when agent responds with error responses to remote configuration requests (#4669)
• Core: Profiling: Upgrade libdatadog dependency to version 18.1 (#4577)
• Dynamic Instrumentation: Improve UI reporting of application and host status (#4678)
• Tracing: Mark AWS integration spans as errored when AWS requests fail (#4672)

Fixed

• Error Tracking: remove error tracking support on Ruby 2.6 (#4665)
• Profiling: Fix profiling scheduler reporting corner case during shutdown (#4679)
• Tracing: Fix: The on_error warning for HTTP instrumentations (#4673)

Read the full changeset and the release milestone.

2.16.0

Highlights

This release includes improvements to AppSec, with support for session tracking and attacker fingerprinting in applications using devise and rails. The integration leverages business logic events, such as sign-in attempts, to provide better visibility and protection for your applications.

This release also repairs several issues in Live Debugger and Dynamic Instrumentation having to do with source code display.

If you use datadog-ci-rb with webmock, please update datadog-ci-rb to version 1.17.0 or later to ensure compatibility.

Added

• Core: Add new configuration precedence value environment (#4610)
• Core: Add Source Code Integration (SCI) tags in Telemetry app-started event and in each Remote Config request (#4653)
• Core: Tracing: ErrorTracking: Add automatic reporting of handled errors (#4604)
• AppSec: Integrations: Add session tracking and attacker fingerprinting to devise and rails (#4644, #4625)
• Profiling: Add support for Ruby 3.5.0-preview1 (#4600)
• Tracing: Add warning when on_error handler is not a Proc (#4611)
• Tracing: Integrations: Add option to serialize MongoDB command as JSON (#4403)
• Tracing: Integrations: Add baggage to karafka list of propagation styles (#4614)

Changed

• Tracing: Adjust trace sampling formula (#4616)
• Profiling: Replace JSON.fast_generate with JSON.generate (#4602)

Fixed

• Core: Fix Ruby warnings when providing a custom time provider (#4613)
• Core: Fix Telemetry configuration in agentless mode to respect the timeout specified for the Agent (#4590)
• Profiling: Fix profiler compatibility with ruby-head (3.5) (#4656)

Removed

• Core: Remove duplicated classes from Telemetry transport (#4575)

Read the full changeset and the release milestone.

2.15.0

Added

• AppSec: Add auto-patching for activerecord with sql injection detection (#4581)
• Tracing: Add option for opensearch to set resource with relative path (#4509)

Changed

• AppSec: Update In-App WAF rules, processors, and scanners (#4568)

Fixed

• AppSec: Fix blocked requests not marked correctly when using custom redirect blocking action (#4580)
• AppSec: Fix UTF-8 unsafe payloads in InApp-WAF causing runtime exceptions (#4573)

Read the full changeset and the release milestone.

2.14.0

Highlights

• Tracing: Add Karafka integration for distributed tracing. Minimum supported karafka version is 2.3.0. (#4147)
• Core: Tracing: default logger arguments for compatibility with previous dd-trace-rb versions (#4558)

Added

• Tracing: Add karafka instrumentation with 2.3.0 as the minimum supported version. (#4147)

Fixed

• Core: Tracing: default logger arguments for compatibility with previous dd-trace-rb versions (#4558)
• AppSec: Fix Datadog::Kit::AppSec::Events SDK methods to correctly handle given string key usr.login. (#4552)

Read the full changeset and the release milestone.

2.13.0

Highlights

In this release, devise instrumentation was refreshed to track authenticated users, in addition to sign-in and sign-up events. A new anonymization collection mode allows sensitive data to be anonymized.

Following the W3C Baggage specification, Baggage support has been implemented with OpenTelemetry compatibility.

APM tracing can now be disabled independently while maintaining traces for other Datadog products.

Added

• Core: Add DD_TRACE_EXPERIMENTAL_RUNTIME_ID_ENABLED experimental option to enable runtime ID collection for runtime metrics. (#4473)
• Tracing: Add support for W3C Baggage API along with automatic extraction and injection, and OpenTelemetry support. (#4493, #4505)
• Tracing: Add DD_APM_TRACING_ENABLED option to disable APM tracing while keeping other products traces. (#4498)
• Tracing: Add DD_TRACE_NATIVE_SPAN_EVENTS option to override span events serialization for agent-less environments. (#4507)
• AppSec: Add stack trace reporting for security events. (#4526)
• AppSec: Improve devise instrumentation to support latest Account Takeover (ATO) detection. (#4433)

Changed

• Core: Improve DD_TAGS configuration handling to be more consistent across Datadog libraries and Agent. (#4530)
• Tracing: Enable by default 128-bit trace ID logging so that trace IDs are consistent across logs and the Datadog UI. (#4528)

Fixed

• Core: Fix initialization when the library is partially loaded. (#4498)
• Tracing: Fix trace ID propagation by ensuring extraction of 16-character hex values from the _dd.p.tid tag in x-datadog-tags header. (#4534)
• Tracing: Profiling: Fix warnings printed by ruby -w. (#4547, #4549)

Read the full changeset and the release milestone.

2.12.2

Fixed

• AppSec: Fix custom In-App WAF blocking response that was configured in the UI is now applied correctly (#4497)

Read the full changeset and the release milestone.

2.12.1

Highlights

Fixed

• AppSec: Fix ArgumentError from ActiveRecord for Ruby < 2.7 (#4437)

Read the full changeset and the release milestone.