3.5.0

Summary

• Add support for Ready2Run and NGen behaviour with manual instrumentation
• Fix for IIS apps using CustomConfigurationBuilder with multiple apps in a pool
• [DBM] Fix DBM bugs (pgssql query plan hints ignored, DbDataSource issues, missing Transaction scope)
• [ASM] Only run RASP file operations on read operations
• Fix Remote Configuration values should be 64-bit not 32-bit

Changes

Tracer

• Make DD_TRACE_<INTEGRATION>_ENABLED Case Insensitive (#6175)
• Baggage part 1/3: change propagator signatures (#6157)

CI Visibility

• [CI Visibility] Fix errors detected from error tracking. (#6222)

ASM

• [ASM] remote configuration refactoring and simplifying updates (#6179)
• [ASM] Add rules version to all spans when ASM enabled (#6188)
• [ASM] Fix possible null reference exception in extracting headers (#6211)
• [ASM] Update ruleset to version 1.13.2 (#6218)
• [ASM] Restrict RASP Lfi operations to read operation only (#6221)

Continuous Profiler

• [Profiler] Make LibrariesInfoCache standalone (#6019)
• [Profiler] Make sure we log only once for DebugInfoStore errors (#6187)
• [Profiler] Improve EtwEventsManager cleanup (#6189)
• [Profiler] Fix bugs in the timer_create-based CPU profiler (#6229)

Fixes

• Add workaround for ASP.NET ConfigBuilder issue (#6147)
• Reject method NGEN image if there's a rejit request for that method. (#6184)
• Revert "Load the tracer/profiler after guardrails checks" (#6200)
• [DBM][fix] Do not prepend DBM injected comment when a pg plan hint is present (#6204)
• move all RC int values to long, to mirror RC backend (#6219)
• Fix InvalidOperationException in DBM propagation (#6233)

Build / Test

• [ASM] Fix TestExternalWafHeaders snapshot netcore 2.1 (#6202)
• [Test Package Versions Bump] Updating package versions (#6150)
• Inject startup hook preferentially into static constructor when available (#6154)
• add new integrations system tests scenario (#6177)
• Fix typo in create_draft_release.yml (#6194)
• Fix using the wrong pool for smoke tests (#6196)
• Pin Azure Functions version used in CI to get the integration tests running (#6203)
• [Test Package Versions Bump] Updating package versions (#6206)
• Fix some build warnings in sample apps (#6207)
• Fix IIS LoaderOptimisation tests not testing anything (#6209)
• Update CosmosDb snapshots (#6213)
• Fix flake in Ngen ManualInstrumentationTests (#6214)
• Fixes Clion build on OSX (#6215)
• Run aspnetcore tests in other TFMs (#6217)
• Convert WebRequestTests to snapshot tests (#6223)
• Add smoke test for config builder instrumentation issue (#6224)
• Update version conflict test (#6226)
• [Test Package Versions Bump] Updating package versions (#6230)
• Add more info when GenerateDumpIfDbgRequested fails (take 2) (#6197)
• Add profiling scenario to onboarding tests (#6201)
• [Profiler] Remove non open source third party reference (#6163)
• [Dynamic Instrumentation] Fix line exploration tests (#6089)

Miscellaneous

• [Crashtracking] Collect PDB info (#6176)
• Revert "[Crashtracking] Disable crashtracking on Windows by default" (#6220)
• [ASM] Add event rules version in telemetry (#6208)

Changes since 3.4.1

2.61.0

Summary

Fix Remote Configuration values are 64-bit not 32-bit

Changes

Fixes

• Move all RC int values to long, to mirror RC backend (#6228)

Build / Test

• Pin Azure Functions version used in CI to get the integration tests running (#6227)

Changes since 2.60.0

3.4.1

Summary

• Fix a crash when .NET Framework and .NET Core run in the same process, which can typically happen when using IIS an ".NET CLR Version" is not set to "No Managed Code". May also affect applications running in Azure App Service.

Changes

Fixes

• Revert "Load the tracer/profiler after guardrails checks" (#6200)

Changes since 3.4.0

2.60.0

Summary

• [Tracing] Add ability to disable additional ADO.NET Command Types using DD_TRACE_DISABLED_ADONET_COMMAND_TYPES (#6054)
• [Serverless] Add support for 128-bit trace IDs for Lambda step functions (#6181)

Changes

Tracer

• Add ability to disable additional ADO.NET Command Types (#6054)
• [Tracer] Set _dd.base_service tag whenever a span's service name is different than the default value (DD_SERVICE) (#6122)
• Add support for the "new" dev.azure.com style URLs in SourceLink URL parsing logic (#6178)

Continuous Profiler

• [Profiler] Make sure Watcher thread is started before Sampler thread (#6128)

Serverless

• Extract Upper64 bit trace ID from extension response (#6181)

Build / Test

• Trigger consolidated pipeline on tags(#6053)
• Add SSI denylist and tests (#6182)
• Fix requirements.json test (#6186)

Changes since 2.59.0

3.4.0

Warning

We've identified a bug in version 3.4.0 only that can crash applications that run .NET Framework and .NET Core in the same process, which can typically happen when using IIS. Please ensure you update to 3.4.1.

If you're using .NET Core in IIS, make sure to set ".NET CLR Version" to "No Managed Code" in the application pool settings, as described in the Microsoft documentation.

Summary

• [Tracing] Add ability to disable additional ADO.NET Command Types using DD_TRACE_DISABLED_ADONET_COMMAND_TYPES
• [Tracing] Add support for 3.x.x of log4net
• [CI Visibility] Automatic Test Retries
• [CI Visibility] Add support for session logical names
• [CI Visibility] Add extra tags for vcpu_count and in GitHub Action pull_requests runs
• [ASM] Enable API Security feature by default
• [ASM] Add support for attacker fingerprinting
• [ASM] Add support for suspicious attacker blocking
• [Continuous Profiler] Fix potential deadlock between watcher and sampler threads
• [Continuous Profiler] Improve performance for CPU profiler
• [Serverless] Add EventBridge and 128-bit trace ID support
• [DBM] Ensure context injection does not affect DBM injection

Changes

Tracer

• [Tracer] Set _dd.base_service tag whenever a span's service name is different than the default value (DD_SERVICE) (#5502)
• Add ability to disable additional ADO.NET Command Types (#6042)
• Add support for 3.* of log4net (#6075)
• [APMAPI-473] Making DD_HTTP_*_ERROR_STATUSES Config Keys Consistent (#6095)
• Subscribe to AssemblyLoadContext.Default.Resolving (#6148)
• Fix return value on error in delegate instrumentation (#6153)
• Add support for the "new" dev.azure.com style URLs in SourceLink URL parsing logic (#6159)
• Include pID in managed logs filename (#6161)
• Ensure we don't throw a null reference exception in Manual instrumentation (#6169)

CI Visibility

• [CI Visibility] Test session logical names (#6050)
• [CI Visibility] Add vcpu_count tag to tslv events (#6055)
• [CI Visibility] Automatic Test Retries (#6061)
• [CI Visibility] Avoid failing unfinished tests (#6063)
• [CI Visibility] Add support for MSTest 3.6.0 (#6080)
• [CI Visibility] Hide running command by default. (#6086)
• [CI Visibility] Fix code coverage enabled tag behavior (#6111)
• [CI Visibility] Add extra tags to GitHub Action pull_requests runs (#6141)
• [CI Visibility] Ensure commit messages are trimmed (#6170)

ASM

• [ASM] Segregate asm and iast contexts functionality (#6118)
• [ASM] Delete unused snapshots (#5758)
• [ASM] Attacker fingerprint (#5982)
• [ASM] Fix exception when accessing ReportedExternalWafsRequestHeaders (#6030)
• [ASM] Activate api sec by default (#6043)
• [ASM] Suspicious attacker blocking (#6057)
• [ASM] Fix bug RC empty key (#6058)
• [ASM] Fix one flakiness in rcm asm data integration tests and simplify some asm rcm code (#6119)
• [ASM] Update ruleset to version 1.13.1 and WAF to version 1.20.0 (#6129)
• [ASM] Update fingerprint rules (#6133)
• Refactoring and hardening of security coordinator (#6143)
• [ASM] Send header values as string to the WAF (#6144)
• [ASM] Remove httpcontext from context store at the end of the request (#6151)
• [ASM] Rename snapshots for ASM ownership (#6155)
• [ASM] Send cookie values as single string to the WAF (#6164)
• [ASM] Update WAF version to 1.20.1 (#6174)

Continuous Profiler

• [Profiler] Allow tests for .NET Framework (#5948)
• [Profiler] Bump to libdatadog 13 (#6031)
• Fix dlsym issue (#6048)
• [Profiler] Avoid too many syscall calls for timer-create-based CPU profiler (#6067)
• [Profiler][cleanup] Shorten libdatadog helper functions name (#6069)
• [Profiler] Download profiler debug symbols for integration tests (#6070)
• [Profiler] Add gen2 leak scenario (#6071)
• [Profiler] Bump libdatadog 13.1 (#6112)
• [Profiler] Code cleanup (#6114)
• [Profiler] Make sure Watcher thread is started before Sampler thread (#6134)

Debugger

• [Dynamic Instrumentation] DEBUG-2249 Line and method probes exploration tests (#5914)

Serverless

• Extract Upper64 bit trace ID from extension response (#6041)
• [serverless] trigger consolidated pipeline on tags (#6052)
• [serverless] Create EventBridge Instrumentation and Inject Trace Context (#6096)

Fixes

• Add proper error checking around GetModuleMetadata (#5985)
• [IAST] Avoid lock in method ctor. (#6115)
• Fix subtle WCF bug (#6131)
• Reorganize code around DBM injection to make sure comments get injected even if setting context fails (#6167)

Build / Test

• Run CallTargetNativeTests on Windows (#5754)
• Add SSI denylist and tests (#5928)
• [Test Package Versions Bump] Updating package versions (#5995)
• add aws credentials for system tests (#6040)
• Bump timeit to 0.1.21 (#6059)
• Move IDM up in CODEOWNERS (#6062)
• [TESTING] Fix missing snapshot (#6066)
• [CI] Push native debug symbols to Datadog Symbolication server (#6081)
• Disable debugger exploration tests (#6085)
• Fix GeneratePackageVersions (#6094)
• [Test Package Versions Bump] Updating package versions (#6098)
• Minor build fixes (#6099)
• Remove warning about non-serializable test data (#6102)
• Verify version of glibc targeted in native tracer/profiler (#6104)
• chore: prefix system tests env vars (#6108)
• Add more info when GenerateDumpIfDbgRequested fails (#6113)
• "Fix" timeouts in SSI run (#6117)
• [Test Package Versions Bump] Updating package versions (#6123)
• Remove nuke JSON file (#6126)
• Handle Nuke .NET 9 preview issue (#6130)
• Build against macos-13 as macos-12 is going to be deprecated (#6138)
• Fix crashes on .NET Core 2.1 CI (#6139)
• Fix .sln project ordering (#6156)

Miscellaneous

• Load the tracer/profiler after guardrails checks (#5968)
• [IAST] Change filtered cookie vuln hash (#6032)
• [IAST] Improve RestSharp SSRF detection (#6060)
• Ignore more processes (#6065)
• Add a outer startup hook catch block (#6068)
• [ASM][RCM] Read waf actions per file and remove per file (#6072)
• Add serverless examples (#6076)
• Allow forcing interface duck types to be classes, and update Datadog.Trace.Manual (#6082)
• Add ddprs to DBM injected comment + fix dddbs (#6084)
• [Crashtracking] Implement support for Windows (#6088)
• [IAST] Remove safe origin ranges (#6091)
• [IAST] Fix for VS Edit and Continue (#6097)
• [Crashtracking] Add registry key to installer (#6106)
• [Crashtracking] Remove exception types that are too broad (#6109)
• [IAST] Calculate method full name on demand always (#6127)
• Stop using current_path in the native loader (#6132)
• [Crashtracking] Disable crashtracking on Windows by default (#6152)

Changes since 3.3.1

3.3.1

Summary

• Fixes a bug introduced in 3.3.0 in which attempting to run some commands (e.g. cat) in some distros would give the error symbol lookup error: /opt/datadog/continuousprofiler/Datadog.Linux.ApiWrapper.x64.so: undefined symbol: dlsym

Changes

Continuous Profiler

• Fix dlsym issue (#6048)

Changes since 3.3.0

3.3.0

Warning

We've identified a bug with the .NET Tracer with the Continuous Profiler enabled that may cause applications to crash - please avoid 3.3.0 and instead use 3.2.0 for the time being. We are working on a hotfix for this ASAP.

Summary

• [ASM] Fix some minor bugs (#5943, #5955, #6017)
• [ASM] Improvements to stack trace reporting (#6011, #5997)
• [Dynamic Instrumentation] Add support for typeof expression
• [Continuous Profiler] Add support for heuristic-based activation (#5240, #6002, #6026)
• [DBM] Full propagation mode for SQL Server (#5859)

Changes

ASM

• [ASM] Avoid unhandled HttpRequestValidationExceptions (#5943)
• [ASM] Avoid reporting unknown matcher WAF errors (#5955)
• [ASM] RASP: add telemetry tag for shell injection (#5993)
• [ASM] Add new capabilities for RC (#6008)
• [ASM] Change stack trim proportion (#6011)
• [ASM]Fix InvalidOperationException in httpContext.Items (#6017)
• [ASM] Capabilities reporting against WAF versions. (#6028)
• [IAST] Add Stack trace to vuln location (#5997)
• [IAST] Fix system test weak_cipher system test (#6034)

Continuous Profiler

• [Profiler] Support Single Step Instrumentation deployment and activation (#5240)
• [Profiler] Contention profiling: add blocking thread name (#5981)
• [Profiler] Fix duplicated lifecycle telemetry (#6002)
• [Tool] update continuous profiler diagnostics (#6014)
• [Profiler] Disable timer_create-based CPU profiler when required (#6015)
• [Profiler] Send ssi info with profiles (#6026)

Debugger

• [Dynamic Instrumentation] DEBUG-2323 Add support for typeof expression in EL (#5539)

Build / Test

• [Profiler] Disable SSI telemetry by default (#6020)
• Fix SSI tests for profiler integration tests (#6016)
• [Profiler/CI] Disable Profiler Windows ASAN job (#5987)
• Add explicit permissions to all workflows (#5728)
• [Test Package Versions Bump] Updating package versions (#5873)
• [build] Build tracer with ReadyToRun (#5962)
• Display the crash tests stdout live (#5964)
• Timeit bump and fixes (#5971)
• Add linux-musl-arm64 standalone dd-trace to the v3 release artifacts (#5974)
• [CONTSEC-1501] Comment the action that uploads SARIF to Datadog (#5977)
• Include snapshot diff in snapshot body (#5988)
• Make sure we run all the TFMs on master builds (#5990)
• Minor CI fixes (#6000)
• Fix installer tests (#5994 => main) (#6004)
• Fix the trace pipeline stage (#6007)
• [Build] Update and fix linux debug symbols artifact (#6009)
• Fix bug in version bump task (#6022)
• [CI] Shorten too long snapshot file names (#6024)
• Fix gitlab build (#6025)
• [BUILD] Fix merge conflict (#6033)

Miscellaneous

• DSM Full propagation mode for SQL Server (#5859)
• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName (#5980)

Changes since 3.2.0

2.59.0

Summary

• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName preventing dump creation

Changes

Tracer

• [Tracer] Add proper error checking around GetModuleMetadata (#5985 => v2) (#5992)

Continuous Profiler

• [Crashtracking] Fix the handling of COMPlus_DbgMiniDumpName (#5980 -> v2) (#6001)

Serverless

• [backport][build] Build tracer with ReadyToRun (5962 => v2) (#6005)

Build / Test

• [Profiler] Fix LinuxDlIteratePhdrDeadlock test (#5963 -> v2) (#6003)
• Add explicit permissions to all workflows (#5728 => v2) (#6013)
• Version Bump to 2.59.0 (#6021)
• Fix gitlab build (#6025 -> v2) (#6027)

Changes since 2.58.0

2.58.0

Summary

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5934)
• [Tracer] Fix bug in ADO.NET connection string extraction (#5960)
• [Exception Replay] Update configuration values (#5970)

Changes

Tracer

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5910 -> v2) (#5934)
• Protect the connection string tags extractor from an invalid connection string (#5956 -> v2) (#5960)

Debugger

• [Exception Replay] Update configuration and add test suite for ASP.NET Core (#5821 -> v2) (#5970)

Fixes

• Fix musl tags for dd-lib-dotnet-init image (#5899)

Build / Test

• Fix branch selection in version bump PR (#5895)
• Fix bug in verification stage of release (#5894 -> v2) (#5901)
• Skip the mass transit test to see if it solves flake issues (#5861 -> v2) (#5911)
• Fix v2 branch building (#5969)

Miscellaneous

• [IAST] Support for specifying aspect min version (#5931) [-> V2] (#5932)
• Normalize the environment variable names used by crashtracking (#5898 -> v2) (#5936)
• [IAST] Move analyzers init to an explicit call (#5920 -> v2) (#5937)
• Fix signature size check in ModifyLocalSig (#5921 -> v2) (#5938)
• Use a native logger for critical failures in the loader (#5929 -> v2) (#5939)
• Fix ToString and ToWString on large strings (#5930 -> v2) (#5940)
• Prevent the native loader from being unloaded while sending telemetry (#5944 => V2) (#5957)

Changes since 2.57.0

3.2.0

Summary

This is the first stable release of the next major version of the .NET APM SDK.

The following are the high-level changes present in the 3.x.x release line compared to 2.x.x. These include breaking changes in public APIs, changes in artifacts, and changes to default settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

New Features

• Support for alpine images on ARM64. alpine images with version 3.18 and above, running on ARM64 images are now supported on .NET 6+.

Breaking changes

• Custom-only tracing (using the Datadog.Trace NuGet package), without any automatic tracing, is no longer supported. Custom instrumentation with the Datadog.Trace NuGet where you have also configured automatic-instrumentation is still supported as it was in v2.x.x.
• The public API surface has changed in the Datadog.Trace NuGet package. A number of previously obsolete APIs have been removed, and some other APIs have been marked obsolete. Most changes are related to how you create TracerSettings and Tracer instances.
• Changes to default settings. The default values of some settings have changed, and others have been removed. See below for more details.
• Changes in behavior. The semantic requirements and meaning of some settings have changed, as have some of the tags added to traces. See below for more details.
• The 32-bit MSI installer will no longer be available. The 64-bit MSI installer already includes support for tracing 32-bit processes, so you should use this installer instead.
• The client library will still be injected when DD_TRACE_ENABLED=0. In v2.x.x, setting DD_TRACE_ENABLED=0 would prevent the client library from being injected into the application completely. In v3.0.0+, the client library will still be injected, but tracing will be disabled.
• Referencing the Datadog.Trace.AspNet module is no longer supported. In v1.x.x and 2.x.x ASP.NET support allowed adding a reference to the Datadog.Trace.AspNet module in your web.config. This is no longer supported in v3.x.x.

Deprecation notices

• .NET Core 2.1 is marked EOL in v3.0.0+ of the tracer. That means versions 2.0, 2.1, 2.2 and 3.0 of .NET Core are now EOL. These versions may still work with v3.0.0+, but they will no longer receive significant testing and you will receive limited support for issues arising with EOL versions.
• Datadog.Trace.OpenTracing is now obsolete. OpenTracing is considered deprecated, and so Datadog.Trace.OpenTracing is considered deprecated. See the following details on future deprecation.
• macOS 11 is no longer supported for CI Visibility in v3.0.0+. Only macOS 12 and above are supported.

Major version policy and future deprecation

• Announcing a major version roadmap. We intend to make yearly major releases, starting from v3.0.0 in 2024, and v4.0.0 in 2025. We will aim for minimal breaking changes, with the primary focus being on maintaining support for new versions of .NET and removal of EOL frameworks and operating systems.
• Planned removal of support for .NET Core 2.x and .NET Core 3.0 in version v4.0.0+. We intend to completely remove support for .NET Core 2.x and .NET Core 3.0 in v4.0.0. .NET Framework 4.6.1+ will continue to be supported.
• Planned removal of support for some linux distributions. In version v4.0.0, we intend to drop support for CentOS 7, RHEL 7, and CentOS Stream 8.
• Planned remove of support for App Analytics. In version v4.0.0, we intend to drop support for App Analytics and associated settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

Updates in this release

In addition to the changes described above, this release includes the following features:

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5910)
• [Tracer] Fix bug in ADO.NET connection string extraction #5949
• [Exception Replay] Update configuration values #5821
• [IAST] Taint values coming from database (#5804)
• [IAST] Allow customized cookie filtering (#5804)
• [ASM] RASP shell injection vulnerability (#5871)
• [Profiler] Provide the thread id that blocked another thread (#5959)

Changes

Tracer

• [Tracer] Skip inserting the startup hook into methods in the type Costura.AssemblyLoader (#5910)
• Add support for alpine on arm64 (#5933)
• Fix incorrect instrumentation for new TracerSettings(bool) (#5949)
• Protect the connection string tags extractor from an invalid connection string (#5956)

CI Visibility

• Don't include the Datadog.Trace.BenchmarkDotNet NuGet in the release artifacts (#5954)

ASM

• [IAST] Taint values coming from database (#5804)
• [ASM] RASP shell injection vulnerability (#5871)
• [IAST] CallSite with generics support (#5913)
• [IAST] Move analyzers init to an explicit call (#5920)
• [IAST] Taint db minor fixes (#5926)
• [IAST] Support for specifying aspect min version (#5931)
• [IAST] Cookie filter implementation (#5947)

Continuous Profiler

• [Profiler] Provide the thread id that blocked another thread (#5959)
• [Profiler] Improve .NET Framework profiling support (#5867)

Debugger

• [Exception Replay] Update configuration and add test suite for ASP.NET Core (#5821)

Serverless

• [Mini Agent][Private Beta Testing] Mini-agent for Azure Function Apps for non-consumption plans (#5792)
• [serverless] No-op AWS Lambda integration on missing API Key (#5900)
• Revert "[serverless] No-op AWS Lambda integration on missing API Key" (#5941)

Build / Test

• [Profiler] Fix LinuxDlIteratePhdrDeadlock test (#5963)
• Output samples to a single top-level "artifacts" folder (#5744)
• Try to head off future build issues (#5770)
• Fix bug in verification stage of release (#5894)
• Need to freeze/unfreeze all PRs (#5902)
• Replace fpm with nfpm (#5905)
• Ignore StyleCop.Analyzers in dependabot (#5906)
• Fix gitlab build (#5907)
• Remove prerelease flag from smoke tests (#5912)
• Enable ad-hoc memory dumps on Windows x86 (#5919)
• Stop testing .NET Core 2.1 on PRs (#5922)
• Try fix single step download builds (#5923)
• Remove obsolete lib-injection build artifacts (#5927)
• Remove dependency of download-single-step-artifacts on build (#5945)
• Ensure we clean log files before testing with Nuke (#5950)
• Log to a random file in telemetry forwarder tests (#5951)
• Remove the xml and pdb files from the linux packages (#5961)
• Fix debugger arm64 alpine tests (#5965)
• [IAST] Added missing netstd snapshot (#5966)

Miscellaneous

• Normalize the environment variable names used by crashtracking (#5898)
• Pin StyleCop.Analzyers to latest pre-release (#5908)
• Fix signature size check in ModifyLocalSig (#5921)
• Use a native logger for critical failures in the loader (#5929)
• Fix ToString and ToWString on large strings (#5930)
• Prevent the native loader from being unloaded while sending telemetry (#5944)
• [Crashtracking] Keep mangled name in case of error (#5952)

Changes since 2.58.0