3.1.0-prerelease

Summary

This is the second pre-release of the next major version of the .NET APM SDK.

• [ASM] Changes to the collection of usr.id for authenticated clients

ASM’s Account TakeOver (ATO) detection is now automatically monitoring all compatible user authentication frameworks to detect attempted or leaked user credentials during an ATO campaign.
To do so, the monitoring of the user activity is extended to now collect all forms of user IDs, including non-numerical forms such as usernames or emails. This is configurable with 3 different working modes: identification to send the user IDs in clear text; anonymization to send anonymized user IDs; or disabled to completely turn off any type of user ID collection (which leads to the disablement of the ATO detection).
The default collection mode being used is identification and this is configurable in your remote service configuration settings in the service catalog (clicking on a service), or with the service environment variable DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE.
You can read more here

• [ASM] IAST Email HTML Injection vulnerability
• [Dynamic Instrumentation] Support nullable types in templates and string lexicographic comparison
• [Dynamic Instrumentation] SymDb readiness for Open Beta, matching symbols based on signature
• [Exception Replay] Normalized exception hashing for more fine-grained aggregation

In addition, the following are the high-level changes present in the 3.x.x release line compared to 2.x.x. These include breaking changes in public APIs, changes in artifacts, and changes to default settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

Breaking changes

• Custom-only tracing (using the Datadog.Trace NuGet package), without any automatic tracing, is no longer supported. Custom instrumentation with the Datadog.Trace NuGet where you have also configured automatic-instrumentation is still supported as it was in v2.x.x.
• The public API surface has changed in the Datadog.Trace NuGet package. A number of previously obsolete APIs have been removed, and some other APIs have been marked obsolete. Most changes are related to how you create TracerSettings and Tracer instances.
• Changes to default settings. The default values of some settings have changed, and others have been removed. See below for more details.
• Changes in behavior. The semantic requirements and meaning of some settings have changed, as have some of the tags added to traces. See below for more details.
• The 32-bit MSI installer will no longer be available. The 64-bit MSI installer already includes support for tracing 32-bit processes, so you should use this installer instead.
• The client library will still be injected when DD_TRACE_ENABLED=0. In v2.x.x, setting DD_TRACE_ENABLED=0 would prevent the client library from being injected into the application completely. In v3.0.0+, the client library will still be injected, but tracing will be disabled.
• Referencing the Datadog.Trace.AspNet module is no longer supported. In v1.x.x and 2.x.x ASP.NET support allowed adding a reference to the Datadog.Trace.AspNet module in your web.config. This is no longer supported in v3.x.x.

Deprecation notices

• .NET Core 2.1 is marked EOL in v3.0.0+ of the tracer. That means versions 2.0, 2.1, 2.2 and 3.0 of .NET Core are now EOL. These versions may still work with v3.0.0+, but they will no longer receive significant testing and you will receive limited support for issues arising with EOL versions.
• Datadog.Trace.OpenTracing is now obsolete. OpenTracing is considered deprecated, and so Datadog.Trace.OpenTracing is considered deprecated. See the following details on future deprecation.
• macOS 11 is no longer supported for CI Visibility in v3.0.0+. Only macOS 12 and above are supported.

Major version policy and future deprecation

• Announcing a major version roadmap. We intend to make yearly major releases, starting from v3.0.0 in 2024, and v4.0.0 in 2025. We clearly will aim for minimal breaking changes, with the primary focus being on maintaining support for new versions of .NET and removal of EOL frameworks and operating systems.
• Planned removal of support for .NET Core 2.x and .NET Core 3.0 in version v4.0.0+. We intend to completely remove support for .NET Core 2.x and .NET Core 3.0 in v4.0.0. .NET Framework 4.6.1+ will continue to be supported.
• Planned removal of support for some linux distributions. In version v4.0.0, we intend to drop support for CentOS 7, RHEL 7, and CentOS Stream 8.
• Planned remove of support for App Analytics. In version v4.0.0, we intend to drop support for App Analytics and associated settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

Changes

Tracer

• Fix NullReferenceException in ASP.NET Core when RoutePattern.RawText is null (#5880)
• Fix NullReferenceException in HttpClientResponse.GetCharsetEncoding (#5881)
• Disable keep-alive in HttpClientRequestFactory (#5810)
• Fix error checking for CallTargetBubbleUpException (#5836)
• Ensure top-level entry points are wrapped with try-catch (#5838)
• Add an IsManualInstrumentationOnly flag to Datadog.Trace.Manual (#5866)

ASM

• [ASM] Changes to the collection of usr.id for authenticated clients (#5738)
• [ASM] IAST Email HTML Injection vulnerability (#5780)
• [ASM] Suspicious Attacker Blocking - Upgrade WAF to version 1.19.1 (#5820)
• [ASM] Add RASP timeout flag (#5827)
• [IAST] Safeguard Insert Before / After aspects with try/catch (#5839)
• [IAST] Safeguard Method Replace aspects with try/catch (#5841)
• [ASM] Detect enabled RASP rules (#5846)
• [ASM] Disable email Injection instrumented tests (#5875)
• [ASM] ensure struct is on the stack before passing to native code (#5882)
• [IAST] Broaden AspNet cookies filtering (#5830)
• [ASM] Refactor hardcoded secret analyzer (#5883)

Continuous Profiler

• [Profiler] LibrariesInfoCache: fix reload bug (#5837)
• [Profiler] Add Callstack::CopyFrom method (#5842)
• [Profiler] Fix null named thread (#5851)

Debugger

• [Dynamic Instrumentation] DEBUG-2489 Add default 3rd party detection includes\excludes (#5722)
• [Dynamic Instrumentation] DEBUG-2664 Remove this from static methods arguments upload (#5833)
• [Dynamic Instrumentation] DEBUG-2216 Getting value of field or property throws NotSupportedException (#5558)
• [Dynamic Instrumentation] DEBUG-2365 Support string lexicographic comparison (#5538)
• [Dynamic Instrumentation] DEBUG-2088 Support nullable types in templates (#5543)
• [Dynamic Instrumentation] DEBUG-2560 EL- Fix IsEmpty for string and collections (#5809)
• [Dynamic Instrumentation] DEBUG-2524 Fix EL numeric binary operations (#5815)
• [Dynamic Instrumentation] Improved instrumentation matching of symbols received through SymDb (#5829)
• [Exception Replay] Normalized exception hashing for more fine-grained aggregation (#5872)

Build / Test

• [Samples] Update IIS sample Dockerfile (#5805)
• Update config_norm_rules with old DI config (#5816)
• Simplify determining whether it's a debug run or not (#5817)
• Use unified Gitlab pipeline for APM SDKs for SSI artifacts (#5818)
• [Test Package Versions Bump] Updating package versions (#5819)
• Fix builds on release/2.x (#5826 -> master) (#5828)
• Add a scheduled job that sets the SSI variables in all tests (#5832)
• Add Callsite aspects analyzer to check for "safe" patterns (#5835)
• Catch exceptions when trying to shutdown IIS (#5840)
• [Test Package Versions Bump] Updating package versions (#5845)
• [Dynamimc Instrumentation] Update debugger .slnf file (#5858)
• Skip the mass transit test to see if it solves flake issues (#5861)
• Add verification step to create_draft_release to check SSI one-pipeline succeeded (#5865)
• [build] change agent image source (#5874)
• Try fix smoke tests (#5889)
• • [Dynamic Instrumentation] Fix broken debugger integration test (#5869)

Miscellaneous

• [IAST] Add a mark to the modified instructions in IL dumps (#5854)
• Update Datadog.Trace README to reference v3 migration guide (#5857)
• Config refactor - Add telemetry to otel config (#5717)
• Exclude an SSIS service from auto-tracing (#5813)
• [CrashTracking] Ensure crashtracking does not prevent coredump collection (#5852)

Changes since 2.56.0

2.57.0

Summary

• [Tracer] Fixes for potential NullReferenceException and native error
• [Exception Replay] Normalized exception hashing for more fine-grained aggregation
• [IAST] Hardening of callsites to prevent exception escape

Changes

Tracer

• Disable keep-alive in HttpClientRequestFactory (#5810 -> v2) (#5824)
• Fix error checking for CallTargetBubbleUpException (#5836 => v2) (#5843)
• Ensure top-level entry points are wrapped with try-catch (#5838 -> v2) (#5850)
• Config refactor - Add telemetry to otel config (#5717 -> v2) (#5864)
• Fix NullReferenceException in HttpClientResponse.GetCharsetEncoding (#5881 -> v2) (#5887)
• Fix NullReferenceException in ASP.NET Core when RoutePattern.RawText is null (#5880 -> v2) (#5888)

ASM

• [IAST] Broaden AspNet cookies filtering (#5830 -> v2) (#5834)
• [IAST] Safeguard Insert Before / After aspects with try/catch (#5839 -> v2) (#5849)
• [IAST] Safeguard Method Replace aspects with try/catch (#5841 -> v2) (#5855)
• [IAST] Add a mark to the modified instructions in IL dumps (#5854 -> v2) (#5860)
• [ASM] ensure struct is on the stack before passing to native code (#5886)

Continuous Profiler

• [Profiler] Signal-based profiler/Non-Signal-based: prevent deadlock (#5812)

Debugger

• [Dynamic Instrumentation] Improved instrumentation matching of symbols received through SymDb (#5829 -> v2) (#5847)
• [Exception Replay] Normalized exception hashing for more fine-grained aggregation (#5872 -> v2) (#5890)

Miscellaneous

• Exclude an SSIS service from auto-tracing (#5813 -> v2) (#5825)
• [Backport][Crashtracking] Ensure crashtracking does not prevent coredump collection (#5852 -> v2) (#5863)

Build / Test

• Fix builds on release/2.x (#5826)
• Backport unified pipeline for APM SDKs for SSI artifacts (#5868)
• Add verification step to create_draft_release to check SSI one-pipeline succeeded (#5865 -> v2) (#5879)
• Try fix smoke tests (#5889 -> v2) (#5891)

Changes since 2.56.0

3.0.0-prerelease

Summary

This is the first pre-release of the next major version of the .NET APM SDK. The following are the high-level changes to be aware of. These include breaking changes in public APIs, changes in artifacts, and changes to default settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

Breaking changes

• Custom-only tracing (using the Datadog.Trace NuGet package), without any automatic tracing, is no longer supported. Custom instrumentation with the Datadog.Trace NuGet where you have also configured automatic-instrumentation is still supported as it was in v2.x.x.
• The public API surface has changed in the Datadog.Trace NuGet package. A number of previously obsolete APIs have been removed, and some other APIs have been marked obsolete. Most changes are related to how you create TracerSettings and Tracer instances.
• Changes to default settings. The default values of some settings have changed, and others have been removed. See below for more details.
• Changes in behavior. The semantic requirements and meaning of some settings have changed, as have some of the tags added to traces. See below for more details.
• The 32-bit MSI installer will no longer be available. The 64-bit MSI installer already includes support for tracing 32-bit processes, so you should use this installer instead.
• The client library will still be injected when DD_TRACE_ENABLED=0. In v2.x.x, setting DD_TRACE_ENABLED=0 would prevent the client library from being injected into the application completely. In v3.0.0+, the client library will still be injected, but tracing will be disabled.
• Referencing the Datadog.Trace.AspNet module is no longer supported. In v1.x.x and 2.x.x ASP.NET support allowed adding a reference to the Datadog.Trace.AspNet module in your web.config. This is no longer supported in v3.x.x.

Deprecation notices

• .NET Core 2.1 is marked EOL in v3.0.0+ of the tracer. That means versions 2.0, 2.1, 2.2 and 3.0 of .NET Core are now EOL. These versions may still work with v3.0.0+, but they will no longer receive significant testing and you will receive limited support for issues arising with EOL versions.
• Datadog.Trace.OpenTracing is now obsolete. OpenTracing is considered deprecated, and so Datadog.Trace.OpenTracing is considered deprecated. See the following details on future deprecation.
• macOS 11 is no longer supported for CI Visibility in v3.0.0+. Only macOS 12 and above are supported.

Major version policy and future deprecation

• Announcing a major version roadmap. We intend to make yearly major releases, starting from v3.0.0 in 2024, and v4.0.0 in 2025. We clearly will aim for minimal breaking changes, with the primary focus being on maintaining support for new versions of .NET and removal of EOL frameworks and operating systems.
• Planned removal of support for .NET Core 2.x and .NET Core 3.0 in version v4.0.0+. We intend to completely remove support for .NET Core 2.x and .NET Core 3.0 in v4.0.0. .NET Framework 4.6.1+ will continue to be supported.
• Planned removal of support for some linux distributions. In version v4.0.0, we intend to drop support for CentOS 7, RHEL 7, and CentOS Stream 8.
• Planned remove of support for App Analytics. In version v4.0.0, we intend to drop support for App Analytics and associated settings.

For the full list of changes, including exactly what changed and how you should handle them, please see the MIGRATING document

Changes

Tracer

• [v3] [Tracing] fix tag name normalization in DD_TRACE_HEADER_TAGS (#4599)
• [v3] add language tag all spans (#4839)
• [v3] Implement manual tracing functionality in Datadog.Trace.Manual (#5072)
• [v3] Update OpenTracing library to use new public APIs (#5073)
• [v3] [Tracing] Change default value of DD_TRACE_SAMPLING_RULES_FORMAT (#5141)
• [v3] Change manual instrumentation approach to not use reverse duck-typing (#5214)
• [v3] Add unit tests for the [Instrumented] attribute (#5259)
• [v3] Change netstandard2.0 target to netcoreapp2.1 i.e. drop netcoreapp2.0 (#5260)
• [v3] Change defaults for WCF settings (#5324)
• [v3] Delete ISpanContextExtractor (#5355)
• [v3] Update behavior of header tags parsing (AIT-8600) (#5438)

CI Visibility

• [v3] Ensure coverage collector targets netstandard2.0 (#5334)

ASM

• [ASM][v3] Update template env var meaning (#5166)

Continuous Profiler

• [Profiler] Signal-based profiler/Non-Signal-based: prevent deadlock (#5808)

Build / Test

• [Version Bump] 3.0.0-prerelease (#4924)
• [v3] Minor updates for subsequent work (#5065)
• [v3] Create a new Datadog.Trace.Manual project (#5071)
• [v3] Stop producing the 32-bit MSI installer (#5093)
• [v3] Add additional fields to linux packages (#5110)
• [v3] Update manual throughput tests (#5183)
• [v3] Changes to release process (#5356)
• [v3] Build against macos-12 instead of macos-11 (#5395)
• Merge v3 (#5408)
• [v3] Fix SpanContextInjectorExtractorTests to account for tracestate (#5479)
• Fix GitLab release process (#5807)
• Fix Create Draft Release action (#5822)

Miscellaneous

• [v3] Add migration doc for v2 -> v3 (#5091)
• [v3] Add DSM checkpoints to the public inject/extract API (#5128)
• Add integration test for DSM manual instrumentation API (#5419)

Changes since 2.56.0

2.56.0

Summary

• [Tracing] Fix mapping of http.status_code OpenTelemetry tag
• [Tracing] Fix bug where runtime metrics turns a recoverable OOM into an unrecoverable crash
• [Dynamic Instrumentation] Improve exception replay capturing accuracy
• [Dynamic Instrumentation] Fix potential crash related to exception replay

Changes

Tracer

• Map http.status_code to meta dictionary (#5782)
• Record when we use v2 instrumentation with a v3 version of the manual tracer (#5791)
• Improve handling of OOM (#5797)

Debugger

• [Exception Replay] Improved exceptions capturing accuracy + fixed a crash caused by mishandling of exception case probe statuses (#5798)

Miscellaneous

• Tracer flare - Inspect the AGENT_CONFIG content to set the log level (#5802)

Build / Test

• [Test Package Versions Bump] Updating package versions (#5776)
• [Test Package Versions Bump] Updating package versions (#5796)
• Include a version.txt and index.txt in the uploaded Azure assets (#5794)
• Build OCI images for every branch (#5800)
• Package musl assets in linux glibc tar folder (#5801)

Changes since 2.55.0

2.55.0

Summary

• [Dynamic Instrumentation] Fixed rewriting issues stemmed from combination of multiple instrumentations
• [Tracing] dd support for MySql.Data 9.0.0
• [Tracing] Handle unknown service names for OpenTelemetry/Activities
• [ASM] Standalone Billing

Changes

Tracer

• Add support for MySql.Data 9.0 (#5786)
• Correctly set activityKey when we change the Trace ID (#5771)
• Change unknown_service to DefaultServiceName (#5671)

ASM

• [ASM] Standalone Billing (#5565)
• [ASM] Standalone Billing (part 2: Propagation) (#5743)
• [ASM] Appsec events in meta struct (#5779)

Continuous Profiler

• [Profiler] Support "auto" for profiler enablement (#5766)
• [Profiler] Fix bug when create thread lifetime event (#5769)

Debugger

• [Dynamic Instrumentation] Fixed Instrumentation failures revealed by the Exploration Tests of Line & Method probes (#5784)
• [Dynamic Instrumentation] Fixed SymDB upload when PDB is absent (#5789)
• [Exception Replay] Mitigating an exception thrown while processing the methods participating in exception stack traces (#5783)

Miscellaneous

• [SSI] Bail out on known-faulty .NET 6 version (#5761)

Build / Test

• Integration test for Oracle (#5607)
• Skip flaky ActivityTests on macos (#5763)
• Fix macOS cmake warnings/errors (#5788)

Changes since 2.54.0

2.54.0

Summary

• [ASM] Exploit prevention: Support SQL Injection attacks
• [Profiler] Add timer_create-based CPU profiling on Linux
• Multiple fixes

Changes

Tracer

• [Tracer] Rejit refactor to support multiple products in the same method (#5533)
• [Tracer] Move definitions to native side (#5592)
• [Remote Configuration] Buffer the response and include in error (#5675)
• [Dynamic Instrumentation] DEBUG-2356 3rd party detection Include\exclude for SymDB (#5681)
• [TRACER] Ensure synchronization in MethodInfo lazy operations (#5698)
• Config refactor - distinguish between "not present" and "not valid" (#5713)
• Config refactor - support "converters" for other configuration types (#5714)
• Config refactor - fix struct/class T nullable ref issues, and allow "raw" access to ConfigurationResult (#5715)
• Config refactor - remove duplication and OTel-specific code from ConfigurationBuilder (#5716)
• [Tracing] fix precedence of remote vs local sampling rules (#5720)
• [Tracer] Extracting Last Parent Id If Conflicting SpanIds are Found with The W3C Headers (#5721)
• Fix flake in SimpleActivitiesAndSpansTest (#5735)
• [Dynamic Instrumentation] Fix SymDB config keys to match RFC (#5737)
• Do not reset Activity.Id for non-W3C formats (#5739)
• Fix ContentEncoding in IApiResponse (#5748)

CI Visibility

• Update CI Visibility metrics to latest requirements (#5747)

ASM

• [ASM] Exploit prevention: Support SQL Injection attacks (#5651)
• [ASM] Fix WAF timeout false positives (#5724)
• [ASM] Capture ObjectDisposedException (#5732)
• [ASM][IAST] Add support for CallSites in functions with by ref value type arguments (#5755)
• [ASM] Iast/Rasp vulnerability manager (#5764)
• [ASM] Fix - InvalidOperationException/ConcurrentOperationsNotSupported (#5765)

Continuous Profiler

• [Profiler] Add timer_create-based CPU profiling on Linux (#5476)
• [Profiler] Add custom dl_iterate_phdr and use it in libunwind (#5660)
• [Profiler] Add heap size metrics (gen2, loh and poh) (#5669)
• [Profiler] Add global flag to prevent the profiler from stackwalking while the app is crashing (#5729)

Debugger

• [Dynamic Instrumentation] Fixed instrumentation error (InvalidProgramException) related to EH clauses (#5774)

Build / Test

• Update Windows hosted image to latest software (#5416)
• Build native test binaries in build jobs (#5614)
• Run smoke tests as though they're in SSI (#5673)
• Enforce not referencing Datadog.Trace directly in sample projects (#5683)
• [builds] fix build_in_docker scripts (#5688)
• [Tracing] [Samples] Update MicrosoftExtensionsExample.csproj to remove incompatible library (#5689)
• Update codeowners to make Directory.Build.props to make them universal (#5703)
• Build against macos-12 instead of macos-11 (#5707)
• Set CODEOWNERS of debugger configuration keys to the debugger team (#5709)
• Add basic smoke tests for macos (#5710)
• Update workflow file again (#5712)
• Try to fix the build by changing BuildId (#5718)
• Fix Gitlab build and codeCoverage bugs (#5723)
• Fix some macOS build issues (#5725)
• Better logs folder creation in chiseled smoke test (#5731)
• Add workflow monitor to all workflows (#5733)
• Minor github action changes (#5734)
• Revert "Add workflow monitor to all workflows (#5733)" (#5741)
• Make BuildTracerHome build the native profiler (#5750)
• Skip flaky tests on .NET Core 2.1 (#5753)
• Add attribute for skipping tests in CI without using [Fact(Skip = "")] (#5756)
• Re-order integrations folder in CODEOWNERS (#5762)
• Stop testing with a specific build in macos smoke tests (#5772)
• Filter out .NET Core 3.1 NuGet tests in prerelease versions (#5773)
• Switch system-tests to python 3.12 (#5777)

Miscellaneous

• [Test Package Versions Bump] Updating package versions (#5639)
• Single-step guard rails: Use stdin instead of args to invoke telemetry (#5677)
• [Test Package Versions Bump] Updating package versions (#5699)
• [Test Package Versions Bump] Updating package versions (#5727)
• [Test Package Versions Bump] Updating package versions (#5752)
• Lock access to rejitters (#5757)
• Revert native changes that moved the definitions to the native side (#5768)

Changes since 2.53.2

2.53.2

Summary

• Fixes a bug in remote sampling rules
• Fixes a rare bug in runtime metrics when calling GetType() throws

Changes

Tracer

• Avoid infinite recursion in RuntimeMetricsWriter.FirstChanceException (#5704)
• Fix reading JSON-formatted settings in remote config, such as remote sampling rules (#5705)

Miscellaneous

• [CrashTracking] Fix the heuristic to filter out BlockingMiddleware (#5708)

Build / Test

• Minor fixes for hotfix workflows (#5702)
• Fix syntax error in version-bump GitHub Action (#5706)

Changes since 2.53.1

2.53.1

Summary

• Fix crash at shutdown when runtime metrics enabled due to bug in the .NET runtime
• Fix occasional crash with Continuous Profiler
• Various other minor bug fixes

Changes

Tracer

• Handle NullReferenceException in EF6 (#5668)
• Don't allow enabling UDS on < .NET Core 3.1 and .NET Framework (#5686)
• Prevent NullReferenceException when Activity IDs are null (#5690)

ASM

• [ASM] Fix Null reference exception error (#5664)
• [ASM] Protect NativeLibrary.CloseLibrary (#5682)
• [ASM] Fix null exception security coordinator (#5685)
• [ASM] Fix Security module failed error (#5694)

Continuous Profiler

• [Profiler] Fix possible crash when SSI deployed (#5684)
• [Profiler] Fix crash when different threads are trying to set a class description (#5691)
• [Profiler] Fix typo in crash fix (#5692)

Miscellaneous

• [SSI] Fix some of the single step injection forwarder code (#5678)
• Single-step guard rails: Use stdin instead of args to invoke telemetry (#5677)
• Fix crash at shutdown in runtime metrics (#5696)
• [CrashTracking] Add more exception types (#5697)

Build / Test

• Single-step guard rails: Fix the path of the log file in tests (#5700)

Changes since 2.53.0

2.53.0

Summary

• [Tracing] Add support for ActivityLinks/OTEL Span Links
• [Tracing] Add support for OpenTelemetry's AddEvent and RecordException API's, and environment variables
• [Tracing] Add support for Serilog v4 and NLog 5.3.0
• [Tracing] Add support for remote configuration of sampling rules and Adaptive Sampling
• [CI Visibility] Add support for Microsoft.CodeCoverage
• [CI Visibility] Add support for UDS and NamedPipes
• [ASM] Enable Runtime Application Self-Protection (RASP) by default
• [Dynamic Instrumentation] Support using Boolean literals in the expression language
• [DBM] Add injection support for Oracle queries (service mode only)

Changes

Tracer

• [Tracer] Support remote config for DD_TRACE_SAMPLING_RULES and Adaptive Sampling (#5453)
• [Tracer] Finishes Adding Support for ActivityLink (#5627)
• [Tracing] Add standardized support for OpenTelemetry AddEvent and RecordException API's (#5630)
• Add support for Serilog v4 (#5649)
• Remap http.response.status_code to http.status_code (#5654)
• Exclude vsdbg from tracing (#5657)
• [Tracing] Adds support for mapping stable OpenTelemetry environment variables to their Datadog equivalents (#5661)
• Don't allocate very large buffers when deserializing responses (#5665)
• [Tracer] SpanLinks Permissive null Clean Up (#5674)

CI Visibility

• [CI Visibility] Automatic reporting of Microsoft.CodeCoverage percentage (#5633)
• [CI Visibility] UDS and NamedPipes support (#5634)

ASM

• [ASM] Update WAF log messages (#5571)
• [ASM] Improved Unsafe Encoder readability (#5587)
• [ASM] Add the span id to the RASP events (#5588)
• [ASM] Add test for null response in aspnet core (#5590)
• [ASM] RASP: Add stack trace bottom and top filtering (#5621)
• [ASM] Enable RASP by default (#5625)
• [ASM] Capture exception to avoid errors (#5662)
• [ASM] Fix CloseLibrary condition (#5667)
• [ASM][IAST] Add _dd.iast.json.tag.size.exceeded telemetry metric (#5641)

Continuous Profiler

• [Profiler] Fix services start/stop (#5616)
• [Profiler] Few missing changes for IService startup/stop (#5619)
• [Profiler] Improve configuration aroung SSI/non-SSI (#5620)
• Add a space before |fg: in case of an unknown type (#5624)
• Normalize the profiler thread names (#5626)
• [Profiler] Investigate and fix profiler benchmarks failures (#5631)

Debugger

• [Dynamic Instrumentation] Aligned the line probe snapshot to fix System Tests failures (#5628)
• [Dynamic Instrumentation] Check specific path for diagnostics upload (#5461)
• [Dynamic Instrumentation] Cleansing third party module names to avoid conflicts with customer's modules (#5622)

Fixes

• Fix RCM Capabilities bugs (#5606)
• Fix NLog direct log shipping 5.3+ when no config is present (#5609)

Miscellaneous

• [DBM] add injection support for oracle queries (but only service mode) (#5506)
• [CrashTracking] Check if native crashes are caused by Datadog (#5573)
• Make crash tracking opt-out (#5582)
• [Test Package Versions Bump] Updating package versions (#5605)
• Fix NLog direct log shipping 5.3+ when no config is present (#5609)
• Record SSI injection values in configuration (#5611)
• Single-step guard rails: Move version.h to shared code (#5635)
• Single-step guard rails: Update RuntimeInformation to include "inferred" runtime version (#5636)
• Single-step guard rails: telemetry (#5637)
• Normalize the tracer thread names (#5644)
• Update libdatadog to v10 (#5653)
• [CrashTracking] Let libdatadog set the endpoint (#5666)
• [Crashtracking] Mark DD_* threads as suspicious (#5647)

Build / Test

• Display C++ static analysis errors in the CI output (#5608)
• chore(lib-injection): update base image to alpine 3.20 (#5613)
• Set LD_PRELOAD in integration tests (#5617)
• [SINT-1401] update windows code signer to v0.2.3 (#5629)
• Ensure we catch exceptions in named pipe mock agent (#5646)
• Fix broken tests that only run on main (#5670)
• chore(serverless): update CODEOWNERS (#5672)
• [Profiler/Tracer] Bump FluentAssertions to 6.12.0 (#5599)
• [Profiler] Capture dump on timeout in wrapper tests (#5602)
• [Profiler] Fix race condition in SocketTimeout (#5648)

Changes since 2.52.0

2.52.0

Summary

• [CIVisibility] Fixes for test.command tag value and version-conflict scenarios
• [ASM] Adds support for session-timeout vulnerability
• [ASM] Adds support for Grpc.AspNetCore source tainting and exclusion marks
• [Tracing] Single step instrumentation no longer instruments EOL runtimes by default

Changes

Tracer

• [Tracer] Delay sampling decisions (#5306)
• [Tracer] Only set _dd.agent_psr tag when using sampling rates from Agent (#5545)
• Refactor LifetimeManager callbacks for UnhandledException (#5557)

CI Visibility

• [CIVisibility] Add SourceLink support to CIEnvironmentValues (#5535)
• [CI Visibility] IPC subsystem (#5537)
• [CI Visibility] - Close and flush incomplete TSLV objects before exiting (#5549)
• [CI Visibility] Send data to the test session using IPC (#5551)
• [CIVisibility] Fix test.command tag value (#5560)
• [CIVisibility] Add a code coverage injection session tag (#5561)
• [CIVisibility] Tag profiles created by BenchmarkDotnet integration and add the IgnoreProfileAttribute (#5568)
• [CIVisibility] Fix support for custom spans with version mismatch (#5578)

ASM

• [ASM][IAST] Add source tainting for Grpc dotnet (#5473)
• [ASM] Rasp sinks instrumentation (#5512)
• [ASM][IAST] Add vulnerability marks to Range + Add the mark to Escaped XSS (#5531)
• [ASM] RASP span metrics (#5542)
• [ASM] Upgrade WAF to version 1.18 (#5546)
• [ASM] Remove the need to pass httpcontext to SecurityCoordinators (#5548)
• [ASM][IAST] Session Timeout vulnerability (#5559)
• [ASM][IAST] Fix System.Text.Json: Properly implement GetRawText() aspect (#5572)
• [ASM] Fix null ref (#5596)

Miscellaneous

• Bail out of instrumentation in SSI when an unsupported platform is detected (#5524)
• Don't instrument most dotnet SDK calls (#5564)
• [Test Package Versions Bump] Updating package versions (#5569)
• [Test Package Versions Bump] Updating package versions (#5585)
• Crash tracking (#5451)

Build / Test

• Update CODEOWNERS for APM SDK IDM ownership (#5525)
• [All Natives] Fix C5105 Warning for Windows Native Projects (#5541)
• Update lib-injection docker image tags (#5544)
• Try fixing flake in TelemetryControllerShouldUpdateGitMetadataWithTelemetry on macOS (#5547)
• "Manually" install MSI dependencies instead of using choco install (#5553)
• Update the .DotSettings in _build (#5555)
• Remove span count assertions from Azure Function tests (#5556)
• [Tracer] scrub _dd.agent_psr from test snapshots (#5562)
• If a lot of snapshots have changed, we should check them all (#5563)
• [Build] Fix chiseled smoke tests jobs + capture coredump when crashing in all smoke tests jobs (#5570)
• Failing serverless tests are not reported in CI (#5574)
• [Tests] add null checks in VerifyHelper (#5575)
• Fix dependabot and improve GeneratePackageVersions (#5579)
• Disable automatic flush in AgentWriterTests.FaultyApi (#5581)
• Improve lib-injection tagging script (#5598)
• Bump Fody from 6.8.0 to 6.8.1 in /tracer/src/Datadog.Trace (#5576)
• [Tracer][Tests] scrub _dd.agent_psr tag from TraceAnnotationsTests snapshots only (#5591)

Changes since 2.51.0