v1.59.0

Highlights

Important Information

⚠️ Starting with this release, dd-trace-go requires libdl.so.2¹ and libm.so.6 to be present in the deployment environment (except Windows, where Application Security Management is not supported). This should be the case for the vast majority of environments (e.g: Redhat, Debian, Alpine, Amazon Linux, Ubuntu) but might not be the case in some minimal-footprint environments (e.g: BusyBox, docker images from scratch). In situations when these requirements aren't met, you might see errors similar to (the exact error may be slightly different depending on the platform):

• If ld.so is missing (the environment is unable to load dynamic executables) or is not the expected flavor (the binary was built on one platform, and runs on another which uses a different interpreter):

  exec /path/to/binary: no such file or directory
  

• When one of the required shared libraries is missing (libdl.so.2 in this example):

  /path/to/binary: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
  

If this happens, please create a GitHub issue so we can reconsider this new default requirement. In the meantime, you can work around the problem by adding the datadog.no_waf build tag (go build -tags='datadog.no_waf' ...), which completely disables all Application Security Management features and removes these new requirements.

Application Security Management (ASM) Remote Activation

Application Security Management (ASM) can now be remotely activated by APM Tracing users via Datadog Remote Configuration, granted that the application was built either:

• with CGO enabled;
• with CGO_ENABLED=0 and with the appsec build tag (this setup already required libdl.so.2¹ and libm.so.6 to be present in the deployment environment on previous releases — this remains true).

Remote activation can be performed from different places in Datadog UI, such as ASM's Service Setup or APM's Service Catalog (hovering the ASM Status column).

ASM features can still be enabled locally using the DD_APPSEC_ENABLED=1 environment variable.

Setting the datadog.no_waf build tag completely disables all ASM features, removing the ability for local as well as remote activation.

Application Performance Monitoring (APM)

This release includes a fix to several library integrations which could have previously caused data races related to start options. This was fixed in database/sql, gin-gonic/gin, go-chi/chi.v5, go-chi/chi, google.golang.org/grpc.v12, google.golang.org/grpc, gorilla/mux, julienschmidt/httprouter, k8s.io/client-go/kubernetes, labstack/echo.v4, labstack/echo, net/http, and urfave/negroni. We recommend you update to this version if you are using any of these integrations.

Beta: In-app APM library configuration of trace sampling rate, HTTP header tags and custom tags.
This feature has a known bug: deleting the configuration entry in-app won't reset the configuration locally, this will be fixed in the next version of dd-trace-go (v1.60.0).

What's Changed

Application Security Management (ASM)

• appsec: remove the "appsec" build tag requirement by @RomainMuller in #2354
• go.mod: go-libddwaf v2.2.2 including major perf improvements and bug fixes by @eliottness in #2417
• appsec/api-security: http request schema collection and sensitive data scanning by @Hellzy in #2381
• appsec: support server.response.headers.no_cookies WAF address by @eliottness in #2347

Application Performance Monitoring (APM)

• contrib/google.golang.org/grpc: improve the memory efficiency of threats detection for grpc by @RomainMuller in #2338
• contrib: header_tags support on julienschmidt/httprouter by @mtoffl01 in #2331
• contrib/kafka: take env variable into account to enable DSM by @vandonr in #2353
• contrib/aws/{aws-sdk-go/aws, aws-sdk-go-v2/aws}: add context example by @mackjmr in #1504
• contrib/dimfeld/httptreemux.v5: parameterize redirects due to trailing slash by @laughingman-hass in #2332
• contrib/google.golang.org/grpc: add hostname tag by @rarguelloF in #2361
• contrib/database/sql: prevent DBM propagation full mode with incompatible dbs by @rarguelloF in #2328
• contrib: fix span start option races by @eliottness in #2418
• tracer: Fix race in spanContext.setSamplingPriority by @evanj in #2271
• tracer: report config-change telemetry in dynamic config by @ahmed-mez in #2350
• tracer: check for (service,env) matching in dynamic config by @ahmed-mez in #2365
• ddtrace/opentelemetry,opentracing: fixed the format of telemetry tags by @dianashevchenko in #2367
• tracer: report rc capabilities for dynamic config by @ahmed-mez in #2369
• tracer: configure global tags via remote-config by @ahmed-mez in #2378
• tracer: support dot notation for tags with array values by @katiehockman in #2253
• build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #2373
• tracer: improve debug message for propagating tag length limit reached by @katiehockman in #2405

General

• {telemetry,remoteconfig}: support fraction of second intervals by @ahmed-mez in #2364
• remoteconfig: add Subscribe function by @ahmed-mez in #2380
• remoteconfig: fix products reporting by @ahmed-mez in #2384

New Contributors

• @RomainMuller made their first contribution in #2338
• @vandonr made their first contribution in #2353
• @laughingman-hass made their first contribution in #2332

Full Changelog: v1.58.0...v.1.59.0

1. In some build environments, libdl functionality is provided by libc; the ldd <binary> command can be used to determine the exact runtime requirements ↩ ↩²