Releases: newrelic/newrelic-java-agent
Version 7.4.1
Fixes
- Upgraded log4j to 2.15.0 to mitigate the security vulnerability CVE-2021-44228. 605
Recommended Java versions
- This fix is recommended if you are running on Java 8 - 17
Version 6.5.1
Fixes
- Upgraded log4j to 2.15.0 to mitigate the security vulnerability CVE-2021-44228. 605
Recommended Java versions
This fix is only recommended if you are running on Java 7 or are otherwise unable to upgrade to Java agent 7.4.1- Log4j 2.15.0, which fixes the security vulnerability CVE-2021-44228, is only compatible with Java 8+. Therefore this version of the agent is not compatible with Java 7 and is only recommended if you are using Java 8+ and are otherwise unable to upgrade to Java agent 7.4.1.
Mitigation for Java 7
Java agent versions 4.12.0 through 6.5.0 (which support Java 7) use Log4j 2.11.2 which falls into the affected range. For Java 7 users the recommended mitigation from Apache Log4j Security Vulnerabilities is to set the system property -Dlog4j2.formatMsgNoLookups=true
.
Mitigation: In releases >=2.10, this behavior can be mitigated by setting either the system property
log4j2.formatMsgNoLookups
. For releases >=2.7 and <=2.14.1, allPatternLayout
patterns can be modified to specify the message converter as%m{nolookups}
instead of just%m
. For releases >=2.0-beta9 and <=2.10.0, the mitigation is to remove theJndiLookup
class from the classpath:zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
.
Note: The alternate approach of defining the LOG4J_FORMAT_MSG_NO_LOOKUPS=true
environment variable will not work with the NR Java Agent.
version 7.4.0
New features and improvements
-
Support for Java 17 #433
-
Distributed Tracing is on by Default and deprecates Cross Application Tracing #486
- Increases the default maximum number of samples stored for Span Events from 1000 to 2000.
- The maximum number of samples stored for Span Events can be configured via the max_samples_stored configuration in the newrelic.yml.
span_events: max_samples_stored: 2000
Notice: This feature will cause an increase in the consumption of data. The amount depends on the application. This feature can be disabled by adding the following to the agent yaml config nested under the common stanza:
distributed_tracing: enabled: false
-
Auto-instrumentation Support for GraphQL-Java 17.0+ #487
-
Auto-instrumentation Support for Cats Effect 3 #505
-
This version tested agent support for the ARM64/Graviton2 platform
Fixes
- Restores transactions for Akka and Akka-Http #497
- The existing MongoDB sync client instrumentation was incorrectly applying when MongoDB reactive or async client was being used, which could lead to segment timeouts and long transaction response times. #476
Deprecations/Removed Features
Cross Application Tracing is now deprecated, and disabled by default. To continue using it, enable it with cross_application_tracer.enabled = true
and distributed_tracing.enabled = false
.
Support statement:
- New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and
performance benefits. Additionally, older releases will no longer be supported when they reach
end-of-life.
Version 7.3.0
New features and improvements
-
Support for Java 16
-
Auto-instrumentation support for java.net.http.HttpClient
-
Migrate the Agent’s caching library from Guava to Caffeine
- Caffeine provides an in-memory cache using a Google Guava inspired API. The improvements draw on the author’s experience designing Guava's cache and
ConcurrentLinkedHashMap
. - We expect this change to provide improvement in cases where we saw thread contention and deadlocks attributable to the Guava library.
- Caffeine provides an in-memory cache using a Google Guava inspired API. The improvements draw on the author’s experience designing Guava's cache and
Fixes
- Removed support for the anorm-2.0 instrumentation module
- The artifacts that this module instrumented are no longer available.
Version 7.2.0
New features and improvements
-
Scala Library Instrumentation #362 #363
- STTP versions 2 & 3 Akka-HTTP, HTTP4s and STTP core backends
- Cats-effect v2
- ZIO v1
- HTTP4s client & server v0.21
- Play 2.3-2.8
- Akka-HTTP v10.1 & v10.2
- For more information, see Scala instrumentation.
-
Scala API support (see PRs above)
- Scala APIs provided for explicit instrumentation of several of above libraries in case auto-instrumentation is not desired
- Cats-effect v2
- ZIO v1
-
AWS v2 DynamoDB Instrumentation #343
- Synchronous and asynchronous AWS v2 APIs are auto-instrumented similarly to v1 APIs
- For more information, see Add support for AWS SDK 2 DynamoDB sync/async clients
-
GraphQL 16 Instrumentation #396
- Create meaningful transaction names
- Create meaningful spans
- Reporting GraphQL errors
- For more information, see GraphQL for Java
-
JFR feature causing excessive overhead when enabled JFR #203
- Refactored code to use less memory.
Fixes
The existing mongo instrumentation was partially applying when mongo reactive is being used.
- Disable weaving package when MongoDB 4.x+ reactive driver detected #341
- For more information, see Spring Reactive DB Drivers - MongoDB Support
Version 7.1.1
- Real-time profiling for Java using JFR metrics
Due to overhead caused in some applications Real-time profiling for Java using JFR metrics
is now disabled by default.
Version 7.1.0
Known issues
Some customers saw increased overhead when Real-time profiling is enabled.
See notice below on how to disable it.
New features and improvements:
-
Java instrumentation by XML new properties #288
- traceLambda - to trace lambdas inside a method
- traceByReturnType - to trace all methods in a class that return a given type
These are compatible with Java and Scala. For more information, see Java instrumentation by XML.
-
Scala APIs #254
New artifacts allow Scala code to be instrumented using a fluent Scala API
instead of the Java annotations. There are specific artifacts for versions
2.10, 2.11, 2.12, 2.13 of Scala. Scala 3.0 users can use the 2.13 artifact.For more information, see Scala instrumentation.
-
Real-time profiling for Java using JFR metrics #333
Real-time profiling for Java using JFR metrics
is now enabled by default.
Notice: this feature will cause an increase in the consumption of data.
The amount depends on the application. It can be disabled by adding the
following to the agent yaml config nested under thecommon
stanza:jfr: enabled: false
For more information, see JFR core README.
Version 7.0.1
Fixes an issue where the agent would break OkHttp versions 3.X and lower. (#324)
Version 7.0.0
New features and improvements:
-
Real-time profiling for Java using JFR metrics is now fully integrated into the Java agent. See the JFR core README for additional details.
This feature requires a supported version of Java (Java 8 (specifically version
8u262
+) or Java 11+) and is currently disabled by default. To enable it set the following in your yaml (indented 2 spaces under the common stanza).jfr: enabled: true
Notice: If you were previously using the jfr-daemon jar as an agent extension or standalone process you should remove that option to avoid potential conflicts with the JFR service that is now built into the agent.
-
Not compatible with Java 7. In order to continue to innovate and efficiently provide new capabilities to our customers who run on the JVM, this and future agent versions are not compatible with Java 7. If you are running Java 7, you may continue to use Java agent 6.5.0 or lower. For details, see this topic on the Explorers Hub.
-
Adds support for akka http with Scala 2.13 #271
-
Class annotation to trace lambda methods #274
-
Class annotation to trace methods by return type #275
Fixes:
- Fixes an issue that could cause multiple versions of
akka-http-core
instrumentation to apply at the same time. #208 - The agent will now log dropped events at
FINE
instead ofWARN
to decrease verbosity. #296 - Fixes Javadoc comments that incorrectly stated that, when calling the
noticeError
API multiple times, the first error would be reported when in fact it is the last error that is reported. #313
Support statement:
- New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
Version 6.5.0
New Features and Improvements:
- The agent no longer bundles SSL certificates with it and the
use_private_ssl
option that configured the agent to use
the previously bundled certificates has been removed. By default, the agent will use the SSL truststore provided by
the JVM unless it is explicitly configured to use a different truststore with the ca_bundle_path option. See Configuring your SSL certificates for more details. (#245)
Fixes:
- Fixes an issue that could cause incorrect transaction naming when using JAX-RS sub-resources. (#234)
- Reactor Netty instrumentation improvements and fixes. (#237, #239, #243)
Deprecation Notice
- Java 7 compatibility deprecation
In order to continue to innovate and efficiently provide new capabilities to our customers who run on the JVM, Java 7
support has been deprecated and this will be the last version of the agent compatible with it.
If you are running Java 7, you may continue to use Java agent 6.5.0 or lower.
Support statement:
- New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.