Skip to content

Releases: DataDog/dd-trace-py

2.8.7

14 Aug 15:09
3de83d8
Compare
Choose a tag to compare

Bug Fixes

  • opentelemetry: Resolves circular imports raised by the OpenTelemetry API when the ddcontextvars_context entrypoint is loaded. This resolves an incompatibility introduced in opentelemetry-api==1.25.0.
  • opentelemetry: Resolves an issue where the get_tracer function would raise a TypeError when called with the attribute argument. This resolves an incompatibility introduced in opentelemetry-api==1.26.0.
  • opentelemetry: Resolves an edge case where distributed tracing headers could be generated before a sampling decision is made, resulting in dropped spans in downstream services.

2.11.0

19 Aug 17:44
a0d240c
Compare
Choose a tag to compare

New Features

  • ASM: This update introduces new Auto User Events support.

    ASM’s Account TakeOver (ATO) detection is now automatically monitoring all compatible user authentication frameworks to detect attempted or leaked user credentials during an ATO campaign.

    To do so, the monitoring of the user activity is extended to now collect all forms of user IDs, including non-numerical forms such as usernames or emails. This is configurable with 3 different working modes: identification to send the user IDs in clear text; anonymization to send anonymized user IDs; or disabled to completely turn off any type of user ID collection (which leads to the disablement of the ATO detection).

    The default collection mode being used is identification and this is configurable in your remote service configuration settings in the service catalog (clicking on a service), or with the service environment variable DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE.

    You can read more here.

    New local configuration environment variables include:

    • DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED: Can be set to "true"/"1" (default if missing) or "false"/"0" (default if set to any other value). If set to false, the feature is completely disabled. If enabled, the feature is active.
    • DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE: Can be set to "identification" (default if missing), "anonymization", or "disabled" (default if the environment variable is set to any other value). The values can be modified via remote configuration if the feature is active. If set to "disabled", user events are not collected. Otherwise, user events are collected, using either plain text user_id (in identification mode) or hashed user_id (in anonymization mode).

    Additionally, an optional argument for the public API track_user_login_success_event and track_user_login_failure_event: login_events_mode="auto". This allows manual instrumentation to follow remote configuration settings, enabling or disabling manual instrumentation with a single remote action on the Datadog UI.

    Also prevents non numerical user ids to be reported by default without user instrumentation in Django.

  • Anthropic: Adds support for tracing message calls using tools.

  • LLM Observability: Adds support for tracing Anthropic messages using tool calls.

  • botocore: Adds support for overriding the default service name in botocore by either setting the environment variable DD_BOTOCORE_SERVICE or configuring it via ddtrace.config.botocore["service"].

  • azure: Removes the restrictions on the tracer to only run the mini-agent on the consumption plan. The mini-agent now runs regardless of the hosting plan

  • ASM: Adds Threat Monitoring support for gRPC.

  • Code Security: add propagation for GRPC server sources.

  • LLM Observability: This introduces improved support for capturing tool call responses from the OpenAI and Anthropic integrations.

  • LLM Observability: This introduces the agentless mode configuration for LLM Observability. To enable agentless mode, set the environment variable DD_LLMOBS_AGENTLESS_ENABLED=1, or use the enable option LLMObs.enable(agentless_enabled=True).

  • LLM Observability: Function decorators now support tracing asynchronous functions.

  • LLM Observability: This introduces automatic input/output annotation for task/tool/workflow/agent/retrieval spans traced by function decorators. Note that manual annotations for input/output values will override automatic annotations.

  • LLM Observability: The OpenAI integration now submits embedding spans to LLM Observability.

  • LLM Observability: All OpenAI model parameters specified in a completion/chat completion request are now captured.

  • LLM Observability: This changes OpenAI-generated LLM Observability span names from openai.request to openai.createCompletion, openai.createChatCompletion, and openai.createEmbedding for completions, chat completions, and embeddings spans, respectively.

  • LLM Observability: This introduces the agent proxy mode for LLM Observability. By default, LLM Observability spans will be sent to the Datadog agent and then forwarded to LLM Observability. To continue submitting data directly to LLM Observability without the Datadog agent, set DD_LLMOBS_AGENTLESS_ENABLED=1 or set programmatically using LLMObs.enable(agentless_enabled=True).

  • LLM Observability: The Langchain integration now submits embedding spans to LLM Observability.

  • LLM Observability: The LLMObs.annotate() method now replaces non-JSON serializable values with a placeholder string [Unserializable object: <string representation of object>] instead of rejecting the annotation entirely.

  • pylibmc: adds traces for memcached add command

  • ASM: This introduces fingerprinting with libddwaf 1.19.1

  • Database Monitoring: Adds Database Monitoring (DBM) trace propagation for postgres databases used through Django.

  • langchain: Tags tool calls on chat completions.

  • LLM Observability: Adds retry logic to the agentless span writer to mitigate potential networking issues, like timeouts or dropped connections.

  • ASM: This introduces Command Injection support for Exploit Prevention on os.system only.

  • ASM: This introduces suspicious attacker blocking with libddwaf 1.19.1

Upgrade Notes

  • ASM: This upgrade prevents the WAF from being invoked for exploit prevention if the corresponding rules are not enabled via remote configuration.

Deprecation Notes

  • ASM: The environment variable DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING is deprecated and will be removed in the next major release. Instead of DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, you should use DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE. The "safe" and "extended" modes are deprecated and have been replaced by "anonymization" and "identification", respectively.
  • botocore: All methods in botocore/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • consul: All methods in consul/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • psycopg: All methods in psycopg/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pylibmc: All methods in pylibmc/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pymemcache: All methods in pymemcache/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pymongo: All methods in pymongo/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pymysql: All methods in pymysql/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pynamodb: All methods in pynamodb/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pyodbc: All methods in pyodbc/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • pyramid: All methods in pyramid/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0.
  • exception replay: The DD_EXCEPTION_DEBUGGING_ENABLED environment variable has been deprecated in favor of DD_EXCEPTION_REPLAY_ENABLED. The old environment variable will be removed in a future major release.
  • ASM: This removes the partial auto instrumentation of flask login. It was giving only partial and possibly confusing picture of the login activity. We recommend customers to switch to [manual instrumentation](https://docs.datadoghq.com/security/application_security/threats/add-user-info/?tab=loginsuccess&code-lang=python#adding-business-logic-information-login-success-login-failure-any-business-logic-to-traces).

Bug Fixes

  • LLM Observability: Fixes an issue in the OpenAI integration where integration metrics would still be submitted even if LLMObs.enable(agentless_enabled=True) was set.

  • Code Security: add null pointer checks when creating new objects ids.

  • Code Security: add encodings.idna to the IAST patching denylist to avoid problems with gevent.

  • Code Security: add the boto package to the IAST patching denylist.

  • Code Security: fix two small memory leaks with Python 3.11 and 3.12.

  • CI Visibility: Fixes an issue where the pytest plugin would crash if the git binary was absent

  • CI Visibility: fixes incorrect URL for telemetry intake in EU that was causing missing telemetry data and SSL error log messages.

  • celery: changes error.message span tag to no longer include the traceback that is already included in the error.stack span tag.

  • CI Visibility: fixes source file information that would be incorrect in certain decorated / wrapped scenarios and forces paths to be relative to the repository root, if present.

  • futures: Fixes inconsistent behavior with concurrent.futures.ThreadPoolExecutor context propagation by passing the current trace context instead of the currently active span to tasks. This prevents edge cases of disconnected spans when the task executes after the parent span has finished.

  • kafka: Fixes ArgumentError raised when injecting span context into non-existent Kafka message headers.

  • botocore: Fixes Botocore Kinesis span parenting to use active trace context if a propagated child context is not found instead of empty context...

Read more

2.11.0rc2

12 Aug 13:31
a0d240c
Compare
Choose a tag to compare
2.11.0rc2 Pre-release
Pre-release

Bug Fixes

  • LLM Observability: Fixes an issue in the OpenAI integration where integration metrics would still be submitted even if LLMObs.enable(agentless_enabled=True) was set.
  • Code Security: Adds null pointer checks when creating new objects ids.

2.10.4

08 Aug 16:18
4bb7150
Compare
Choose a tag to compare

Bug Fixes

  • SSI: This fixes incorrect file permissions on lib-injection images for 2.10.x releases.
  • profiling: show lock init location in Lock Name and hide profiler internal frames from Stack Frame in Timeline Details tab.

2.11.0rc1

05 Aug 17:38
a23da22
Compare
Choose a tag to compare
2.11.0rc1 Pre-release
Pre-release

Deprecation Notes

  • ASM: The environment variable DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING is deprecated and will be removed in the next major release. Instead of DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, you should use DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE. The "safe" and "extended" modes are deprecated and have been replaced by "anonymization" and "identification", respectively.
  • integrations: All methods in ddtrace/contrib/*/patch.py except patch() and unpatch() are deprecated and will be removed in version 3.0.0 for the following integrations:
    • botocore
    • consul
    • psycopg
    • pylibmc
    • pymemcache
    • pymongo
    • pymysql
    • pynamodb
    • pyodbc
    • pyramid
  • exception replay: The DD_EXCEPTION_DEBUGGING_ENABLED environment variable has been deprecated in favor of DD_EXCEPTION_REPLAY_ENABLED. The old environment variable will be removed in a future major release.
  • ASM: This removes the partial auto instrumentation of flask login. It was giving only partial and possibly confusing picture of the login activity. We recommend customers to switch to manual instrumentation.

New Features

  • ASM: Introduces new Auto User Events support.

    ASM’s Account TakeOver (ATO) detection is now automatically monitoring all compatible user authentication frameworks to detect attempted or leaked user credentials during an ATO campaign.

    To do so, the monitoring of the user activity is extended to now collect all forms of user IDs, including non-numerical forms such as usernames or emails. This is configurable with 3 different working modes: identification to send the user IDs in clear text; anonymization to send anonymized user IDs; or disabled to completely turn off any type of user ID collection (which leads to the disablement of the ATO detection).

    The default collection mode being used is identification and this is configurable in your remote service configuration settings in the service catalog (clicking on a service), or with the service environment variable DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE.

    You can read more here.

    New local configuration environment variables include:

    • DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED: Can be set to "true"/"1" (default if missing) or "false"/"0" (default if set to any other value). If set to false, the feature is completely disabled. If enabled, the feature is active.
    • DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE: Can be set to "identification" (default if missing), "anonymization", or "disabled" (default if the environment variable is set to any other value). The values can be modified via remote configuration if the feature is active. If set to "disabled", user events are not collected. Otherwise, user events are collected, using either plain text user_id (in identification mode) or hashed user_id (in anonymization mode).

    Additionally, an optional argument for the public API track_user_login_success_event and track_user_login_failure_event: login_events_mode="auto". This allows manual instrumentation to follow remote configuration settings, enabling or disabling manual instrumentation with a single remote action on the Datadog UI.

    Also prevents non numerical user ids to be reported by default without user instrumentation in Django.

  • Anthropic: Adds support for tracing message calls using tools.

  • LLM Observability: Adds support for tracing Anthropic messages using tool calls.

  • botocore: Adds support for overriding the default service name in botocore by either setting the environment variable DD_BOTOCORE_SERVICE or configuring it via ddtrace.config.botocore["service"].

  • azure: Removes the restrictions on the tracer to only run the mini-agent on the consumption plan. The mini-agent now runs regardless of the hosting plan.

  • ASM: Adds Threat Monitoring support for gRPC.

  • Code Security: Adds propagation for gRPC server sources.

  • LLM Observability: Introduces improved support for capturing tool call responses from the OpenAI and Anthropic integrations.

  • LLM Observability: Introduces the agentless mode configuration for LLM Observability. To enable agentless mode, set the environment variable DD_LLMOBS_AGENTLESS_ENABLED=1, or use the enable option LLMObs.enable(agentless_enabled=True).

  • LLM Observability: Function decorators now support tracing asynchronous functions.

  • LLM Observability: Introduces automatic input/output annotation for task/tool/workflow/agent/retrieval spans traced by function decorators. Note that manual annotations for input/output values will override automatic annotations.

  • LLM Observability: The OpenAI integration now submits embedding spans to LLM Observability.

  • LLM Observability: All OpenAI model parameters specified in a completion/chat completion request are now captured.

  • LLM Observability: Changes OpenAI-generated LLM Observability span names from openai.request to openai.createCompletion, openai.createChatCompletion, and openai.createEmbedding for completions, chat completions, and embeddings spans, respectively.

  • LLM Observability: Introduces the agent proxy mode for LLM Observability. By default, LLM Observability spans will be sent to the Datadog agent and then forwarded to LLM Observability. To continue submitting data directly to LLM Observability without the Datadog agent, set DD_LLMOBS_AGENTLESS_ENABLED=1 or set programmatically using LLMObs.enable(agentless_enabled=True).

  • LLM Observability: The Langchain integration now submits embedding spans to LLM Observability.

  • LLM Observability: The LLMObs.annotate() method now replaces non-JSON serializable values with a placeholder string [Unserializable object: <string representation of object>] instead of rejecting the annotation entirely.

  • pylibmc: Adds traces for memcached add command

  • ASM: Introduces fingerprinting with libddwaf 1.19.1

  • Database Monitoring: Adds Database Monitoring (DBM) trace propagation for postgres databases used through Django.

  • langchain: Tags tool calls on chat completions.

  • LLM Observability: Adds retry logic to the agentless span writer to mitigate potential networking issues, like timeouts or dropped connections.

  • ASM: Introduces Command Injection support for Exploit Prevention on os.system only.

  • ASM: Introduces suspicious attacker blocking with libddwaf 1.19.1

Bug Fixes

  • Code Security: Adds encodings.idna to the IAST patching denylist to avoid problems with gevent.
  • Code Security: Adds the boto package to the IAST patching denylist.
  • Code Security: Fixes two small memory leaks with Python 3.11 and 3.12.
  • CI Visibility: Fixes an issue where the pytest plugin would crash if the git binary was absent
  • CI Visibility: Fixes incorrect URL for telemetry intake in EU that was causing missing telemetry data and SSL error log messages.
  • celery: Changes error.message span tag to no longer include the traceback that is already included in the error.stack span tag.
  • CI Visibility: Fixes source file information that would be incorrect in certain decorated / wrapped scenarios and forces paths to be relative to the repository root, if present.
  • futures: Fixes inconsistent behavior with concurrent.futures.ThreadPoolExecutor context propagation by passing the current trace context instead of the currently active span to tasks. This prevents edge cases of disconnected spans when the task executes after the parent span has finished.
  • kafka: Fixes ArgumentError raised when injecting span context into non-existent Kafka message headers.
  • botocore: Fixes botocore Kinesis span parenting to use active trace context if a propagated child context is not found instead of empty context.
  • langchain: Resolves an issue where the wrong langchain class name was being used to check for Pinecone vectorstore instances.
  • LLM Observability: Resolves a typing hint error in the ddtrace.llmobs.utils.Documents helper class constructor where type hints did not accept input dictionaries with integer or float values.
  • LLM Observability: Resolves an issue where the OpenAI, Anthropic, and AWS Bedrock integrations were always setting temperature and max_tokens parameters to LLM invocations. The OpenAI integration in particular was setting the wrong temperature default values. These parameters are now only set if provided in the request.
  • opentelemetry: Resolves circular imports raised by the OpenTelemetry API when the ddcontextvars_context entrypoint is loaded. This resolves an incompatibility introduced in opentelemetry-api==1.25.0.
  • opentelemetry: Resolves an issue where the get_tracer function would raise a TypeError when called with the attribute argument. This resolves an incompatibility introduced in opentelemetry-api==1.26.0.
  • psycopg: Ensures traced async cursors return an asynchronous iterator object.
  • redis: Resolves an issue in the redis exception handling where an UnboundLocalError was raised instead of the expected BaseException.
  • ASM: Resolves an issue where the requests integration would not propagate when APM is opted out (i.e. in ASM Standalone).
  • profiling: Fixes an issue where task information coming from echion was encoded improperly, which could segfault the application.
  • tracing: Fixes a potential crash where using partial flushes and tracer.configure() could result in an ...
Read more

2.10.3

05 Aug 09:09
337a2d5
Compare
Choose a tag to compare

Bug Fixes

  • ASM: This fix resolves an issue where the WAF could be disabled if the ASM_DD rule file was not found in Remote Config.
  • CI Visibility: Fixes an issue where the pytest plugin would crash if the git binary was absent
  • CI Visibility: Fixes incorrect URL for telemetry intake in EU that was causing missing telemetry data and SSL error log messages.
  • Code Security: Add encodings.idna to the IAST patching denylist to avoid problems with gevent.
  • internal: Fixes an issue where some pathlib functions return OSError on Windows.
  • opentelemetry: Resolves an edge case where distributed tracing headers could be generated before a sampling decision is made, resulting in dropped spans in downstream services.

2.9.5

05 Aug 09:09
51ed3d5
Compare
Choose a tag to compare

Bug Fixes

  • ASM: This fix resolves an issue where the WAF could be disabled if the ASM_DD rule file was not found in Remote Config.
  • CI Visibility: Fixes an issue where the pytest plugin would crash if the git binary was absent
  • CI Visibility: Fixes incorrect URL for telemetry intake in EU that was causing missing telemetry data and SSL error log messages.
  • Code Security: fix potential infinite loop with path traversal when the analyze quota has been exceeded.
  • opentelemetry: Resolves an edge case where distributed tracing headers could be generated before a sampling decision is made, resulting in dropped spans in downstream services.
  • profiling: captures lock usages with with context managers, e.g. with lock:
  • profiling: propagates runtime_id tag to libdatadog exporter. It is a unique string identifier for the profiled process. For example, Thread Timeline visualization uses it to distinguish different processes.
  • psycopg: Ensures traced async cursors return an asynchronous iterator object.

2.8.6

05 Aug 08:42
edc6cac
Compare
Choose a tag to compare

Bug Fixes

  • ASM: This fix resolves an issue where an org could not customize actions through remote config.
  • Code Security: add the boto package to the IAST patching denylist.
  • CI Visibility: Fixes an issue where the pytest plugin would crash if the git binary was absent
  • CI Visibility: fixes source file information that would be incorrect in certain decorated / wrapped scenarios and forces paths to be relative to the repository root, if present.
  • CI Visibility: fixes that traces were not properly being sent in agentless mode, and were otherwise not properly attached to the test that started them
  • openai: This fix resolves an issue where specifying None for streamed chat completions resulted in a TypeError.
  • openai: This fix removes patching for the edits and fine tunes endpoints, which have been removed from the OpenAI API.
  • openai: This fix resolves an issue where streamed OpenAI responses raised errors when being used as context managers.
  • profiling: Fixes an issue where task information coming from echion was encoded improperly, which could segfault the application.
  • tracing: fixes a potential crash where using partial flushes and tracer.configure() could result in an IndexError
  • tracing: Fixes an issue where DD_TRACE_SPAN_TRACEBACK_MAX_SIZE was not applied to exception tracebacks.
  • tracing: This fix resolves an issue where importing asyncio after a trace has already been started will reset the currently active span.
  • flask: Fix scenarios when using flask-like frameworks would cause a crash because of patching issues on startup.
  • profiling: captures lock usages with with context managers, e.g. with lock:
  • profiling: propagates runtime_id tag to libdatadog exporter. It is a unique string identifier for the profiled process. For example, Thread Timeline visualization uses it to distinguish different processes.

2.10.2

01 Aug 21:44
518de6f
Compare
Choose a tag to compare

Bug Fixes

  • lib-injection: This fix resolves an issue with docker layer caching and the final lib-injection image size.
  • psycopg: Ensures traced async cursors return an asynchronous iterator object.
  • tracer: This fix resolves an issue where the tracer was not starting properly on a read-only file system.
  • Code Security: fix potential infinite loop with path traversal when the analyze quota has been exceeded.
  • profiling: captures lock usages with with context managers, e.g. with lock:
  • profiling: propagates runtime_id tag to libdatadog exporter. It is a unique string identifier for the profiled process. For example, Thread Timeline visualization uses it to distinguish different processes.

2.10.1

29 Jul 21:30
b343d25
Compare
Choose a tag to compare

Bug Fixes

  • langchain: This fix resolves an issue where the wrong langchain class name was being used to check for Pinecone vectorstore instances.
  • opentelemetry: Resolves circular imports raised by the OpenTelemetry API when the ddcontextvars_context entrypoint is loaded. This resolves an incompatibility introduced in opentelemetry-api==1.25.0.
  • opentelemetry: Resolves an issue where the get_tracer function would raise a TypeError when called with the attribute argument. This resolves an incompatibility introduced in opentelemetry-api==1.26.0.
  • ASM: This fix resolves an issue where ASM one click feature could fail to deactivate ASM.