2.12.1

Highlights

Fixed

• AppSec: Fix ArgumentError from ActiveRecord for Ruby < 2.7 (#4437)

Read the full changeset and the release milestone.

2.12.0

Added

• AppSec: Add detection of Server-Side Request Forgery attacks for rest-client (#4424)
• Dynamic Instrumentation: Add support for unix domain sockets (#4426)

Read the full changeset and the release milestone.

2.11.0

Highlights

Here are some important changes introduced in 2.11.0 and we recommend upgrading.

• Remove peer services by default. This change is to ensure compatibility with Inferred services, allowing for automatic discovery of instrumented dependencies such as databases, queues, or third-party APIs. If you need the previous peer service behavior back, set the environment variable DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED=true.

• Fix a memory leak issue for Runtime Application Self-Protection (RASP)

GVL Profiling is now enabled by default on Ruby 3.2+

GVL profiling means the profiler gathers information from threads waiting to acquire the Ruby "Global VM Lock" (GVL).

This waiting can be a big a source of latency for Ruby applications: a thread "Waiting on the GVL" is a thread that's ready to make progress, but can't start because Ruby is busy doing something else.

For more details on why GVL profiling is relevant, check out How the Ruby Global VM Lock impacts app performance and #3929.

Added

• Tracing: Support graphql multiple query errors report via Span Events (#4177)
• Profiling: Enable GVL profiling by default on Ruby 3.2+ (#4406)
• Profiling: Support correlating profiling with OTel API 1.5+ (#4425)
• AppSec: Add detection of Server-Side Request Forgery attacks for excon (#4399)
• AppSec: Add detection of Server-Side Request Forgery attacks for faraday (#4391)
• AppSec: Deprecate appsec.track_user_events configuration setting in favor of appsec.auto_user_instrumentation (#4352)
• Dynamic Instrumentation: Add optional trace logging (#4283)

Changed

• Increase default timeout for unix domain socket to 30 seconds (#4411)
• Upgrade libdatadog to 16.0.1 (#4353)
• Dynamic Instrumentation: Improve path matching with prefixes of probe paths (#4346)
• Dynamic Instrumentation: Improve event reporting with combing status and snapshot events (#4360)

Fixed

• Tracing: Fix rack to continue trace if only distributed trace is present (#4398)
• AppSec: Fix a memory leak issue for RASP (#4422)
• Dynamic Instrumentation: Fix event submission on forked servers (#4363)

Removed

• Tracing: Remove peer services by default (#3846)

Read the full changeset and the release milestone.

2.10.0

Added

• AppSec: Add configuration option(Datadog.configuration.appsec.rasp_enabled) to enable/disable Runtime Application Self-Protection checks (#4311)
• AppSec: Add stack trace when SQL Injection attack is detected (#4321) (Edit: Cannot be enabled yet, needs an extra change that will be shipped with 2.11.0 release)

Changed

• Add logger gem as dependency (#4257)
• Bump minimum version of datadog-ruby_core_source to 3.4 (#4323)

Fixed

• Dynamic instrumentation: Fix report probe status when dynamic instrumentation probes fail to instrument (#4301)
• Dynamic instrumentation: Include variables named env in probe snapshots (#4292)
• Fix a concurrency issue during application boot (#4303)

Read the full changeset and the release milestone.

2.9.0

Highlights

This release adds official support for Ruby 3.4, fixes a few rare crashes in ipv6 and otel support, and improves the loading of dynamic instrumentation.

Added

• Core: add support for Ruby 3.4 (#4249)
• Integrations: add a new option for ActiveSupport to disable adding the cache_key as a Span Tag with the cache_key_enabled option (#4022)

Changed

• Dynamic instrumentation: move DI preloading to datadog/di/preload (#4288)
• Dynamic instrumentation: dd-trace-rb now reports whether dynamic instrumentation is enabled in startup summary report (#4285)
• Dynamic instrumentation: improve loading of DI components (#4272, #4239)
• Dynamic instrumentation: logging of internal conditions is now done on debug level (#4266)
• Dynamic instrumentation: report instrumentation error for line probes when the target file is loaded but not in code tracker registry (#4208)
• Profiling: require datadog-ruby_core_source >= 3.3.7 to ensure Ruby 3.4 support (#4228)

Fixed

• Core: fix a crash in crashtracker when agent hostname is an IPv6 address (#4237)
• Profiling: fix allocation profiling + otel tracing causing Ruby crash (#4240)
• Profiling: fix profiling warnings being really hard to silence (#4232)

Read the full changeset and the release milestone.

2.8.0

Highlights

Dynamic instrumentation is now available in Ruby as a Preview. Currently only log probes are implemented, and they can be set on both methods and lines. If you are interested in trying out Dynamic Instrumentation for Ruby, please contact Datadog to be added to the Preview program or open a GitHub issue.

Added

• AppSec: Add SQL injection detection for ActiveRecord for following adapters: mysql2, postgresql, and sqlite3 (#4167)
• Telemetry: Add environment variable to disable logs (#4153)
• Integrations: Add configuration option on_error to Elasticsearch tracing (#4066)

Changed

• Upgrade libdatadog dependency to 14.3.1 (#4196)
• Profiling: Require Ruby 3.1+ for heap profiling (#4178)
• Appsec: Update libddwaf to 1.18.0.0.0 (#4164)
• Single-step: Lower SSI GLIBC requirements down to 2.17 (#4137)

Fixed

• Integrations: Avoid loading ActiveSupport::Cache::RedisCacheStore, which tries to load redis >= 4.0.1 regardless of the version of Redis the host application has installed (#4197)
• Profiling: Fix unsafe initialization when using profiler with otel tracing (#4195)
• Single-step: Add safe NOOP injection script for very old rubies (#4140)

Read the full changeset and the release milestone.

2.7.1

Fixed

• Tracing: Fix missing version tag (#4075)
• Profiling: Fix profiling not loading in certain situations on Ruby 2.5 and 3.3 (#4161)

Read the full changeset and the release milestone.

2.7.0

Added

• Profiling: Enable "heap clean after GC" profiler optimization by default (#4085)

Changed

• Enable crashtracking by default (#4083)
• Upgrade to libdatadog 14.1 (#4082)

Fixed

• Fix Process.waitall hanging and stack overflow when crashtracking enabled (#4082)

Read the full changeset and the release milestone.

2.6.0

Changed

• Core: Upgrade to libdatadog 14.0 (#4065)

Fixed

• AppSec: Remove unintentional libddwaf require (#4078)

Read the full changeset and the release milestone.

2.5.0

Highlights

This release contains a fix for Grape instrumentation. Redundant slashes at the beginning of the resource names will be replaced with a single slash. If you have monitors depending on this resource names, please adjust them accordingly.

Before

RackAPI GET //path/with/leading/slash

After

RackAPI GET /path/with/leading/slash

Added

• Performance: Profiling: Add setting to lower heap profiling memory use/latency by cleaning up young objects after Ruby GC (#4020)

Changed

• Core: Replace the debase-ruby_core_source gem with the datadog-ruby_core_source (#4014)
• Core: Upgrade to libdatadog 13.1 (#3997)

Fixed

• Fix undefined method error for Rails runner (#3996)
• Apply version tag only to spans that use the global/default service name (#4027)
• Ensure UDS takes precedence over HTTP when both Agent configurations defined (#4024)
• Remove duplicate leading slash in resource name for Grape routes (#4033)

Read the full changeset and the release milestone.