dd-trace-php

Fixed

• Add note about cargo in README, make debug symbols included by default for manual compilation #2110
• Fix commit hashes in profiling release versions #2105

Added

• Add support for environment variable syntax to config mode in datadog-setup.php #2050

Changed

• Use span links in the RabbitMQ Integration #2092
• Disable root span generation and removes orphans for Laravel Horizon #2091

Fixed

• datadog-setup.php: remove return types for compatibility with PHP 5 #2059 Thanks @dserodio!
• Work around fiber->execute_data only being correct upon yielding #2072
• Skip error assignment on the root span for 5xx errors that shouldn't be reported #2089
• Ensure no crashes happen with multiple observers installed #2093
• Fix incorrect offset access in Laminas Integration #2094

Internal Changes

• build: delete unused C components #2055
• build: bump cmake and catch2 versions #2056
• build: reduce Laravel queues' tests flakiness #2057
• testing: add snapshot testing #2058
• build: pin guzzlehttp/promises to ^1.5.3 #2071
• Update removed methods used in Guzzle V6 & V7 test suites #2073
• build: drop now-unused uuid component #2096
• Prepare instrumentation telemetry #2029, #2086, #2099
• build: Add rebuild with ASAN section to randomized tests README.md #2084

Profiling

Allocation profiling is now enabled by default. You can manage it using the DD_PROFILING_ALLOCATION_ENABLED environment variable or the datadog.profiling.allocation_enabled setting in the INI file. Although the DD_PROFILING_EXPERIMENTAL_ALLOCATION_ENABLED environment variable and datadog.profiling.experimental_allocation_enabled INI setting still work, the new ones take precedence.

Added

• GA allocation profiling #2038
• disable allocation profiling if JIT is enabled #2088

Fixed

• fixed segfault in test suite #2077

Internal changes

• move allocation profiling to its own module #2090

Application Security Management (0.9.0)

Fixed

• Use /proc/self/fd to avoid rlimit iteration starvation DataDog/dd-appsec-php#265

Internal changes

• Update ruleset to 1.7.1 and libddwaf to 1.11.0 DataDog/dd-appsec-php#267
• Update fuzzer corpus DataDog/dd-appsec-php#268

Application Security Management (0.8.1)

Fixed

• Remove max payload size on remote config calls DataDog/dd-appsec-php#256
• Improve output of phpinfo DataDog/dd-appsec-php#259
• Avoid emitting errors when blocking on RSHUTDOWN DataDog/dd-appsec-php#261
• Improve RSHUTDOWN blocking and add logging DataDog/dd-appsec-php#264

This bugfix release fixes a regression introduced in 0.87.0, causing 4xx responses from Laravel to be marked as errors.

Fixed

• Fix opline being replaced by ZEND_HANDLE_EXCEPTION in uncaught finally on PHP 7 #2052
• Won't set 4xx errors on Laravel root span every time an Exception is caught #2053

Added

• Add config mode to datadog-setup.php #1951
• Add file hooking to DDTrace\install_hook #1989
• Allow DDTrace\install_hook to take any callable #1991
• Add Laminas integration #1990
• Add php-amqp integration #1996
• Add Laravel Queue integration with Span Links #2026
• Add SQLSRV Integration #2031
• Implement replacing of return values #2018

Changed

• Allow for consuming an array via DDTrace\consume_distributed_tracing_headers #2010
• Allow DDTrace\install_hook to take any callable #1991
• Do not force cycle collection at runtime on flush by default #2046

Fixed

• Add fixes for parametric testsuite #1988
• Fix exceptions and errors in auto_prepend_file #1987
• [Yii] Do not use module property if it doesn't exist #1999
• Load API files relative to the ComposerBootstrap.php instead of the ddtrace autoloader #2013
• Avoid side effects from errors within the sandbox #2015
• Prevent execution of install_hook() hooks after disabling tracer #2016
• Fix install_hook on functions returning by-reference #2017
• Fix #2012: Remove PHP 7-only types from signatures #2021 Thanks, @jmakuc, for reporting the issue.
• Ensure internal server errors are set on the root span in Laravel #2026
• Starting multiple traces in parallel does not confuse the limiter #2026
• Fix #2030: Segmentation fault with autoloaders bailing out #2037 Thanks, @NickStallman, for reporting the issue.
• Possible segfault when instrumenting curl_setopt() in PHP 7 #2039
• Fix resolving hooks within files declaring many functions on PHP 7.2 - 8.1 #2045

Internal changes

• Increase the number of configuration entries in zai config #2020
• Reduce the allocated heap size of the elasticsearch7 container #2040

Profiling

The profiling version number is now in sync with the tracer for stable releases.

Changed

• Sync profiling version number with tracer #1992
• refactor: move upscaling to libdatadog #1984
• perf: raise sampling distance for allocations to 2048 KB #2036

Fixed

• Fix crashes when allocation sampling occurs in certain places #2039

Internal changes

• add test to ensure we do not crash with fibers #2003
• add stack walking test #2034

Application Security Management (0.8.0)

Fixed

• Amend issue when getting agent host and port DataDog/dd-appsec-php#230
• Flush socket on body limit DataDog/dd-appsec-php#233
• Set appsec disabled when ddtrace is not enabled DataDog/dd-appsec-php#245
• Cap retry to five minutes rc polling DataDog/dd-appsec-php#246
• Avoid updating waf when no updates provided on poll DataDog/dd-appsec-php#250

Added

• Custom rules support DataDog/dd-appsec-php#235
• Engine update batcher DataDog/dd-appsec-php#248

Changed

• Refactor capabilities DataDog/dd-appsec-php#227
• Refactor service DataDog/dd-appsec-php#229
• Update ip algorithm DataDog/dd-appsec-php#237
• Handle request-lifecycle atomically DataDog/dd-appsec-php#249
• Update-only engine listener and atomic config handling DataDog/dd-appsec-php#253

Internal Changes

• Upgrade tracer to 0.85.0 DataDog/dd-appsec-php#226
• Setup python 3.9 for system tests DataDog/dd-appsec-php#228
• Update WAF to 1.9.0, Ruleset to 1.6.0 and Tracer to 0.86.1 DataDog/dd-appsec-php#234
• Disable apache2 restart test on ZTS DataDog/dd-appsec-php#236
• Implement abstract methods of listener on test DataDog/dd-appsec-php#239
• Add test to ensure path parser does not count on /config ending DataDog/dd-appsec-php#240
• Update ruleset to 1.7.0 DataDog/dd-appsec-php#252
• Update html blocked template DataDog/dd-appsec-php#254
• Upgrade WAF to 1.10.0 and add custom_rules capability DataDog/dd-appsec-php#255

Application Security Monitoring (0.7.2)

Fixed

• Flush socket on body limit DataDog/dd-appsec-php#233

Fixed

• [Tracer][YII] Do not use module property if it doesn't exist #1999

Application Security Monitoring (0.7.1)

Fixed

• Fallback to default agent host and port DataDog/dd-appsec-php#231
• Support DD_TRACE_AGENT_URL DataDog/dd-appsec-php#231

Profiling (0.15.1)

Fixed

• Fix crash by reverting "perf(profiling): speed up stack walking by using function run_time_cache" #1994. Thanks, @zeroxs for reporting.

⚠ Important: Enabling profiling on this release can crash if your code or any code dependencies use magic methods. Since this is difficult to determine, we recommend avoiding this release and moving to 0.86.1 or newer.

Added

• Add MemcacheIntegration #1981
• Add PSR18 tracing support in any PSR18 ClientInterface #1938
• Collect HTTP POST Data and headers #1971

Fixed

• Restrict backends on DBM propagation #1983
• Allow for hooking of extended internal classes #1976

Internal changes

• Include the circleci URL for 1.0.0-nightly installers #1977

Profiling (0.15.0)

Fixed

• Fix issues when preloading and non-root php-fpm user are used #1975

Changed

• perf: speed up stack walking by using function run_time_cache #1949

Internal changes

• Fix system ini handling of invalid values in zai config #1982

Application Security Monitoring (v0.7.0)

Breaking Changes

• Delete enabled_on_cli ini setting DataDog/dd-appsec-php#182

Fixed

• Add uid and gid to sock and lock files DataDog/dd-appsec-php#183

Added

• Remote configuration client DataDog/dd-appsec-php#115
• Plug remote config service DataDog/dd-appsec-php#163
• Add config_sync helper command DataDog/dd-appsec-php#164
• Add ASM_DATA Product Listener DataDog/dd-appsec-php#188
• IP Blocking DataDog/dd-appsec-php#188
• Redirect support DataDog/dd-appsec-php#195
• Add request_exec helper command DataDog/dd-appsec-php#196
• ASM_DD Product Listener DataDog/dd-appsec-php#207
• ASM Product Listener DataDog/dd-appsec-php#210
• Rule Blocking DataDog/dd-appsec-php#210
• Check if RC is available before polling DataDog/dd-appsec-php#212
• User Blocking DataDog/dd-appsec-php#213

Internal Changes

• Support actions and refactor DataDog/dd-appsec-php#184
• Update engine::subscriber rule data DataDog/dd-appsec-php#186
• Blocking templates, missing traces fix and set blocking parameters DataDog/dd-appsec-php#187
• Upgrade tracer to v0.84.0 DataDog/dd-appsec-php#193
• Upgrade WAF 1.8.2 DataDog/dd-appsec-php#202
• Add init / commit stage to listeners DataDog/dd-appsec-php#208
• Ruleset 1.5.2 DataDog/dd-appsec-php#213
• Allow new and old default rules file to be loaded DataDog/dd-appsec-php#215
• Fallback to local IP on extraction DataDog/dd-appsec-php#216

Added

• Add hooking for Closures #1904
• Add hooking for abstract methods #1914
• User tracking through DDTrace\set_user #1910
• Add a DDTrace\generate_distributed_tracing_headers() function #1905
• Add HookData->overrideArguments() method to replace arguments in a pre-hook #1937
• Add Database Monitoring Integration #1941
• Add Custom Instrumentation Documentation #1942, #1963
• Add DD_TRACE_HOOK_LIMIT #1965, #1968

Changed

• Add IPv6 support to DD_AGENT_HOST #1707
• Add an error.stack to curl_exec() on failure #1934
• Add db.system tag to all relevant integrations #1912
• Slightly reword the exception message to use Caught and Uncaught only at top-level #1954
• Inherit version, env and _dd.origin from parent span #1960

Fixed

• Fix automatic injection of w3c headers #1917
• Fix observing the attribute constructor on old PHP 8.0 and 8.1 versions #1953
• Use ZEND_TLS/TSRM_TLS macros instead of __thread to only use thread local storage in ZTS builds #1959
• Ensure that internal functions we trace in our integrations are always traced under JIT #1966

Internal changes

• Build alpine using 3.17 #1922
• Enable shared JSON in PHP 7.4 image #1929
• Cleanup _asan usages in Makefile #1964
• Reduce flakiness from docker containers not starting properly #1962
• Add Zend Framework v1.21 integration test #1944, #1961
• Set coredump_filter to include private file mapped areas in dumps #1935

Profiling (0.14.0)

Fixed

• Use checked_sub duration ops for handling cpu time #1926, #1928
• Mask Zend Signals in profiling threads #1927
• Do not block indefinitely in mshutdown #1932, #1967

Changed

• perf: increased allocation sampling distance to 512KiB #1913
• perf: optimize prepare_sample_message #1952
• Add IPv6 support to DD_AGENT_HOST #1707

Internal changes

• build: move to Rust v1.64, Alpine 3.17 #1922, #1930
• perf: use numbers instead of numeric strings in pprof labels #1831
• chore: upgrade libdatadog to v2.0.0 #1831
• update Cargo.lock #1907
• refactor: cleanup add/remove interrupts #1906
• refactor: cleanup stalk walking #1908
• refactor: cleanup after Rust 1.64 upgrade #1931
• refactor: extract thread_utils module #1943
• refactor: extract uploader, promote profiling.rs to directory #1946
• refactor: extract stalk walking code #1947
• refactor: extract interrupt manager #1948

Added

• Add component tag #1834
• Add W3C tracecontext propagation and propagate full 128 bit B3 headers #1856
• Implement #[DDTrace\Trace] attribute #1867
• Add 128-bit trace id generation and propagation via _dd.p.tid #1875
• Allow IP Collection, disabled by default #1895
• Add support for tracing Dispatched Events in Laravel 5.8+ #1897 (Thanks @ralphschindler)

Changed

• Show error message when PDO returns an error #1839

Fixed

• Make active_stack infallible: there always exists a stack #1883
• Fix DDTrace\flush() with DD_AUTOFINISH_SPANS=1 #1892
• Null the parent span of span stacks when resetting the tracer #1899

Internal changes

• style(datadog-setup.php): reformat file #1869
• refactor(datadog-setup.php): cleanup PhpStorm warnings #1870
• Add test Wordpress 6.1 application #1884
• Revert bogus revert commit #1888
• Add apt update before fetching codecov dependencies #1893
• Fix running CI in external PRs #1898
• Add Symfony 6.2 testsuite #1900
• Add exported function to close all spans and flush #1902, #1901

Profiling (0.13.0)

This release adds new profile types: allocation size and allocation samples. They are off by default. Enable them with the environment variable DD_PROFILING_EXPERIMENTAL_ALLOCATION_ENABLED=1 or INI setting datadog.profiling.experimental_allocation_enabled=1.

Added

• Add allocation profiling beta #1815, #1865, #1874, #1878

Fixed

• Do not send empty profile samples #1872, #1885

Changed

• Bump profiling version for release #1879, #1881

Internal changes

• docs: wall-time and cpu-time #1850
• refactor: fix clippy::too_many_arguments #1871
• tests: Add test for the fix in #1885 #1887

Application Security Monitoring (v0.6.0)

Added

• Add zai config DataDog/dd-appsec-php#114
• Replace actor.ip with http.client_ip DataDog/dd-appsec-php#128
• PHP 8.2RC support DataDog/dd-appsec-php#151
• Generate IP on appsec DataDog/dd-appsec-php#155
• Support PHP 8.2 Release DataDog/dd-appsec-php#166
• Login and custom event SDK DataDog/dd-appsec-php#174
• Update SDK with separate success/failure functions DataDog/dd-appsec-php#177

Fixed

• Return error response in helper when incoming message can't be adequately handled DataDog/dd-appsec-php#120
• Avoid creating log file as root DataDog/dd-appsec-php#124
• Reset context on shutdown DataDog/dd-appsec-php#130
• Handle errors on request_shutdown DataDog/dd-appsec-php#132
• Avoid regenerating ip when multiple headers are already present DataDog/dd-appsec-php#170

Internal changes

• Upgrade WAF to 1.5.0 and ruleset to 1.4.0 DataDog/dd-appsec-php#117
• Update ip extraction module DataDog/dd-appsec-php#125
• Make test use latest version of ddtrace 0.79.0 DataDog/dd-appsec-php#129
• Update ddtrace-basic test to be compatible with older tracers DataDog/dd-appsec-php#142
• Fix package / release build DataDog/dd-appsec-php#152
• Update LLVM script DataDog/dd-appsec-php#153
• Fix package build DataDog/dd-appsec-php#172
• WAF upgrade to 1.6.0 and ruleset to 1.4.2 DataDog/dd-appsec-php#175
• Upgrade deprecated actions and ruleset to 1.4.3 DataDog/dd-appsec-php#176

Infinite Loop

Please use version 0.84.0 or newer. This version contains a bug, sometimes leading to an infinite loop during sending of traces.

Fixed

• Use the HttpWorker instead of the Psr7Worker for Roadrunner for more generic usage #1864
• Fix trace_id reset in DDTrace\set_distributed_tracing_context() #1863
• Work around broken enum functions run_time_cache on PHP 8.2.0 and 8.2.1 #1862

Infinite Loop

Please use version 0.84.0 or newer. This version contains a bug, sometimes leading to an infinite loop during sending of traces.

Added

• Add span.kind tagging #1801, #1843

Changed

• Change error.msg to error.message #1821
• Change process_id to metrics tag #1826
• Remove libexecinfo on Alpine #1838
• Always interpolate error message placeholders to avoid confusion #1849

Fixed

• Fix installer name in help output in datadog-setup.php #1829
• Fix #1828: crash when copying an immutable array #1832
• Fix CodeIgniter integration to not depend on CI_Controller class #1835
• (PHP 7) Fix memory leak with custom CURLOPT_READFUNCTION #1841
• Support custom ini names in installer #1846, #1851
• Clear the active closed stack head when resetting the tracer #1853

Internal changes

• Speed up "Attaching workspace" step in CI #1823
• Improve test suite flakiness & randomized asan #1817

Profiling (0.12.0)

Added

• Add configuration to save profiles to disk #1837

Changed

• Bump libdatadog to 1.0 #1825
• Bump profiling version for release #1848

Internal changes

• Fix compile time warnings when compiling without features #1819
• Avoid putting .package-cache into the cache, commit Cargo.lock #1852

Added

• PHP-8.2 support #1800
• Add Elasticsearch 8 support #1808
• Add a Roadrunner integration #1813

Changed

• Change system.pid to process_id #1796

Fixed

• Extract priority sampling whenever is string or int #1789
• Fix crash during preloading on 8.1+ #1799
• Fix $integration->setError() to also accept \Error instances #1802
• Fix ZEND_CATCH chaining logic #1803, #1814
• Fix misbehaviour with 256+ hooks on a same function #1809
• FIX PSR-4 autoloading in ComposerBootstrap class #1816 (Thanks @ls-youssef-jlidat)
• Fix dropped spans causing an infinite loop #1818

Internal changes

• Avoid deprecated zend_atol on PHP 8.2 #1778
• Retry docker images not starting in CI #1807

Profiling (0.11.0)

Profiling is now installed and enabled when --enable-profiling is passed on the installer. Previously it was installed but not enabled. This removes one step in onboarding as the environment variable DD_PROFILING_ENABLED no longer needs to be set to 1, which can be difficult in some situations. The recommended way to configure profiling is to use .ini settings, which is generally easier.

Added

• Add .ini support #1775.
• Groundwork for allocation profiling #1794

Changed

• Bump libdatadog to 0.9 #1782.
• Bump env_logger to 0.9.3 #1804.

Internal Changes

• Add troubleshooting to README #1761

Fixed

• Fix span limiter not being reset in long running processes #1785

Traces disappearing

We have an issue causing span counters to not be reset properly after a flush. Thus the span limit of 1000 being reached, and then hooks not being executed anymore. This impacts long-running CLI processes only.
It is advised to stay on 0.80.0 until we have released 0.81.1.

Added

• Rate limiting support #1769
• Add span stacks #1746

Changed

• Stop collecting IP on tracer #1774
• Amend wording when uninstalling datadog #1756

Fixed

• Guzzle Integration not initialized correctly #1762.
• Do not create root spans for certain Symfony methods #1771. Thanks, @radykal-com!
• ldconfig not found by installer #1773
• Fix crash in ddtrace_curl_multi_get_gc #1779

Internal changes

• Fix in-tree compilation #1760
• Reusability of zai config across products #1765

Profiling (v0.10.2)

Fixed

• Prevent deadlocks when forking #1752
• Fix linking on arm64 mac #1759

Application Security Monitoring (v0.4.4)

Added

• Generate ip and duplicate ip headers on appsec DataDog/dd-appsec-php#141

Changed

• Make sampling priorities public API again #1742

Fixed

• Fix behaviour of return false in trace hooks #1749
• Handle non-binaries in installer #1743
• Fix mishandling of payload size limit #1750

Profiling (v0.10.1)

Fixed

• Match the service names of the tracer when unset or empty #1733
• Avoid crashing when pcntl_fork is called #1745

Application Security Monitoring (v0.4.3)

Fixed

• Return error response in helper when incoming message can't be unpacked DataDog/dd-appsec-php#120
• Avoid creating a log file during MINIT/MSHUTDOWN DataDog/dd-appsec-php#124
• Handle helper errors gracefully DataDog/dd-appsec-php#127
• Reset context on shutdown DataDog/dd-appsec-php#130
• Handle errors on request shutdown DataDog/dd-appsec-php#132

Internal changes

• Enable CI on all relevant branches DataDog/dd-appsec-php#123

Added

• Integrate with Symfony console commands #1724

Changed

Fixed

• Fix #1709 appsec attempting to load erroneously #1711
• Fix symfony service and root span name #1723 (Thanks @numyx)
• Initialize hooks and config early to prevent conflicts with code executed in early startup #1726
• Fix hook dynamic data zeroing when new hooks are added during hook execution #1730

Internal changes

• Fix compilation on MacOS #1716
• Deduplicate PHP 7 and PHP 8 source files #1722

Profiling (v0.10.0)

Added

• Add Endpoint Profiling #1720

Internal changes

• Extract C API module; refactor Uuid #1710

Symfony integration partially broken

Some Symfony spans may be of service unnamed-php-service instead of the proper service name. Under version 0.77.0 the behaviour is as expected.

Added

• Instrument pcntl_fork and reset tracing when it is called #1633 (Thanks @jlesueur)
• ARM64 support (Build arm images in CI) #1701
  • ARM64 is supported for the tracer and the profiler now. Appsec has no ARM64 support yet.

Changed

• Accept pseudonym on via header as specified by rfc7230 #1696
• Add agent target URL to flush-message to help with debugging #1705
• Add IPv6 support to DD_AGENT_HOST #1707

Fixed

• Fix span memory leak and packaging #1697
• Fix datadog-setup.php failing in environments without scan directory #1702
• Fix random number generator usage #1704
• Set root span name only in HttpKernel::boot() to avoid side effects on CLI #1706
• Fix meta information loss in PDOIntegration #1708 (Thanks @frankdejonge)

Internal changes

• Update artifact URL for v0.77.0 gitlab deployments #1686
• Update relenv to use datadog-setup.php #1689
• Add arm support to docker images #1699

Application Security Monitoring (v0.4.0)

Fixed

• Fix interned string invalidation on PHP <= 7.2 DataDog/dd-appsec-php#99
• Replace php_error_docref with php_log_err DataDog/dd-appsec-php#101

Changed

• Log helper communication DataDog/dd-appsec-php#97
• Set environment values at rinit on php-fpm DataDog/dd-appsec-php#105

Internal changes

• Update development documentation DataDog/dd-appsec-php#98
• Update system tests with new variants DataDog/dd-appsec-php#102
• Add helper test for config DataDog/dd-appsec-php#108
• Fix missing helper header coverage DataDog/dd-appsec-php#109
• Upgrade integration test tracer version to 0.76.1 DataDog/dd-appsec-php#110
• Add a way to include local changes to the cmake build process DataDog/dd-appsec-php#111
• libddwaf upgraded to 1.4.0 DataDog/dd-appsec-php#116

Profiling (v0.9.0)

Added

• Add Unix Domain Socket (UDS) support #1698

Fixed

• Avoid PHP per-request interning #1700

Internal changes

• Add phpt tests for profiling #1690

⚠️ The tracer and profiling packages for PHP 7 and 8 are built on CentOS 7. These packages will not run on older GNU Linux versions like CentOS 6, Debian 7, and Ubuntu 12.04.

Added

• Add single span ingestion mechanism #1628
• Add "recurse" => true option to hook/trace config array #1677

Changed

• Allow Symfony EventDispatcher::dispatch hooks to recurse #1678

Fixed

• Fix JIT compatibility under macOS #1661
• Fix -Werror=address-of-packed-member #1664
• Add support for ports on x-forwarded-for header #1675. Thanks, @estringana!

Internal changes

• Move to CentOS 7; begin adding profiling deps #1660
• Add profiling sources #1606
• Build and package datadog-profiling in CI #1663
• Fix profiler config in randomized tests #1682

Profiling (v0.8.0)

Added

• Add process_id and runtime_version tags #1606.
• Add support for changing env vars per request, such as per-directory env var settings in Apache #1606.
• Add fake frame when truncating stacks #1679. This way users can tell when the stack is truncated.

Changed

• Switch <php> to <?php #1680
• Raise max stack depth to 512 #1681
• Enable CPU Time profile by default #1663. This can disabled by setting the environment variable DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED to 0, off, or no.
• Change logging format #1606. Add a new log level trace, which is even more verbose than debug.
• Stop sending a profile on every phpinfo() (or the equivalent command line option --ri datadog-profiling) #1606