dd-trace-php

This release fixes a memory leak in the tracer, specifically affecting version 0.99.0

Tracer

Fixed

• Fix compilation on macOs #2613

Changed

• REVERT: “Send spans_created telemetry metric #2577” to fix a memory leak

⛔ This release has a memory leak in the tracer parts. A fix was released with version 0.99.1 and we encourage you to upgrade.

Tracer

Windows x64 support is officially GA (generally available).

Some performance work has been undertaken to primarily reduce the overhead of telemetry reporting.
The next release will be version 1.0 and remove deprecated and some unused code and APIs.

Added

• Support the FrankenPHP SAPIs #2602
• Add zts support for alpine #2564
• Swoole Integration #2595

Changed

• w3c phase 2: add last parent_id to tracestate #2549

Fixed

• Handle relative ext/ paths and test the windows installer #2559
• Fix exec integration build on PHP 8.4 #2543
• Fix Orphans not being sampled-out #2550
• Fix fibers with tracer disabled #2576
• Update update_span_duration return type #2586
• Fix #2563: ddtrace overrides php error log permissions #2583
• Allow hooking an inherited internal constructor #2591
• Distinguish architectures on windows #2593
• Fix the ExecIntegration name #2597

Internal

• Get rid of some bitwise checking in ddog_shall_log #2539
• Use faster bincode for ipc #2544
• Update to use DDOG_CHARSLICE_C and new DDOG_CHARSLICE_C_BARE helpers #2565
• Slightly Improve OTel Performances #2561
• Send spans_created telemetry metric #2577

Profiler

Added

• add FrankenPHP to the list of recognised SAPIs #2523
• enabled allocation profiling for PHP ZTS #2506
• report PHP build (nts-ndebug vs zts-ndebug) #2536

Internal

• add tests for exception profiling in ZTS builds #2562
• update to libdatadog v7 #2605

Application Security Management

Added

• Add DD_API_SECURITY_ENABLED flag #2532
• Add DD_APPSEC_SCA_ENABLED new configuration variable #2557

Fixed

• Make Laravel appsec login success event more accurate #2600
• Enable appsec by ini only when enable-appsec present #2567
• Provide path params to appsec #2395

Tracer

Fixed

• Always include the whole of src/ in the Windows and PECL build (#2533)
• Ensure the permissions of the log file are actually really 0666 (#2528)
• Avoid remapping freed memory in trace sender fallback (#2541)
• Fix possible crash in dd_patched_zend_call_known_function on early PHP 8.0 and 8.1 versions (#2548)
• Make ddtrace_disable a true global to avoid crashes in ZTS with unsupported SAPI/extensions (#2545)

Fixes across all extensions

• Handle Apache graceful restarts more accurately #2483
• Mark config as immutable and interned to avoid refcounting race conditions #2516

Tracer

This release includes Windows dlls for the tracer starting with PHP 7.2. #2230

Windows support is in beta. We recommend carefully deploying the tracer to staging environments and testing it there before putting it to production. We are looking towards stabilizing Windows quickly, so any feedback and issue reports are welcome.

Added

• Enhance logging #2490
  • This features two new logging options:
    • datadog.trace.log_level allows more fine-grained control over logging (error, warn, info, debug, trace). It follows the RUST_LOG standard. Note that datadog.trace.debug still takes precedence if set.
    • datadog.trace.log_file allows specifying a dedicated target file for any datadog trace logs instead of the default php error location.
  • More log lines were added to allow for observing submitted spans (debug level) and hook invocations (trace level).
• Add http.route to Wordpress #2491

Changed

• Have datadog.trace.db_client_split_by_instance also affect mysqli and sqlsrv #2508
• Record nested exceptions in the integrations #2514
• Evaluate numbers and bools in tags and metrics for sampling rules #2521

Fixed

• Access to undefined method attempts in LaravelQueueIntegration #2485
• Include generated curl_exec spans of curl_multi_exec() in metrics #2505
• Remove Symfony Command Hook After Execution #2492
• Add zend_try around closing and flushing spans #2507
• Make PDO split-by coherent with other DB split-by with service name flattening #2524

Internal

• No longer compile the mockgen as part of the rust build #2512
• Add TEA Benchmarks #2438
• Reduce CI and Local Flakiness #2496, #2518

Profiling

This release requires System INIs to be used to configure the profiler settings which control the enabling/disabling of individual features. If you are configuring the profiler using php datadog-setup.php config set, you should be fine. We recommend switching to use the config mode of datadog-setup.php to configure profiling.

Added

• Enable timeline by default #2480. This can be disabled by setting the INI setting datadog.profiling.timeline_enabled to 0 or false. Using the datadog-setup.php script is recommended, for example:

  php datadog-setup.php config set --php-bin all -ddatadog.profiling.timeline_enabled=0
  

• PHP ZTS support for CPU- and Wall Time profiling #2470
• Add exception message to exception sample (opt-in) #2434

Changed

• Breaking-change: require system INIs for profiling features #2468

Internal

• Update dependencies and pin ahash #2479
• Fix clippy::single-match #2482
• Update to libdatadog 6 #2513
• Refactor: use SystemSettings in locals #2487
• Fix accidentally skipped tests #2517

Application Security Management

This release introduces support for the Roadrunner application server and extends threat detection and blocking on XML and JSON request payloads. Request and response payloads are now also used to expand the already existing API security features.

Added

• Roadrunner appsec support #2443
• Provide server.response.body #2489
• Support json/xml request bodies #2499

Changed

• Change ip header parsing/header reporting #2503

Fixed

• Fix blocking on PHP 7.0-7.1 ZTS #2502
• Ensure logs are committed to disk upon shutdown #2495

Internal

• Upgrade libddwaf and ruleset #2520

Tracer

Added

• Add span links capabilities to the OTel API #2451
• Add exec integration #2361, #2455, #2459

Changed

• Implement http.route for Yii #2430
• Implement http.route for Slim #2402

Fixed

• Remove Symfony controller hook after execution #2436
• Move the dummy function of call_attribute_constructor onto the VM stack #2446
• Avoid resolving unresolved functions and classes #2450
• Fix removal of the directly accessed hook after binding in DDTrace\remove_hook #2449
• Handle async requests using Guzzle #2460
• Fix removing an end observer with other observers active #2469
• Fix fibers on PHP 8.1.2 #2473

Internal Changes

• Add MicroBenchmarks #2435, #2456, #2458
• Add Symfony 7.0 test suite #2437
• Track DD_TRACE_DEBUG=1 errors in integration and web tests #2472
• Reduce noise in composer package download #2401

Profiling

Added

• prevent emitting empty profiles #2397

Fixed

• potential allocation profiling crashes with certain opcodes #2352

Internal Changes

• test with address sanitizer on bookworm with GH actions #2432
• make the profiler compile in ZTS PHP #2463
• extract wall_time.rs file #2467

Application Security Management

Internal changes

• Change schema extraction zip compression to PHP_ZLIB_ENCODING_GZIP #2447

Exception profiling is now enabled by default. You can manage it using the DD_PROFILING_EXCEPTION_ENABLED environment variable or the datadog.profiling.exception_enabled setting in the INI file. Although the DD_PROFILING_EXPERIMENTAL_EXCEPTION_ENABLED environment variable and datadog.profiling.experimental_exception_enabled INI setting still work, the new ones take precedence.

Tracer

Added

• Implement extended sampling #2384

Fixed

• Add PHP 8.3 to supported versions #2417 (thank you @markwalet)
• OTel: Fix analytics.event override (#2409)
• Fix dddbs service mapping #2413
• WordPress: Avoid Setting User ID When Unauthenticated #2424

Internal Changes

• CI: Handle latest Alpine 3.19 image #2418
• CI: Complements PHP 8.3 test suites #2419

Profiling

Added

• GA exception profiling #2403
• allow enabling all experimental features using datadog.profiling.experimental_features_enabled #2385

Internal Changes

• run prof-correctness nightly in master branch #2420

This release introduces support for arm64 and PHP 8.3 for appsec. Additionally, it adds schema extraction and classification to appsec, which forms the foundation for API security. Finally, the appsec extension has been officially incorporated into the dd-trace-php repository and will adhere to the same versioning scheme as the tracer and profiler.

Tracer

Added

• Add http.route to CodeIgniter #2379

Fixed

• Use http_code instead of connect_time to detect curl errors #2391
• Fix handling of invalid persistent JSON #2381
• Zero pad the tid and exclude it from OTel tracestate #2386

Internal changes

• Update CI images to use PHP 8.3.0rc6, pin mongodb for PHP 7.2-7.3 #2382
• Update CI images to 8.1.26, 8.2.13 and 8.3.0 and XDedug to 3.3.0 #2400 #2405
• Add macrobenchmark runs #2408

Profiling

Internal changes

• add allocation and exception count to event.json #2392

Application Security Management

Added

• Implement sampler and processor trigger DataDog/dd-appsec-php#308
• Zip long schemas DataDog/dd-appsec-php#315
• Add compression library to helper DataDog/dd-appsec-php#316
• Always serialize schemas when available #2406
• Upgrade libddwaf to v1.15.1 #2377

Internal changes

• Fix fuzzer build & increase RSS limit DataDog/dd-appsec-php#313
• Build AppSec extension & helper in CI with support for Arm64 and PHP 8.3 #2344
• AppSec extension & helper unit tests in CI #2349
• Package appsec using new builds #2369

This release fixes a regression in the profiler which would make it emit profiles even though profiling is disabled.

Profiling

Fixes

• Do not emit profiles when profiler is disabled #2393

This release adds support to OpenTelemetry so that you can use the OpenTelemetry API to generate Datadog spans. This is off by default. Enable it with the environment variable DD_TRACE_OTEL_ENABLED=1 or INI setting datadog.trace.otel_enabled=1. Please, refer to the documentation to get started. Also, the tracer now generates 128 bits trace ids by default, in an effort to match OpenTelemetry standards.

Tracer

Added

• Set _dd.base_service when overriding service name for a span #2275
• OpenTelemetry API #2332
• Add tracing for curl_multi_exec() #2347
• CakePHP http.route implementation #2360

Changed

• Enable 128-bit trace ID generation by default #2358, #2368
• Respect DD_LOGS_INJECTION default value #2365
• Completely avoid instrumenting the PSR NullLogger #2367
• Inject the _dd.dbm_trace_injected tag only when full propagation is enabled #2346
• Retain tracestate from tracecontext if extracted at all #2359

Fixed

• Handle extra arguments for internal overrideArgs #2348
• Fix possible double-free with hooks on internal methods inherited by user classes #2372
• Fix crash with functions with no run_time_cache yet #2373
• Workaround php bug #81634 in PHP 8.0-8.1.0 #2353
• Fix PHP5: The Magento Integration is not part of PHP5 #2363
• Fix orphans removal when 128-bit is enabled #2366
• Use _dd.agent_psr instead of _dd.rule_psr for agent sampling #2370

Internal changes

• Add xfail for Zend/tests/stack_limit/stack_limit_013.phpt on PHP 8.3 #2371

Profiling

Added

• Add idle phases to timeline #2343

Fixed

• perf: increase allocation sampling distance #2350, #2364

Internal changes

• add DD_PROFILING_WALLTIME_ENABLED for testing #2316

Tracer

This release fixes a bug in the PDO integration (cf #2351). Please do not use previous 0.93.x versions

Fixed

• [PDO] injectDBIntegration should be public. #2351

Tracer

Fixed

• Reset distributed context on request init #2340. Fixes a bug introduced in 0.93.0

⛔ This release contains a bug where some spans would report to previous traces. Please use 0.93.1 instead

This release adds support for PHP 8.3 for the tracer and the profiler. Please be aware that we are currently building against PHP 8.3.0 RC3.

Tracer

Added

• Add Magento 2 Integration #2274
• Support for PHP 8.3 #2098, #2282
• Add a configuration flag to disable laravel queue distributed tracing #2304
• Laminas RESTful methods handling #2322
• Expand arrays in meta and metrics into nested-tag format #2302, #2333
• Report extensions used in telemetry #2295

Changed

• Redis Span Removal and Priority Sampling Orphans Cleanup #2306
• Subclass SpanData with RootSpanData #2309
• Refactor tightly coupled extraction state #2314

Fixed

• Propagate env to telemetry #2313
• Fix ZAI config handling for .htaccess with php-fpm #2298
• Explicitly drop dd.p.dm if provided in propagated tags when the incoming sampling priority is reject #2310
• Strictly validate dd.p.tid #2303
• Fix PHP 5: The Drupal integration is not part of PHP 5 #2326
• Avoid %.*s in places where longer strings are used #2330
• Respect service mapping when propagating for DBM #2321
• Specify the odbc driver in db.system and exclude the Ingres driver from DBM #2334
• Fix daemonization of sidecar closing stderr properly DataDog/libdatadog#271

Profiling

Added

• Support for PHP 8.3 #2098, #2282

Fixed

• neighboring extension handling in gc_mem_caches() #2297
• panic after shutdown of forked child when USE_ZEND_ALLOC=0 #2301
• fix typo in info log message #2307
• sampling distance in exception profiling #2323
• reuse thread RNG and poisson sampler #2320

Internal changes

• fix reliability environment deployment #2289
• upgrade to libdatadog v5 #2299
• add memory benchmark #2319
• fix flaky exception correctness test #2331

Application Security Management (0.14.3)

Fixed

• Set sampling priority using ddtrace_set_priority_sampling_on_root DataDog/dd-appsec-php#311

Application Security Management (0.14.2)

Fixed

• Always update enabled status on RINIT DataDog/dd-appsec-php#307
• Fix ZAI config handling for .htaccess with php-fpm #2298

Tracer

Fixed

• Handle UnwindExit in sandbox error reporting #2288
• Add a safeguard nullcheck for the sidecar into telemetry reporting #2293

Profiling

Fixed

• Do not leak module entry on purpose #2291
• Fix allocation profiling shutdown with USE_ZEND_ALLOC=0 crashing #2294

Application Security Management (0.14.1)

Fixed

• Improve tracer state detection DataDog/dd-appsec-php#305
• Fix setting perdir INI setting for multiple ZAI config users #2277

This release adds experimental exception profiling to the profiler. This is off by default. Enable it with the environment variable DD_PROFILING_EXPERIMENTAL_EXCEPTION_ENABLED=1 or INI setting datadog.profiling.experimental_exception_enabled=1.

In Application Security Management, this release introduces the latest version of the WAF v1.14.0 and the latest ASM ruleset v1.8.0, as well as a fix to ensure runtime IDs reported by the remote configuration client are always valid and consistent with those reported by the Tracer.

Tracer

Added

• Add Drupal Integration #2188
• Implement sidecar tracing #2234
  • This functionality is currently experimental and guarded behind a configuration option DD_TRACE_SIDECAR_TRACE_SENDER=1 or INI setting datadog.trace.sidecar_trace_sender=1. It replaces the sending of traces through a dedicated thread.

Fixed

• Do not emit a deprecated diagnostic for DD_LOGS_INJECTION #2253
• Set peer.service as dddbs when available #2260
• Fix toggling datadog.trace.enabled with perdir configuration #2269
• Enable auto flush for artisan commands #2270

Internal changes

• Keep doctrine/dbal to major version 2 in symfony 5.2 tests #2254
• docs: Explain minimum and nice-to-have from LLVM #2264

Profiling

Added

• Add exception profiling #2197, #2262
• Do not disable allocation profiling on fixed PHP versions with active JIT #2246

Fixed

• Add missing end_timestamp_ns to string compilation event #2251
• store customized heap #2261
• remove “BETA” in datadog-setup.php as the profiler is not beta anymore #2278
• use-after-free with Closure trampolines #2280

Internal changes

• add tests for timeline #2192

Application Security Management (0.14.0)

Added

• Add default processors and scanners DataDog/dd-appsec-php#298
• Exchange more types between extension and helper DataDog/dd-appsec-php#299
• API security configuration settings DataDog/dd-appsec-php#300

Fixed

• Propagate Runtime IDs and keep a valid pool in the RC client DataDog/dd-appsec-php#301

Internal changes

• Add nginx container to integration tests DataDog/dd-appsec-php#294
• Upgrade WAF to 1.14.0 DataDog/dd-appsec-php#295
• Upgrade tracer to v0.91.0 and remove master build downloads DataDog/dd-appsec-php#296
• Upgrade ruleset to 1.8.0 DataDog/dd-appsec-php#302
• Merge appsec repository as subtree #2267

Tracer

Fixed

• fix: Use DD_SERVICE if available (Laravel) #2256

Profiling

Fixed

• detect an uninitialized runtime cache #2250

⚠️ Important: If you are using the profiler please update to 0.91.1 to avoid a possible crash (see #2250 for more information).

Summary

This release adds:

• an enhanced WordPress integration, which can be enabled through datadog.trace.wordpress_enhanced_integration=1 in INI. Even more extensive span collection can be enabled through datadog.trace.wordpress_callbacks=1. Feedback is welcome - just open a new issue with your thoughts!
• Agent sampling as described in our public documentation. This will allow an automatic control of sampling rates allowing to reduce the traffic sent to Datadog while keeping most important spans.

Added

• Add automated login events to Wordpress #2162
• Enhance the WordPress Integration #2126
• Implement agent sampling #2223
• Add Laravel 9.X & 10.X tests #2237
• Add http.route to laravel #2204 #2241

Fixed

• (Legacy OpenTracing API) Check if the active span has a parent #2177
• Handle killed workers and change root span initialization in the integrations #2176
• fix: add Symfony command's exception to the root span #2194
• Fix #2174: Can't pass less args to an untyped function than originally passed #2227, #2243
• Fix #2232: Add Cargo.lock to pecl #2233
• fix: wrong service name on some laravel.event.handle spans #2235
• fix: PHP7 compatibility in logs correlation #2236
• Store library_dependencies in memfd, referenced via /proc/self/fd/X DataDog/libdatadog#221
• fix datadog-setup.php when INI file is a symlink #2242
• update webpki and other dependencies #2247

Internal Changes

• Add log levels #2158
• Add zai_option_str and use it in config #2205, #2213
• Refactor zai_string_view APIs and use them more #2203
• Rename zai_string_view to zai_str #2206, #2207, #2212
• Require zai_str.ptr to not be null #2214
• Add zai_string and use it in zai_config #2217
• Fix tests: allocate less TLS space by putting uhook HashTables into module globals #2219
• Add sidecar metrics into their own namespace, fix seq id Datadog/libdatadog#220

Profiling

This release reduces CPU overhead to collect stacks, and also reduces overhead when services are idle or partially idle. It also reduces the average amount of memory used.

Added

• attach fiber's function name as a label #2169

Fixed

• enable allocation profiling only if profiling is enabled #2185
• enable timeline only if profiling is enabled and lower overhead when disabled #2189
• fix empty profiles with timeline due to end_timestamp_ns unit being set #2244

Internal changes

• perf: speed up stack walking by using function run_time_cache #1998, #2182
• perf: only wake every 10ms if PHP is serving a request #2168
• refactor: extract ZaiStringView::to_string #2175
• build: update Cargo.lock #2183
• refactor: simplify string tables #2186
• perf: use u32 instead of usize for string table indices #2187
• test: add Datadog\Profiling\trigger_time_sample #2201
• build: Update to Rust 1.71 / LLVM 16 #2208
• Bump libdatadog to v3.0.0 #2210
• fix(profiling): clippy lints #2215
• style(profiler): use let-else syntax #2216
• build(profiling): bump dependencies including libdatadog v4.0.0 #2228

Application Security Management (0.13.1)

Added

• Add trusted IPs capability DataDog/dd-appsec-php#279
• Add extra_services configuration DataDog/dd-appsec-php#282

Fixed

• Ensure ddtrace is also enabled DataDog/dd-appsec-php#281
• Fix service name alias configuration DataDog/dd-appsec-php#293

Internal changes

• Add automated login events integration test for Laravel and Symfony DataDog/dd-appsec-php#270
• Upload suppressions and fix current ones DataDog/dd-appsec-php#280
• WAF upgrade to 1.13.1 Datadog/dd-appsec-php#292
• Send events even when limiter does not force manual keep Datadog/dd-appsec-php#290
• Update ruleset to 1.7.2 Datadog/dd-appsec-php#291

This release adds logs correlation and telemetry support:

• Used configurations, libraries and integrations will be collected. This may be disabled with DD_INSTRUMENTATION_TELEMETRY_ENABLED=0.
• Logs written by common logging libraries will be attached metadata about the trace and span the log line was generated in. This may be disabled with DD_LOGS_INJECTION=0.

Added

• Add Logs Correlation #2118
• Add network destination name to http client spans #2134
• Add peer.service to Mysqli instrumentation #2142
• Add peer.service to PHPRedis instrumentation #2152
• Add peer.service to PDO instrumentation #2148
• Add peer.service to SQLSRV instrumentation #2155
• Add peer.service to Mongodb instrumentation #2147
• Add peer.service to Memcached clients instrumentation #2145
• Add peer.service to http client instrumentations #2134
• Add automated login events to Symfony #2132 #2146
• Opt-in to flat service names #2163

Changed

• Move all integrations to deferred loading #2153
• Reflect changes to datadog.version and datadog.env in existing spans #2165
• Evaluate the service name after the service mapping for a sampling decision #2166

Fixed

• Add invalid regex handling for sampling rules #2160

Internal Changes

• Add SpanData::peerServiceSources #2130
• Handle peer.service-related post-process in the extension #2135
• Enable instrumentation telemetry by default #2153
  • With this change, a new datadog-ipc-helper process will be started alongside the application. This process will be in charge of collecting telemetry and will take over more responsibilities in upcoming releases.

Profiling

Added

• doc(profiling): make phpinfo() output more helpful #2144
• timeline: add eval() timings #2150

Fixed

• Explicit shutdown allocation profiling on fork() #2149
• Optimize event timestamp for timeline #2157

Internal changes

• refactor(profiling): apply clippy suggestions #2141

This release adds timeline support to the profiler. This is off by default. Enable it with the environment variable DD_PROFILING_EXPERIMENTAL_TIMELINE_ENABLED=1 or INI setting datadog.profiling.experimental_timeline_enabled=1.

Added

• Add horizon as artisan queue command #2124 Thanks, @markwalet.
• Add network destination name to http client spans #2134
• Add automated Laravel user tracking events #2100
• Add DD_HTTP_SERVER_ROUTE_BASED_NAMING config to enforce resources #2138

Fixed

• Fix a memory leak when overriding default arguments in install_hook (PHP7.2-) #2107
• Generate runtime-id on first request #2137
• Better GC workaround on PHP 7.3 and below for cycle collected span stacks #2123
• Use proper variable for php-config #2114
• Generate runtime-id on first request #2137

Internal Changes

• Add note about cargo in README, make debug symbols included by default for manual compilation #2110

Profiling

Added

• Add timeline support #1997, #2108
• Add endpoint counts #2111
• Add file compilation times to timeline #2119

Internal changes

• ci: add stack walking benchmark #2041, #2133, #2136
• ​​build: bump indexmap to v2.0.0 #2127
• build: bump bindgen to 0.66.1 #2128

Application Security Management (0.10.0)

Added

• Add automated user login events DataDog/dd-appsec-php#272
• Add sign up event DataDog/dd-appsec-php#275

Fixed

• Persist top-most root span from RINIT DataDog/dd-appsec-php#273

Internal Changes

• Rename system-test scenario DataDog/dd-appsec-php#271
• Support multiple traces and spans but provide only the root span on integration tests DataDog/dd-appsec-php#274
• Set libddwaf as git safe.directory on build package step DataDog/dd-appsec-php#276