Ddtrace

Latest version: v2.17.3

Safety actively analyzes 688792 Python packages for vulnerabilities to keep your Python projects secure.

Page 14 of 44

1.20.0

Prelude

Vulnerability Management for Code-level (IAST) is now available in private beta. Use the environment variable `DD_IAST_ENABLED=True` to enable this feature.

New Features

- ASM: This introduces support for custom blocking actions of type redirect_request.
- data_streams: Adds public api `set_produce_checkpoint` and `set_consume_checkpoint`

Bug Fixes

- kafka: Resolves an issue where traced kafka connections were assigned a default timeout of 1 second. The default timeout in [Consumer.poll(...)](https://docs.confluent.io/platform/current/clients/confluent-kafka-python/html/index.html#confluent_kafka.Consumer.poll) should be None.
- openai: This fix resolves an issue where errors during streamed requests resulted in unfinished spans.

---

1.19.0

New Features

- Adds the db.row_count tag to redis and other redis-like integrations. The tag represents the number of returned results.
- CI Visibility: adds test level visibility for [unittest](https://docs.python.org/3/library/unittest.html)
- ASM: Adds detection of insecure cookie vulnerabilities on responses.
- ASM: This introduces trusted IPs capabilities in the tracer, to allow specific IPs not to be blocked by ASM but still be monitored.
- ASM: This introduces a new capability to configure the blocking response of ASM. Users can change the default blocking response behavior or create new custom actions. Configuration of a custom blocking page or payload can still be provided by using DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON and DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML to change the static files used for the response body. The action block, that can be defined in the static rule file or via remote configuration, allows now to create new custom blocking actions with any status code for the response.
- The aiopg and aiomysql integrations no longer set the sql.query tag on query spans. This tag duplicated the value captured by the span resource. Users who want to send this query unobfuscated can use the tracer API to set tags on the query span.
- data_streams: Starts tracking Kafka lag in seconds.
- kafka: Adds support for the Kafka serializing producer and deserializing consumer.
- profiling: allow individual collectors to be disabled.
- tracing: This change introduces the `allow_false` keyword argument to `BaseSampler.sample()`, which defaults to `True`. `allow_false` controls the function's return value. If `allow_false` is `False`, the function will always return `True` regardless of the sampling decision it made. This is useful when `sample` is called only for its side effects, which can include setting span tags.

Known Issues

- There are known issues configuring python's builtin multiprocessing library when ddtrace is installed. To use the multiprocessing library with ddtrace ensure `DD_UNLOAD_MODULES_FROM_SITECUSTOMIZE` is set to `True`.
- When running setup.py extensions with the CMake parameter "-j", it could potentially raise an out-of-memory error. If someone wants to expedite the ddtrace installation, they should manually set the "CMAKE_BUILD_PARALLEL_LEVEL" environment variable.

Bug Fixes

- ASM: avoid potentially unneeded import of the IAST native module.

- ASM: avoid potentially unneeded import of the IAST native module if setup doesn't build extensions correctly.

- data_streams: This fix resolves an issue where data stream context propagation would not propagate via SNS if raw message delivery was enabled.

- dynamic instrumentation: function duration measurements are now reported in milliseconds to match the expectation from the UI.

- dynamic instrumentation: fixed an issue that prevented line probes from being injected in some finally blocks.

- dynamic instrumentation: Fixed the programmatic API to ensure that the dynamic instrumentation service is fully enabled when `Dynamic Instrumentation.enable()` is called.

- dynamic instrumentation: fixed a bug that might have caused probe status to fail to update correctly.

- django: This fix resolves an issue where 'span.resource' would not include the endpoint when a Handler was interrupted, such as in the case of gunicorn worker timeouts.

- CI Visibility: fixes an issue where the Intelligent Test Runner would not work when in EVP proxy mode due to missing `X-Datadog-NeedsAppKey` header.

- CI Visibility: revert to using DD_CIVISIBILITY_ITR_ENABLED (instead of \_DISABLED) to conform with other tracers.

- profiling: fixed a bug that prevented profiles from being correctly correlated to traces in gevent-based applications, thus causing code hotspot and end point data to be missing from the UI.

- docs: Fix undefined variable reference in otel documentation

- CI Visibility: fixes that Python 2.7 test results were not visible in UI due to improperly msgpack-ed data

- ASM: This fix resolves an issue where track_user_signup_event and track_custom_event where not correctly tagging the span. This could lead to the loss of some events in the sampling.

- appsec: Fixes an issue where ddtrace.appsec is imported and assumed to be available in all deployments of ddtrace

- lib-inject: This fix resolves an issue where `libdl.so.2: cannot open shared object file: No such file or directory` errors occurred when the
injection image started.

- lib-injection: Resolves permissions errors raised when ddtrace packages are copied from the InitContainer to the shared volume.

- mariadb: This fix resolves an issue where MariaDB connection information objects not including the user or port caused exceptions to be raised.

- appsec: This fix resolves an issue in which the library attempted to finalize twice a context object used by the Application Security Management product.

- propagation: Prevent propagating unsupported non-ascii `origin` header values.

- pymongo: This upgrades the PyMongo integration to work with PyMongo versions 4.5.0 and above by choosing the root function of the integration on the basis of the PyMongo version.

- tracing: This fix resolves an issue where the \_dd.p.dm and \_dd.\*\_psr tags were applied to spans in ways that did not match their intended semantics, increasing the potential for metrics-counting bugs.

- ASM: This fix resolves issue where user information was only set in root span. Now span for user information can be selected.

- sqlalchemy: sqlalchemy rollbacks could previously cause intermittent deadlocks in some cases. To fix this `DD_TRACE_SPAN_AGGREGATOR_RLOCK` was introduced in 1.16.2 with the default as `False`. We are now changing the default to `True`.

Other Changes

- Adds a get_version method to each integration and updates the basic template for developing an integration to include this method. The get_version method returns the integration's package distribution version and is to be included in the APM Telemetry integrations payload.
- Add a ddtrace_iast_flask_patch function defined in ddtrace.appsec.iast to ensure that the main Flask app.py file is patched for IAST propagation. This function should be called before the app.run() call. You only need this if you have set DD_IAST_ENABLED=1. Only the main file needs to call this functions, other imported modules are automatically patched.
- docs: Fixes formatting in ddtrace docs.
- ASM: Improve default value of regex for query string obfuscation. Rename env var `DD_TRACE_OBFUSCATION_QUERY_STRING_PATTERN` to `DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP`.

---

1.18.0

Prelude

Data Streams Monitoring (DSM) has added support for AWS Kinesis

**Breaking change** for CI Visibility: `test.suite` and `test.full_name` are changed, so any visualization or monitor that uses these fields is potentially affected.

Deprecation Notes

- `DD_CALL_BASIC_CONFIG` will be removed in the upcoming 2.0.0 release. As an alternative to `DD_CALL_BASIC_CONFIG`, you can call `logging.basicConfig()` to configure logging in your application.
- `DD_LOG_FORMAT` is deprecated and will be removed in 2.0.0. As an alternative, please follow the log injection formatting as provided in the [log injection docs](https://ddtrace.readthedocs.io/en/stable/advanced_usage.html#update-log-format).

New Features

- CI Visibility: added tracing support for pytest-benchmark

- ASM: The vulnerability report now includes a feature to scrub potentially sensitive information. This scrubbing process looks for common patterns, and it can be further expanded using environment variables such as `DD_IAST_REDACTION_NAME_PATTERN` and `DD_IAST_REDACTION_VALUE_PATTERN`. See the [docs](https://ddtrace.readthedocs.io/en/stable/configuration.html#DD_IAST_REDACTION_ENABLED) for more information.

- DSM: Adds DSM support for AWS Kinesis. For information about DSM, see the [official documentation](https://docs.datadoghq.com/data_streams/). This change requires users to use botocore version 1.26.30 or later and update calls to Kinesis' PutRecord, PutRecords, and GetRecords calls with the StreamARN argument.

- pytest: This change introduces an option to the pytest plugin to disable ddtrace: `--no-ddtrace`

- CI visibility: Adds support for tracking repository URLs via the BITBUCKET_GIT_HTTP_ORIGIN environment variable

- CI visibility: Adds CodeFresh integration

- CI Visibility: Beta release of `pytest` support for the [Intelligent Test Runner](https://docs.datadoghq.com/continuous_integration/intelligent_test_runner/) .

- openai: `tiktoken` has been introduced as an optional package dependency to calculate the number of
tokens used in a prompt for a streamed completion or streamed chat completion. To enable this feature, install `ddtrace[openai]` or `tiktoken`. If `tiktoken` is not installed, the prompt token count will be continue to be estimated instead.

- Allows the use of a new backend for storing and exporting profiling data. This feature can be enabled for now by setting the DD_PROFILING_EXPORT_LIBDD_ENABLED environment variable to true. This should improve performance while decreasing memory overhead.

Known Issues

- sqlalchemy: sqlalchemy rollbacks can intermittently cause deadlocks in some cases. If experiencing this issue, set `DD_TRACE_SPAN_AGGREGATOR_RLOCK=True`. After testing and feedback we intend to make True the default value.

Bug Fixes

- CI Visibility: fixes an issue where the CIVisibility client would raise an exception if it was started in agentless mode without the DD_API_KEY set

- core: This fix moves `cmake` from `install_requires` to `setup_requires`.

- data_streams: This change fixes a bug in the Kafka & SQS integrations in which the Data Streams product code incorrect set timestamps for statistics. This led to all points being submitted for the same timestamp (the start of the application).

- dynamic instrumentation: handle null literal in conditions and expressions.

- dynamic instrumentation: fixed a bug that prevented span decoration probes from being received and instrumented.

- dynamic instrumentation: ensure that probes that fail to be instrumented because of invalid conditions/expressions are reported with status `ERROR` in the UI.

- CI Visibility: This fix solves an issue where the git unshallow command wasn't called

- tracing: Ensures health metrics are tagged with the correct values.

- CI Visibility: This fix resolves an issue where test skipping was not working properly.

- langchain: This fix resolves an issue where chat messages and embedding arguments
passed in as keyword arguments were not parsed correctly and resulted in an `ArgumentError`.

- langchain: This fix resolves an issue where `langchain.embeddings.HuggingFaceEmbeddings` embedding
methods, and `langchain.vectorstores.Milvus.similarity_search` were patched twice due to a nested class hierarchy in `langchain`.

- profiling: prevent deadlocks while recording events of different type.

- pytest: This fix resolves an issue where test modules could be non-existent, causing errors in the CI Visibility product.

- kafka: Resolves `UnicodeDecodeError` raised when kafka messages key contain characters that are not supported by UTF-8 encoding.

- lib-injection: Adds support for non-root run applications in containers.

- This fix resolves an issue causing span tags used by the Datadog backend not to be inherited by spans that exist in a different process from their parents.

Other Changes

- tracing: Previously the maximum size of a span tag was set to the full size of trace writer buffer (via DD_TRACE_WRITER_BUFFER_SIZE_BYTES). With this change the maximum size of span tags will be set to 10% of the size of the writer's buffer. This should decrease the frequency of encoding errors due to large span tags.

---

1.17.0

Prelude

Datadog has added support for automatically creating login success or failure events when a configured Django authentication backend is used. This will automatically fill the following tags in these cases:

> - appsec.events.users.login.success.track
> - appsec.events.users.login.failure.track
> - appsec.events.users.login.success.\[email\|login\|username\]
> - appsec.events.users.login.failure.usr.exists

New Features

- ASM: Add support for automatic user login events in Django.

- langchain: Adds integration with support for metrics, logs, and traces from LangChain requests.
See the `docs<langchain>` for more information.

- redis: Add support for Async RedisCluster.

Bug Fixes

- core: This fix removes the inclusion of our `benchmarks/` directory in the `ddtrace` wheels.
- internal: call `_fixupChildren` when retrieving `DDLogger`
- profiling: Fixed a regression whereby the profile exporter would not handle known request errors and asks the user to report an issue instead.
- profiling: Handles a race condition, which would occasionally throw an error, which would read `"RuntimeError: the memalloc module was not started."`
- CI visibility: fix version and step arguments gathering to enable plugin compatibility with pytest-bdd 6.1.x
- Fixed a bug that caused applications using gevent and cassandra to fail to start with the ddtrace-run command.
- tracing: This fix resolves a `google.protobuf` import error when module unloading.
- wsgi: This fix resolves an issues when trying to parse the `environ` property `HTTPS` as an HTTP header.
- Pin `cython<3` due to an incompatibility with `cython==3.0.0` and typing annotations in profiling code.
- telemetry: resolves issue with sending unnecessary duplicate logs

---

1.16.0

Prelude

Application Security Management (ASM) has added support for tracing subprocess executions.

Exception Debugging allows capturing debug information from exceptions attached to traces. The information about local variables and function arguments is displayed in the Error Tracking UI and augments the traceback data already collected.

New Features

- ASM: vulnerabilities related to insecure request cookies will be reported when `DD_APPSEC_ENABLED` is set to `true`.

- ASM: add support for tracing subprocess executions (like os.system, os.spawn, subprocess.Popen and others) and adding
information to a span names command_execution with the new type system. Currently we add the cmd.exec or cmd.shell tags to store the full command line (cmd.shell will be used when the command is run under a shell like with os.system or Popen with shell=True), cmd.exit_code to hold the return code when available, component which will hold the Python module used and the span resource will hold the binary used. This feature requires ASM to be activated using the DD_APPSEC_ENABLED=True configuration environment variable.

- botocore: Introduces environment variable `DD_BOTOCORE_INSTRUMENT_INTERNALS` that opts into tracing certain internal functionality.

- botocore: Added message attributes to Amazon Simple Queue Service spans to support data streams monitoring.

- exception debugging: Introduced the Exception Debugging feature that allows capturing debug information from exceptions attached to traces. This new feature can be enabled via the DD_EXCEPTION_DEBUGGING_ENABLED\` environment variable.

- openai: Adds support for metrics, logs, and traces for the models, edits, images, audio, files, fine-tunes, and
moderations endpoints. See [the docs](https://ddtrace.readthedocs.io/en/stable/integrations.html#openai) for more information.

- CI Visibility: Updates how pytest modules and test suites are reported. Modules names are now set to the fully qualified name, whereas test suites will be set to the file name.
Before this change: {"module": "tests", "suite":"my_module/tests/test_suite.py"} After this change: {"module": "my_module.tests", "suite": "test_suite.py"}

- core: Apply `DD_TAGS` to runtime metrics.

- kafka: Adds messaging.kafka.bootstrap.servers tag for the confluent-kafka producer configuration value found in metadata.broker.list or bootstrap.servers

- tracing: This reports the GRPC package name (optional) and service name in a single rpc.service tag

Bug Fixes

- botocore: This fix resolves an issue where ddtrace attempted to parse as URLs SQS QueueUrl attributes that were not well-formed URLs.
- psycopg: Resolves `TypeError` raised when an async cursor object is traced. This fix ensures exc_type, exc_val, and exc_tb are passed down to the wrapped object on \_\_aexit\_\_.
- Fixed an issue that prevented the library from working as expected when a combination of gevent and asyncio-based frameworks that rely on the functionalities of the ssl module is used.
- openai: Fixes the issue with `ImportError` of `TypedDict` from `typing` module in Python 3.7.
- openai: This fix resolves an issue where embeddings inputs were always tagged regardless of the configured prompt-completion sample rate.
- pytest: This fix resolves an issue where failures and non-skipped tests were not propagated properly when `unittest.TestCase` classes were used.
- Fixes an issue where harvesting runtime metrics on certain managed environments, such as Google Cloud Run, would cause ddtrace to throw an exception.
- graphql: `graphql.execute` spans are now marked as measured.
- tracing: This fix resolves an issue where negative trace ID values were allowed to propagate via Datadog distributed tracing HTTP headers.
- openai: Resolves some inconsistencies in logs generated by the image and audio endpoints, including filenames, prompts, and not logging raw binary image data.
- pymemcache: This fix resolves an issue where overriding span attributes on `HashClient` failed when `use_pooling` was set.
- This fix resolves an issue causing MyPy linting to fail on files that import ddtrace.
- The 1.15.0 version has a bug that arises when Remote Config receives both kinds of actions (removing target file configurations and loading new target file configurations) simultaneously, as the load action overrides the remove action. This error occurs if someone creates and removes Dynamic Instrumentation Probes rapidly, within a time interval shorter than the Remote Config interval (5s). To fix this issue, this update appends all new configurations and configurations to remove, and dispatches them at the end of the RC request.

---

1.15.0

New Features

- pyramid: Adds http.route tag to `pyramid.request` spans.
- data_streams: Add data streams core integration and instrument the confluent Kafka library with it. For more information, check out the docs, <https://docs.datadoghq.com/data_streams/>
- dynamic instrumentation: Added support for span decoration probes.

Bug Fixes

- ASM: This fix resolves an issue where the WAF rule file specified by DD_APPSEC_RULES was wrongly updated and modified by remote config.
- celery: Resolves an issue where hostname tags were not set in spans generated by `celery>4.0`.
- django: Resolves an issue where the resource name of django.request span did not contain the full name of a view when `DD_DJANGO_USE_HANDLER_RESOURCE_FORMAT=True`. This issue impacts `django>=4.0`.
- CI Visibility: This fix resolves the compatibility for Gitlab 16.0 deprecated urls
- openai: Resolves an issue where using an array of tokens or an array of token arrays for the Embeddings endpoint caused an AttributeError.
- profiling: Fixed an issue with gunicorn and gevent workers that occasionally caused an `AttributeError` exception to be raised on profiler start-up.
- psycopg: Fixes `ValueError` raised when dsn connection strings are parsed. This was fixed in ddtrace v1.9.0 and was re-introduced in v1.13.0.
- gunicorn: This fix ensures ddtrace threads do not block the master process from spawning workers when `DD_TRACE_DEBUG=true`. This issue impacts gunicorn applications using gevent and `python<=3.6`.

---

Page 14 of 44

Releases

Has known vulnerabilities

Previous Next

Ddtrace

Page 14 of 44

1.20.0

1.19.0

1.18.0

1.17.0

1.16.0

1.15.0

Page 14 of 44

Links

Releases