Prelude
Application Security Management (ASM) has added Django support for blocking malicious IPs using one click within Datadog.
<div class="note">
<div class="title">
Note
</div>
One click blocking for ASM is currently in beta.
</div>
Application Security Management (ASM) has added Flask support for blocking malicious IPs using one click within Datadog.
<div class="note">
<div class="title">
Note
</div>
One click blocking for ASM is currently in beta.
</div>
Deprecation Notes
- grpc: Deprecates `ddtrace.contrib.grpc.constants.GRPC_PORT_KEY`. Use `ddtrace.ext.net.TARGET_PORT` instead.
- dbapi: `ddtrace.ext.sql.ROWS` is deprecated. Use `ddtrace.ext.db.ROWCOUNT` instead.
- cassandra: `ddtrace.ext.cassandra.ROW_COUNT` is deprecated. Use `ddtrace.ext.db.ROWCOUNT` instead.
New Features
- Enable traces to be sent before an impending timeout for `datadog_lambda>=4.66.0`. Use `DD_APM_FLUSH_DEADLINE` to override the default flush deadline. The default is the AWS Lambda function configured timeout limit.
- debugger: Add dynamic log probes to that generate a log message and optionally capture local variables, return value and exceptions
- tracing: Add support for enabling collecting of HTTP request client IP addresses as the `http.client_ip` span tag. You can set the `DD_TRACE_CLIENT_IP_ENABLED` environment variable to `true` to enable. This feature is disabled by default.
- ASM: add support for one click blocking of IPs with the Django framework using Remote Configuration Management.
- ASM: add support for one click blocking of IPs with the Flask framework using
Remote Configuration Management.
- ASM: also fetch loopback IPs if client IP fetching is enabled (either via ASM or DD_TRACE_CLIENT_IP_ENABLED).
- ASM: Enable ability to remotely activate and configure ASM features. To enable, check the Python Security page in your account. Note that this is a beta feature.
- profiling: Collects endpoint invocation counts.
- dynamic instrumentation: Python 3.11 is now supported.
- graphene: Adds support for Python 3.11.
- graphql: Adds support for Python 3.11.
- httpx: Add support for `httpx<0.14.0,>=0.9.0`.
- tracer/span: Add `Span.finish_with_ancestors` method to enable the abrupt
finishing of a trace in cases where the trace or application must be immediately terminated.
Known Issues
- remote config: There is a known issue with remote configuration management (RCM) when paired with gevent which can cause child processes to deadlock. If you are experiencing issues, we recommend disabling RCM with `DD_REMOTE_CONFIGURATION_ENABLED=false`. Note, this will disable one click activation for ASM.
- gunicorn: ddtrace-run does not work with gunicorn. To instrument a gunicorn application, follow the instructions [here](https://ddtrace.readthedocs.io/en/latest/integrations.html#gunicorn).
Bug Fixes
- fastapi: Previously, custom fastapi middlewares configured after application startup were not traced. This fix ensures that all fastapi middlewares are captured in the <span class="title-ref">fastapi.request</span> span.
- tracing: Pads trace_id and span_ids in b3 headers to have a minimum length of 16.
- Fix full stacktrace being sent to the log on remote config connection errors.
- httpx: Only patch `httpx.AsyncClient` for `httpx>=0.11.0`.
- tracing: This fix resolves an issue with the encoding of traces when using the v0.5 API version with the Python optimization option flag `-O` or the `PYTHONOPTIMIZE` environment variable.
- pylons: This fix resolves an issue where `str.decode` could cause critical unicode decode errors when ASM is enabled. ASM is disabled by default.
- gevent: This fix resolves incompatibility under 3.8\>=Python\<=3.10 between `ddtrace-run` and applications that depend on `gevent`, for example `gunicorn` servers. It accomplishes this by keeping copies that have not been monkey patched by `gevent` of most modules used by `ddtrace`. This "module cloning" logic can be controlled by the environment variable `DD_UNLOAD_MODULES_FROM_SITECUSTOMIZE`. Valid values for this variable are "1", "0", and "auto". "1" tells `ddtrace` to run its module cloning logic unconditionally, "0" tells it never to run that logic, and "auto" tells it to run module cloning logic *only if* `gevent` is accessible from the application's runtime. The default value is "0".
- lib-injection: Use package versions published to PyPI to install the
library. Formerly the published image was installing the package from source using the tagged commit SHA which resulted in slow and potentially failing installs.
- profiler: Handles potential `AttributeErrors` which would arise while collecting frames during stack unwinding in Python 3.11.
- remote config: ensure proper validation of responses from the agent.
---