Releases: DataDog/dd-trace-rb
Release list
2.38.0
Added
- Dynamic Instrumentation: Log probes now support capture expressions as an alternative to capturing the full local/argument scope (#5845)
- SSI: Add support for Ruby 4.0 runtime (#5981)
- SSI: Add support for Bundler 4.0 and RubyGems 4.0 (#5981)
Fixed
- AppSec: Fix Rack-based and Rails request body analysis when body parsing fails (#5993)
- Profiling: Add workaround for crash when collecting frame information (#6014)
- Profiling: Fix left-over state impacting samples when profiler gets stopped and started again (#5960)
- Profiling: Fix Ruby 4.0.6 support by bumping minimum version of
datadog-ruby_core_sourceto 3.5.3 (#6047) - Profiling: Disable live heap size profiling on Ruby 4.0 due to incompatibility (#6022)
- Profiling: Disallow heap profiling on Ruby 4.1+ (#6023)
- Tracing: Fix
pginstrumentation which raisedArgumentErrorwhen callingexec_params,exec_preparedwithout aparamsargument, or theirasync_/sync_variants (#6020)
2.37.0
Highlights
Dynamic Instrumentation can now be enabled directly from the Datadog UI without restarting your application, and the Symbol Database is automatically enabled when DI is active.
AppSec adds signup event tracking and normalized HTTP routes for API Security Testing, along with multiple fixes to improve schema extraction, WAF analysis, and remote configuration stability.
We’ve also reduced profiler overhead and fixed a potential crash when using experimental heap profiling on Ruby 4.0.
Added
- AppSec: Add sign-up event tracking to
Datadog::Kit::AppSec::Events::V2(#5973) - AppSec: Integrations: Add normalized HTTP route for API Security Testing (#5834)
- Dynamic Instrumentation: DI can now be enabled from the Datadog UI without setting
DD_DYNAMIC_INSTRUMENTATION_ENABLEDor restarting the application. SettingDD_DYNAMIC_INSTRUMENTATION_ENABLED=falseexplicitly still disables it and blocks UI-driven enablement (#5525)
Changed
- Profiling: Reduce profiler overhead by sampling profiler-internal threads only once per minute (#5955)
- Dynamic Instrumentation: Reject method probes that target
Kernel#lambda, which cannot be safely instrumented (#5954) - Dynamic Instrumentation: Reject method probes that target classes or modules in the Datadog namespace (#5907)
- Dynamic Instrumentation: Enable Symbol Database by default when Dynamic Instrumentation is enabled (#5828)
Fixed
- AppSec: AI Guard: Fix endpoint configuration via
DD_SITEenvironment variable (#5940) - AppSec: Fix API Security schema extraction timeout and telemetry (#5975)
- AppSec: Fix remote configuration errors when the ruleset name changes (#5970)
- AppSec: Integrations: Add configurable size limit for downstream HTTP request and response body analysis (#5990)
- AppSec: Integrations: Fix WAF analysis for requests with cached or parsed bodies in Rack and Sinatra (#5991)
- AppSec: Integrations: Fix an exception for unauthorized requests when using Devise with Rails. (#5987)
- Profiling: Fix a
SIGSEGVcrash that could happen with experimental heap profiling enabled on Ruby 4.0 (#5938) (@navidemad) - Dynamic Instrumentation: Normalize Rack CGI header prefix (
HTTP_<HEADER>) in redactor so snapshot captures redact sensitive headers like their bare names (#5911) - Dynamic Instrumentation: Symbol Database and DI background threads no longer stop when application code raises a non-StandardError during introspection (#5945)
2.36.0
Added
- Tracing: Add
DD_TRACE_PROPAGATION_BEHAVIOR_EXTRACTto control trace extraction behavior withcontinue,restart, andignoremodes (#5844) - AppSec: Add
DD_APPSEC_BODY_PARSING_SIZE_LIMITto control processing of request and response body size; set to 0 to disable (#5877) - AppSec: Detect attacks from inline fragments in GraphQL queries (#5916)
- Dynamic Instrumentation: Show lazily loaded classes in UI (#5697)
Changed
- Dynamic Instrumentation: Reduce peak memory usage during Symbol Database extraction (#5883)
- Profiling: Reduce profiler overhead by up to 50% by skipping redundant samples for threads without the GVL (#5777)
- Profiling: Remove overhead when cleaning up dead threads (#5816)
Fixed
- Tracing: Workaround Ruby VM bug causing segmentation faults inside CachingResolver (#5719, #5890)
- Dynamic Instrumentation: Prevent uploading stale class definitions for apps using
remove_const-then-redefine patterns (#5872) - Profiling: Fix GC profiling being incorrectly disabled on Ruby 3.2.10 and 3.2.11 (#5894)
- Profiling: Fix over-counting of the first allocation sample at profiler startup (#5881)
- Profiling: Fix rare profiler crash during shutdown in heap profiling cleanup (#5920)
- Core: Fix exception message formatting from native extensions (#5857)
2.35.0
Highlights
This release improves telemetry quality, Rails AppSec performance, and upgrade compatibility. It adds dynamic_service SQL comment propagation, excludes Datadog-generated traffic from application metrics, speeds up Rails route extraction, restores a tracing compatibility constant, and deprecates profiling.advanced.timeline_enabled profiling setting.
Added
- Tracing: Add
dynamic_serviceSQL comment propagation mode for Database Monitoring (#5812) - Tracing: Prevent Datadog-generated traffic from interfering with application metrics (#5811)
Changed
- AppSec: Improve route extraction performance for Rails applications (#5836)
Fixed
- Tracing: Restore
Datadog::Tracing::Contrib::Ext::Metadata::TAG_BASE_SERVICEconstant removed in v2.34.0 (#5830)
Removed
- Profiling: Deprecate the
profiling.advanced.timeline_enabledsetting for removal; it no longer does anything. Please remove it fromDatadog.configureand do not setDD_PROFILING_TIMELINE_ENABLED(#5750)
2.34.0
Highlights
This release adds opt-in Symbol Database uploads for Dynamic Instrumentation, allowing Ruby services to populate Live Debugger autocomplete when creating probes. OpenTelemetry logs can now be exported over OTLP using DD_LOGS_OTEL_ENABLED=true and standard OTEL_EXPORTER_OTLP_* settings. Dynamic Instrumentation background symbol extraction now throttles CPU usage to reduce request latency impact under load. AppSec initialization failures no longer crash host applications, and this release includes additional fixes for remote configuration errors, Process.spawn, and probe behavior.
Added
- Dynamic Instrumentation: Enable opt-in Symbol Database upload so Ruby services populate Live Debugger UI autocomplete when creating probes (#5717)
- Open Telemetry: Add OpenTelemetry logs support with OTLP export. Enable using
DD_LOGS_OTEL_ENABLED=true; supports standardOTEL_EXPORTER_OTLP_*settings (#5446)
Fixed
- Core: Fix Remote configuration
TransportErrormessages removing wrapper response object memory addresses (#5762) - Core: Fix
TypeErrorfromProcess.spawnwhen passing an environment Hash (#5773, #5634) - AppSec: Prevent host application crashes when AppSec fails to initialize (#5768)
- Dynamic Instrumentation: Fix off-by-one in
max_capture_depthso snapshots respect the configured nesting limit exactly (#5753) - Dynamic Instrumentation: Improve line probes to match
sourceFilecase-insensitively and support Windows-style backslashes for correct installation (#5754)
2.33.0
Highlights
This release expands AppSec and serverless support. It adds AWS Lambda integration and ensures the client IP is always collected when AI Guard is enabled.
Tracing now includes inferred proxy spans for services behind AWS Gateway. It also adds support for DD_HOSTNAME, which controls trace hostnames and the OpenTelemetry host.name value when hostname reporting is enabled.
We’ve also enhanced crash reports to include all threads for better debugging context.
Added
- AI Guard: Ensure client IP is always collected when AI Guard is enabled (#5677)
- AppSec: Add support for AWS Lambda (#5663)
- Tracing: Add inferred proxy spans for services behind AWS Gateway (#5681)
- Open Telemetry: Add support for
DD_HOSTNAMEto set trace hostname and OTelhost.namewhenDD_TRACE_REPORT_HOSTNAMEis enabled (#5705)
Changed
2.32.0
Highlights
This release adds a Profiling metric for time spent waiting for the GVL, expands Live Debugger line probe coverage to third-party and Ruby standard library code loaded before the Datadog gem, and adds OpenFeature flag evaluation metrics through OpenTelemetry.
We’ve also strengthened trace propagation with stricter parsing and size limits to improve reliability and standards compliance.
Added
- Open Feature: Add flag evaluation metrics (
feature_flag.evaluations) via OpenTelemetry for OpenFeature provider. (#5599) - Profiling: Add metric for total time spent waiting for the GVL. (#5569)
- Dynamic Instrumentation: Live Debugger line probes can now target third-party and Ruby standard library code loaded before datadog gem is loaded. (#5501)
Changed
- Profiling: Print failure info when native extension setup fails (#5657)
- Tracing: Add parsing limits to
tracestateandtraceparentpropagation headers and remove whitespace around list members. (#5674) - Tracing: Limit extracted baggage header parsing to 64 items and 8192 bytes. (#5672)
Fixed
2.31.0
Highlights
This release significantly expands AppSec AI Guard capabilities, adding support for evaluating images in user prompts and tool outputs, and exposing Sensitive Data Scanner findings and tag probabilities in evaluation results.
A breaking change updates AIGuard.evaluate to raise errors by default when the service is configured to block (via Datadog UI), so be sure to opt out if you rely on the previous behavior.
We’ve also improved observability with enhanced configuration reporting in the Datadog UI, added a new extended heartbeat telemetry event for long‑running services, and richer Dynamic Instrumentation snapshots.
JRuby is now deprecated.
Added
- Core: Add
app-extended-heartbeattelemetry event to resend full configuration every 24h for long-running services. (#5531) - AI Guard: Add multi-model messages support to AI Guard, enabling text and image URL content parts in evaluation SDK (#5564)
- AI Guard: Add evaluation of images in user prompt and tool output for RubyLLM contrib. (#5573)
- AI Guard: Expose Sensitive Data Scanner findings in AI Guard results via
AIGuard::Evaluation::Result#sds_findings. (#5579) - AI Guard: Expose tag probabilities in AI Guard results via
AIGuard::Evaluation::Result#tag_probabilities. (#5580) - Tracing: Integrations: Add
rails.applicationto the process tags. (#5468) - Tracing: Report and display all configurations used by a service in the 'SDK & Agent Configurations' tab of a Ruby service page in Datadog UI (#5483)
Changed
- Core: Upgrade
libdatadogdependency to version 30.0.0 (#5574) - AI Guard: Breaking change: AIGuard.evaluate now defaults to
allow_raise: true. Passallow_raise: falseto keep the previous non-raising behavior. (#5587) - Dynamic Instrumentation: Report exception messages in method probe snapshots. Require the libdatadog_api C extension for Dynamic Instrumentation. (#5111)
Fixed
- Profiling: Detect when
libdatadogversion does not match expected version. (#5484) - Profiling: Log profiler initialization errors as warnings instead of raising them. (#5509)
- Tracing: Fix
NoMethodErrorinextract_trace_id!caused byextract_tagsreturningtrue. (#5499)
Removed
- Core: Removed JRuby from the CI test matrix (#5594)
2.30.0
Highlights
This release brings enhancements to Profiling and Tracing, along with important fixes across Dynamic Instrumentation and integrations. Features such as feature flags now also work on macOS.
Profiling can now use the a built-in DNS resolver when reporting data (system DNS remains the default) as well as introduces new experimental controls for cpu/wall-time sampling interval.
Tracing adds propagation of the Knuth sampling rate and new per-integration environment variables to control distributed tracing.
Process tag propagation is now enabled by default, and several fixes improve reliability for Dynamic Instrumentation, Data Streams Monitoring, and popular integrations like grape and dalli.
Added
- Core: Enable
libdatadog-based features and tests on macOS (#5351) - Tracing: Add
_dd.p.ksrpropagated tag to transmit Knuth sampling rate for backend resampling (#5436) - Tracing: Integrations: Add
DD_TRACE_<INTEGRATION>_DISTRIBUTED_TRACINGenvironment variables to control distributed tracing per integration (#5396) - Profiling: Add profiler setting
experimental_use_system_dnsto use system DNS resolver (defaults to true) (#5425, #5449) - Profiling: Allow lowering CPU profiling sampling interval with
experimental_cpu_sampling_interval_mssetting (#5424)
Changed
- Core: Enable process tags by default by setting
DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED, expanding tag collection for Tracing, Database Monitoring, Data Streams Monitoring, Profiling, Runtime Metrics, Process Discovery, Remote Configuration, Telemetry, Dynamic Instrumentation, and CrashTracking (#5432) - Core: Upgrade
libdatadogdependency to version 29.0.0 (#5274, #5461) - Core: Remove dependency on
pkg-configsystem tool for native extension builds (#5469) - Profiling: Improve profiling error message when another profiler is present (#5375)
Fixed
- Tracing: Integrations: Fix
endpoint_render.grapeActiveSupport notification instrumentation forgrape3.x (#5414) - Tracing: Integrations: Fix compatibility with
dalliversion 5.x and later (#5435) - Dynamic Instrumentation: Fix JSON serialization failures when snapshots contain binary data and invalid UTF-8 strings (#5434)
- Dynamic Instrumentation: Show ERROR probe status when custom serializers produce non-JSON-encodable data instead of silent failures (#5448)
- Data Streams: Fix Data Streams Monitoring to correctly report the configured environment instead of showing
env:none(#5427)
2.29.0
Highlights
Live Debugger for Ruby is now in Limited Availability
Datadog Live Debugger for Ruby is now available in Limited Availability, enabling developers to inspect application behavior directly in production without modifying code, redeploying services, or impacting performance.
Instead of adding temporary debug logs or reproducing issues locally, you can dynamically capture application state at specific points in the code. This includes variable values, method inputs, and execution context.
Live Debugger now supports Java, Python, .NET, Node.js, PHP, Ruby, and Go in Limited Availability enabling consistent debugging workflows across environments.
To get started, check out the documentation.
Heap profiling can now be used on Ruby 4
We've now added support for heap profiling on Ruby 4.0 .
Check the docs for how to enable it.
Default logger output is changed from stdout to stderr
On v2.29 Datadog will log to stderr instead of stdout by default to avoid polluting user application logs. To go back to stdout, you can use this snippet:
Datadog.configure do |config|
config.logger.instance = Datadog::Core::Logger.new($stdout)
endAnalysis for downstream requests with redirects
This release introduces comprehensive instrumentation for downstream HTTP requests made by your application. AppSec RASP (Runtime Application Self-Protection) now automatically instruments outbound HTTP requests made via Faraday, Excon, and RestClient.
This includes capturing request/response headers, status codes, and JSON bodies, as well as tracking redirect chains to ensure complete visibility even when requests follow multiple hops.
Body analysis can be tuned to balance security coverage with performance:
Datadog.configure do |c|
c.appsec.enabled = true
# Percentage of downstream requests to analyze body content (0.0 to 1.0)
# Default: 1.0 (analyze all requests)
c.appsec.api_security.downstream_body_analysis.sample_rate = 0.8
# Maximum number of request/response bodies to analyze per trace
# Helps limit overhead in applications making many downstream calls
# Default: 1
c.appsec.api_security.downstream_body_analysis.max_requests = 3
endSimple method tracing API
You can now trace methods easily, by using DSL module:
class MyClass
extend Datadog::Kit::Tracing::MethodTracer
def foo; 'hello'; end
trace_method :foo, span_name: 'optional_span_name'
endOr by calling trace_method directly:
Datadog::Kit::Tracing::MethodTracer.trace_method(MyClass, :foo, span_name: 'optional_span_name')SSI improvements
In addition, SSI auto injection has been improved and now extends Bundler's deployment mode to also support vendored mode (BUNDLE_PATH set), as well as defaulting to fully local dependency analysis and resolution, making it faster, more reliable, and removing a network round trip to gem sources. The SSI package size was also reduced by ~70%.
Added
- AppSec: Add analysis for downstream request with redirects (#5347)
- AppSec: Add downstream request body analysis. (#5320)
- SSI: Add support for Bundler vendored mode (
BUNDLE_PATH) (#5368) - SSI: Default to local dependency resolution (#5368)
- Dynamic Instrumentation: Added circuit breaker to automatically disable probes consuming excessive CPU time (#5335)
- Crashtracking: Add reporting of unhandled exceptions (#5321)
- Tracing: Add support for the
kicksgem (#5305) - Profiling: Add heap profiling for ruby 4.x (#5201)
- Tracing: Add simple method tracing API (#5294)
- Tracing: Add
trace_singleton_class_methodfor tracing singleton class methods. (#5334)
Changed
- Dynamic Instrumentation: Improve error reporting when instrumentation fails or is removed due to circuit breaker (#5371)
- SSI: Reduce SSI package size (#5352)
- Core: Change default logger output from stdout to stderr (#5342)
- AppSec: Make AppSec blocking page more friendly for vulnerability scanners (#5341)
- Core: Add process tags and container id to process discovery payloads when the experimental setting
DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED=trueis enabled. (#5336)
Fixed
- Dynamic Instrumentation: Fix Live Debugger UI for forking web servers with more than one worker process (#5304)