Skip to content

Releases: DataDog/dd-trace-rb

2.38.0

Choose a tag to compare

@eregon eregon released this 16 Jul 09:51
48cf202

Added

  • Dynamic Instrumentation: Log probes now support capture expressions as an alternative to capturing the full local/argument scope (#5845)
  • SSI: Add support for Ruby 4.0 runtime (#5981)
  • SSI: Add support for Bundler 4.0 and RubyGems 4.0 (#5981)

Fixed

  • AppSec: Fix Rack-based and Rails request body analysis when body parsing fails (#5993)
  • Profiling: Add workaround for crash when collecting frame information (#6014)
  • Profiling: Fix left-over state impacting samples when profiler gets stopped and started again (#5960)
  • Profiling: Fix Ruby 4.0.6 support by bumping minimum version of datadog-ruby_core_source to 3.5.3 (#6047)
  • Profiling: Disable live heap size profiling on Ruby 4.0 due to incompatibility (#6022)
  • Profiling: Disallow heap profiling on Ruby 4.1+ (#6023)
  • Tracing: Fix pg instrumentation which raised ArgumentError when calling exec_params, exec_prepared without a params argument, or their async_/sync_ variants (#6020)

2.37.0

Choose a tag to compare

@Strech Strech released this 06 Jul 13:41
161ea80

Highlights

Dynamic Instrumentation can now be enabled directly from the Datadog UI without restarting your application, and the Symbol Database is automatically enabled when DI is active.

AppSec adds signup event tracking and normalized HTTP routes for API Security Testing, along with multiple fixes to improve schema extraction, WAF analysis, and remote configuration stability.

We’ve also reduced profiler overhead and fixed a potential crash when using experimental heap profiling on Ruby 4.0.

Added

  • AppSec: Add sign-up event tracking to Datadog::Kit::AppSec::Events::V2 (#5973)
  • AppSec: Integrations: Add normalized HTTP route for API Security Testing (#5834)
  • Dynamic Instrumentation: DI can now be enabled from the Datadog UI without setting DD_DYNAMIC_INSTRUMENTATION_ENABLED or restarting the application. Setting DD_DYNAMIC_INSTRUMENTATION_ENABLED=false explicitly still disables it and blocks UI-driven enablement (#5525)

Changed

  • Profiling: Reduce profiler overhead by sampling profiler-internal threads only once per minute (#5955)
  • Dynamic Instrumentation: Reject method probes that target Kernel#lambda, which cannot be safely instrumented (#5954)
  • Dynamic Instrumentation: Reject method probes that target classes or modules in the Datadog namespace (#5907)
  • Dynamic Instrumentation: Enable Symbol Database by default when Dynamic Instrumentation is enabled (#5828)

Fixed

  • AppSec: AI Guard: Fix endpoint configuration via DD_SITE environment variable (#5940)
  • AppSec: Fix API Security schema extraction timeout and telemetry (#5975)
  • AppSec: Fix remote configuration errors when the ruleset name changes (#5970)
  • AppSec: Integrations: Add configurable size limit for downstream HTTP request and response body analysis (#5990)
  • AppSec: Integrations: Fix WAF analysis for requests with cached or parsed bodies in Rack and Sinatra (#5991)
  • AppSec: Integrations: Fix an exception for unauthorized requests when using Devise with Rails. (#5987)
  • Profiling: Fix a SIGSEGV crash that could happen with experimental heap profiling enabled on Ruby 4.0 (#5938) (@navidemad)
  • Dynamic Instrumentation: Normalize Rack CGI header prefix (HTTP_<HEADER>) in redactor so snapshot captures redact sensitive headers like their bare names (#5911)
  • Dynamic Instrumentation: Symbol Database and DI background threads no longer stop when application code raises a non-StandardError during introspection (#5945)

2.36.0

Choose a tag to compare

@TonyCTHsu TonyCTHsu released this 24 Jun 14:11
0aa2ab6

Added

  • Tracing: Add DD_TRACE_PROPAGATION_BEHAVIOR_EXTRACT to control trace extraction behavior with continue, restart, and ignore modes (#5844)
  • AppSec: Add DD_APPSEC_BODY_PARSING_SIZE_LIMIT to control processing of request and response body size; set to 0 to disable (#5877)
  • AppSec: Detect attacks from inline fragments in GraphQL queries (#5916)
  • Dynamic Instrumentation: Show lazily loaded classes in UI (#5697)

Changed

  • Dynamic Instrumentation: Reduce peak memory usage during Symbol Database extraction (#5883)
  • Profiling: Reduce profiler overhead by up to 50% by skipping redundant samples for threads without the GVL (#5777)
  • Profiling: Remove overhead when cleaning up dead threads (#5816)

Fixed

  • Tracing: Workaround Ruby VM bug causing segmentation faults inside CachingResolver (#5719, #5890)
  • Dynamic Instrumentation: Prevent uploading stale class definitions for apps using remove_const-then-redefine patterns (#5872)
  • Profiling: Fix GC profiling being incorrectly disabled on Ruby 3.2.10 and 3.2.11 (#5894)
  • Profiling: Fix over-counting of the first allocation sample at profiler startup (#5881)
  • Profiling: Fix rare profiler crash during shutdown in heap profiling cleanup (#5920)
  • Core: Fix exception message formatting from native extensions (#5857)

2.35.0

Choose a tag to compare

@Strech Strech released this 03 Jun 10:27
4a3a8ed

Highlights

This release improves telemetry quality, Rails AppSec performance, and upgrade compatibility. It adds dynamic_service SQL comment propagation, excludes Datadog-generated traffic from application metrics, speeds up Rails route extraction, restores a tracing compatibility constant, and deprecates profiling.advanced.timeline_enabled profiling setting.

Added

  • Tracing: Add dynamic_service SQL comment propagation mode for Database Monitoring (#5812)
  • Tracing: Prevent Datadog-generated traffic from interfering with application metrics (#5811)

Changed

  • AppSec: Improve route extraction performance for Rails applications (#5836)

Fixed

  • Tracing: Restore Datadog::Tracing::Contrib::Ext::Metadata::TAG_BASE_SERVICE constant removed in v2.34.0 (#5830)

Removed

  • Profiling: Deprecate the profiling.advanced.timeline_enabled setting for removal; it no longer does anything. Please remove it from Datadog.configure and do not set DD_PROFILING_TIMELINE_ENABLED (#5750)

2.34.0

Choose a tag to compare

@Strech Strech released this 27 May 17:52
c13657d

Highlights

This release adds opt-in Symbol Database uploads for Dynamic Instrumentation, allowing Ruby services to populate Live Debugger autocomplete when creating probes. OpenTelemetry logs can now be exported over OTLP using DD_LOGS_OTEL_ENABLED=true and standard OTEL_EXPORTER_OTLP_* settings. Dynamic Instrumentation background symbol extraction now throttles CPU usage to reduce request latency impact under load. AppSec initialization failures no longer crash host applications, and this release includes additional fixes for remote configuration errors, Process.spawn, and probe behavior.

Added

  • Dynamic Instrumentation: Enable opt-in Symbol Database upload so Ruby services populate Live Debugger UI autocomplete when creating probes (#5717)
  • Open Telemetry: Add OpenTelemetry logs support with OTLP export. Enable using DD_LOGS_OTEL_ENABLED=true; supports standard OTEL_EXPORTER_OTLP_* settings (#5446)

Fixed

  • Core: Fix Remote configuration TransportError messages removing wrapper response object memory addresses (#5762)
  • Core: Fix TypeError from Process.spawn when passing an environment Hash (#5773, #5634)
  • AppSec: Prevent host application crashes when AppSec fails to initialize (#5768)
  • Dynamic Instrumentation: Fix off-by-one in max_capture_depth so snapshots respect the configured nesting limit exactly (#5753)
  • Dynamic Instrumentation: Improve line probes to match sourceFile case-insensitively and support Windows-style backslashes for correct installation (#5754)

2.33.0

Choose a tag to compare

@Strech Strech released this 13 May 09:52
ee26dc1

Highlights

This release expands AppSec and serverless support. It adds AWS Lambda integration and ensures the client IP is always collected when AI Guard is enabled.

Tracing now includes inferred proxy spans for services behind AWS Gateway. It also adds support for DD_HOSTNAME, which controls trace hostnames and the OpenTelemetry host.name value when hostname reporting is enabled.

We’ve also enhanced crash reports to include all threads for better debugging context.

Added

  • AI Guard: Ensure client IP is always collected when AI Guard is enabled (#5677)
  • AppSec: Add support for AWS Lambda (#5663)
  • Tracing: Add inferred proxy spans for services behind AWS Gateway (#5681)
  • Open Telemetry: Add support for DD_HOSTNAME to set trace hostname and OTel host.name when DD_TRACE_REPORT_HOSTNAME is enabled (#5705)

Changed

  • Core: Collect all threads in crash reports to provide full thread context during crashes (#5724)
  • Core: Update libdatadog dependency to version 33.0.0 (#5723)

2.32.0

Choose a tag to compare

@marcotc marcotc released this 08 May 07:53
3fe084a

Highlights

This release adds a Profiling metric for time spent waiting for the GVL, expands Live Debugger line probe coverage to third-party and Ruby standard library code loaded before the Datadog gem, and adds OpenFeature flag evaluation metrics through OpenTelemetry.
We’ve also strengthened trace propagation with stricter parsing and size limits to improve reliability and standards compliance.

Added

  • Open Feature: Add flag evaluation metrics (feature_flag.evaluations) via OpenTelemetry for OpenFeature provider. (#5599)
  • Profiling: Add metric for total time spent waiting for the GVL. (#5569)
  • Dynamic Instrumentation: Live Debugger line probes can now target third-party and Ruby standard library code loaded before datadog gem is loaded. (#5501)

Changed

  • Profiling: Print failure info when native extension setup fails (#5657)
  • Tracing: Add parsing limits to tracestate and traceparent propagation headers and remove whitespace around list members. (#5674)
  • Tracing: Limit extracted baggage header parsing to 64 items and 8192 bytes. (#5672)

Fixed

  • Tracing: Enforce x-datadog-tags propagation header size limits by byte size. (#5687)
  • Tracing: Return empty baggage on invalid UTF-8 baggage extraction (#5689)

2.31.0

Choose a tag to compare

@y9v y9v released this 20 Apr 15:23
722deb0

Highlights

This release significantly expands AppSec AI Guard capabilities, adding support for evaluating images in user prompts and tool outputs, and exposing Sensitive Data Scanner findings and tag probabilities in evaluation results.

A breaking change updates AIGuard.evaluate to raise errors by default when the service is configured to block (via Datadog UI), so be sure to opt out if you rely on the previous behavior.

We’ve also improved observability with enhanced configuration reporting in the Datadog UI, added a new extended heartbeat telemetry event for long‑running services, and richer Dynamic Instrumentation snapshots.

JRuby is now deprecated.

Added

  • Core: Add app-extended-heartbeat telemetry event to resend full configuration every 24h for long-running services. (#5531)
  • AI Guard: Add multi-model messages support to AI Guard, enabling text and image URL content parts in evaluation SDK (#5564)
  • AI Guard: Add evaluation of images in user prompt and tool output for RubyLLM contrib. (#5573)
  • AI Guard: Expose Sensitive Data Scanner findings in AI Guard results via AIGuard::Evaluation::Result#sds_findings. (#5579)
  • AI Guard: Expose tag probabilities in AI Guard results via AIGuard::Evaluation::Result#tag_probabilities. (#5580)
  • Tracing: Integrations: Add rails.application to the process tags. (#5468)
  • Tracing: Report and display all configurations used by a service in the 'SDK & Agent Configurations' tab of a Ruby service page in Datadog UI (#5483)

Changed

  • Core: Upgrade libdatadog dependency to version 30.0.0 (#5574)
  • AI Guard: Breaking change: AIGuard.evaluate now defaults to allow_raise: true. Pass allow_raise: false to keep the previous non-raising behavior. (#5587)
  • Dynamic Instrumentation: Report exception messages in method probe snapshots. Require the libdatadog_api C extension for Dynamic Instrumentation. (#5111)

Fixed

  • Profiling: Detect when libdatadog version does not match expected version. (#5484)
  • Profiling: Log profiler initialization errors as warnings instead of raising them. (#5509)
  • Tracing: Fix NoMethodError in extract_trace_id! caused by extract_tags returning true. (#5499)

Removed

  • Core: Removed JRuby from the CI test matrix (#5594)

2.30.0

Choose a tag to compare

@Strech Strech released this 19 Mar 12:50
fa028c8

Highlights

This release brings enhancements to Profiling and Tracing, along with important fixes across Dynamic Instrumentation and integrations. Features such as feature flags now also work on macOS.

Profiling can now use the a built-in DNS resolver when reporting data (system DNS remains the default) as well as introduces new experimental controls for cpu/wall-time sampling interval.

Tracing adds propagation of the Knuth sampling rate and new per-integration environment variables to control distributed tracing.

Process tag propagation is now enabled by default, and several fixes improve reliability for Dynamic Instrumentation, Data Streams Monitoring, and popular integrations like grape and dalli.

Added

  • Core: Enable libdatadog-based features and tests on macOS (#5351)
  • Tracing: Add _dd.p.ksr propagated tag to transmit Knuth sampling rate for backend resampling (#5436)
  • Tracing: Integrations: Add DD_TRACE_<INTEGRATION>_DISTRIBUTED_TRACING environment variables to control distributed tracing per integration (#5396)
  • Profiling: Add profiler setting experimental_use_system_dns to use system DNS resolver (defaults to true) (#5425, #5449)
  • Profiling: Allow lowering CPU profiling sampling interval with experimental_cpu_sampling_interval_ms setting (#5424)

Changed

  • Core: Enable process tags by default by setting DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED, expanding tag collection for Tracing, Database Monitoring, Data Streams Monitoring, Profiling, Runtime Metrics, Process Discovery, Remote Configuration, Telemetry, Dynamic Instrumentation, and CrashTracking (#5432)
  • Core: Upgrade libdatadog dependency to version 29.0.0 (#5274, #5461)
  • Core: Remove dependency on pkg-config system tool for native extension builds (#5469)
  • Profiling: Improve profiling error message when another profiler is present (#5375)

Fixed

  • Tracing: Integrations: Fix endpoint_render.grape ActiveSupport notification instrumentation for grape 3.x (#5414)
  • Tracing: Integrations: Fix compatibility with dalli version 5.x and later (#5435)
  • Dynamic Instrumentation: Fix JSON serialization failures when snapshots contain binary data and invalid UTF-8 strings (#5434)
  • Dynamic Instrumentation: Show ERROR probe status when custom serializers produce non-JSON-encodable data instead of silent failures (#5448)
  • Data Streams: Fix Data Streams Monitoring to correctly report the configured environment instead of showing env:none (#5427)

2.29.0

Choose a tag to compare

@y9v y9v released this 20 Feb 15:08
799b3dc

Highlights

Live Debugger for Ruby is now in Limited Availability

Datadog Live Debugger for Ruby is now available in Limited Availability, enabling developers to inspect application behavior directly in production without modifying code, redeploying services, or impacting performance.
Instead of adding temporary debug logs or reproducing issues locally, you can dynamically capture application state at specific points in the code. This includes variable values, method inputs, and execution context.
Live Debugger now supports Java, Python, .NET, Node.js, PHP, Ruby, and Go in Limited Availability enabling consistent debugging workflows across environments.
To get started, check out the documentation.

Heap profiling can now be used on Ruby 4

We've now added support for heap profiling on Ruby 4.0 .
Check the docs for how to enable it.

Default logger output is changed from stdout to stderr

On v2.29 Datadog will log to stderr instead of stdout by default to avoid polluting user application logs. To go back to stdout, you can use this snippet:

Datadog.configure do |config|
  config.logger.instance = Datadog::Core::Logger.new($stdout)
end

Analysis for downstream requests with redirects

This release introduces comprehensive instrumentation for downstream HTTP requests made by your application. AppSec RASP (Runtime Application Self-Protection) now automatically instruments outbound HTTP requests made via Faraday, Excon, and RestClient.

This includes capturing request/response headers, status codes, and JSON bodies, as well as tracking redirect chains to ensure complete visibility even when requests follow multiple hops.

Body analysis can be tuned to balance security coverage with performance:

Datadog.configure do |c|
  c.appsec.enabled = true
  
  # Percentage of downstream requests to analyze body content (0.0 to 1.0)
  # Default: 1.0 (analyze all requests)
  c.appsec.api_security.downstream_body_analysis.sample_rate = 0.8
  
  # Maximum number of request/response bodies to analyze per trace
  # Helps limit overhead in applications making many downstream calls
  # Default: 1
  c.appsec.api_security.downstream_body_analysis.max_requests = 3
end

Simple method tracing API

You can now trace methods easily, by using DSL module:

class MyClass
  extend Datadog::Kit::Tracing::MethodTracer

  def foo; 'hello'; end

  trace_method :foo, span_name: 'optional_span_name' 
end

Or by calling trace_method directly:

Datadog::Kit::Tracing::MethodTracer.trace_method(MyClass, :foo, span_name: 'optional_span_name')

SSI improvements

In addition, SSI auto injection has been improved and now extends Bundler's deployment mode to also support vendored mode (BUNDLE_PATH set), as well as defaulting to fully local dependency analysis and resolution, making it faster, more reliable, and removing a network round trip to gem sources. The SSI package size was also reduced by ~70%.

Added

  • AppSec: Add analysis for downstream request with redirects (#5347)
  • AppSec: Add downstream request body analysis. (#5320)
  • SSI: Add support for Bundler vendored mode (BUNDLE_PATH) (#5368)
  • SSI: Default to local dependency resolution (#5368)
  • Dynamic Instrumentation: Added circuit breaker to automatically disable probes consuming excessive CPU time (#5335)
  • Crashtracking: Add reporting of unhandled exceptions (#5321)
  • Tracing: Add support for the kicks gem (#5305)
  • Profiling: Add heap profiling for ruby 4.x (#5201)
  • Tracing: Add simple method tracing API (#5294)
  • Tracing: Add trace_singleton_class_method for tracing singleton class methods. (#5334)

Changed

  • Dynamic Instrumentation: Improve error reporting when instrumentation fails or is removed due to circuit breaker (#5371)
  • SSI: Reduce SSI package size (#5352)
  • Core: Change default logger output from stdout to stderr (#5342)
  • AppSec: Make AppSec blocking page more friendly for vulnerability scanners (#5341)
  • Core: Add process tags and container id to process discovery payloads when the experimental setting DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED=true is enabled. (#5336)

Fixed

  • Dynamic Instrumentation: Fix Live Debugger UI for forking web servers with more than one worker process (#5304)