Skip to content

Releases: DataDog/dd-trace-php

1.22.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 26 Jun 09:06
39b0b10

Note

This release adds experimental heap live profiling to the profiler. This is off by default. Enable it with the environment variable DD_PROFILING_EXPERIMENTAL_HEAP_LIVE_ENABLED =1 or INI setting datadog.profiling. experimental_heap_live_enabled =1.

Tracer

Fixed

  • Fix SpanStack::$active unset corruption #3962
  • Fix sandbox not saving/restoring jit_trace_num #3964
  • Fix SpanStack state corruption when tracing objects with deep clone operations #3976
  • Fix request_exec being issued between requests #3939
  • Fix Azure Functions instance name resolution DataDog/libdatadog#2077
  • Fix remote config tracing_sample_rate missing/null deserialization DataDog/libdatadog#2102

Internal

  • Fix crashtracker metadata: correctly distinguish JIT disabled vs opcache disabled, and correct system INI classification #3965
  • Use libdatadog's CSS trace filter implementation, aligning filtering behavior with the agent #3986, DataDog/libdatadog#1985
  • Add configurable sidecar connection retry interval #3977, DataDog/libdatadog#2106
  • Emit _dd.svc_src span tag per Service Override Source Attribution RFC #3948
  • Fix duplicate span serialization in the sidecar DataDog/libdatadog#2107

Profiling

Added

  • Add trampoline for frameless functions (FLF) to correctly capture timings on aarch64 and x86_64 #3595
  • Add experimental heap-live profiling for memory leak detection, enabled via DD_PROFILING_EXPERIMENTAL_HEAP_LIVE_ENABLED (requires allocation profiling to be active) #3623

Fixed

  • Fix profiler crashes and hangs: stderr fd leak (O_CLOEXEC missing) causing child processes to hang, NULL file dereference in timeline error observer on PHP 8.0, and async signal delivery to helper threads causing a segfault on ZTS builds #3364
  • Fix macOS release builds for the profiler #3987

Internal

  • Replace lazy_static with std::sync::LazyLock and optimize Sapi/RefCellExt #3990
  • Simplify profiler name/version string constants to compile-time values #3998

AppSec

Changed

  • Enable Rust helper by default for all PHP versions (can be disabled with DD_APPSEC_HELPER_RUST_REDIRECTION=false) #3991

Internal

  • Implement waf.error and rasp.error error tracking metrics #3963
  • Harden _assume_utf8 against potential out-of-bounds access #4009

1.21.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 06 Jun 01:36
8b837e8

All products

Changed

  • The sidecar is now always spawned unconditionally, regardless of configuration #3912

Internal

  • Bump Rust MSRV to 1.87 #3926

Tracer

Added

  • Add PHP feature flag evaluation including evaluation metrics via OTLP #3906, #3909, #3910, #3911
  • Add dynamic_service DBM propagation mode as a convenience alias for service mode with base hash injection; this mode will replace service on the long term #3940
  • Add DD_DBM_ALWAYS_APPEND_SQL_COMMENT to unconditionally append SQL comments in DBM regardless of sampling #3954
  • Recognize PCF Garden container IDs for Cloud Foundry deployments DataDog/libdatadog#2025

Fixed

  • Fix remote config not being delivered after forking #3958
  • Fix span pointer invalidation crash during inferred span serialization with DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED #3934
  • Fix buffer overflow in autoload path construction for oversized class/path names #3932
  • Fix Swoole integration parsing the POST body regardless of DD_TRACE_HTTP_POST_DATA_PARAM_ALLOWED #3931
  • Guard JIT blacklist rewrite to prevent crashes with non-tracing JIT metadata #3929
  • Fix OTel polyfill post hooks with :void return type overwriting the instrumented function's actual return value #3920
  • Fix span stats broken for nested services due to incorrect top_level span detection #3916
  • Fix php.compilation.total_time_ms reporting values 1000x too large (microseconds labeled as milliseconds) #3915 (thank you @dortort!)
  • Fix memory corruption of INIs in ZTS builds #3898
  • Fix data race in curl header assignment (non-atomic write to _Atomic field) #3945
  • Fix sample rate normalization to 0..1 range, preventing incorrect Knuth hash computation #3935
  • Fix multi-request failures caused by incorrect rinit ordering after tracer/ext split #3946

Internal

Profiling

Fixed

  • Fix macOS release builds for the profiler #3923

Internal

  • Support PHP DEBUG builds for the profiler, enabling ASAN testing in CI #3908

AppSec

Added

  • Collect x-datadog-endpoint-scan and x-datadog-security-test security testing headers as span tags on HTTP entry spans, independent of DD_TRACE_HEADER_TAGS and AppSec enablement #3925

Fixed

  • Fix out-of-bounds iteration in PHP <8.1 backtrace HashTable loop in the AppSec backtrace collection path #3933

1.20.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 21 May 01:47
818209f

All products

Fixed

  • Properly reset SSI loader global state on shutdown to cleanly support reloading #3881

Internal

  • Spawn the sidecar via dynamic linker instead of trampoline #3869

Tracer

Added

  • Add support for OpenTelemetry logs (DD_LOGS_OTEL_ENABLED=true, disabled by default) #3748

Changed

  • Crashtracking now collects stack traces from all threads at the moment of a crash #3866

Fixed

  • Fix NULL dereference crash in ZTS mode during sidecar/telemetry shutdown #3886
  • Ensure remote config processing happens strictly after request initialization #3882
  • Strip libpq-style paired quotes from PostgreSQL dbname DSN value in PDO integration #3885
  • Fix use-after-realloc crash in tracestate formatting #3874

Profiling

Fixed

  • Prevent panics in profiling encoding under out-of-memory and out-of-bounds conditions #3888

AppSec

Added

  • Add AppSec integrations to Laminas Framework (http.route, endpoint collection, login events) #3716

Changed

  • Update recommended ruleset to v1.18.0, adding Stripe and LLM endpoint detection rules #3859

Fixed

  • Treat cleared shared memory as no-config rather than an error in AppSec helper #3876
  • Avoid the possibility of sensitive data going to the telemetry logs backend via WAF strings #3884

Internal

  • Fix blocked_request metric tag detection in AppSec helper #3863
  • Add block tag to rasp.rule.match metric #3870
  • RFC-1012 metrics improvements: WAF duration distributions, rule_variant tag, and tag fixes #3850

1.19.2

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 06 May 21:58
7038807

Tracer

Changed

  • Restrict the accepted amount of extracted tags and baggage #3854

Fixed

1.19.1

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 30 Apr 12:30
82abdf3

Tracer

Fixed

  • Fix catastrophic backtracking in PDO integration #3848 - thanks for reporting @Strentz-Paul

1.19.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 29 Apr 10:34
c2e7eae

Warning

This version has catastrophic backtracking in the PDO Integration. Please use 1.19.1 instead.

All products

Fixed

  • Fix critical ZTS race condition in INI value refcounting that caused use-after-free crashes under concurrent load #3832
  • Ensure a unique installation directory to avoid conflicts with other tools #3835

Tracer

Added

  • Implement client-side stats computation using shared memory for zero-copy stats delivery, with fallback to socket on first payloads #3756, #3811, #3815, #3836

Changed

  • Use a webserver-wide session ID for sidecar instead of per-fork session IDs, and propagate it to child processes via environment #3828, #3838

Fixed

  • Fix ZTS race condition in process_tags.serialized refcounting on shared inter-thread string #3831
  • Fix dynamic instrumentation installation regression when enabling via dynamic config #3843
  • Handle APM_MULTI_CONFIG remote configuration and fix missing data for exception replay #3791
  • Fix duration of httpstream and live debugger spans being incorrectly reported as zero #3821
  • Fix instanceof type aliases for PHP 7.x in live debugger DSL (integer/double vs int/float) #3813
  • Obfuscate :name placeholder parameters in PDO queries for correct DBM correlation #3801
  • Fix locale settings breaking ksr resolution #3797 (thank you @jdmaguire for the report!)
  • Fix exception in PDO::__construct when signals arrive during database connection setup #3841
  • Fix infinite loop in crashtracker runtime stack collection #3845
  • Fix Request::get() removal in Symfony 8 #3809 - thanks for the fix @TomBrouws!

Internal

  • Add timeout to sidecar info fetcher DataDog/libdatadog#1890
  • Allow sidecar worker to be stopped cleanly after fork DataDog/libdatadog#1893
  • Use a dedicated sidecar connection per PHP thread, reducing lock contention and enabling per-thread request queuing #3770
  • Emit environment variable names in telemetry config (e.g., DD_TRACE_GENERATE_ROOT_SPAN) instead of INI dot notation #3783
  • Default crash report upload to errors intake to be enabled DataDog/libdatadog#1902
  • Flush telemetry on anticipated sidecar shutdown to avoid data loss for short-lived sidecars #3806
  • Skip sending empty telemetry payloads DataDog/libdatadog#1894
  • Wire telemetry extended heartbeat interval through sidecar SessionConfig DataDog/libdatadog#1882, #3800

Profiling

Added

  • Support generator unwinding in stack traces #3807

AppSec

Fixed

  • Fix Remote Config regression in Rust helper #3840
  • Fix double-logging of broken connections as errors and improve connection error handling in Rust helper #3792, #3803

Internal

  • Enable helper-rust by default also on PHP 8.4 #3842
  • Update vendored libxml2 from 2.15.2 to 2.15.3 #3814

1.18.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 15 Apr 08:14

All products

Internal

  • Update and shrink build images, migrate to clang 19 #3771

Tracer

Added

  • Support ApmTracingMulticonfig in dynamic config #3773

Fixed

  • Improve Symfony http.route resolution performance #3779 (thank you @B-Galati for the report!)
  • Wrap PDO::__construct for signal handling #3786

Internal

AppSec

Added

  • Enable rust helper on PHP 8.5 #3780 (can be disabled with DD_APPSEC_HELPER_RUST_REDIRECTION=false)

1.17.1

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 03 Apr 19:52
42c7c25

All products

Fixed

Internal

  • Changed defaults of configurations and fixed DD_TRACE_HTTP_CLIENT_ERROR_STATUSES #3621, #3677

Tracer

Fixed

  • Fix _dd.p.ksr scientific notation for very small sampling rates #3721
  • Fixed shell_exec() null return being interpreted as error #3723
  • Batch endpoint collection & remove Wordpress Endpoint collection #3764
  • Fix sidecar performance by batching ack sending & consumption DataDog/libdatadog#1835

Profiler

Fixed

  • Fix crash due to AAS getenv #3746

Internal

  • Update libdatadog to v30.0, make CA root optional for profiling #3758

1.17.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 24 Mar 13:10
a1bb038

Warning

This version may have performance issues with Symfony, Laravel or Wordpress. Please use 1.17.1 instead.

All products

Changed

  • Cache system getenv calls for improved request initialization performance #3670

Fixed

  • Fix zombie creation in loader #3683

Internal

  • Changed defaults of configurations and fixed DD_TRACE_HTTP_CLIENT_ERROR_STATUSES #3621, #3677

Tracer

Added

  • Collect framework endpoints for Symfony, Laravel, and WordPress #3548
  • Add sidecar thread mode as fallback connection for restricted environments #3573
  • Add process_tags #3580, #3582, #3627, #3658, #3706, #3709
  • Add _dd.p.ksr propagated tag for Knuth sampling rate #3701
  • Add container tags support for DBM correlation #3708

Changed

Fixed

  • Poll for new remote config after unblocking SIGVTALRM #3717
  • Fix crash during shutdown in FrankenPHP #3662
  • Fix possible race condition leading to crash on sidecar reconnect in ZTS mode #3655
  • Fix possible crash in end hook of traced closure #3624
  • Fix hook is_internal being backwards #3625
  • Enforce span limit in curl_multi_exec and DDTrace\start_span code paths #3691
  • Prevent dangling tracked_streams #3689
  • Fix debugger ephemerals handling for nested log probes #3685
  • Block sidecar notification signal during sleep to prevent premature wakeup #3656
  • Fix sidecar permission denied with IIS AppPools DataDog/libdatadog#1776
  • Cleanup limiters on sidecar shutdown DataDog/libdatadog#1659
  • Fix function and type name ordering in debugger DataDog/libdatadog#1715

Profiler

Added

  • Add I/O profiling support for macOS #3648
  • Add process_tags to profiler uploader #3609
  • Improve time sample accuracy by also gathering during allocation samples #3559

Fixed

  • Store and restore errno in I/O profiling wrappers #3654

Internal

  • Add internal metrics for profiling overhead #3616
  • Avoid copy of function name when already UTF-8 encoded #3700
  • Use libdd-profiling's ThinStr for function names #3631
  • Shrink maximum file and function name length to 16,383 characters #3712
  • Refactor ErrnoBackup::new is safe #3659
  • Remove once_cell as a dependency #3607

AppSec

Added

  • Support parsing partial JSON #3680
  • Enable LLM event observability for OpenAI PHP client #3664

Changed

  • Revert DD_APPSEC_ENABLED to runtime config #3598

Fixed

  • Send response headers on meta even without event #3653

Internal

  • Rewrite AppSec helper in Rust #3581
  • Submit worker count and route AppSec metrics directly to sidecar #3530
  • Upgrade libxml2 #3690

1.16.0

Choose a tag to compare

@dd-octo-sts dd-octo-sts released this 21 Jan 13:15
efd9fb9

All products

Fixed

  • Fix packaging apks for new alpine versions #3555
  • Fix http_response_header deprecation in installer #3553

Tracer

Added

  • Support OpenTelemetry Metrics #3487
  • Adds process_tags to the first span of each tracing payload #3566
  • Distributed tracing header injection in HyperF/Swoole environments #3544
  • Stream context integration with HTTP method #3534

Changed

  • Enable http.endpoint calculation when appsec is explicitly enabled #3556

Fixed

Internal

  • bump libdatadog to v25.0.0 #3568

Profiler

Changed

  • Optimise allocation profiling for PHP >= 8.4 #3550

Fixed

  • Fixed bindgen compatibility with PHP 8.5.1+ on macOS #3583
  • Fixed SystemSettings initialization #3579
  • Fixed UB and simplify SystemSettings #3578
  • Fixed crash in upload for DD_EXTERNAL_ENV #3576
  • Fixed crash in ddtrace_get_profiling_context #3563
  • Check long string before allocating #3561
  • Fixed incompatibility with ext-grpc #3542
  • Revert unsafe optimization in memory profiling #3541
  • Cap dependency name length to copied bytes #3538

Internal

  • Pre-reserve function name buffer #3445
  • Use cached heap in alloc_prof_orig_* functions #3547

AppSec

Added

  • Reduce cardinality of helper.connection_* #3586
  • Added fallback on http.endpoint for schema sampler #3557

Fixed

  • Use abstract namespace on linux #3525

Internal

  • Improvements for appsec libxml2 usage #3564
  • Improve xml parsing in appsec #3558