v1.59.0-rc.3

What's Changed

This release includes a fix to several library integrations which could have previously caused data races related to start options. This was fixed in database/sql, gin-gonic/gin, go-chi/chi.v5, go-chi/chi, google.golang.org/grpc.v12, google.golang.org/grpc, gorilla/mux, julienschmidt/httprouter, k8s.io/client-go/kubernetes, labstack/echo.v4, labstack/echo, net/http, and urfave/negroni. We recommend you update to this version if you are using any of these integrations.

Application Security Management (ASM) now can be remotely activated by APM Tracing users with Datadog Remote Configuration, without requiring the appsec build tag or DD_APPSEC_ENABLED environment variable. This can be achieved from different places in our UI such as ASM's Service Setup or APM's Service Catalog (hovering the ASM Status column). Non-remote-configuration users still need to deploy their services with the DD_APPSEC_ENABLED opt-in environment variable to enable ASM. Users of CGO_ENABLED=0 will still have to rely on the appsec build tag for now, as it results into a dependency to libdl.so.2 to have on your deployment environment in this precise case, but not when CGO_ENABLED=1.
This release also includes the latest ASM private beta feature, API Security (public documentation still in progress).

Beta: In-app APM library configuration of trace sampling rate, HTTP header tags and custom tags.
This feature has a known bug: deleting the configuration entry in-app won't reset the configuration locally, this will be fixed in the next version of dd-trace-go (v1.60.0).

Application Security Management (ASM)

• appsec: remove the "appsec" build tag requirement by @RomainMuller in #2354
• go.mod: go-libddwaf v2.2.2 including major perf improvements and bug fixes by @eliottness in #2417
• appsec/api-security: http request schema collection and sensitive data scanning by @Hellzy in #2381
• appsec: support server.response.headers.no_cookies WAF address by @eliottness in #2347

Application Performance Monitoring (APM)

• contrib/google.golang.org/grpc: improve the memory efficiency of threats detection for grpc by @RomainMuller in #2338
• contrib: header_tags support on julienschmidt/httprouter by @mtoffl01 in #2331
• contrib/kafka: take env variable into account to enable DSM by @vandonr in #2353
• contrib/aws/{aws-sdk-go/aws, aws-sdk-go-v2/aws}: add context example by @mackjmr in #1504
• contrib/dimfeld/httptreemux.v5: parameterize redirects due to trailing slash by @laughingman-hass in #2332
• contrib/google.golang.org/grpc: add hostname tag by @rarguelloF in #2361
• contrib/database/sql: prevent DBM propagation full mode with incompatible dbs by @rarguelloF in #2328
• contrib: fix span start option races by @eliottness in #2418
• tracer: Fix race in spanContext.setSamplingPriority by @evanj in #2271
• tracer: report config-change telemetry in dynamic config by @ahmed-mez in #2350
• tracer: check for (service,env) matching in dynamic config by @ahmed-mez in #2365
• ddtrace/opentelemetry,opentracing: fixed the format of telemetry tags by @dianashevchenko in #2367
• tracer: report rc capabilities for dynamic config by @ahmed-mez in #2369
• tracer: configure global tags via remote-config by @ahmed-mez in #2378
• tracer: support dot notation for tags with array values by @katiehockman in #2253
• build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #2373
• tracer: improve debug message for propagating tag length limit reached by @katiehockman in #2405

General

• {telemetry,remoteconfig}: support fraction of second intervals by @ahmed-mez in #2364
• remoteconfig: add Subscribe function by @ahmed-mez in #2380
• remoteconfig: fix products reporting by @ahmed-mez in #2384

New Contributors

• @RomainMuller made their first contribution in #2338
• @vandonr made their first contribution in #2353
• @laughingman-hass made their first contribution in #2332

Full Changelog: v1.58.0...v.1.59.0