Skip to content

[ASM] API Security Endpoints collection (kestrel) #6733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Apr 14, 2025
Merged

[ASM] API Security Endpoints collection (kestrel) #6733

merged 22 commits into from
Apr 14, 2025

Conversation

@e-n-0
Copy link
Member

@e-n-0 e-n-0 commented Mar 3, 2025
edited
Loading

Summary of changes

This PR introduce the collection of endpoints using ASP.NET Core in part of Api Security.
RFC.

  • 2 new environment variables (PR on dd-go):

    • DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED
    • DD_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT

  • Sending a new telemetry payload app-endpoints that includes the detected endpoints.

  • The feature will be merged with a default activation value of false because the backend part is not done yet. When this will be available, it will be changed to true

Implementation details

This PR adds 2 new instrumentation points:

  • On KestrelServerImpl just before the server starts accepting connection to collect all router endpoints
  • On MapExtensions (Map) and RunExtensions (Run) to fully get the endpoints configured this way

Test coverage

  • Unit tests for the new environment variables (checking their values and apply states).
  • Unit tests on the Telemetry Controller to see if the telemetry data is correctly reported
  • Integration tests with endpoints collection enabled/disabled and checking if the telemetry data is correctly reported.
    • Also checks if special endpoints are reported
    • On AspNetCore MVC and Bare

Other details

  • The PR for ASP.NET (framework) will come in a second part.

  • Another PR will come to add extra metadata to the telemetry payload (as display name, authentication information, ..)

  • There is some endpoints that we can't report at the moment with the current implementation. Endpoints configured as middleware other than with .Map() needs to be instrumented (like for example UseDirectoryBrowser). The listing of them and their support will come later.

@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch from 559d29b to 0cf85db Compare March 3, 2025 15:34
@datadog-datadog-prod-us1
Copy link

datadog-datadog-prod-us1 bot commented Mar 3, 2025
edited
Loading

Datadog Report

All test runs 95deb36 🔗

2 Total Test Services: 0 Failed, 2 Passed
❄️ 1 with New Flaky

Test Services
Service Name Failed Known Flaky New Flaky Passed Skipped Total Time Test Service View
dd-trace-dotnet 0 0 1 574449 5610 50h 2m 46.22s Link
exploration_tests 0 0 0 22085 3 1h 30m 24.53s Link

@andrewlock
Copy link
Member

andrewlock commented Mar 3, 2025
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (77ms)  : 71, 84
     .   : milestone, 77,
    master - mean (70ms)  : 66, 73
     .   : milestone, 70,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (1,116ms)  : crit, 1062, 1170
     .   : crit, milestone, 1116,
    master - mean (1,012ms)  : 981, 1043
     .   : milestone, 1012,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (114ms)  : 109, 120
     .   : milestone, 114,
    master - mean (104ms)  : 101, 106
     .   : milestone, 104,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (772ms)  : crit, 747, 796
     .   : crit, milestone, 772,
    master - mean (696ms)  : 679, 712
     .   : milestone, 696,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (99ms)  : 94, 105
     .   : milestone, 99,
    master - mean (90ms)  : 88, 93
     .   : milestone, 90,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (726ms)  : crit, 702, 749
     .   : crit, milestone, 726,
    master - mean (655ms)  : 637, 672
     .   : milestone, 655,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (190ms)  : 185, 194
     .   : milestone, 190,
    master - mean (189ms)  : 185, 193
     .   : milestone, 189,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (1,109ms)  : 1086, 1131
     .   : milestone, 1109,
    master - mean (1,102ms)  : 1082, 1123
     .   : milestone, 1102,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (269ms)  : 264, 273
     .   : milestone, 269,
    master - mean (267ms)  : 263, 272
     .   : milestone, 267,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (879ms)  : 850, 908
     .   : milestone, 879,
    master - mean (880ms)  : 853, 908
     .   : milestone, 880,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6733) - mean (262ms)  : 258, 266
     .   : milestone, 262,
    master - mean (261ms)  : 257, 265
     .   : milestone, 261,

    section CallTarget+Inlining+NGEN
    This PR (6733) - mean (865ms)  : 842, 888
     .   : milestone, 865,
    master - mean (867ms)  : 833, 902
     .   : milestone, 867,
Loading

@andrewlock
Copy link
Member

andrewlock commented Mar 3, 2025
edited
Loading

Benchmarks Report for tracer 🐌

Benchmarks for #6733 compared to master:

  • 1 benchmarks are faster, with geometric mean 1.139
  • 1 benchmarks are slower, with geometric mean 1.127
  • 1 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 7.85μs 44.3ns 297ns 0.0122 0.00407 0 5.57 KB
master StartStopWithChild netcoreapp3.1 10.3μs 55.3ns 303ns 0.0203 0.0102 0 5.75 KB
master StartStopWithChild net472 16.2μs 57.8ns 224ns 1.03 0.31 0.0874 6.14 KB
#6733 StartStopWithChild net6.0 7.97μs 43ns 247ns 0.0161 0.00806 0 5.56 KB
#6733 StartStopWithChild netcoreapp3.1 9.97μs 53.6ns 278ns 0.0202 0.0101 0 5.76 KB
#6733 StartStopWithChild net472 15.8μs 30.6ns 110ns 1.03 0.286 0.103 6.14 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 512μs 469ns 1.75μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 663μs 547ns 2.12μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 854μs 647ns 2.51μs 0.422 0 0 3.3 KB
#6733 WriteAndFlushEnrichedTraces net6.0 498μs 249ns 896ns 0 0 0 2.7 KB
#6733 WriteAndFlushEnrichedTraces netcoreapp3.1 679μs 617ns 2.31μs 0 0 0 2.7 KB
#6733 WriteAndFlushEnrichedTraces net472 869μs 1.13μs 4.37μs 0.431 0 0 3.3 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 128μs 395ns 1.53μs 0.19 0 0 14.48 KB
master SendRequest netcoreapp3.1 149μs 256ns 992ns 0.222 0 0 17.28 KB
master SendRequest net472 0.00077ns 0.000313ns 0.00117ns 0 0 0 0 b
#6733 SendRequest net6.0 131μs 487ns 1.89μs 0.182 0 0 14.48 KB
#6733 SendRequest netcoreapp3.1 147μs 132ns 495ns 0.223 0 0 17.28 KB
#6733 SendRequest net472 0.000356ns 0.00019ns 0.000711ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #6733

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces‑netcoreapp3.1 41.61 KB 41.85 KB 237 B 0.57%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 614μs 3.56μs 31μs 0.61 0 0 41.62 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 742μs 4.26μs 34.9μs 0.355 0 0 41.61 KB
master WriteAndFlushEnrichedTraces net472 839μs 3.86μs 15.4μs 8.33 2.5 0.417 53.34 KB
#6733 WriteAndFlushEnrichedTraces net6.0 609μs 3.56μs 32μs 0.687 0 0 41.64 KB
#6733 WriteAndFlushEnrichedTraces netcoreapp3.1 692μs 3.97μs 29.2μs 0.331 0 0 41.85 KB
#6733 WriteAndFlushEnrichedTraces net472 869μs 4.2μs 16.8μs 8.08 2.55 0.425 53.35 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.39μs 1.45ns 5.62ns 0.0148 0 0 1.03 KB
master ExecuteNonQuery netcoreapp3.1 1.79μs 1.51ns 5.85ns 0.0134 0 0 1.02 KB
master ExecuteNonQuery net472 2.13μs 1.59ns 5.95ns 0.158 0.00106 0 995 B
#6733 ExecuteNonQuery net6.0 1.37μs 1.23ns 4.78ns 0.0144 0 0 1.03 KB
#6733 ExecuteNonQuery netcoreapp3.1 1.76μs 1.28ns 4.79ns 0.0138 0 0 1.02 KB
#6733 ExecuteNonQuery net472 2.1μs 1.78ns 6.67ns 0.157 0.00106 0 995 B
Benchmarks.Trace.ElasticsearchBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #6733

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearch‑net6.0 1.127 1,133.58 1,277.58

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.13μs 1.12ns 4.35ns 0.0137 0 0 984 B
master CallElasticsearch netcoreapp3.1 1.58μs 0.922ns 3.45ns 0.0134 0 0 984 B
master CallElasticsearch net472 2.55μs 1.71ns 6.62ns 0.159 0 0 1 KB
master CallElasticsearchAsync net6.0 1.31μs 0.368ns 1.38ns 0.0131 0 0 960 B
master CallElasticsearchAsync netcoreapp3.1 1.68μs 0.764ns 2.96ns 0.0135 0 0 1.03 KB
master CallElasticsearchAsync net472 2.71μs 2.49ns 9.63ns 0.167 0 0 1.06 KB
#6733 CallElasticsearch net6.0 1.28μs 1.03ns 3.87ns 0.0137 0 0 984 B
#6733 CallElasticsearch netcoreapp3.1 1.52μs 0.398ns 1.49ns 0.0129 0 0 984 B
#6733 CallElasticsearch net472 2.6μs 1.49ns 5.58ns 0.159 0 0 1 KB
#6733 CallElasticsearchAsync net6.0 1.28μs 0.607ns 2.27ns 0.0134 0 0 960 B
#6733 CallElasticsearchAsync netcoreapp3.1 1.71μs 0.887ns 3.32ns 0.0137 0 0 1.03 KB
#6733 CallElasticsearchAsync net472 2.65μs 1.07ns 4.15ns 0.168 0 0 1.06 KB
Benchmarks.Trace.GraphQLBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.42μs 0.565ns 2.04ns 0.0135 0 0 960 B
master ExecuteAsync netcoreapp3.1 1.65μs 0.758ns 2.84ns 0.0131 0 0 960 B
master ExecuteAsync net472 1.87μs 0.352ns 1.32ns 0.147 0 0 923 B
#6733 ExecuteAsync net6.0 1.39μs 0.359ns 1.39ns 0.0138 0 0 960 B
#6733 ExecuteAsync netcoreapp3.1 1.64μs 0.56ns 2.17ns 0.013 0 0 960 B
#6733 ExecuteAsync net472 1.75μs 1.19ns 4.6ns 0.147 0 0 923 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 4.39μs 1.82ns 6.8ns 0.0329 0 0 2.32 KB
master SendAsync netcoreapp3.1 5.15μs 1.4ns 5.24ns 0.0385 0 0 2.86 KB
master SendAsync net472 7.42μs 2.14ns 8.27ns 0.496 0 0 3.13 KB
#6733 SendAsync net6.0 4.23μs 2.29ns 8.85ns 0.0317 0 0 2.32 KB
#6733 SendAsync netcoreapp3.1 5.53μs 13.4ns 51.9ns 0.0383 0 0 2.86 KB
#6733 SendAsync net472 7.46μs 2.02ns 7.83ns 0.497 0 0 3.13 KB
Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.5μs 1.42ns 5.3ns 0.0241 0 0 1.71 KB
master EnrichedLog netcoreapp3.1 2.36μs 1.13ns 4.06ns 0.023 0 0 1.71 KB
master EnrichedLog net472 2.75μs 2.65ns 9.9ns 0.259 0 0 1.64 KB
#6733 EnrichedLog net6.0 1.59μs 0.693ns 2.59ns 0.024 0 0 1.71 KB
#6733 EnrichedLog netcoreapp3.1 2.3μs 1.13ns 4.22ns 0.024 0 0 1.71 KB
#6733 EnrichedLog net472 2.65μs 1.27ns 4.91ns 0.26 0 0 1.64 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 112μs 78.5ns 304ns 0.0562 0 0 4.32 KB
master EnrichedLog netcoreapp3.1 115μs 132ns 493ns 0.0579 0 0 4.32 KB
master EnrichedLog net472 153μs 172ns 667ns 0.687 0.229 0 4.51 KB
#6733 EnrichedLog net6.0 113μs 153ns 571ns 0.0573 0 0 4.32 KB
#6733 EnrichedLog netcoreapp3.1 118μs 260ns 973ns 0 0 0 4.32 KB
#6733 EnrichedLog net472 152μs 180ns 695ns 0.678 0.226 0 4.51 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.95μs 0.805ns 2.9ns 0.0325 0 0 2.26 KB
master EnrichedLog netcoreapp3.1 4.03μs 0.846ns 3.05ns 0.03 0 0 2.26 KB
master EnrichedLog net472 4.9μs 1.3ns 5.04ns 0.331 0 0 2.09 KB
#6733 EnrichedLog net6.0 3.14μs 2.06ns 7.96ns 0.0316 0 0 2.26 KB
#6733 EnrichedLog netcoreapp3.1 4.34μs 0.804ns 2.78ns 0.0306 0 0 2.26 KB
#6733 EnrichedLog net472 4.81μs 4.34ns 16.8ns 0.331 0 0 2.09 KB
Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.32μs 0.522ns 2.02ns 0.0159 0 0 1.15 KB
master SendReceive netcoreapp3.1 1.76μs 0.825ns 3.09ns 0.0159 0 0 1.15 KB
master SendReceive net472 2.03μs 0.835ns 3.12ns 0.184 0 0 1.16 KB
#6733 SendReceive net6.0 1.36μs 0.93ns 3.6ns 0.0162 0 0 1.15 KB
#6733 SendReceive netcoreapp3.1 1.78μs 0.774ns 2.9ns 0.0159 0 0 1.15 KB
#6733 SendReceive net472 2.02μs 1.24ns 4.82ns 0.185 0 0 1.16 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.89μs 2.73ns 10.6ns 0.0231 0 0 1.64 KB
master EnrichedLog netcoreapp3.1 4.11μs 2.16ns 8.36ns 0.0226 0 0 1.69 KB
master EnrichedLog net472 4.53μs 2.02ns 7.81ns 0.33 0 0 2.08 KB
#6733 EnrichedLog net6.0 2.83μs 1.52ns 5.89ns 0.0215 0 0 1.64 KB
#6733 EnrichedLog netcoreapp3.1 4.04μs 6.36ns 23.8ns 0.022 0 0 1.69 KB
#6733 EnrichedLog net472 4.39μs 2.42ns 9.37ns 0.33 0 0 2.08 KB
Benchmarks.Trace.SpanBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6733

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.SpanBenchmark.StartFinishScope‑net472 1.139 959.14 841.89

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 463ns 0.131ns 0.49ns 0.00813 0 0 584 B
master StartFinishSpan netcoreapp3.1 604ns 0.272ns 1.05ns 0.00782 0 0 584 B
master StartFinishSpan net472 653ns 0.135ns 0.522ns 0.0928 0 0 586 B
master StartFinishScope net6.0 503ns 0.265ns 1.03ns 0.00982 0 0 704 B
master StartFinishScope netcoreapp3.1 670ns 0.325ns 1.26ns 0.00975 0 0 704 B
master StartFinishScope net472 959ns 0.481ns 1.86ns 0.106 0 0 666 B
#6733 StartFinishSpan net6.0 499ns 0.214ns 0.827ns 0.00824 0 0 584 B
#6733 StartFinishSpan netcoreapp3.1 570ns 0.568ns 2.2ns 0.00785 0 0 584 B
#6733 StartFinishSpan net472 629ns 0.414ns 1.6ns 0.0928 0 0 586 B
#6733 StartFinishScope net6.0 496ns 0.183ns 0.708ns 0.00992 0 0 704 B
#6733 StartFinishScope netcoreapp3.1 708ns 3.76ns 19.5ns 0.00942 0 0 704 B
#6733 StartFinishScope net472 842ns 0.24ns 0.929ns 0.106 0 0 666 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 637ns 0.153ns 0.594ns 0.00995 0 0 704 B
master RunOnMethodBegin netcoreapp3.1 1.03μs 0.367ns 1.42ns 0.0093 0 0 704 B
master RunOnMethodBegin net472 1.08μs 0.327ns 1.27ns 0.105 0 0 666 B
#6733 RunOnMethodBegin net6.0 632ns 0.252ns 0.942ns 0.00978 0 0 704 B
#6733 RunOnMethodBegin netcoreapp3.1 941ns 0.758ns 2.94ns 0.00952 0 0 704 B
#6733 RunOnMethodBegin net472 1.05μs 0.207ns 0.748ns 0.106 0 0 666 B

@andrewlock
Copy link
Member

andrewlock commented Mar 3, 2025
edited
Loading

Benchmarks Report for appsec 🐌

Benchmarks for #6733 compared to master:

  • All benchmarks have the same speed
  • 3 benchmarks have fewer allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.Asm.AppSecBodyBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 209μs 93ns 360ns 2.74 0 0 196.7 KB
master AllCycleSimpleBody netcoreapp3.1 314μs 164ns 615ns 2.82 0 0 204.37 KB
master AllCycleSimpleBody net472 286μs 225ns 872ns 37.6 2.27 0 237.3 KB
master AllCycleMoreComplexBody net6.0 215μs 185ns 716ns 2.78 0 0 200.21 KB
master AllCycleMoreComplexBody netcoreapp3.1 322μs 177ns 687ns 2.73 0 0 207.78 KB
master AllCycleMoreComplexBody net472 288μs 186ns 720ns 38.2 2.31 0 240.81 KB
master ObjectExtractorSimpleBody net6.0 141ns 0.194ns 0.753ns 0.00392 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 195ns 0.162ns 0.628ns 0.00372 0 0 272 B
master ObjectExtractorSimpleBody net472 171ns 0.599ns 2.32ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.03μs 1.48ns 5.54ns 0.0528 0 0 3.78 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 3.73μs 2.1ns 8.13ns 0.0489 0 0 3.69 KB
master ObjectExtractorMoreComplexBody net472 3.56μs 3.39ns 12.7ns 0.602 0.00535 0 3.8 KB
#6733 AllCycleSimpleBody net6.0 213μs 103ns 385ns 2.79 0 0 196.7 KB
#6733 AllCycleSimpleBody netcoreapp3.1 315μs 150ns 562ns 2.68 0 0 204.37 KB
#6733 AllCycleSimpleBody net472 286μs 189ns 731ns 37.6 2.29 0 237.3 KB
#6733 AllCycleMoreComplexBody net6.0 216μs 196ns 732ns 2.8 0 0 200.21 KB
#6733 AllCycleMoreComplexBody netcoreapp3.1 314μs 202ns 756ns 2.83 0 0 207.78 KB
#6733 AllCycleMoreComplexBody net472 289μs 116ns 434ns 38.2 2.3 0 240.81 KB
#6733 ObjectExtractorSimpleBody net6.0 140ns 0.129ns 0.5ns 0.00396 0 0 280 B
#6733 ObjectExtractorSimpleBody netcoreapp3.1 189ns 0.608ns 2.35ns 0.00369 0 0 272 B
#6733 ObjectExtractorSimpleBody net472 166ns 0.109ns 0.423ns 0.0446 0 0 281 B
#6733 ObjectExtractorMoreComplexBody net6.0 2.93μs 2.09ns 7.81ns 0.0529 0 0 3.78 KB
#6733 ObjectExtractorMoreComplexBody netcoreapp3.1 3.85μs 3.34ns 12.9ns 0.0504 0 0 3.69 KB
#6733 ObjectExtractorMoreComplexBody net472 3.56μs 1.64ns 6.15ns 0.602 0.00536 0 3.8 KB
Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EncodeArgs net6.0 36.8μs 18.2ns 70.4ns 0.462 0 0 32.4 KB
master EncodeArgs netcoreapp3.1 54.1μs 20.7ns 80.2ns 0.432 0 0 32.4 KB
master EncodeArgs net472 65.2μs 62.7ns 243ns 5.14 0.065 0 32.5 KB
master EncodeLegacyArgs net6.0 77.8μs 51.3ns 199ns 0 0 0 2.14 KB
master EncodeLegacyArgs netcoreapp3.1 106μs 382ns 1.48μs 0 0 0 2.14 KB
master EncodeLegacyArgs net472 152μs 85.8ns 332ns 0.303 0 0 2.15 KB
#6733 EncodeArgs net6.0 37.7μs 20.2ns 75.5ns 0.452 0 0 32.4 KB
#6733 EncodeArgs netcoreapp3.1 54.1μs 21.2ns 82.3ns 0.433 0 0 32.4 KB
#6733 EncodeArgs net472 67.8μs 55.9ns 217ns 5.16 0.0679 0 32.5 KB
#6733 EncodeLegacyArgs net6.0 72.5μs 15.3ns 55.1ns 0 0 0 2.14 KB
#6733 EncodeLegacyArgs netcoreapp3.1 107μs 239ns 924ns 0 0 0 2.14 KB
#6733 EncodeLegacyArgs net472 151μs 86.2ns 323ns 0.302 0 0 2.15 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWafRealisticBenchmark net6.0 175μs 69.5ns 260ns 0 0 0 2.54 KB
master RunWafRealisticBenchmark netcoreapp3.1 186μs 242ns 936ns 0 0 0 2.49 KB
master RunWafRealisticBenchmark net472 197μs 49ns 190ns 0.393 0 0 2.55 KB
master RunWafRealisticBenchmarkWithAttack net6.0 120μs 120ns 433ns 0 0 0 1.57 KB
master RunWafRealisticBenchmarkWithAttack netcoreapp3.1 121μs 125ns 485ns 0 0 0 1.55 KB
master RunWafRealisticBenchmarkWithAttack net472 131μs 59.8ns 232ns 0.196 0 0 1.58 KB
#6733 RunWafRealisticBenchmark net6.0 175μs 885ns 4.51μs 0 0 0 2.54 KB
#6733 RunWafRealisticBenchmark netcoreapp3.1 185μs 151ns 585ns 0 0 0 2.49 KB
#6733 RunWafRealisticBenchmark net472 197μs 63ns 244ns 0.393 0 0 2.55 KB
#6733 RunWafRealisticBenchmarkWithAttack net6.0 115μs 64.3ns 240ns 0 0 0 1.57 KB
#6733 RunWafRealisticBenchmarkWithAttack netcoreapp3.1 122μs 151ns 586ns 0 0 0 1.55 KB
#6733 RunWafRealisticBenchmarkWithAttack net472 131μs 47.2ns 177ns 0.197 0 0 1.58 KB
Benchmarks.Trace.Iast.StringAspectsBenchmark - Same speed ✔️ Fewer allocations 🎉

Fewer allocations 🎉 in #6733

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net6.0 265.06 KB 257.21 KB -7.86 KB -2.96%
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark‑net472 60.35 KB 57.9 KB -2.46 KB -4.07%
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑netcoreapp3.1 265.1 KB 253.17 KB -11.94 KB -4.50%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StringConcatBenchmark net6.0 62.2μs 909ns 9μs 0 0 0 43.44 KB
master StringConcatBenchmark netcoreapp3.1 58.5μs 715ns 7.08μs 0 0 0 42.64 KB
master StringConcatBenchmark net472 36.5μs 99.2ns 371ns 0 0 0 60.35 KB
master StringConcatAspectBenchmark net6.0 317μs 1.76μs 10.2μs 0 0 0 265.06 KB
master StringConcatAspectBenchmark netcoreapp3.1 334μs 5.1μs 50.7μs 0 0 0 265.1 KB
master StringConcatAspectBenchmark net472 288μs 6.1μs 59.1μs 0 0 0 278.53 KB
#6733 StringConcatBenchmark net6.0 57.3μs 597ns 5.91μs 0 0 0 43.44 KB
#6733 StringConcatBenchmark netcoreapp3.1 59.5μs 780ns 7.6μs 0 0 0 42.64 KB
#6733 StringConcatBenchmark net472 37μs 122ns 457ns 0 0 0 57.9 KB
#6733 StringConcatAspectBenchmark net6.0 320μs 1.79μs 11μs 0 0 0 257.21 KB
#6733 StringConcatAspectBenchmark netcoreapp3.1 334μs 1.64μs 10.2μs 0 0 0 253.17 KB
#6733 StringConcatAspectBenchmark net472 286μs 5.45μs 53.1μs 0 0 0 278.53 KB

@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch 7 times, most recently from 6b84e79 to 7eb096b Compare March 10, 2025 15:37
@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch from c4701e0 to 7fc3e13 Compare March 13, 2025 16:56
@e-n-0 e-n-0 marked this pull request as ready for review March 13, 2025 16:56
@e-n-0 e-n-0 requested review from a team as code owners March 13, 2025 16:56
daniel-romano-DD
daniel-romano-DD approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@daniel-romano-DD daniel-romano-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with minor comments.

@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch from 6a837a1 to 9e5ff76 Compare March 31, 2025 14:07
NachoEchevarria
NachoEchevarria approved these changes Apr 9, 2025
View reviewed changes
Copy link
Collaborator

@NachoEchevarria NachoEchevarria left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch from b0c8369 to 3bd766d Compare April 11, 2025 13:09
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Apr 11, 2025
edited
Loading

Datadog Report

Branch report: flavien/asm/api-sec-endpoints-collection
Commit report: 95deb36
Test service: dd-trace-dotnet

✅ 0 Failed, 6 Passed, 0 Skipped, 0s Total Time

@e-n-0 e-n-0 force-pushed the flavien/asm/api-sec-endpoints-collection branch from 3bd766d to 95deb36 Compare April 11, 2025 15:29
@e-n-0 e-n-0 merged commit c5bebe6 into master Apr 14, 2025
129 of 131 checks passed
@e-n-0 e-n-0 deleted the flavien/asm/api-sec-endpoints-collection branch April 14, 2025 09:49
@github-actions github-actions bot added this to the vNext-v3 milestone Apr 14, 2025
@andrewlock andrewlock mentioned this pull request Apr 22, 2025
Merged
chojomok pushed a commit that referenced this pull request Jul 15, 2025
@e-n-0 @chojomok
[ASM] API Security Endpoints collection (kestrel) (#6733)
ee4a8a0 
## Summary of changes

This PR introduce the collection of endpoints using ASP.NET Core in part
of Api Security.

[RFC](https://docs.google.com/document/d/1txwuurIiSUWjYX7Xa0let7e49XKW2uhm1djgqjl_gL0/edit?pli=1&tab=t.0#heading=h.8d3o7vtyu1y1).

- 2 new environment variables [(PR on
dd-go)](DataDog/dd-go#172566):
	- `DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED`
	- `DD_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT`

- Sending a new telemetry payload `app-endpoints` that includes the
detected endpoints.

- The feature will be merged with a default activation value of `false`
because the backend part is not done yet. When this will be available,
it will be changed to `true`

## Implementation details

This PR adds 2 new instrumentation points:
- On `KestrelServerImpl` just before the server starts accepting
connection to collect all router endpoints
- On MapExtensions
([Map](https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.mapextensions.map?view=aspnetcore-9.0))
and RunExtensions
([Run](https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.runextensions.run?view=aspnetcore-9.0#microsoft-aspnetcore-builder-runextensions-run(microsoft-aspnetcore-builder-iapplicationbuilder-microsoft-aspnetcore-http-requestdelegate)))
to fully get the endpoints configured this way

## Test coverage

- Unit tests for the new environment variables (checking their values
and apply states).
- Unit tests on the Telemetry Controller to see if the telemetry data is
correctly reported
- Integration tests with endpoints collection enabled/disabled and
checking if the telemetry data is correctly reported.
	- Also checks if special endpoints are reported
	- On AspNetCore MVC and Bare

# Other details

- The PR for ASP.NET (framework) will come in a second part.

- Another PR will come to add extra metadata to the telemetry payload
(as display name, authentication information, ..)

- There is some endpoints that we can't report at the moment with the
current implementation. Endpoints configured as middleware other than
with `.Map()` needs to be instrumented (like for example
`UseDirectoryBrowser`). The listing of them and their support will come
later.
@e-n-0 e-n-0 mentioned this pull request Jul 31, 2025
Merged
e-n-0 added a commit that referenced this pull request Aug 6, 2025
@e-n-0
[AAP] Add resource name to the collected endpoints (#7317)
c38a5fe 
## Summary of changes

Added the ResourceName to the endpoints collected based on the last
update of the
[RFC](https://docs.google.com/document/d/1txwuurIiSUWjYX7Xa0let7e49XKW2uhm1djgqjl_gL0).
## Reason for change

## Implementation details

- The resource name is defined as `method + path` except in the case of
an endpoint detected as a wildcard, the resource name is set to the
path.

## Test coverage

Updated the tests.

## Other details

#6733 

<!-- Fixes #{issue} -->

<!-- ⚠️ Note: where possible, please obtain 2 approvals prior to
merging. Unless CODEOWNERS specifies otherwise, for external teams it is
typically best to have one review from a team member, and one review
from apm-dotnet. Trivial changes do not require 2 reviews. -->
This was referenced Sep 8, 2025
Closed
Merged
nhulston pushed a commit to DataDog/serverless-gcp-sample-apps that referenced this pull request Sep 8, 2025
@dependabot
Bump the dotnet-dependencies group with 4 updates (#56)
79047cb 
Updated
[Datadog.Trace.Bundle](https://github.com/DataDog/dd-trace-dotnet) from
2.56.0 to 3.26.0.

<details>
<summary>Release notes</summary>

_Sourced from [Datadog.Trace.Bundle's
releases](https://github.com/DataDog/dd-trace-dotnet/releases)._

## 3.26.0

## Summary

Various bug fixes and optimizations.

## Changes

### Tracer
* Update build and testing to use .NET 10 preview 7 (#​7170)
* chore: add logging for data pipeline status in TracerSettings (#​7436)
* Use P/Invoke to call `lstat` instead of shelling out to `stat` to
retrieve the inode (#​7453)
* [Native] Convert Rejitters vector to a fixed array (#​7460)
* [Phase 1] chore(configuration): enable DataPipelineEnabled on AAS +
Windows (#​7464)

### ASM
* [AAP] Add Forwarded header as IP source (#​7438)
* [AAP] Add "100.65.0.0/10" as a private IP range (#​7461)
* [IAST] Fix GRPC IAST tests (#​7485)
* [IAST] Delay dataflow creation (#​7440, #​7451, #​7465)

### Continuous Profiler
* [Profiler] Make sure we generate a build-id using SHA-1 (#​7449)
* [Profiler] Try fixing TSAN job (#​7452)

### Serverless
* [Azure Functions] Restore files moved by in-process Azure Functions
SDK (#​7419)

### Fixes
* Support `final="true"` in NLog Logging rules for direct log submission
(#​7445)
* Extract the Managed DevOps pools names to variables (#​7447)
* Update language used in native log messages (#​7467)
* Remove `Samples.TraceAnnotations.VersionMismatch.NewerNuget` (#​7469)
* Remove `Samples.CIVisibilityVersionMismatch` (#​7471)
* Add parameter names to MongoDb `IBsonSerializerProxy.Serialize()`
method (#​7443)
* Fix GRPC instrumentation for BuildHttpErrorResponse. Enable
integration tests. (#​7457)

### Build / Test
* Use mock agent in exploration tests (#​7431)
* [Test Package Versions Bump] Updating package versions (#​7435)
* Use the global.json file to specify the .NET SDK version in GitHub
Actions (#​7442)
* Update Managed DevOps pools images (#​7446)
* Remove smoke test image that won't work (#​7450)
* [Test Package Versions Bump] Updating package versions (#​7455)
* Bump the gh-actions-packages group across 2 directories with 2 updates
(#​7456)
* [Test Package Versions Bump] Updating package versions (#​7458)
* Split dependabot files into separate projects (#​7459)
* Bump actions/setup-dotnet from 4.3.1 to 5.0.0 in the
gh-actions-packages group across 1 directory (#​7463)
* Try to fix dependabot (#​7466)
* Improve logging for `InstrumentationTests` and update dynamic code
scenario (#​7472)
* Fix typo in dependabot yaml (#​7477)
* Fix dependabot again (#​7478)
 ... (truncated)

## 3.25.0

## Summary

- Various bug fixes and optimisations

## Changes

### Tracer
* Implement "enahanced telemetry reporting" (#​7360)
* Don't call `ToUpperInvariant` if we don't need to (#​7393)
* Handle TypeLoadException when retrieving HostingEnvironment (#​7417)
* Add missing `GetDictionary()` method to `ConfigurationBuilder`
(#​7421)
* More `ConfigurationBuilder` refactoring to avoid incorrect usages
(#​7422)
* [Tracer] fix: Re-use runtime metrics writer resources to limit memory
growth (#​7434)

### Continuous Profiler
* [Profiler] Make `timer_create`-based CPU profiler default (#​7322)
* Revert "[Profiler] Make `timer_create`-based CPU profiler default
(#​7322)" (#​7427)

### Debugger
* Disable debugger initialization if it's not enabled initially (#​7398)

### Serverless
* [Azure Functions] Remove all Serverless Mini-Agent (SMA) code (#​7389)

### ASM
* [IAST] Fix NRE in Native IAST ModuleInfo->GetFullName() (#​7404)

### Fixes
* fix: Clean up small C# and C++ build warnings (#​7363)
* chore: update malformed telemetry name (#​7402)
* Get process start info variables safely (#​7423)
* Fix null reference exception in proxy spans (#​7428)

### Build / Test
* [CI] Creates PR Label Based Docker Image (#​7337)
* [Test Package Versions Bump] Updating package versions (#​7315)
* Include the target framework in our `InstrumentationTests` (#​7347)
* Ignore rejit timeout errors in smoke tests and report a metric
(#​7370)
* fix: Make OTLP metrics snapshot testing more stable (#​7374)
* Add final job for blocking merges of PRs (#​7376)
* Fix debug symbol upload in release job (#​7377)
* Fix Windows SSI release (#​7379)
* Fix null ref type warning in Nuke (#​7382)
* Fix creation of label-based artifacts for system tests (#​7385)
* Filter our exit span from Azure Functions tests (#​7391)
* Fix variable generation for `linux-arm64` unit tests (#​7394)
* Add more alpine checks for native library (#​7395)
* [Test Package Versions Bump] Updating package versions (#​7396)
* Fix ASM WAF unit tests (#​7397)
* [SINT-3848] 🔒 Pin GitHub Actions to specific SHA versions for enhanced
security (#​7400)
 ... (truncated)

## 3.24.1

## Summary

- Fixes the SSI artifact publishing, which were not published in 3.24.0

## Changes

### Misc

- Fix Windows SSI release (#​7379)


[Changes since
3.24.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.24.0...v3.24.1)


## 3.24.0

## Summary

- [Tracer] Logs injection for connecting logs with traces is enabled by
default. To disable, set `DD_LOGS_INJECTION=0`
- [Tracer] Add support for latest S3 and MSTest packages
- [AAP] Add resource name to the collected endpoints
- [DSM] Flush DSM stats on Lambda Stop

## Changes

### Tracer
* Refactor the profiling configuration reading (#​7303)
* Minor `IConfigurationSource` clean up (#​7327)
* chore: clean up baggage span tags implementation (#​7335)
* Update default value of DD_LOGS_INJECTION to true (#​7336)
* Fix broken S3 integration (#​7368)

### CI Visibility
* [Test Optimization] Support for MSTest v3.10 (#​7343)

### ASM
* [AAP] Add resource name to the collected endpoints (#​7317)
* [AAP] Add latest supported waf capabilities to RC (#​7332)
* [AAP] Added WAF metrics. Reorganized other metrics to match RFC
(#​7356)
* [AAP] Update WAF ruleset to v1.15.0 (#​7331)

### Debugger
* [Dynamic Instrumentation] DEBUG-3514 Refactor debugger code (#​7304)
* Removes exception throwing during shutdown of dynamic instrumentation
(#​7375)

### Serverless
* DSMS-90: Flush DSM stats on Lambda Stop (#​7054)

### Data Streams Monitoring
* Do not inject DSM legacy headers by default in "default enabled" mode
(#​7351)

### Build / Test
* Update xunit to latest, fix analyzer warnings, and update analyzer
tests (#​7280)
* Send Warm-up request in iisexpress integration tests (#​7321)
* Update CODEOWNERS with SDK capabilities team as owners (#​7328)
* Pre pull aerospike image (#​7333)
* Remove CMake warning: jobserver unavailable: using -j1. Add `+' to
parent make rule. (#​7334)
* Fix typo in `create_draft_release` (#​7338)
* Fix the signing of the fleet installer exe (#​7341)
* Elaborate on Run failed description (#​7344)
* Work around flake in the Couchbase 3 integration tests (#​7357)
* Try to fix flake by using unique keys in StackExchange sample tests
(#​7359)
* Mark the OTLP metrics test as `[Flaky]` (#​7369)
* Fix more flake in the IIS fleet smoke tests (#​7372)
* Don't test Aerospike.Client 8.1.0 on .NET 6 or 7 (#​7349)

 ... (truncated)

## 3.23.0

## Summary

- [Tracer] Baggage tags are automatically added as span tags
- [Tracer] Fix resource-based sampling for ASP.NET Core
- [Test Optimization] Various fixes for commit info and codeowners
- [Test Optimization] Fix crash with Allure.Xunit
- [IAST] Fix potential crash on `ReadOnlySpan<>` `string.Concat()`
methods

## Changes

### Tracer
* feat(baggage): adding baggage to span tags (#​7020)
* Swap disposal ordering of inferred span (#​7293)
* Add `[MethodImpl(MethodImplOptions.NoInlining]` to all our
instrumented APIs in Datadog.Trace.Manual (#​7302)
* Refactor `TraceSampler` to separate building from evaluation (#​7311)
* Avoid generating resource name that will be thrown away if it's not
required (#​7312)
* Fix resource-based sampling for ASP.NET Core (#​7316)

### CI Visibility
* [Test Optimization] Retrieve head commit info (#​7285)
* [Test Optimization] Add codeowners and test source file tag at suite
level (#​7295)
* [Test Optimization] Fix base branch SHA usage (#​7300)
* [Test Optimization] Avoid crashing on Allure.Xunit usage (#​7305)

### ASM
* [AAP] Update WAF to v1.27.0 (#​7330)

### Continuous Profiler
* [Profiler] Use ringbuffer with timer create (#​7066)

### Fixes
* [IAST] Remove troublesome string.Concat overloads with
ReadOnlySpan<char> (#​7318)

### Miscellaneous
* Set default timeout for Trace Exporter to 15s. (#​7252)
* [OTEL] OTLP Metrics Exporter POC (#​7138)
* [Test Package Versions Bump] Updating package versions (#​7279)
* [Profiler] Add vcpkg setup for build (#​7292)
* Ensure file_opened_ is getting updated when rotating (#​7296)
* Bump rejit timeout to 200ms (#​7301)

### Build / Test
* Filter connection header in flaky tests (#​7290)
* Remove global state to try to fix flake (#​7291)
* Improve repeatability & precision of throughput tests on Linux & ARM
(#​7268)
* More fixes for do-not-merge (#​7274)
* Update the Windows test agent to latest (#​7275)
* Fix potential deadlocks in `IisFixture` process code (#​7281)
* [Profiler] Fix and bump timeitsharp (#​7294)
* Fix debug symbol upload in release (#​7297)
 ... (truncated)

## 3.22.0

## Summary

- [Azure Functions] Support for Azure Functions is GA
- [Azure Functions] Optimized support for Azure Functions with the
`Datadog.AzureFunctions` NuGet package
- [TestOptimization] Add support for `pr.number` and additional CI
variables
- [TestOptimization] Add support for `xunit.v3` version 3.x.x
- [Data Streams Monitoring] Initial support for the default experience

## Changes

### Tracer
* Integrations: Disable AWS Kinesis injection when the integration is
disabled (#​7239)
* Refactor `SpanContextInjector` and `SpanContextExtractor` and improve
tests (#​7258)

### CI Visibility
* [TestOptimization] Update the CI Environment Values parser (#​7242)
* Add support for `xunit.v3` v3 (#​7245)
* [Test Optimization] Add pr.number tag to Github provider (#​7262)

### ASM
* [AAP] Update WAF to V1.26 (#​7216)

### Continuous Profiler
* [Profiler] Add ringbuffer (#​7025)

### Debugger
* Reduce log level for `ConcurrentAdaptiveCache` capacity (#​7213)

### Serverless
* [Serverless] Remove "preview" version suffix from
`Datadog.AzureFunctions` (#​7229)
* [Azure Functions] Bump `Datadog.Serverless.Compat` package reference
version (#​7238)
* [Azure Functions] Fixes, refactoring, and clean-up (#​7256)
* [Azure Functions] Ignore additional URLs in outgoing HTTP client
requests (#​7271)
* [Azure Functions] Fix operation name (#​7272)
* [Serverless] add serverless teams as co-owners on additional files
(#​7273)
* [Serverless] GA nuget package `Datadog.AzureFunctions` (#​7283)

### Miscellaneous
* Add documentation on how to perform a major version update (#​7152)
* [IAST] Added compatibility for stable config (#​7164)
* Only enable Schema extraction when DSM explicitly enabled (#​7175)
* remove redundant dependency check for dynamic assemblies (#​7222)
* Bump libdatadog from 19.0.1 to 19.1.0. (#​7232)
* feat: add injection metadata fields to telemetry forwarder (#​7237)
* DSM default state reversal (#​7244)
* chore: add malformed baggage header telemetry (#​7254)
* Fix SSI injection telemetry (#​7288)
* Increase rejit timeout from 100ms to 150ms (#​7289)
* Add agent response handling to native interop (#​7201)
* Prevent and remove double-disposal in `DiscoveryService` and
`RemoteConfigurationManager` (#​7240)
 ... (truncated)

## 3.21.0

## Summary

- [Tracing] Add support for NLog 6.x.x
- [Test Optimization] Improve the CodeOwners parser
- [Data stream Monitoring] Various fixes for Kinesis, SQS, SNS, and
RabbitMQ integrations
- [Serverless] Add preview support for
[Datadog.AzureFunctions](https://www.nuget.org/packages/Datadog.AzureFunctions/3.21.0-preview#readme-body-tab)
NuGet package

## Changes

### Tracer
* Add support for NLog 6.0 (#​7131)
* Show correct `agent_uri` path in startup log for named pipes (#​7199)
* Try removing exceptions from the shutdown path (#​7200)
* Use non-BOM version of `Encoding.UTF8` in Libdatadog interop code
(#​7204)
* feat(libdatadog-logger): integrate libdatadog logging (#​7075)

### CI Visibility
* [Test Optimization] Improve the CodeOwners parser (#​7155)

### ASM
* [AAP] Report ASM RC status to Telemetry Config (#​7141)
* [AAP] Send WAF config errors to Telemetry Logs (#​7142)

### Continuous Profiler
* Don't load the profiler on arm64 (#​7169)
* [Profiler] Remove ssi telemetry (#​7176)
* [Profiler] Protect against thread abort (#​7187)

### Debugger
* [Exception Replay] Groundwork to support Test Optimization (#​7085)
* [Dynamic Instrumentaiton] Marking instrumentation as failure if
IsReEntryField is absent (#​7188)
* [Dynamic Instrumentation] Reducing noisy log lines (#​7198)

### Serverless
* Add new `Datadog.AzureFunctions` nuget package (#​7111)
* [Serverless] Update nuget package reference (#​7203)
* Add support for writing managed logs to the console (stdout) (#​7160)

### Fixes
* fix: Handle both SQS StringValue and SNS BinaryValue in context
extraction (#​7205)

### Build / Test
* [Profiler] Fix flacky tests (#​7161)
* Adding Throughput Test for Kafka & DSM (#​7133)
* ServiceBus.Minimal.Rebus SQL connection error (#​7146)
* [Test Optimization] Remove impacted tests backend tests (#​7151)
* [Test Package Versions Bump] Updating package versions (#​7156)
* Fix test InitializesTracerWhenTracingIsDisabled Flakiness (#​7163)
* Bump the gh-actions-packages group across 2 directories with 3 updates
(#​7166)
* Add retry to smoke crash tracking tests (#​7172)
 ... (truncated)

## 3.20.1

## Summary

Ensures we never load the Continuous Profiler on linux arm64, as it's
unsupported. Loading an unloading the Continuous Profiler can trigger
crash conditions on some old versions of glibc.

## Changes

### Continuous Profiler
* Don't load the profiler on arm64 (#​7169)

### Miscellaneous
* [fleet installer] Remove the global instrumentation commands (#​7182)

### Build / Test
* Fix release process by removing check for SSI artifacts (#​7180)
* Add workaround for messed up execution_benchmark results (#​7181)

[Changes since
3.20.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.20.0...v3.20.1)


## 3.20.0

> [!WARNING]
> Some old versions of glibc can trigger crash scenarios in version
3.20.0 of the tracer when running on Linux arm64, particularly when
using ASM. We recommend updating to 3.20.1 or newer.

## Summary

- Fix AWS S3 DeleteBucket integration (#​7118)
- Fix protobuf instrumentation error on versions < 3.13 (before Aug 14
2020) (#​7108)
- [Tracer] Capturing GraphQL Errors With SpanEvents (#​6899)
- Avoid using AsyncManualResetEvent in DSM stats processing (#​7027)
- Add fix for race condition in `InitResult` (#​7121)

## Changes

### Tracer
* Avoid using AsyncManualResetEvent in DSM stats processing (#​7027)
* Fix AWS S3 DeleteBucket integration (#​7118)
* Update service discovery check (#​7122)
* Improve CharSlice allocations (#​7127)
* Disable data pipeline if libdatadog is not available (#​7128)
* use manual instead of unknown (#​7143)
* Check for incorrect values in Manual assembly (#​7144)
* Don't write native loader logs when bailing out in Windows SSI
(#​7147)

### ASM
* [AAP][ApiSec] Add response body parse switch in API Security (#​7095)
* Add fix for race condition in `InitResult` (#​7121)

### Fixes
* [AAP] Reduce waf config diagnostics log levels (#​7094)
* Fix log4net tests to account for new process span to check for Android
(#​7104)
* Fix protobuf instrumentation error on versions < 3.13 (before Aug 14
2020) (#​7108)
* Create a `StringUtil` helper for correct nullable annotations on
`string.IsNullOrEmpty` (#​7119)
* Silently ignore empty user ids. (#​7150)

### Miscellaneous
* [Tracer] Capturing GraphQL Errors With SpanEvents (#​6899)
* [Test Optimization] Remove impacted tests backend implementation
(#​6901)
* Fix null reference exception (#​7077)
* [Test Package Versions Bump] Updating package versions (#​7090)
* Update libdatadog to v19.0.0 (#​7105)
* Add global tracing command to FleetInstaller.exe (#​7110)
* Avoid `dlclose` on glibc 2.34-2.36 (#​7125)
* [Test Package Versions Bump] Updating package versions (#​7126)
* Update .gitlab/one-pipeline.locked.yaml (#​7129)
* Update libdatadog to v19.0.1 (#​7139)
* [Docs] Fix Readme BuildAndRunOsxIntegrationTests sample (#​7148)

### Build / Test
* Grpc legacy flaky test (#​7096)
* Do not save system-tests/agent image (#​7106)
 ... (truncated)

## 3.19.0

## Summary

- Fix recursive visibility error in duck typing (#​7087)
- Fix NullReferenceException in Rabbit. (#​7083)
- Fix exception when closing a `Span` with null `ServiceName` (#​6748)
- [Test Optimization] Improve git commands (#​7050)
- [Profiler] Enable GC CPU consumption and thread lifetime features
(#​7045)
- [Dynamic Instrumentation] DEBUG-4063 Add WCF support for dynamic span
tags (#​7097)-

## Changes

### Tracer
* [Tracer] Add sampling tags during serialization (#​5360)
* [tracer] fix exception when closing a `Span` with null `ServiceName`
(#​6748)
* chore(telemetry): track whether tracing was enabled via ssi (#​6938)
* Fix `ErrorSkipTelemetry` by changing primary file logger to sub-logger
config (#​7049)
* chore: disable data pipeline by default (#​7055)
* fix(trace-exporter): add error handling when releasing handles in
ErrorHandle, TraceExporter, and TraceExporterConfiguration (#​7061)
* Fix recursive visibility error in duck typing (#​7087)
* [Dynamic Instrumentation] DEBUG-4063 Add WCF support for dynamic span
tags (#​7097)

### CI Visibility
* [Test Optimization] Improve git commands (#​7050)

### ASM
* Fix IAST DDBB flaky unit tests (#​6958)
* [AAP] Update waf version to v1.25.1 (#​7079)

### Continuous Profiler
* [Profiler] Add DD_PROFILING_HTTP_ENABLED env var configuration
(#​6993)
* [Profiler] Enable GC CPU consumption and thread lifetime features
(#​7045)

### Debugger
* [Dynamic Instrumentation] DEBUG-3961 Enable SymDB by default (#​7012)

### Fixes
* Update list of processes excluded from instrumentation (#​6599)
* fix(trace-exporter): use universal osx binaries for libdatadog
(#​7058)

### Miscellaneous
* feat(trace-exporter): setup boilerplate for data-pipeline integration
(#​6314)
* [Test Package Versions Bump] Updating package versions (#​6988)
* [Tracer] Service discovery integration (#​7014)
* Delete empty commontags interface (#​7060)
* Set `DD_TRACING_ENABLED=tracing` for IIS based SSI (#​7068)
* [Test Optimization] Add support for MSTest 3.9.x (#​7070)
* Don't fail the IIS instrumentation installation if IIS is not
available (#​7071)
* Refactoring to support DSM default state (#​7082)
* Fix NullReferenceException in Rabbit. (#​7083)
* Fix error in DefaultModelBindingContext (#​7086)
 ... (truncated)

## 3.18.0

## Summary

* Add support for async Oracle DB commands
* Add support for Microsoft.Extensions.Telemetry v9.5.0
* Various bug fixes

## Changes

### Tracer
* Differentiate between error states in logs (#​7030)

### ASM
* [AAP] Update waf value obfuscation default regex value (#​7004)
* [AAP] Update waf to v1.25.0 (#​7005)

### Fixes
* Ensure that there is an ActiveScope for AWS SDK Http integration
(#​7013)
* Fix Microsoft.Extensions.Telemetry logging integration for 9.5.0
(#​6989)
* Fix a `NullReferenceException` in AWS SDK
`RuntimePipelineInvokeAsyncIntegration` (#​7019)
* fix: enable retries on failure due to script error (#​7022)
* Fix support for async Oracle DB commands (#​7034)
* [Code Origin] DEBUG-3935 Fix type handle mismatch when resolving
attribute type (#​6994)

### Miscellaneous
* Add `net8.0` and `net9.0` to trimming nuspec (#​6983)
* Add `ILogger.ErrorSkipTelemetry()` to exclude certain logs from
telemetry (#​7028)

### Build / Test
* Update Microsoft.Azure.Functions.Worker.Sdk to 2.0.3 (#​6996)
* Pre-install the .NET SDK in Windows CI runners (#​7001)
* Fix timeout exception (#​7007)
* Add timeouts and retries to `LiveDebuggerTests` when debugger is
disabled (#​7010)
* Allow specifying `SampleName` filter and comprehensive version testing
(#​7015)
* Revert "Benchmarks: Update microbenchmarks to customize
BenchmarkDotNet command line arguments" (#​7016)
* Update Microsoft.Azure.Functions.Worker.Sdk to 2.0.4 (#​7018)
* Replace DownloadPipelineArtifact by a pipeline step (#​7021)
* Skip flaky debugger tests on x86 (#​7023)
* Streamline release process by not explicitly creating a tag in
`create_draft_release.yml` (#​7024)
* Mark a couple of tests as flaky (#​7026)


[Changes since
3.17.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.17.0...v3.18.0)


## 3.17.0

## Summary

* [Tracer] Add support for AWS SDK v4.0
* [Tracer] Fix resource-based sampling for ASP.NET spans in IIS
* [Tracer] Automatically disable Kafka header injection for unsupported
brokers
* [Test Optimization] Fixes for Impacted Tests and Attempt To Fix
* [ASM/IAST] Improve sampling behaviour for vulnerability detection and
schema extraction

## Changes

### Tracer
* Add support for AWS SDK v4.0 (#​6929)
* [Tracer] Fix resource-based sampling for `ASP.NET` spans in IIS
(#​6936)
* Fix: change `cmd.component` to `component` for process spans (#​6969)

### CI Visibility
* [Test Optimization] Add missing provider's environment variables.
(#​6956)
* [Test Optimization] Attempt to fix from v2 to v4 (#​6963)
* [dd-trace] Improved GAC commands (#​6995)
* Fix exit code from `GacUninstallCommand` when the assembly is not in
the GAC (#​7003)

### ASM
* [ASM] Disabled sampling in API Sec schema extractor in Standalone mode
(#​6957)
* [IAST] New sampling mechanism (#​6971)

### Continuous Profiler
* [Profiler] Provide exact minor.build version information for .NET
Framework applications (#​6974)
* [Profiler] Refactor sample transformation (#​6975)

### Dynamic Instrumentation
* [Dynamic Instrumentation] DEBUG-3796 Fix rate limiting for probes that
don't have limit (#​6921)

### Fixes
* Protect against null ref in W3CTraceContextPropagator.cs (#​6991)
* Add tests for manual injection/extraction and guard invalid
implementations (#​6998)
* Disable Kafka header injection when brokers return unknown error
(#​6945)

### Build / Test
* Fix Debugger Windows integration tests not running (#​6754)
* Remove throughput tests (#​6790)
* Speed up Serilog, Grpc, and RabbitMq tests (#​6894)
* Remove Benchmark stages (#​6895)
* Remove `isBenchmarksOnlyBuild` from the pipeline (#​6897)
* Remove `package_linux` as a dependency of `integration_tests_linux`
(#​6911)
* Avoid SystemDataSqlClientTests flaky tests (#​6912)
* Delete pipeline monitor (#​6913)
* Bump the gh-actions-packages group across 3 directories with 10
updates (#​6915)
* Remove deprecated field in `datadog-static-analyzer-github-action`
(#​6916)
* [Test Package Versions Bump] Updating package versions (#​6917)
* Update test projects and samples to target .NET Framework 4.8 (#​6922)
 ... (truncated)

## 3.16.0

## Summary

- [IAST] Add support for .NET 9 `ReadOnlySpan<T>` overloads for `string`
manipulation
- [IAST] Change cookie filter default value to avoid flooding
- [Continuous Profiler] Add WaitHandle wait duration profiling
- [Continuous Profiler] Fix possible shut down crash scenarios
- [Exception Replay] Added support for top-most failing local root span

## Changes

### Tracer
* [Tracer] update sampling formula (#​6866)

### ASM
* [ASM] Removed unneeded rewrite PInvoke call for ASM (#​6914)
* [IAST] Add support for Dotnet 9 ReadOnlySpan String overloads (#​6846)
* [IAST] Change cookie filter default value (#​6889)
* [IAST] Iast Aspects logs refactor (#​6888)

### Continuous Profiler
* [Profiler] Implement WaitHandle wait duration profiling (#​6426)
* [Profiler] Bump libdatadog to v17.0.0 (#​6805)
* [Profiler] Fix timer_create bug (#​6811)
* [Profiler] Fix short lived threads scenario (#​6864)
* [Profiler] Fix missing http profiler in profiler_list tag (#​6865)
* [Profiler] Remove logs in buggybits if needed (#​6898)
* [Profiler] Fix IpcServer for .NET Framework (#​6903)
* [Tracer] Fix possible crash in ContextTracker on shutdown (#​6893)

### Debugger
* [Exception Replay] Added support for top-most failing local root span
+ Communicating failure to capture errors (#​6859)

### Fixes
* Remove not required samples (#​6862)

### Miscellaneous
* Add readme for MacOS development (#​6018)
* Add documentation around Xunit.Combinatorial (#​6880)
* [Dynamic Instrumentation] DEBUG-3492 Remove duration from non method
snapshots (#​6735)
* Revert "[Dynamic Instrumentation] DEBUG-3492 Remove duration from non…
(#​6902)

### Build / Test
* Bump Microsoft.Azure.Functions.Worker.Extensions.Http from 3.2.0 to
3.3.0 in
/tracer/test/test-applications/azure-functions/Samples.AzureFunctions.V4Isolated
(#​6605)
* Add `Xunit.Combinatorial` for Combinatorial/Pairwise testing (#​6847)
* Add traits to exclude tests that will not run anyway (#​6858)
* Fix build warnings in debugger and ASM samples (#​6867)
* [Test Package Versions Bump] Updating package versions (#​6874)
* Expand ownership of Version Bump related files (#​6877)
* Add "all-green" job to enfore green CI policy (#​6879)
* [CI] Use public symbol org API KEY (#​6881)
 ... (truncated)

## 3.15.0

## Summary

- Add an inferred span to represent AWS API Gateway
(https://github.com/DataDog/dd-trace-dotnet/pull/6624)
- Add V2 of the Event Tracking SDK for ASM
(https://github.com/DataDog/dd-trace-dotnet/pull/6760)
- Add support for Datadog SpanEvents
(https://github.com/DataDog/dd-trace-dotnet/pull/6769)
- Add support for DynamoDB Span Pointers for Update Item and Delete Item
(https://github.com/DataDog/dd-trace-dotnet/pull/6775)
- Collect detected endpoints in Kestrel for API Security
(https://github.com/DataDog/dd-trace-dotnet/pull/6733)
- Add `code.origin` for entry spans in Dynamic Instrumentation
- Restore Google.Protobuf instrumentation
(https://github.com/DataDog/dd-trace-dotnet/pull/6826)
- Fix edge case with loading instrumentations
(https://github.com/DataDog/dd-trace-dotnet/pull/6815)
- Disable instrumentations when an integration throws a
`MissingMethodException`
(https://github.com/DataDog/dd-trace-dotnet/pull/6807)

## Changes


[Changes since
3.14.3](https://github.com/DataDog/dd-trace-dotnet/compare/v3.14.3...v3.15.0)


## 3.14.3

## Summary

Updates for initial Windows IIS OCI image preview release

## Changes

### Miscellaneous

- Update .gitlab/one-pipeline.locked.yaml (#​6818)

[Changes since
3.14.2](https://github.com/DataDog/dd-trace-dotnet/compare/v3.14.2...v3.14.3)


## 3.14.2

## Summary

Updates for initial Windows IIS OCI image preview release

## Changes

### Miscellaneous

* Update initial Windows IIS OCI image preview release

[Changes since
3.14.1](https://github.com/DataDog/dd-trace-dotnet/compare/v3.14.1...v3.14.2)


## 3.14.1

## Summary

Initial preview release of Windows IIS OCI images

## Changes

### Misc
* Initial Windows IIS OCI image preview release


[Changes since
3.14.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.14.0...v3.14.1)


## 3.14.0

## Summary

* [Database Monitoring] Propagate context for some stored procedures

## Changes

### Misc
* [Database Monitoring] Propagate context for some stored procedures
(#​6799)

### Build / Test
* [R&D Week Profiling] Add tests for sync over async scenarios (#​6763)
* Download and Copy libdatadog binaries for Data-Pipeline integration
(#​6777)


[Changes since
3.13.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.13.0...v3.14.0)


## 3.13.0

## Summary

- Fix RabbitMQ V7+ headers being overwritten (thanks @​johang88)!
- Update the default value of `DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED`
to `true`
- Fix `Microsoft.Extensions.Telemetry` logging integration in `9.3.0`
- [Test Optimization] Flaky Test Management feature 
- Temporarily remove instrumentation for Protobuf Schema tagging

## Changes

### Tracer
* [Tracing] Update the default value of
DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED to true (#​6751)
* [Tracer] Fix Rabbitmq7 header injection overwrites user supplied basic
properties [from external PR #​6730] (#​6753)
* Fix Microsoft.Extensions.Telemetry logging integration in 9.3.0
(#​6773)
* Refactor RabbitMQ test sample (#​6778)
* Clarify doc comment for DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED
(#​6791)
* fix: container ID prefix in metadata and related tests (#​6793)

### CI Visibility
* [Test Optimization] Flaky Test Management feature (#​6740)
* [Test Optimization] Add missing `test_session` metric (#​6776)

### ASM
* [ASM] Fix IAST Grpc DotNet flaky test (#​6772)

### Continuous Profiler
* [Profiler] Change profiler to use the libdatadog dynamic library
instead (#​6301)

### Debugger
* Skip the failing debugger tests (#​6755)

### Serverless
* Add AWS Lamda testing for .NET 9 (#​6779)

### Fixes
* [BUG]: RabbitMQ Basic Properties overwritten to default values
(#​6723)
* Fix: Rabbitmq7 header injection overwrites user supplied basic
properties (#​6730)
* Remove instrumentation for Protobuf Schema tagging (#​6792)

### Build / Test
* Fix dependabot configuration for gh-actions-packages group (#​6696)
* [IAST] LDAP flakiness fix (#​6706)
* [fleet installer] Add some integration tests (#​6714)
* [Test Package Versions Bump] Updating package versions (#​6732)
* [CI] Stop running windows throughput tests (#​6752)
* Remove profiler throughput tests and bump timeouts (#​6757)
* feat: add dev container for consistent development environment
(#​6761)
* [Benchmarks] Migrate linux throughput tests (#​6765)
* ssi tests onepipeline (#​6767)
* Remove graphql scenarios from CI system tests (#​6768)
 ... (truncated)

## 3.12.0

## Summary

* Fix `NoWarn` overriding in Datadog.Trace and Datadog.Trace.Trimming
NuGet packages
* [Tracer] Add support for S3 tracing using span links
* [Test Optimization] Add support to xUnit v3 2.x.x
* [ASM] Add support for standalone billing 
* [ASM] Add support for email injection detection in MimeKit and
SimpleEmail
* [Continuous Profiler] Enable ETW support by default for .NET Framework

## Changes

### Tracer
* Adding datadog.json filepath to tracer startup logs  (#​6307)
* [tracing] add null checks when iterating headers in propagators
(#​6460)
* S3 Span Pointers (#​6655)
* don't propagate baggage when http client integration is disabled
(#​6692)
* Fix: Ensure baggage properties are not interpreted as baggage values
(#​6693)
* HTTP over streams: use vendored `Utf8Parser.TryParse()` (#​6720)
* [Tracing] Add configuration key DD_TRACE_EXPERIMENTAL_FEATURES_ENABLED
(#​6727)
* [Tracing] Update DD_TAGS behavior through a feature flag to better
align with Datadog Agent tags parsing logic (#​6728)
* Ignore entire `baggage` header if malformed (#​6743)


### CI Visibility
* [Test Optimization] - Code refactor (#​6709)
* [Test Optimization] Add missing impacted test code in runner (#​6722)
* [Test Optimization] Add known tests feature (#​6725)
* [Test Optimization] Add support to xUnit v3 2.0.0 (#​6738)

### ASM
* [ASM] Standalone billing V2 migration (#​6663)
* [ASM] Dont store additive context in httpcontext (#​6609)
* [ASM] Email injection: MimeKit and SimpleEmail (#​6614)
* [ASM] Add new RASP telemetry tags (#​6685)
* [ASM][ATO]Add business logic event address to the waf (#​6701)
* [ASM] Add new WAF events success telemetry tags. (#​6707)
* [ASM] WAF error span tags (#​6729)
* [ASM][ATO] Fix : remove ISession for trimming file, and ducktype
(#​6737)

### Continuous Profiler
* [Profiler] Properly initialize appDomainId (#​6630)
* [Profiler] Add Export project in Demo for datadog-ci tests (#​6708)
* [Profiler] Enable ETW support by default for .NET Framework (#​6724)
* [Profiler] Add logs for the different profilers configuration (#​6739)
* [Profiler] Add tag GC CPU samples (#​6746)

### Dynamic Instrumentation
* [Dynamic Instrumentation] DEBUG-3572 Check for valid gzip content
(#​6687)

### Serverless
 ... (truncated)

## 3.11.1

## Summary

There are no changes in version 3.11.1 compared to 3.11.0, 3.11.1 is to
unblock an issue with SSI artifacts.

The release notes for 3.11.0 are shown below for convenience

- [Tracer] Add support for HotChocolate v15.x.x
- [Tracer] Add trimming support to Datadog.Trace, instead of requireing
Datadog.Trace.Trimming
- [Tracer] Add support 128-bit trace ids in logs injection 
- [Tracer] Add ability to disable `ActivitySource`s from being listened
to
- [Test Optimization] Add support for MSTest v3.8.x
- [Serverless] Add support for AWS SDK Step Functions
- [Continuous Profiler] Include CPU samples in profile
- [ASM] Always collect session ID
- [Data streams management] Add profobuf schema as OpenAPI json as tags

## Changes

### Tracer
* [Tracer] support 128-bit trace ids in logs injection (#​5363)
* Add ability to disable `ActivitySource`s from being listened to
(#​5795)
* [Dynamic Instrumentation] DEBUG-3132 Add Memoization Cache for
Redaction Logic (#​6292)
* Fix W3CTraceContextPropagator for non-standard array types (#​6654)
* Remove unused method (#​6659)
* Fix `DisabledIntegrationNames` not correctly disabling the integration
(#​6664)
* Pack trimming file in Datadog.Trace NuGet, and add trimming smoke
tests for the NuGet packages (#​6678)
* only enable protobuf instrumentation when DSM is enabled (#​6691)
* Add support for HotChocolate v15.x.x (#​6648)

### CI Visibility
* [Test Optimization] Support for MSTest v3.8.x (#​6686)

### ASM
* [ASM][ATO] Collect session id at all times (#​6623)

### Continuous Profiler
* [Profiler/Crashtracker] Bump libdatadog 16.0.3 (#​6589)
* [Profiler] Add number of CPU samples to the profile (#​6646)
* [Profiler] Fix Profiler execution benchmark tests (#​6652)

### Serverless
* [SVLS-5559] Inject trace context into AWS Step Functions input
attribute (#​6171)
* fix: dispose HttpWebResponses to avoid leaking FDs (#​6661)

### Build / Test
* [CI] Sending CI Vis Data to HQ (#​6621)
* Build the FleetInstaller executable and include in Windows OCI image
(#​6644)
* Add smoke tests for fleet installer (#​6645)
* Tack on apm-idm-dotnet reviewers to auto-bump PRs (#​6665)
* Make sure we upload hotfix artifacts to Azure (#​6667)
 ... (truncated)

## 3.11.0

## Summary

- [Tracer] Add support for HotChocolate v15.x.x
- [Tracer] Add trimming support to Datadog.Trace, instead of requireing
Datadog.Trace.Trimming
- [Tracer] Add support 128-bit trace ids in logs injection 
- [Tracer] Add ability to disable `ActivitySource`s from being listened
to
- [Test Optimization] Add support for MSTest v3.8.x
- [Serverless] Add support for AWS SDK Step Functions
- [Continuous Profiler] Include CPU samples in profile
- [ASM] Always collect session ID
- [Data streams management] Add profobuf schema as OpenAPI json as tags

## Changes

### Tracer
* [Tracer] support 128-bit trace ids in logs injection (#​5363)
* Add ability to disable `ActivitySource`s from being listened to
(#​5795)
* [Dynamic Instrumentation] DEBUG-3132 Add Memoization Cache for
Redaction Logic (#​6292)
* Fix W3CTraceContextPropagator for non-standard array types (#​6654)
* Remove unused method (#​6659)
* Fix `DisabledIntegrationNames` not correctly disabling the integration
(#​6664)
* Pack trimming file in Datadog.Trace NuGet, and add trimming smoke
tests for the NuGet packages (#​6678)
* only enable protobuf instrumentation when DSM is enabled (#​6691)
* Add support for HotChocolate v15.x.x (#​6648)

### CI Visibility
* [Test Optimization] Support for MSTest v3.8.x (#​6686)

### ASM
* [ASM][ATO] Collect session id at all times (#​6623)

### Continuous Profiler
* [Profiler/Crashtracker] Bump libdatadog 16.0.3 (#​6589)
* [Profiler] Add number of CPU samples to the profile (#​6646)
* [Profiler] Fix Profiler execution benchmark tests (#​6652)

### Serverless
* [SVLS-5559] Inject trace context into AWS Step Functions input
attribute (#​6171)
* fix: dispose HttpWebResponses to avoid leaking FDs (#​6661)

### Build / Test
* [CI] Sending CI Vis Data to HQ (#​6621)
* Build the FleetInstaller executable and include in Windows OCI image
(#​6644)
* Add smoke tests for fleet installer (#​6645)
* Tack on apm-idm-dotnet reviewers to auto-bump PRs (#​6665)
* Make sure we upload hotfix artifacts to Azure (#​6667)
* Restrict dependabot github actions to patch version bumps (#​6669)
* [Test Package Versions Bump] Updating package versions (#​6670)
* Reduce flake in Fleet installer tests (#​6671)
* Minor refactor in `ThreadAbortCodeFixProvider` (#​6673)
 ... (truncated)

## 3.10.2

## Summary

There are no code changes in this release compared to 3.10.1
This release was done to update the latest tagged version of
init-containers to fix a potential application crash issue.


[Changes since
3.10.1](https://github.com/DataDog/dd-trace-dotnet/compare/v3.10.1...v3.10.2)


## 3.10.1

## Summary

[Serverless] Resolve issue with sockets staying open too long in AWS
Lambda integration.

## Changes

### Tracer
* clean up http connections in AWS Lambda integration (#​6661)

[Changes since
3.10.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.10.0...v3.10.1)


## 3.10.0

## Summary

- [Tracing] Add S3 instrumentation and support for
Microsoft.Data.SqlClient 6.x.x
- [Tracing] Add `DD_TRACE_PROPAGATION_BEHAVIOR_EXTRACT` to control trace
continuation from incoming headers
- [CI Visibility] Add Xunit.v3 support
- [CI Visibility] Initial Impacted Tests support
- [ASM] Enable user id collection on authenticated requests
- [ASM] Fix blocking Redirect requests with invalid status code
- [Continuous Profiler] Implement outgoing HTTP requests profiling
- [Dynamic Instrumentation] Various bug fixes and improvements

## Changes

### Tracer
* [Tracing] Add s3 instrumentation (#​6590)
* [Tracing] Add configuration to change the trace context propagation
extract behavior (APMAPI-1009) (#​6320)
* Remove Security and IAST statics in `AspNetCoreDiagnosticObserver`
(#​6564)
* cleaning pass on HotChocolate instrumentation (#​6580)
* Add support for Microsoft.Data.SqlClient 6.x.x (#​6638)
* Call `HttpRequest.BuildUrl` to avoid URL caching (#​6361)
* Add Google Protobuf Instrumentation (#​6166)
* Revert "Add Google Protobuf Instrumentation (#​6166)" (#​6642)

### CI Visibility
* [CI Visibility] Add Xunit.v3 support (#​6573)
* [CI Visibility] Impacted Tests Reference Implementation (#​6559)
* [CI Visibility] Fix detached head situation (#​6594)
* [CI Visibility] Disable ImpactedTests flaky test (#​6616)

### ASM
* [ASM][ATO] user id collection on authenticated request (#​6431)
* [ASM] Fix set status error in .Net framework (#​6587)
* Change the way we collect ip and header (#​6591)
* [ASM] Fix errors exceptions on HttpContext get_Items (#​6592)
* [ASM] [IAST] Enable email injection unit tests (#​6595)
* [ASM] Fix NullReferenceException on HttpTransport get_StatusCode
(#​6602)
* [ASM][ATO] user id from sdk overwrite user login tags (#​6603)
* [ASM] Avoid null context repetitive log messages (#​6607)
* [ASM] Fix Blocking Redirect Invalid Status Code (#​6619)
* [IAST] Security Controls (#​6635)
* [IAST] Add IAST package exclusions (#​6610)

### Continuous Profiler
* [Profiler] Implement outgoing HTTP requests profiling (#​6280)
* [Profiler] Fix Windows 64 bit stack walking (#​6583)
* [Profiler] Fix null check in GetMachineBootTime (#​6628)

### Debugger
* [dynamic Instrumentation] DEBUG-2336 Add Concurrent Adaptive Cache
(#​6093)
* [Exception Replay] Fixed capturing issue of async methods with `await`
in finally block + added missing snapshot attributes + better frame
matching algorithm (#​6549)
 ... (truncated)

## 3.9.1

## Summary

- [Tracing/Serverless] Fix an issue in AWS Lambda layer where tracing
failed in .NET 6 when using Ready2Run
- [Continuous Profiler] Fix bug in stack walking on Windows

## Changes

### Continuous Profiler
* [Profiler] Fix Windows 64 bit stack walking (#​6583)

### Fixes
* Track internal rewrites and discard NGEN images (#​6588)
* Refactor the NGEN tracking fix to be more performant (#​6598)

### Build / Test
* Skip non-linux OCI package creation (#​6586)


[Changes since
3.9.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.9.0...v3.9.1)


## 3.9.0

## Summary

* [Tracer] Add support for Azure Functions SDK v2 and ASP.NET Core
Integration
* [Tracer] Add support for RabbitMQ v7
* [Tracer] Add support for OpenTelemetry's DefaultTextMapPropagator when
used without the SDK
* [Tracer] Fix container tagging for Alpine containers
* [ASM] Various bug fixes and reliability improvements

## Changes

### Tracer
* Add support for Microsoft.Azure.Functions.Worker.Core v2 (#​6472)
* Add support for RabbitMQ v7 (#​6479)
* Add CallTarget support for `ValueTask` in .NET FX and < .NET Core 3.1
(#​6480)
* Fix container tagging for Alpine containers (#​6505)
* Move SpanContextPropagator to TracerManager (#​6511)
* Fix Isolated Azure Functions performance when using `ASP.NET Core`
Integration (#​6567)
* [Tracing] Provide default implementation for
OpenTelemetry.Context.Propagation.Propagators.DefaultTextMapPropagator
[AIDM-504] (#​6544)

### CI Visibility
* [CI Visibility] Add missing telemetry metrics (#​6443)
* Add additional tests for CI Visibility configuration behaviour
(#​6513)
* Wait for background task in ConfigureCiCommand (#​6535)
* [CI Visibility] Improve Git commands execution (#​6545)

### ASM
* [ASM] Fix WebApi blocking on Response (#​6488)
* [ASM] Fix access violation exception when reading WAF addresses
(#​6510)
* [ASM] Context disposed related exceptions when calling the WAF
(#​6529)
* [ASM] Add a lock to handle WAF active addresses (#​6566)
* [ASM] Catch HttpException when reading the request body in .net461
(#​6459)
* [IAST] Lock vulnerabilities list access (#​6531)
* [IAST] Added IAST instrumentation category to ado net Reader
integrations (#​6523)

### Continuous Profiler
* [Profiler] Make `timer_create`-based CPU profiler default (#​6315)
* [Profiler] Cleanup repository (#​6547)
* Revert "[Profiler] Make `timer_create`-based CPU profiler default"
(#​6579)

### Debugger
* Fix pinned locals parsing + bump dotnet version for protobuf and
eShopOnWeb exploration tests (#​6475)
* [Debugger] Don't redact config/address tokens (#​6552)
* [Debugger] Don't redact env tokens from probe snapshots (#​6553)
* [Dynamic Instrumentation] DEBUG-3223 SymDB compression fix (#​6556)
* [Dynamic Instrumentation] Change the way we are using the gzip stream
in SymDB (#​6562)

### Serverless
* Run Azure Functions integration tests on .NET 8 and .NET 9 (#​6517)
* [serverless] Upload serverless assets to Azure so we can release for a
layer (#​6561)

 ... (truncated)

## 3.8.0

## Summary

- [ASM] Improved error handling and reporting
- [ASM/IAST] Fix a crash occurring when an attribute is decorated with
itself
- [Dynamic Instrumentation] Fix errors in symbol upload and exception
replay
- [AWS Lambda] Encode non-ascii error messages

## Changes

### Tracer
* [Tracing] Refactor internal Span Links API (#​6341)
* Support relative path in `DD_DOTNET_TRACER_HOME` (#​6434)
* Add support for `[DuckPropertyOrField]` (#​6463)

### ASM
* [ASM] Log `FormatException` from `get_Uri` as debug (#​6489)
* [ASM] Update Iast Log Warning to Error (#​6492)
* [ASM] upgrade warning to error (#​6421)
* [ASM] Fix IAST benchmark tests (#​6462)
* [ASM] Error metric for unknown operator errors (#​6465)
* [ASM] Introduce SecurityReporter for all reporting functions of
SecurityCoordinator (#​6481)
* [ASM] Normalise aspects exception logging (#​6495)
* Fix build issues on aspects on net5.0 (#​6500)

### Debugger
* [Dynamic Instrumentation] Hotfix SymDB and ER (#​6468)

### Serverless
* [serverless] encode lambda error.msg and error.type (#​6438)

### Fixes
* [IAST] Fix recursive custom attribute crash (#​6470)

### Build / Test
* [IAST] Skip failing tests (#​6455)
* repo: mandatory issue templates (AIDM-424) (#​6456)
* K8s Lib Injection tests: run on a matrix (#​6458)
* [Build] Fix version bump autogen files error (#​6464)
* Fix the build and some versions (#​6466)
* [IAST] skip dotnet 2.1 tests that can't work (#​6467)
* Exclude common failure in smoke tests (#​6469)
* allow running exploration tests on mac (#​6474)
* [Test Package Versions Bump] Updating package versions (#​6450)
* [Test Package Versions Bump] Updating package versions (#​6478)
* [Test Package Versions Bump] Updating package versions (#​6486)
* Parallelize unit tests (#​6483)
* [IAST] Propagation tests reorg (#​6487)
* fix UpdateVendoredCode on mac (#​6490)

### Miscellaneous
 ... (truncated)

## 3.7.0

## Summary

* [IAST] Extend stored XSS to cover more databases
* [IAST] Support of DefaultInterpolatedStringHandler
* [Tracer] Add support for HotChocolate 14.x.x, GraphQL.NET 8.x.x,
Aerospile.Client 8.x.x, MongoDB 3.0.0, and NpgSQL 9.x.x
* [Tracer] Fix runtime-metrics thread count
* [CI Visibility] Improve support for MSTest

## Changes

### Tracer
* Add Support for GraphQL HotChocolate v14 (#​6248)
* Add support for Graph.NET v8 (#​6423)
* Add support for `Aerospike.Client` v8 (#​6424)
* Add support for mongodb v3 (#​6354)
* Update npgsql to support 9.x.x (#​6350)
* Filter out dead threads in runtime metrics (#​6298)
* Fix bug in manual instrumentation (#​6330)
* Bail out if we're in a no-dynamic-code scenario (#​6362)
* Remove settings snapshot generator (#​6370)
* Ducktype instance type check (#​6373)
* Remove old generated public APIs (#​6376)
* Add try catch on shutdown (#​6378)
* Simplify duplication in `IConfigurationSource`  (#​6386)
* Make more integration settings case insensitive (#​6393)
* Update config-in-code manual instrumentation to use an
`IConfigurationSource` (#​6397)
* Remove the vendored arraypool eventsource (#​6398)
* Make `DirectLogSubmissionSettings` properly immutable and remove
`ImmutableDirectLogSubmissionSettings` (#​6400)
* Make `IntegrationSettings` properly immutable and remove
`ImmutableIntegrationSettings` (#​6405)
* Make `ExporterSettings` properly immutable and remove
`ImmutableExporterSettings` (#​6408)
* Validate data before EnumNgenModuleMethodsInliningThisMethod call
(#​6410)
* Make `TracerSettings` properly immutable and remove
`ImmutableTracerSettings` (#​6415)
* [Tracer] Fix git metadata retrieval (#​6444)
* [dd-dotnet] Catch error when failing to read env vars on IIS (#​6430)

### CI Visibility
* [CI Visibility] Fix MSTest integrarion bug (#​6336)
* [CI Visibility] Specify if the user is setting the DD_SERVICE (#​6348)
* [CI Visibility] Adding nullability checks (#​6374)
* [CI Visibility] Use same number of execution in EFD tests (#​6416)
* [CI Visibility] Set `TracerSettings` using a configuration source
instead of mutating (#​6399)

### ASM
* [ASM] Native CallTarget definitions (#​6252)
* [APM] Exclude windows only definitions from non windows dlls (#​6270)
* [ASM] IAST events in span's `meta_struct` (#​5803)
* [ASM][ATO] Collect request headers on login user events (failures and
success) (#​6225)
* [ASM] Update WAF v1.21.0 Ruleset 1.13.3 (#​6287)
* [ASM] Restore IAST unit tests (#​6294)
* [ASM][ATO] Adapt v3 new login tags and fix signup tags (#​6302)
 ... (truncated)

## 3.6.1

## Summary

* [Profiler] Fix a crash scenario on windows
* [CI Visibility] Catch crash when intelligent test runner upload fails
* [ASM IAST]: Fix for NullReferenceException in Stacktrace Walker

## Changes

### CI Visibility
* [CI Visibility] Catch `UploadRepositoryChanges` exceptions (#​6331)

### ASM
* [ASM] iast: Fix for NullReferenceException in Stacktrace Walker
(#​6326)

### Continuous Profiler
* [Profiler] Fix a crash scenario on windows (#​6328)

### Miscellaneous
* [Crashtracking] Filter the ptrace_create hook (#​6337)

[Changes since
3.6.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.6.0...v3.6.1)


## 3.6.0

## Summary

* Adds support for .NET 9
* Adds DSM support for AWS SNS
* Add support for baggage propagation
*  [CI Visibility] Add support for coverlet.msbuild coverage reporting
* [Dynamic Instrumentation] Collect code origin for exit spans
* [ASM] Fix shutdown bug
* [Continuous Profiler] Fix crash at shutdown

## Changes

### Tracer
* Baggage part 3/3: add public api to `Datadog.Trace.Manual` (#​6190)
* Baggage part 2/3: propagation (#​6158)
* Remove dependency on System.IO.Compression for .NET Framework build
(#​6192)
* Add default value to StringBuilderCache, and use in more places
(#​6232)
* Enable baggage propagator by default (#​6258)
* Add support for `AllowWriteStreamBuffering=false` in `WebRequest` for
.NET 9 (#​6271)
* Add initial support for .NET 9 (#​6265)
* Ensure that we never run any call target instrumentations in partial
trust (#​6290)

### CI Visibility
* [CI Visibility] Add more checks for the object pack files (#​6256)
* [CI Visibility] GitInfoProvider refactor (#​6259)
* [CI Visibility] Add support for coverlet.msbuild coverage reporting
(#​6284)
* [CI Visibility] Fix GitCommandParser test (#​6289)
* [CI Visibility] Catch some gitinfo exceptions. (#​6297)

### ASM
* [ASM] Avoid HttpRequestValidationException when reading body or
namevalueCollection values (#​6185)
* [ASM] Fix issue with waf disposing while it might concurrently be
updating (#​6250)
* [ASM] Serialize ASM tags and metrics (#​6272)
* [ASM] Fix benchmarks AppSecBodyBenchmarks: have a trace context to
avoid null reference exceptions (#​6274)
* [ASM] IAST: Add web form tests (#​6276)
* [ASM] iast: Fix `Microsoft.Data.Sqlite` database tainting (#​6295)
* [IAST] Minor cleanup in IAST aspects (#​6293)
* [IAST] Updated CallSite IL Dump (#​6240)

### Continuous Profiler
* [Profiler] CPU profiler: Check if the stackwalk lock was not already
taken (#​6198)
* [Profiler] Prevent `StackSamplerLoop` from crashing at shutdown
(#​6238)
* [Profiler] Add metrics for cpu and walltime profilers (#​6267)
* [Profiler] Fix crash at shutdown with the `timer_create`-based CPU
profiler (#​6268)

### Debugger
* [Dynamic Instrumentation] DEBUG-2916 Stabilize the probe processor
(#​6077)
* [Dynamic Instrumentation] DEBUG-3088 Add object pool (#​6105)
* [Dynamic Instrumentation] DEBUG-2913 Fix runtime reflection exceptions
when getting field value (#​6078)
* [Dynamic Instrumentation] DEBUG-2602 Collection expressions fixes
(#​6087)
 ... (truncated)

## 3.5.0

## Summary

- Add support for Ready2Run and NGen behaviour with manual
instrumentation
- Fix for IIS apps using `CustomConfigurationBuilder` with multiple apps
in a pool
- [DBM] Fix DBM bugs (pgssql query plan hints ignored, `DbDataSource`
issues, missing `Transaction` scope)
- [ASM] Only run RASP file operations on read operations
- Fix Remote Configuration values should be 64-bit not 32-bit

## Changes

### Tracer
* Make `DD_TRACE_<INTEGRATION>_ENABLED` Case Insensitive  (#​6175)
* Baggage part 1/3: change propagator signatures (#​6157)

### CI Visibility
* [CI Visibility] Fix errors detected from error tracking. (#​6222)

### ASM
* [ASM] remote configuration refactoring and simplifying updates
(#​6179)
* [ASM] Add rules version to all spans when ASM enabled (#​6188)
* [ASM] Fix possible null reference exception in extracting headers
(#​6211)
* [ASM] Update ruleset to version 1.13.2 (#​6218)
* [ASM] Restrict RASP Lfi operations to read operation only (#​6221)

### Continuous Profiler
* [Profiler] Make LibrariesInfoCache standalone (#​6019)
* [Profiler] Make sure we log only once for DebugInfoStore errors
(#​6187)
* [Profiler] Improve EtwEventsManager cleanup (#​6189)
* [Profiler] Fix bugs in the `timer_create`-based CPU profiler (#​6229)

### Fixes
* Add workaround for ASP.NET ConfigBuilder issue (#​6147)
* Reject method NGEN image if there's a rejit request for that method.
(#​6184)
* Revert "Load the tracer/profiler after guardrails checks" (#​6200)
* [DBM][fix] Do not prepend DBM injected comment when a pg plan hint is
present (#​6204)
* move all RC int values to long, to mirror RC backend (#​6219)
* Fix `InvalidOperationException` in DBM propagation (#​6233)

### Build / Test
* [ASM] Fix TestExternalWafHeaders snapshot netcore 2.1 (#​6202)
* [Test Package Versions Bump] Updating package versions (#​6150)
* Inject startup hook preferentially into static constructor when
available (#​6154)
* add new integrations system tests scenario (#​6177)
* Fix typo in create_draft_release.yml (#​6194)
* Fix using the wrong pool for smoke tests (#​6196)
* Pin Azure Functions version used in CI to get the integration tests
running (#​6203)
* [Test Package Versions Bump] Updating package versions (#​6206)
* Fix some build warnings in sample apps (#​6207)
* Fix IIS LoaderOptimisation tests not testing anything (#​6209)
* Update CosmosDb snapshots (#​6213)
 ... (truncated)

## 3.4.1

## Summary

- Fix a crash when .NET Framework and .NET Core run in the same process,
which can typically happen when using IIS an ".NET CLR Version" is _not_
set to "No Managed Code". May also affect applications running in Azure
App Service.

## Changes

### Fixes
* Revert "Load the tracer/profiler after guardrails checks" (#​6200)

[Changes since
3.4.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.4.0...v3.4.1)

## 3.4.0

> [!WARNING]
> We've identified a bug in version 3.4.0 only that can crash
applications that run .NET Framework and .NET Core in the same process,
which can typically happen when using IIS. Please ensure you update to
3.4.1.
>
> If you're using .NET Core in IIS, make sure to set ".NET CLR Version"
to "No Managed Code" in the application pool settings, [as described in
the Microsoft
documentation](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/advanced?view=aspnetcore-8.0#create-the-iis-site).

## Summary

- [Tracing] Add ability to disable additional ADO.NET Command Types
using `DD_TRACE_DISABLED_ADONET_COMMAND_TYPES`
- [Tracing] Add support for `3.x.x` of log4net 
- [CI Visibility] Automatic Test Retries
- [CI Visibility] Add support for session logical names
- [CI Visibility] Add extra tags for `vcpu_count` and in GitHub Action
pull_requests runs
- [ASM] Enable API Security feature by default
- [ASM] Add support for attacker fingerprinting
- [ASM] Add support for suspicious attacker blocking
- [Continuous Profiler] Fix potential deadlock between watcher and
sampler threads
- [Continuous Profiler] Improve performance for CPU profiler
- [Serverless] Add EventBridge and 128-bit trace ID support
- [DBM] Ensure context injection does not affect DBM injection

## Changes

### Tracer
* [Tracer] Set `_dd.base_service` tag whenever a span's service name is
different than the default value (`DD_SERVICE`) (#​5502)
* Add ability to disable additional `ADO.NET` Command Types (#​6042)
* Add support for `3.*` of `log4net` (#​6075)
* [APMAPI-473] Making `DD_HTTP_*_ERROR_STATUSES` Config Keys Consistent
(#​6095)
* Subscribe to AssemblyLoadContext.Default.Resolving (#​6148)
* Fix return value on error in delegate instrumentation (#​6153)
* Add support for the "new" dev.azure.com style URLs in SourceLink URL
parsing logic (#​6159)
* Include pID in managed logs filename (#​6161)
* Ensure we don't throw a null reference exception in Manual
instrumentation (#​6169)

### CI Visibility
* [CI Visibility] Test session logical names (#​6050)
* [CI Visibility] Add vcpu_count tag to tslv events (#​6055)
* [CI Visibility] Automatic Test Retries (#​6061)
* [CI Visibility] Avoid failing unfinished tests (#​6063)
* [CI Visibility] Add support for MSTest 3.6.0 (#​6080)
* [CI Visibility] Hide running command by default. (#​6086)
* [CI Visibility] Fix code coverage enabled tag behavior (#​6111)
* [CI Visibility] Add extra tags to GitHub Action pull_requests runs
(#​6141)
* [CI Visibility] Ensure commit messages are trimmed (#​6170)

### ASM
* [ASM] Segregate asm and iast contexts functionality (#​6118)
* [ASM] Delete unused snapshots (#​5758)
* [ASM] Attacker fingerprint (#​5982)
* [ASM] Fix exception when accessing ReportedExternalWafsRequestHeaders
(#​6030)
* [ASM] Activate api sec by default (#​6043)
 ... (truncated)

## 3.3.1

## Summary

- Fixes a bug introduced in 3.3.0 in which attempting to run some
commands (e.g. `cat`) in some distros would give the error `symbol
lookup error:
/opt/datadog/continuousprofiler/Datadog.Linux.ApiWrapper.x64.so:
undefined symbol: dlsym`

## Changes

### Continuous Profiler
* Fix dlsym issue (#​6048)

[Changes since
3.3.0](https://github.com/DataDog/dd-trace-dotnet/compare/v3.3.0...v3.3.1)


## 3.3.0

> [!WARNING]
> We've identified a bug with the .NET Tracer with the Continuous
Profiler enabled that may cause applications to crash - please avoid
3.3.0 and instead use 3.2.0 for the time being. We are working on a
hotfix for this ASAP.

## Summary

- [ASM] Fix some minor bugs (#​5943, #​5955, #​6017)
- [ASM] Improvements to stack trace reporting (#​6011, #​5997)
- [Dynamic Instrumentation] Add support for `typeof` expression
- [Continuous Profiler] Add support for heuristic-based activation
(#​5240, #​6002, #​6026)
- [DBM] Full propagation mode for SQL Server (#​5859)

## Changes

### ASM
* [ASM] Avoid unhandled HttpRequestValidationExceptions (#​5943)
* [ASM] Avoid reporting unknown matcher WAF errors (#​5955)
* [ASM] RASP: add telemetry tag for shell injection (#​5993)
* [ASM] Add new capabilities for RC (#​6008)
* [ASM] Change stack trim proportion (#​6011)
* [ASM]Fix InvalidOperationException in httpContext.Items (#​6017)
* [ASM] Capabilities reporting against WAF versions. (#​6028)
* [IAST] Add Stack trace to vuln location (#​5997)
* [IAST] Fix system test weak_cipher system test (#​6034)

### Continuous Profiler
* [Profiler] Support Single Step Instrumentation deployment and
activation (#​5240)
* [Profiler] Contention profiling: add blocking thread name (#​5981)
* [Profiler] Fix duplicated lifecycle telemetry (#​6002)
* [Tool] update continuous profiler diagnostics (#​6014)
* [Profiler] Disable `timer_create`-based CPU profiler when required
(#​6015)
* [Profiler] Send ssi info with profiles (#​6026)

### Debugger
* [Dynamic Instrumentation] DEBUG-2323 Add support for `typeof`
expression in EL (#​5539)

### Build / Test
* [Profiler] Disable SSI telemetry by default (#​6020)
* Fix SSI tests for profiler integration tests (#​6016)
* [Profiler/CI] Disable Profiler Windows ASAN job (#​5987)
* Add explicit permissions to all workflows (#​5728)
* [Test Package Versions Bump] Updating package versions (#​5873)
* [build] Build tracer with ReadyToRun (#​5962)
* Display the crash tests stdout live (#​5964)
* Timeit bump and fixes (#​5971)
* Add `linux-musl-arm64` standalone `dd-trace` to the v3 release
artifacts (#​5974)
* [CONTSEC-1501] Comment the action that uploads SARIF to Datadog
(#​5977)
* Include snapshot diff in snapshot body (#​5988)
* Make sure we run all the TFMs on master builds (#​5990)
* Minor CI fixes (#​6000)
* Fix installer tests (#​5994 => main) (#​6004)
 ... (truncated)

## 3.2.0

## Summary

This is the first stable release of the next major version of the .NET
APM SDK.

The following are the high-level changes present in the 3.x.x release
line compared to 2.x.x. These include breaking changes in public APIs,
changes in artifacts, and changes to default settings.

For the full list of changes, including exactly what changed and how you
should handle them, please see the
[MIGRATING](https://github.com/DataDog/dd-trace-dotnet/blob/master/docs/MIGRATING.md)
document

### New Features
- **Support for alpine images on ARM64**. `alpine` images with version
`3.18` and above, running on ARM64 images are now supported on .NET 6+.

### Breaking changes
- **Custom-only tracing (using the _Datadog.Trace_ NuGet package),
_without_ any automatic tracing, is no longer supported**. Custom
instrumentation with the _Datadog.Trace_ NuGet where you have _also_
configured
[automatic-instrumentation](https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/)
is still supported as it was in v2.x.x.
- **The public API surface has changed** in the *Datadog.Trace* NuGet
package. A number of previously obsolete APIs have been removed, and
some other APIs have been marked obsolete. Most changes are related to
how you create `TracerSettings` and `Tracer` instances.
- **Changes to default settings**. The default values of some settings
have changed, and others have been removed. See below for more details.
- **Changes in behavior**. The semantic requirements and meaning of some
settings have changed, as have some of the tags added to traces. See
below for more details.
- **The 32-bit MSI installer will no longer be available**. The 64-bit
MSI installer already includes support for tracing 32-bit processes, so
you should use this installer instead.
- **The client library will still be injected when
`DD_TRACE_ENABLED=0`**. In v2.x.x, setting `DD_TRACE_ENABLED=0` would
prevent the client library from being injected into the application
completely. In v3.0.0+, the client library will still be injected, but
tracing will be disabled.
- **Referencing the `Datadog.Trace.AspNet` module is no longer
supported**. In v1.x.x and 2.x.x ASP.NET support allowed adding a
reference to the `Datadog.Trace.AspNet` module in your web.config. This
is no longer supported in v3.x.x.

### Deprecation notices
- **.NET Core 2.1 is marked EOL** in v3.0.0+ of the tracer. That means
versions 2.0, 2.1, 2.2 and 3.0 of .NET Core are now EOL. These versions
may still work with v3.0.0+, but they will no longer receive significant
testing and you will receive limited support for issues arising with EOL
versions.
- **Datadog.Trace.OpenTracing is now obsolete**. OpenTracing is
considered deprecated, and so _Datadog.Trace.OpenTracing_ is considered
deprecated. See the following details on future deprecation.
- **macOS 11 is no longer supported for CI Visibility** in v3.0.0+. Only
macOS 12 and above are supported.

### Major version policy and future deprecation
- **Announcing a major version roadmap**. We intend to make yearly major
releases, starting from v3.0.0 in 2024, and v4.0.0 in 2025. We will aim
for minimal breaking changes, with the primary focus being on
maintaining support for new versions of .NET and removal of EOL
frameworks and operating systems.
- **Planned removal of support for .NET Core 2.x and .NET Core 3.0** in
version v4.0.0+. We intend to completely remove support for .NET Core
2.x and .NET Core 3.0 in v4.0.0. .NET Framework 4.6.1+ will continue to
be supported.
- **Planned removal of support for some linux distributions**. In
version v4.0.0, we intend to drop support for CentOS 7, RHEL 7, and
CentOS Stream 8.
- **Planned remove of support for App Analytics**. In version v4.0.0, we
intend to drop support for App Analytics and associated settings.

For the full list of changes, including exactly what changed and how you
should handle them, please see the
[MIGRATING](https://github.com/DataDog/dd-trace-dotnet/blob/master/docs/MIGRATING.md)
document

## Updates in this release

In addition to the changes described above, this release includes the
following features:

* [Tracer] Skip inserting the startup hook into methods in the type
`Costura.AssemblyLoader` (#​5910)
* [Tracer] Fix bug in ADO.NET connection string extraction #​5949
* [Exception Replay] Update configuration values #​5821
* [IAST] Taint values coming from database (#​5804)
* [IAST] Allow customized cookie filtering (#​5804)
* [ASM] RASP shell injection vulnerability (#​5871)
* [Profiler] Provide the thread id that blocked another thread (#​5959)

## Changes

### Tracer
* [Tracer] Skip inserting the startup hook into methods in the type
`Costura.AssemblyLoader` (#​5910)
* Add support for alpine on arm64  (#​5933)
 ... (truncated)

## 3.1.0-prerelease

## Summary

This is the second pre-release of the next major version of the .NET APM
SDK.

- [ASM] Changes to the collection of usr.id for authenticated clients

ASM’s [Account TakeOver (ATO)
detection](https://docs.datadoghq.com/security/account_takeover_protection)
is now automatically monitoring [all compatible user authentication
frameworks](https://docs.datadoghq.com/security/application_security/enabling/compatibility/)
to detect attempted or leaked user credentials during an ATO campaign.
To do so, the monitoring of the user activity is extended to now collect
all forms of user IDs, including non-numerical forms such as usernames
or emails. This is configurable with 3 different working modes:…
@e-n-0 e-n-0 mentioned this pull request Sep 26, 2025
Merged
e-n-0 added a commit that referenced this pull request Sep 29, 2025
@e-n-0
[AAP] Enable by default API Security Endpoints collection when appsec…
fb3ce74 
… enabled (#7569)

## Summary of changes

This PR enable by default the feature to collect all endpoints at
startup when appsec is enabled.

## Other details

See #6733 #7317 for implementation.
<!-- Fixes #{issue} -->


<!--  ⚠️ Note:

Where possible, please obtain 2 approvals prior to merging. Unless
CODEOWNERS specifies otherwise, for external teams it is typically best
to have one review from a team member, and one review from apm-dotnet.
Trivial changes do not require 2 reviews.

MergeQueue is NOT enabled in this repository. If you have write access
to the repo, the PR has 1-2 approvals (see above), and all of the
required checks have passed, you can use the Squash and Merge button to
merge the PR. If you don't have write access, or you need help, reach
out in the #apm-dotnet channel in Slack.
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NachoEchevarria NachoEchevarria NachoEchevarria approved these changes

@daniel-romano-DD daniel-romano-DD daniel-romano-DD approved these changes

Assignees

No one assigned

Labels

area:asm

Projects

None yet

Milestone

3.15.0

Development

Successfully merging this pull request may close these issues.

5 participants

@e-n-0 @andrewlock @NachoEchevarria @daniel-romano-DD