Change8

v3.19.1

📦 datadog-sdkView on GitHub →
🐛 10 fixes2 deprecations🔧 8 symbols

Summary

This release focuses heavily on stability and correctness, fixing critical memory safety issues in IAST, resolving severe inaccuracies in lock profiling, and patching several segmentation faults across the tracer. Support for older Tornado versions is deprecated.

Migration Steps

  1. If using Tornado, upgrade to Tornado v6.1 or later.
  2. If programmatically configuring Tornado tracing via `ddtrace.contrib.tornado`, migrate configuration to use environment variables or `import ddtrace.auto`.
  3. If using sampling rates less than 100%, verify lock profiling metrics are now correct.

🐛 Bug Fixes

  • Resolved an issue where the appsec layer was incompatible with the lambda/serverless version of the tracer.
  • Fixed a critical memory safety issue in IAST when used with forked worker processes (MCP servers with Gunicorn and Uvicorn) that caused segmentation faults due to stale PyObject pointers in native taint maps after fork.
  • Fixed an issue with line probes matching the wrong source file when multiple source files from different Python path entries share the same name.
  • Ensured exception information is captured when exceptions are raised by the GraphQL client library.
  • Prevented injection into the `gsutil` tool.
  • Fixed an `AttributeError` in the Google ADK integration when accessing the `name` or `description` attributes of a tool.
  • Resolved a critical issue where the Lock Profiler generated incorrect release samples for non-sampled lock acquires, leading to inflated or negative lock hold times. This affected customers using sampling rates < 100%.
  • Prevented a use-after-free crash from the memory profiler on Python versions 3.10 and 3.11 (addressing a bug in a previous fix).
  • Fixed a segmentation fault caused by accessing `frame.f_locals` while trying to retrieve the class name of a `PyFrameObject`.
  • Fixed a potential `IndexError` in partial flush when the finished span counter was out of sync with actual finished spans.

🔧 Affected Symbols

ddtrace.contrib.tornadoIASTGunicornUvicornLock ProfilerMemory ProfilerPyFrameObjectDD_TRACE_PARTIAL_FLUSH_MIN_SPANS

⚡ Deprecations

  • Support for Tornado versions older than v6.1 is deprecated. Users must use Tornado v6.1 or later.
  • Programmatic tracing configuration via the `ddtrace.contrib.tornado` module is deprecated. Tracing should now be configured using environment variables and `import ddtrace.auto` instead.