Version 8.8.0

New features and improvements

• Add support for Jetty 12, including Jetty’s implementation of the Jakarta EE 8, 9, and 10 specs. 1621

• Add support for Vert.x versions 4.0.0 through 4.4.x 1588

• Add instrumentation for graphql-java 21 1454

• Instrument r2dbc-postgresql 0.9.2 till latest 1413

• Reintroduce the legacy HTTP Attributes that were removed in v8.0.0 to support customers with alerts and dashboards that require them 1671
  The attributes are:

  • httpResponseCode
  • httpResponseMessage
  • response.status
  • response.statusMessage

  Attribute reporting is configurable via the following means.

  YAML:

  attributes:
    http_attribute_mode: both
  

  System property:

  -Dnewrelic.config.attributes.http_attribute_mode=both

  Environment variable:

  NEW_RELIC_ATTRIBUTES_HTTP_ATTRIBUTE=both 

  The configuration options are:

  • standard : The agent will send new standard attributes. This configuration is recommended but requires that any alerts or dashboards using attributes be updated to use these new attributes. This setting will reduce the amount of ingest used for attribute reporting.
  • legacy : The agent will send the legacy attributes referenced above. Customers with alerts or dashboard requiring these attributes can continue to be used as-is. This setting will reduce the amount of ingest used for attribute reporting.
  • both : This is the default configuration, the agent will send BOTH legacy AND standard HTTP attributes. This configuration was intended to support customers that are unable to modify their alerts or dashboards but this configuration will increase data ingest.

• Add an interface for our error API. Our error API can now be called via the code NewRelic.getAgent().getErrorApi() 1577

• Add log4j2 JsonLayout support and support log4j2 till latest. 1545

• Add httpstatus in the external segment for Spring Webclient 1610

• Enable slow transaction detection by default and bump the threshold to 10 minutes 1629

• Add support for string formatting with JBoss Logging. 1650

• Add logic to remove specific classes from being excluded from being weaved if the IAST security feature is enabled. 1453

  The affected classes belong in the following formats:

  • ^java/security/.*
  • ^javax/crypto/.* These are crypto classes which can cause class circularity errors if they get too far along in the class transformer.
  • ^net/sf/saxon.*

  If you wish to re-include these excluded rules, you can do so via the following means.

  YAML:

    class_transformer:
      excludes: ^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

  System property:

  -Dnewrelic.config.class_transformer.excludes=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

  Environment variable:

  NEW_RELIC_CLASS_TRANSFORMER_EXCLUDES=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

• Prevent license_key value from being written to the agent logs when using debug and/or audit_mode logging 1653

IAST

• The IAST feature now also supports Async HTTP client version 2 and above 142
• Added support for Sun Net HTTP Server 142
• JSON version bump to 1.1.1 142
• Add critical error logging via LogMessage event 142

Fixes

• Fix transaction naming in Spring controllers with a CGLIB proxy. Transactions now use the actual class name as opposed to the proxied class name. 1574

• Fix a NullPointerException caused by ServletContext in servlet instrumentation modules. 1636

• Fix a memory leak caused by Lettuce instrumentation. Duplicate code for transaction linking has been removed from the Lettuce instrumentation and is handled by netty-reactor instead. 1608

• Fix a bug where invalidating a license key causes a memory leak. Reconnection tasks are now capped in the event of a LicenseException. 1606

• Fix a NullPointerException caused by RPMServiceManager 1604

• Add a workaround for a memory leak that may occur in rare scenarios with instrumentation using the legacy async API in the Java Agent (which async servlets and Jetty Continuations use). 1555

  The option can be configured via the following means:

  Agent config file (this will update dynamically if the config file is changed)

  common: &default_settings
    legacy_async_api_skip_suspend: true

  System Property

  -Dnewrelic.config.legacy_async_api_skip_suspend=true

  Environment Variable

  NEW_RELIC_LEGACY_ASYNC_API_SKIP_SUSPEND=true

IAST

• DynamoDB v2 issue: missing attribute values for conditionCheck method in case of transactWriteItems operation on DynamoDB 142

• Fixed an Insecure cookie attack vulnerability. 142

• Never print LicenseKey 142

Deprecations

The following instrumentation modules are deprecated and will be removed in the next major release:

• aws-wrap-0.7.0
• java.completable-future-jdk8
• play-2.3
• spring-3.0.0
• netty-3.4
• Struts v1

Full Changelog: v8.7.0...v8.8.0

Version 8.7.0

New features and improvements

• Adds support for Java 21 1546

• Add experimental config option to run the agent with unsupported java versions 1480

• Add intrinsic attribute thread.id to spans to allow for faceting queries by thread ID 1513

• Include stack traces in client spans 1507

• Adds support for getting the containerId from a docker container with Linux cgroup v2. 1529

• Add database and external span attributes to correlate to metric data in accordance with Open Telemetry specs. Certain old attributes are removed. 1525

  New attributes:

  • db.system
  • db.operation
  • db.collection
  • server.address
  • server.port

  Removed attributes:

  • component
  • peer.hostname

• Add slow transaction detection which can be configured. It is disabled by default. 1542
  E.g:

  slow_transactions:
    enabled: true
    threshold: 1000 # The threshold is measured in milliseconds

• Add instrumentation for r2dbc postgresql 0.9.2 to 0.9.x 1410

• Security Agent: Add new configuration to enable/disable low priority instrumentation security.low-priority-instrumentation.enabled for the CSEC agent. Default value is false. 1515

• Security Agent: Cassandra DB v3.0+ Support: The Security agent now supports Cassandra DB version 3.0 and above 122

• Security Agent: HttpClient v5.0+ Support: The Security agent now also supports HttpClient version 5.0 and above 122

• Security Agent: Support for std-out logging 122

• Security Agent: Added feature for Daily log rollover 122

• Security Agent: Support for logger config: log_file_count and log_limit_in_kbytes 122

• Security Agent: Relocating all our instrumentation packages under the package com.newrelic.agent.security.instrumentation.* 122

Fixes

• Fixed a bug where a ClassCircularityError was thrown by Sonarqube9.9 1522

• Fix a bug where the Java agent fails to detect spring-security-oauth2-client.jar 1462

• Fix a bug where Spring 6/ Spring Boot3 does not report underlying exception/stacktrace when a @RestControllerAdvice class is used 1538

• Fix HttpUrlConnection instrumentation so segment timing is accurate 1537

• Fixes a bug in Spring 6 instrumentation where transactions are incorrectly named in certain scenarios. 1544
  Such include:

  • "built-in" controllers that don't have @RestController-like annotations, e.g. /actuator/health (see Actuator endpoints)
  • custom controllers that don't use @RestController directly (e.g. using custom annotations)
  • requests returning 401s / 404s

• Add a fix for JBoss EAP / Wildfly where if customers are using the J2EE/Jakarta Management API, the application fails to startup. 1549
  This is done by adding the system property com.newrelic.jboss.jsr77.fix and setting it to true.
  E.g.

  -Dcom.newrelic.jboss.jsr77.fix=true
  

  Customers using JBoss EAP 7.4+ or Wildfly 23+ will need to manually configure the io.undertow.servlet module and add
  java.management as a dependency.
  This translates to doing the following steps:

  1. Opening the file modules/system/layers/base/io/undertow/servlet/main/module.xml
  2. Adding the XML element <module name="java.management"/> inside the body of the <dependencies> tag

  Here is what the configured XML file may look like:

  <module name="io.undertow.servlet" xmlns="urn:jboss:module:1.9">
      <resources>
          <resource-root path="undertow-servlet-2.2.5.Final-redhat-00001.jar"/>
      </resources>
  
      <dependencies>
          <module name="javax.annotation.api"/>
          <module name="sun.jdk"/>
          <module name="javax.servlet.api"/>
          <module name="javax.servlet.jsp.api"/>
          <module name="javax.servlet.jstl.api"/>
          <module name="org.jboss.logging"/>
          <module name="io.undertow.core"/>
          <module name="org.jboss.xnio"/>
          <module name="jdk.unsupported"/>
          <module name="java.management"/>
      </dependencies>
  </module>

• Resolve missing class exception on Scala instrumentation 1528

• Security Agent: Fixed ClassNotFoundException for IOStreamHelper class with Glassfish 122

Security

• Update agent dependency commons-codec to v1.13 1548
• Update JFR daemon to 1.11.1. This upgrade updates the underlying OkHttp dependency to version 4.12.0 1561

Deprecations

The following instrumentation modules will be removed in the next major release:

• aws-wrap-0.7.0
• java.completable-future-jdk8
• play-2.3
• spring-3.0.0
• netty-3.4
• Struts v1

Full Changelog: v8.6.0...v8.7.0

Version 8.6.0

New features and improvements

• Support latest Wildfly #1373

• Support latest JBoss EAP #1336

• Spring Cache instrumentation #1458

This new instrumentation module allows you to see how your caches are performing. It provides hit/miss metrics as well as clear and evict.
Search "Metrics Explorer" for the new metrics:

Cache/Spring/<cache-provider>/<cache-name>/hits
Cache/Spring/<cache-provider>/<cache-name>/misses
Cache/Spring/<cache-provider>/<cache-name>/clear
Cache/Spring/<cache-provider>/<cache-name>/evict

• Kafka client node metrics #1338

This is a new instrumentation for Kafka clients. It provides metrics similar to the existing instrumentation module, but this provides them by node/topic, whereas the existing one only uses topic. This module is disabled by default, check its documentation for more information.

• Kafka client config events #1338

This new instrumentation module sends the Kafka configuration as events periodically.

• Improved Struts 2 instrumentation #1457

The Struts 2 instrumentation has been refactored to use a newer instrumentation technique, which allows it to be disabled.

• Improved code-level metrics for Servlets. #1394
• Security Agent: Support for Apache log4j 3.0.0-alpha1.
• Security Agent: Support for Commons.jxpath.
• Security Agent: Add agent monitoring details and matrix to health check.
• Security Agent: Limiting the supported version range for Jetty.

Fixes

• Fixed a bug in the Spring instrumentation when OpenFeign was used. #1197
• Fixed a bug where utility classes were not weaved. #1073
• Fixed a bug where the agent would not properly send its dependencies. #1340
• Security Agent: Issue with HealthChecking having empty process stats issue

Deprecations

• aws-wrap-0.7.0
• java.completable-future-jdk8
• play-2.3
• spring-3.0.0
• netty-3.4
• Struts v1

Full Changelog: v8.5.0...v8.6.0

Version 8.5.0

New features and improvements

• Kafka Connect instrumentation: Adds metrics and transaction tracing for version 2.0.0+ #1324
• Kafka: Added metrics to understand the relationship between consumers, producers, topics and nodes #1223
• IAST: Limiting the supported version range for Apache log4j due to the new version release of Apache log4j on 21 June 2023 #80
• IAST: Support for indication what all API-IDs are scanned or being scanned #80
• All existing instrumnetation now supports Jakarta 10 EE

Fixes

• Implement the getStatus() method in the NRWrapper class for version 5 and 6 of Servlet instrumentation #1315

Deprecations

• aws-wrap-0.7.0
• java.completable-future-jdk8
• play-2.3
• spring-3.0.0
• netty-3.4
• Struts v1

New Contributors

• @deleonenriqueta made their first contribution in #1334
• @javimb made their first contribution in #1223

Full Changelog: v8.4.0...v8.5.0

Version 8.4.0

New features and improvements

Added a public preview of the Interactive Application Security Testing (IAST) mode of the New Relic Security agent. 1224

Warning
The New Relic Security agent IAST mode is in public preview and should only be used in non-production environments.

By default, the New Relic Security agent IAST mode is completely disabled. To enable it, set both newrelic.config.security.agent.enabled=true and newrelic.config.security.enabled=true.

Full configuration options are detailed below (note that the security stanza should be indented two spaces under the pre-existing common stanza in the newrelic.yml config file):

  # New Relic Security vulnerability detection.
  security:
    # Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is
    # true, the security module will run but data will not be sent. Default is false.
    enabled: false

    # New Relic Security provides two modes: IAST and RASP
    # Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a
    # production environment or an environment where production data is processed.
    mode: IAST

    # New Relic Security’s SaaS connection URL
    validator_service_url: wss://csec.nr-data.net

    # To completely disable all security functionality, set this flag to false. This property is
    # read only once at application start. Default is false.
    agent:
      enabled: false

    # These are the category of security events that can be detected. Set to false to disable detection of
    # individual event types. Default is true for each event type.
    detection:
      rci:
        enabled: true
      rxss:
        enabled: true
      deserialization:
        enabled: true

New Contributors

• @harshit-ap made their first contribution in #1222
• @lovesh-ap made their first contribution in #1274

Full Changelog: v8.3.0...v8.4.0

Version 8.3.0

New features and improvements

• Batch Payloads and Compression for Infinite Tracing: Enhanced performance by providing option to enable payload compression and batching for Infinite Tracing 1146.

• HttpClient v5.0+ Support: The Java agent now supports HttpClient version 5.0 and above 1252.

• On-the-fly Class Retransformation: Classes with Trace annotation are now retransformed upon attach, enhancing instrumentation flexibility 1147.

• Enhanced Logging for Cats Effect 2: Log Cats Effect 2 instrumentation at Finest log level 1173.

• High Security Mode disables user tracking
  1261.

• Selective RollingFileAppender Usage: The RollingFileAppender is now only used when log_limit_in_kbytes is greater than 0, improving logging efficiency 1228.

Fixes

• Fixed Cats Effect 2 Logging: Addressed issues with Cats Effect 2 logging for better reliability 1269.

New Contributors

• @mbszarek made their first contribution in #1173

Full Changelog: v8.2.0...v8.3.0

Version 8.2.0

New features and improvements

• Added support for Java 20 #1226

Fixes

• Prevented a NullPointerException from the lettuce instrumentation #1204
• Fix failure with browser agent auto injection for tomcat versions 8.5.87+ and 9.0.74+ #1225

New Contributors

• @pliu-newrelic made their first contribution in #1206

Full Changelog: v8.1.0...v8.2.0

Version 8.1.0

New features and improvements

• Added support for Webflux 6 1181

• Added support for Spring JMS 6 1088

• Added support for Mongodb Reactive Streams 1164

• Added support for Kafka Streams 1170

  Support for Kafka Streams comes in two flavors, metrics and spans. Metrics are enabled by default, while spans are disabled by default. To enable spans add the following to your newrelic.yml configuration under the common stanza:

common:
  class_transformer:
    kafka-streams-spans:
      enabled: true

• Error fingerprint - supply your own errors inbox group names 1195

  Are your error occurrences grouped poorly? Set your own error fingerprint via a callback function. A new public API method has been added that will accept a user defined proc. The proc will be invoked for each noticed error and whenever it returns a string, that string will be used as the error group name for the error and will take precedence over any server-side grouping that takes place with the New Relic errors inbox. This gives users much greater control over the grouping of their errors. For more information check our API: Error Grouping and APM: Group errors tab pages.

• User tracking - associate errors with a user id 1188

  You can now see the number of users impacted by an error group. Identify the end user with a new public API method that will accept a string representation of a user id and associate that user id with the current transaction. Transactions and errors will then have a new enduser.id agent attribute associated with them. This will allow agent users to tag transactions and errors as belonging to given user ids in support of greater filtering and alerting capabilities. For more information check the Newrelic.setUserId documentation and the Track users impacted with errors inbox page.

• Invoking token.link() outside a transaction will instrument that method to start an async transaction 1140

• The Kafka clients instrumentation has new metrics to list the nodes: MessageBroker/Kafka/Nodes/<node> 1130

Fixes

• Fix ClassCircularityError when agent attaches 1137
• Fix NullPointerException thrown when calling addCustomAttributes 1115
• Make sure TokenAndRefCount.token is never null 1149
• Using a time based cache to store database connection data to prevent a memory leak when instrumenting MySQL client with replication 1114
• Decreased the number of threads used in the HttpUrlConnection instrumentation 1145
• Fix an issue when HttpUrlConnection is used with the legacy cross application tracing 1142
• Performance improvement in Netty’s RequestWrapper 1163
• Gracefully shutdown the agent if it encounters issues on startup 1136
• Fix WeavedMethod and InstrumentedMethod annotations when applied to constructors. 1153
• Performance improvements when using Tomcat 1131
• Fixed a bug that caused the agent to not report some exceptions 1176
• Updated DockerData to increase the number of container IDs detected 1178
• Reduce the number of threads used in Kafka clients instrumentation 1056
• Grammar changes 1175 and 1190

New Contributors

• @fryckbos made their first contribution in #1130
• @yuzawa-san made their first contribution in #1163
• @koenpunt made their first contribution in #1175
• @jbedell-newrelic made their first contribution in #1178

Full Changelog: v8.0.0...v8.1.0

Version 8.0.1

Fixes

• Various fixes to the HttpUrlConnection instrumentation. See the README for full details #1145
• Ensure that TokenAndRefCount.token is never null #1148
• Correct a possible NullPointerException being thrown when calling addCustomAttributes #1141
• Fix ClassCircularityError when agent attaches
  #1139

Full Changelog: v8.0.0...v8.0.1

Version 8.0.0

Important

This release includes a change to the HttpURLConnection instrumentation that creates a TimerTask to help ensure complete externals reporting. Under some circumstances this may result in a large number of threads being created, which may exhaust the maximum allocated to the JVM, causing it to stop. This issue has been fixed in the 8.0.1 release and it is highly recommended that you update to this version of the Java agent.

New features and improvements

• Added support for Slick 3.4.0 on Scala 2.13 #1072
• Added support for Embedded Tomcat JMX #1039
• Updated the Java agent’s snakeyaml dependency to 1.33 #1077
• Added tracer debug logging, which will appear when -Dnewrelic.config.log_level=finest
  and -Dnewrelic.debug=true are set #1066
• Improved logging when using the recordCustomEvent API now includes event type, key and value #1083
• Added Log4j1 instrumentation to support auto log forwarding #1097
• Added JBoss Logging instrumentation to support auto log forwarding #1126
• Real-time profiling for Java using JFR metrics can now be dynamically enabled/disabled via agent configuration #1124

Fixes

• Removed leading slash in JCache metric names #1112
• Fixed a bug that was preventing Log4j2 metrics from getting disabled properly #1068
• Added a missing delimiter in POSTGRES_DIALECT_PATTERN #1050
• Fixed a ClassCastException in GraphQL 16/17 #1082
• Refactored HttpURLConnection instrumentation to fix several bugs that were affecting external calls and distributed traces #1102
• Refactored grpc-1.40.0 instrumentation to ensure that tokens were properly being linked across threads #1105
• Fixed a bug that was causing transactions to fail to link when the Spring Webclient would timeout and emit a ReadTimeoutException #1109

Removals

The following previously deprecated instrumentation modules were removed:

• cassandra-datastax-2.1.2
• httpclient-3.0
• jdbc-embedded-derby-10.2.1.6
• jdbc-embedded-derby-10.10.1.1
• jetty-7
• jetty-7.6
• jetty-9
• jetty-9.0.4
• jetty-9.1
• mongodb-2.12
• mongodb-2.14
• mongodb-3.0
• okhttp-3.0.0
• okhttp-3.4.0
• okhttp-3.5.0

The previously deprecated httpResponseCode, response.status and response.statusMessage transaction/span attributes were removed. These have been replaced by http.statusCode and http.statusText. If you have any custom dashboards or alerts that query the httpResponseCode, response.status, and response.statusMessage attributes then they will need to be updated to instead use http.statusCode and http.statusText.

New Contributors

• @malaki12003 made their first contribution in #1050
• @coreyarnold made their first contribution in #1101
• @smiklos made their first contribution in #1103
• @saxond made their first contribution in #1112