Bugfix: obfuscating URLs to external services no longer modifying original URI
A recent change to the Ruby agent to obfuscate URIs sent to external services had the unintended side-effect of removing query parameters
from the original URI. This is fixed to obfuscate while also preserving the original URI.
Thanks to @VictorJimenezKwast for pinpointing and helpful unit test to demonstrate.
v6.13.0
Bugfix: never use redirect host when accessing preconnect endpoint
When connecting to New Relic, the Ruby Agent uses the value in Agent.config[:host] to post a request to the New Relic preconnect endpoint. This endpoint returns a "redirect host" which is the URL to which agents send data from that point on.
Previously, if the agent needed to reconnect to the collector, it would incorrectly use this redirect host to call the preconnect
endpoint, when it should have used the original configured value in Agent.config[:host]. The agent now uses the correct host
for all calls to preconnect.
Bugfix: calling add_custom_attributes no longer modifies the params of the caller
The previous agent's improvements to recording attributes at the span level had an unexpected
side-effect of modifying the params passed to the API call as duplicated attributes were deleted
in the process. This is now fixed and params passed in are no longer modified.
Thanks to Pete Johns (@johnsyweb) for the PR that resolves this bug.
Bugfix: http.url query parameters spans are now obfuscated
Previously, the agent was recording the full URL of the external requests, including
the query and fragment parts of the URL as part of the attributes on the external request
span. This has been fixed so that the URL is obfuscated to filter out potentially sensitive data.
Use system SSL certificates by default
The Ruby agent previously used a root SSL/TLS certificate bundle by default. Now the agent will attempt to use
the default system certificates, but will fall back to the bundled certs if there is an issue (and log that this occurred).
Bugfix: reduce allocations for segment attributes
Previously, every segment received an Attributes object on initialization. The agent now lazily creates attributes
on segments, resulting in a significant reduction in object allocations for a typical transaction.
Bugfix: eliminate errors around Rake::VERSION with Rails
When running a Rails application with rake tasks, customers could see the following error:
Prevent connecting agent thread from hanging on shutdown
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps newrelic_rpm from 6.13.0 to 6.13.1.
Release notes
Sourced from newrelic_rpm's releases.
Changelog
Sourced from newrelic_rpm's changelog.
Commits
296134bMerge pull request #453 from newrelic/devbc7e8d0Update CHANGELOG.md1d95a3dCHANGELOG and VERSION bumped to 6.13.1abcdebbMerge pull request #452 from newrelic/query_params_lost_for_external_requests43501edresolves Issue 451 and possibly 4507efa422Update README.mdf55303ainfinite-tracing is in sub-folderb000bf7separate run commands to set OTP then publish, take 2a4e9187separate run commands to set OTP then publish121a310install onetimepass for pythonDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)