When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.
The below must be true in order for these sensitive values to be leaked:
Your Sentry SDK configuration has sendDefaultPII set to True
You are using a custom name for either of the cookies below in your Django settings.
You are not configured in your organization or project settings to use our data scrubbing features to account for the custom cookie names
Patches
As of version 1.14.0, the Django integration of the sentry-sdk will detect the custom cookie names based on your Django settings and will remove the values from the payload before sending the data to Sentry.
Workarounds
If you can not update your sentry-sdk to a patched version than you can use the SDKs filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events this can be done with the before_send callback method and for performance related events (transactions) you can use the before_send_transaction callback method.
If you'd like to handle filtering of these values on the server-side, you can also use our advanced data scrubbing feature to account for the custom cookie names. Look for the $http.cookies, $http.headers, $request.cookies, or $request.headers fields to target with your scrubbing rule.
The bug in Sentry's Python SDK <2.8.0 results in the unintentional exposure of environment variables to subprocesses despite the env={} setting.
Details
In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may use env argument in subprocess calls, like in this example:
If you'd want to not pass any variables, you can set an empty dict:
>>> subprocess.check_output(["env"], env={})
b''
However, the bug in Sentry SDK <2.8.0 causes all environment variables to be passed to the subprocesses when env={} is set, unless the Sentry SDK's Stdlib integration is disabled. The Stdlib integration is enabled by default.
We strongly recommend upgrading to the latest SDK version. However, if it's not possible, and if passing environment variables to child processes poses a security risk for you, there are two options:
In your application, replace env={} with the minimal dict env={"EMPTY_ENV":"1"} or similar.
### References
* Sentry docs: [Default integrations](https://docs.sentry.io/platforms/python/integrations/default-integrations/)
* Python docs: [subprocess module](https://docs.python.org/3/library/subprocess.html)
* Patch [https://github.com/getsentry/sentry-python/pull/3251](https://redirect.github.com/getsentry/sentry-python/pull/3251)
---
### Release Notes
<details>
<summary>getsentry/sentry-python (sentry-sdk)</summary>
### [`v2.8.0`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#280)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.7.1...2.8.0)
##### Various fixes & improvements
- `profiler_id` uses underscore ([#​3249](https://redirect.github.com/getsentry/sentry-python/issues/3249)) by [@​Zylphrex](https://redirect.github.com/Zylphrex)
- Don't send full env to subprocess ([#​3251](https://redirect.github.com/getsentry/sentry-python/issues/3251)) by [@​kmichel-aiven](https://redirect.github.com/kmichel-aiven)
- Stop using `Hub` in `HttpTransport` ([#​3247](https://redirect.github.com/getsentry/sentry-python/issues/3247)) by [@​szokeasaurusrex](https://redirect.github.com/szokeasaurusrex)
- Remove `ipdb` from test requirements ([#​3237](https://redirect.github.com/getsentry/sentry-python/issues/3237)) by [@​rominf](https://redirect.github.com/rominf)
- Avoid propagation of empty baggage ([#​2968](https://redirect.github.com/getsentry/sentry-python/issues/2968)) by [@​hartungstenio](https://redirect.github.com/hartungstenio)
- Add entry point for `SentryPropagator` ([#​3086](https://redirect.github.com/getsentry/sentry-python/issues/3086)) by [@​mender](https://redirect.github.com/mender)
- Bump checkouts/data-schemas from `8c13457` to `88273a9` ([#​3225](https://redirect.github.com/getsentry/sentry-python/issues/3225)) by [@​dependabot](https://redirect.github.com/dependabot)
### [`v2.7.1`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#271)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.7.0...2.7.1)
##### Various fixes & improvements
- fix(otel): Fix missing baggage ([#​3218](https://redirect.github.com/getsentry/sentry-python/issues/3218)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- This is the config file of asdf-vm which we do not use. ([#​3215](https://redirect.github.com/getsentry/sentry-python/issues/3215)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Added option to disable middleware spans in Starlette ([#​3052](https://redirect.github.com/getsentry/sentry-python/issues/3052)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- build: Update tornado version in setup.py to match code check. ([#​3206](https://redirect.github.com/getsentry/sentry-python/issues/3206)) by [@​aclemons](https://redirect.github.com/aclemons)
### [`v2.7.0`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#270)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.6.0...2.7.0)
- Add `origin` to spans and transactions ([#​3133](https://redirect.github.com/getsentry/sentry-python/issues/3133)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- OTel: Set up typing for OTel ([#​3168](https://redirect.github.com/getsentry/sentry-python/issues/3168)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- OTel: Auto instrumentation skeleton ([#​3143](https://redirect.github.com/getsentry/sentry-python/issues/3143)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- OpenAI: If there is an internal error, still return a value ([#​3192](https://redirect.github.com/getsentry/sentry-python/issues/3192)) by [@​colin-sentry](https://redirect.github.com/colin-sentry)
- MongoDB: Add MongoDB collection span tag ([#​3182](https://redirect.github.com/getsentry/sentry-python/issues/3182)) by [@​0Calories](https://redirect.github.com/0Calories)
- MongoDB: Change span operation from `db.query` to `db` ([#​3186](https://redirect.github.com/getsentry/sentry-python/issues/3186)) by [@​0Calories](https://redirect.github.com/0Calories)
- MongoDB: Remove redundant command name in query description ([#​3189](https://redirect.github.com/getsentry/sentry-python/issues/3189)) by [@​0Calories](https://redirect.github.com/0Calories)
- Apache Spark: Fix spark driver integration ([#​3162](https://redirect.github.com/getsentry/sentry-python/issues/3162)) by [@​seyoon-lim](https://redirect.github.com/seyoon-lim)
- Apache Spark: Add Spark test suite to tox.ini and to CI ([#​3199](https://redirect.github.com/getsentry/sentry-python/issues/3199)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- Codecov: Add failed test commits in PRs ([#​3190](https://redirect.github.com/getsentry/sentry-python/issues/3190)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Update library, Python versions in tests ([#​3202](https://redirect.github.com/getsentry/sentry-python/issues/3202)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- Remove Hub from our test suite ([#​3197](https://redirect.github.com/getsentry/sentry-python/issues/3197)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Use env vars for default CA cert bundle location ([#​3160](https://redirect.github.com/getsentry/sentry-python/issues/3160)) by [@​DragoonAethis](https://redirect.github.com/DragoonAethis)
- Create a separate test group for AI ([#​3198](https://redirect.github.com/getsentry/sentry-python/issues/3198)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- Add additional stub packages for type checking ([#​3122](https://redirect.github.com/getsentry/sentry-python/issues/3122)) by [@​Daverball](https://redirect.github.com/Daverball)
- Proper naming of requirements files ([#​3191](https://redirect.github.com/getsentry/sentry-python/issues/3191)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Pinning pip because new version does not work with some versions of Celery and Httpx ([#​3195](https://redirect.github.com/getsentry/sentry-python/issues/3195)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- build(deps): bump supercharge/redis-github-action from 1.7.0 to 1.8.0 ([#​3193](https://redirect.github.com/getsentry/sentry-python/issues/3193)) by [@​dependabot](https://redirect.github.com/dependabot)
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 ([#​3171](https://redirect.github.com/getsentry/sentry-python/issues/3171)) by [@​dependabot](https://redirect.github.com/dependabot)
- build(deps): update pytest-asyncio requirement ([#​3087](https://redirect.github.com/getsentry/sentry-python/issues/3087)) by [@​dependabot](https://redirect.github.com/dependabot)
### [`v2.6.0`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#260)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.5.1...2.6.0)
- Introduce continuous profiling mode ([#​2830](https://redirect.github.com/getsentry/sentry-python/issues/2830)) by [@​Zylphrex](https://redirect.github.com/Zylphrex)
- Profiling: Add deprecation comment for profiler internals ([#​3167](https://redirect.github.com/getsentry/sentry-python/issues/3167)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- Profiling: Move thread data to trace context ([#​3157](https://redirect.github.com/getsentry/sentry-python/issues/3157)) by [@​Zylphrex](https://redirect.github.com/Zylphrex)
- Explicitly export cron symbols for typecheckers ([#​3072](https://redirect.github.com/getsentry/sentry-python/issues/3072)) by [@​spladug](https://redirect.github.com/spladug)
- Cleaning up ASGI tests for Django ([#​3180](https://redirect.github.com/getsentry/sentry-python/issues/3180)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Celery: Add Celery receive latency ([#​3174](https://redirect.github.com/getsentry/sentry-python/issues/3174)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Metrics: Update type hints for tag values ([#​3156](https://redirect.github.com/getsentry/sentry-python/issues/3156)) by [@​elramen](https://redirect.github.com/elramen)
- Django: Fix psycopg3 reconnect error ([#​3111](https://redirect.github.com/getsentry/sentry-python/issues/3111)) by [@​szokeasaurusrex](https://redirect.github.com/szokeasaurusrex)
- Tracing: Keep original function signature when decorated ([#​3178](https://redirect.github.com/getsentry/sentry-python/issues/3178)) by [@​sentrivana](https://redirect.github.com/sentrivana)
- Reapply "Refactor the Celery Beat integration ([#​3105](https://redirect.github.com/getsentry/sentry-python/issues/3105))" ([#​3144](https://redirect.github.com/getsentry/sentry-python/issues/3144)) ([#​3175](https://redirect.github.com/getsentry/sentry-python/issues/3175)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- Added contributor image to readme ([#​3183](https://redirect.github.com/getsentry/sentry-python/issues/3183)) by [@​antonpirker](https://redirect.github.com/antonpirker)
- bump actions/checkout from 4.1.4 to 4.1.6 ([#​3147](https://redirect.github.com/getsentry/sentry-python/issues/3147)) by [@​dependabot](https://redirect.github.com/dependabot)
- bump checkouts/data-schemas from `59f9683` to `8c13457` ([#​3146](https://redirect.github.com/getsentry/sentry-python/issues/3146)) by [@​dependabot](https://redirect.github.com/dependabot)
### [`v2.5.1`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#251)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.5.0...2.5.1)
This change fixes a regression in our cron monitoring feature, which caused cron checkins not to be sent. The regression appears to have been introduced in version 2.4.0.
**We recommend that all users, who use Cron monitoring and are currently running sentry-python ā„2.4.0, upgrade to this release as soon as possible!**
##### Other fixes & improvements
- feat(tracing): Warn if not-started transaction entered ([#​3003](https://redirect.github.com/getsentry/sentry-python/issues/3003)) by [@​szokeasaurusrex](https://redirect.github.com/szokeasaurusrex)
- test(scope): Ensure `last_event_id` cleared ([#​3124](https://redirect.github.com/getsentry/sentry-python/issues/3124)) by [@​szokeasaurusrex](https://redirect.github.com/szokeasaurusrex)
- fix(scope): Clear last_event_id on scope clear ([#​3124](https://redirect.github.com/getsentry/sentry-python/issues/3124)) by [@​szokeasaurusrex](https://redirect.github.com/szokeasaurusrex)
### [`v2.5.0`](https://redirect.github.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#250)
[Compare Source](https://redirect.github.com/getsentry/sentry-python/compare/2.4.0...2.5.0)
##### Various fixes & improvements
- Allow to configure status codes to report to Sentry in Starlette and FastAPI ([#​3008](https://redirect.github.com/getsentry/sentry-python/issues/3008)) by [@​sentrivana](https://redirect.github.com/sentrivana)
By passing a new option to the FastAPI and Starlette integrations, you're now able to configure what
status codes should be sent as events to Sentry. Here's how it works:
```python
from sentry_sdk.integrations.starlette import StarletteIntegration
from sentry_sdk.integrations.fastapi import FastApiIntegration
sentry_sdk.init(
`failed_request_status_codes` expects a list of integers or containers (objects that allow membership checks via `in`)
of integers. Examples of valid `failed_request_status_codes`:
- `[500]` will only send events on HTTP 500.
- `[400, range(500, 599)]` will send events on HTTP 400 as well as the 500-599 range.
- `[500, 503]` will send events on HTTP 500 and 503.
The default is `[range(500, 599)]`.
See the [FastAPI](https://docs.sentry.io/platforms/python/integrations/fastapi/) and [Starlette](https://docs.sentry.io/platforms/python/integrations/starlette/) integration docs for more details.
- Support multiple keys with `cache_prefixes` (#​3136) by @​sentrivana
- Support integer Redis keys (#​3132) by @​sentrivana
- Update SDK version in CONTRIBUTING.md (#​3129) by @​sentrivana
- Bump actions/checkout from 4.1.4 to 4.1.5 (#​3067) by @​dependabot
We dropped support for some ancient languages and frameworks (Yes, Python 2.7 is no longer supported). Additionally we refactored a big part of the foundation of the SDK (how data inside the SDK is handled).
Additional integrations will now be activated automatically if the SDK detects the respective package is installed: Ariadne, ARQ, asyncpg, Chalice, clickhouse-driver, GQL, Graphene, huey, Loguru, PyMongo, Quart, Starlite, Strawberry.
Added new API for custom instrumentation: new_scope, isolation_scope. See the Deprecated section to see how they map to the existing APIs.
Changed
(These changes are all backwards-incompatible. Breaking Change (if you are just skimming for that phrase))
The Pyramid integration will not capture errors that might happen in authenticated_userid() in a custom AuthenticationPolicy class.
The method need_code_loation of the MetricsAggregator was renamed to need_code_location.
The BackgroundWorker thread used to process events was renamed from raven-sentry.BackgroundWorker to sentry-sdk.BackgroundWorker.
The reraise function was moved from sentry_sdk._compat to sentry_sdk.utils.
The _ScopeManager was moved from sentry_sdk.hub to sentry_sdk.scope.
Moved the contents of tracing_utils_py3.py to tracing_utils.py. The start_child_span_decorator is now in sentry_sdk.tracing_utils.
The actual implementation of get_current_span was moved to sentry_sdk.tracing_utils. sentry_sdk.get_current_span is still accessible as part of the top-level API.
sentry_sdk.tracing_utils.add_query_source(): Removed the hub parameter. It is not necessary anymore.
sentry_sdk.tracing_utils.record_sql_queries(): Removed the hub parameter. It is not necessary anymore.
sentry_sdk.tracing_utils.get_current_span() does now take a scope instead of a hub as parameter.
sentry_sdk.tracing_utils.should_propagate_trace() now takes a Client instead of a Hub as first parameter.
sentry_sdk.utils.is_sentry_url() now takes a Client instead of a Hub as first parameter.
sentry_sdk.utils._get_contextvars does not return a tuple with three values, but a tuple with two values. The copy_context was removed.
If you create a transaction manually and later mutate the transaction in a configure_scope block this does not work anymore. Here is a recipe on how to change your code to make it work:
Your existing implementation:
transaction = sentry_sdk.transaction(...)
later in the code execution:
with sentry_sdk.configure_scope() as scope:
scope.set_transaction_name("new-transaction-name")
```
needs to be changed to this:
```python
transaction = sentry_sdk.transaction(...)
The classes listed in the table below are now abstract base classes. Therefore, they can no longer be instantiated. Subclasses can only be instantiated if they implement all of the abstract methods.
Show table
| Class | Abstract methods |
| ------------------------------------- | -------------------------------------- |
| `sentry_sdk.integrations.Integration` | `setup_once` |
| `sentry_sdk.metrics.Metric` | `add`, `serialize_value`, and `weight` |
| `sentry_sdk.profiler.Scheduler` | `setup` and `teardown` |
| `sentry_sdk.transport.Transport` | `capture_envelope` |
Removed
(These changes are all backwards-incompatible. Breaking Change (if you are just skimming for that phrase))
Removed support for Python 2 and Python 3.5. The SDK now requires at least Python 3.6.
Removed support for Celery 3.*.
Removed support for Django 1.8, 1.9, 1.10.
Removed support for Flask 0.*.
Removed support for gRPC < 1.39.
Removed support for Tornado < 6.
Removed last_event_id() top level API. The last event ID is still returned by capture_event(), capture_exception() and capture_message() but the top level API sentry_sdk.last_event_id() has been removed.
Removed support for sending events to the /store endpoint. Everything is now sent to the /envelope endpoint. If you're on SaaS you don't have to worry about this, but if you're running Sentry yourself you'll need version 20.6.0 or higher of self-hosted Sentry.
Removed support for user.segment. It was also removed from the trace header as well as from the dynamic sampling context.
Removed support for the install method for custom integrations. Please use setup_once instead.
Removed sentry_sdk.tracing.Span.new_span. Use sentry_sdk.tracing.Span.start_child instead.
Removed sentry_sdk.tracing.Transaction.new_span. Use sentry_sdk.tracing.Transaction.start_child instead.
Removed support for creating transactions via sentry_sdk.tracing.Span(transaction=...). To create a transaction, please use sentry_sdk.tracing.Transaction(name=...).
Removed sentry_sdk.utils.Auth.store_api_url.
sentry_sdk.utils.Auth.get_api_url's now accepts a sentry_sdk.consts.EndpointType enum instead of a string as its only parameter. We recommend omitting this argument when calling the function, since the parameter's default value is the only possible sentry_sdk.consts.EndpointType value. The parameter exists for future compatibility.
Removed tracing_utils_py2.py. The start_child_span_decorator is now in sentry_sdk.tracing_utils.
Removed the sentry_sdk.profiler.Scheduler.stop_profiling method. Any calls to this method can simply be removed, since this was a no-op method.
This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.
If you're experiencing frequent network issues between the SDK and Sentry,
you can try turning on TCP keep-alive:
import sentry_sdk
sentry_sdk.init(
...your usual settings...
keep_alive=True,
)
- Add support for Celery Redbeat cron tasks (#​2643) by @​kwigley
The SDK now supports the Redbeat scheduler in addition to the default
Celery Beat scheduler for auto instrumenting crons. See
[the docs](https://docs.sentry.io/platforms/python/integrations/celery/crons/)
for more information about how to set this up.
- `aws_event` can be an empty list (#​2849) by @​sentrivana
- Re-export `Event` in `types.py` (#​2829) by @​szokeasaurusrex
- Small API docs improvement (#​2828) by @​antonpirker
- Fixed OpenAI tests (#​2834) by @​antonpirker
- Bump `checkouts/data-schemas` from `ed078ed` to `8232f17` (#​2832) by @​dependabot
We added an integration for OpenAI to capture errors and also performance data when using the OpenAI Python SDK.
Useage:
This integrations is auto-enabling, so if you have the openai package in your project it will be enabled. Just initialize Sentry before you create your OpenAI client.
By default, the EventScrubber will not search your events for potential
PII recursively. With this release, you can enable this behavior with:
import sentry_sdk
from sentry_sdk.scrubber import EventScrubber
sentry_sdk.init(
...your usual settings...
event_scrubber=EventScrubber(recursive=True),
)
- Expose `socket_options` (#​2786) by @​sentrivana
If the SDK is experiencing connection issues (connection resets, server
closing connection without response, etc.) while sending events to Sentry,
tweaking the default `urllib3` socket options to the following can help:
```python
import socket
from urllib3.connection import HTTPConnection
import sentry_sdk
sentry_sdk.init(
### ...your usual settings...
socket_options=HTTPConnection.default_socket_options + [
(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),
### note: skip the following line if you're on MacOS since TCP_KEEPIDLE doesn't exist there
(socket.SOL_TCP, socket.TCP_KEEPIDLE, 45),
(socket.SOL_TCP, socket.TCP_KEEPINTVL, 10),
(socket.SOL_TCP, socket.TCP_KEEPCNT, 6),
],
)
Warn if uWSGI is set up without proper thread support (#2738) by @sentrivana
uWSGI has to be run in threaded mode for the SDK to run properly. If this is
not the case, the consequences could range from features not working unexpectedly
to uWSGI workers crashing.
Please make sure to run uWSGI with both --enable-threads and --py-call-uwsgi-fork-hooks.
This PR contains the following updates:
^0.20.0
->^2.0.0
GitHub Vulnerability Alerts
CVE-2023-28117
Impact
When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.
The below must be true in order for these sensitive values to be leaked:
sendDefaultPII
set toTrue
SESSION_COOKIE_NAME
orCSRF_COOKIE_NAME
Django settingsPatches
As of version
1.14.0
, the Django integration of thesentry-sdk
will detect the custom cookie names based on your Django settings and will remove the values from the payload before sending the data to Sentry.Workarounds
If you can not update your
sentry-sdk
to a patched version than you can use the SDKs filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events this can be done with the before_send callback method and for performance related events (transactions) you can use the before_send_transaction callback method.If you'd like to handle filtering of these values on the server-side, you can also use our advanced data scrubbing feature to account for the custom cookie names. Look for the
$http.cookies
,$http.headers
,$request.cookies
, or$request.headers
fields to target with your scrubbing rule.References
Credits
CVE-2024-40647
Impact
The bug in Sentry's Python SDK <2.8.0 results in the unintentional exposure of environment variables to subprocesses despite the
env={}
setting.Details
In Python's
subprocess
calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may useenv
argument insubprocess
calls, like in this example:If you'd want to not pass any variables, you can set an empty dict:
However, the bug in Sentry SDK <2.8.0 causes all environment variables to be passed to the subprocesses when
env={}
is set, unless the Sentry SDK's Stdlib integration is disabled. The Stdlib integration is enabled by default.Patches
The issue has been patched in https://github.com/getsentry/sentry-python/pull/3251 and the fix released in sentry-sdk==2.8.0. The fix was also backported to sentry-sdk==1.45.1.
Workarounds
We strongly recommend upgrading to the latest SDK version. However, if it's not possible, and if passing environment variables to child processes poses a security risk for you, there are two options:
env={}
with the minimal dictenv={"EMPTY_ENV":"1"}
or similar.OR
Should go before sentry_sdk.init
sentry_sdk.integrations._DEFAULT_INTEGRATIONS.remove("sentry_sdk.integrations.stdlib.StdlibIntegration")
sentry_sdk.init(...)
...
)
v2.4.0
Compare Source
Various fixes & improvements
cache.key
span data field a list (#3110) by @antonpirkerlast_event_id
from migration guide (#3126) by @szokeasaurusrex_last_event_id
inScope.__copy__
(#3123) by @szokeasaurusrex4381a97
to59f9683
(#3066) by @dependabotv2.3.1
Compare Source
Various fixes & improvements
v2.3.0
Compare Source
Various fixes & improvements
cohere
testsuite for new release ofcohere
(#3098) by @antonpirker_sentry_span
might be missing (#3096) by @sentrivanav2.2.1
Compare Source
Various fixes & improvements
v2.2.0
Compare Source
New features
last_event_id
function, which had been removed in 2.0.0Other fixes & improvements
get_client
typing (#3063) by @szokeasaurusrexMeasurementValue.unit
NotRequired (#3051) by @antonpirkerv2.1.1
Compare Source
v2.1.0
Compare Source
fix(quart): Fix Quart integration (#3043) by @szokeasaurusrex
New integration: Langchain (#2911) by @colin-sentry
Usage: (Langchain is auto enabling, so you do not need to do anything special)
Check out the LangChain docs for details.
New integration: Anthropic (#2831) by @czyber
Usage: (add the AnthropicIntegration to your
sentry_sdk.init()
call)Check out the Anthropic docs for details.
New integration: Huggingface Hub (#3033) by @colin-sentry
Usage: (Huggingface Hub is auto enabling, so you do not need to do anything special)
Check out the Huggingface docs for details. (comming soon!)
fix(huggingface): Reduce API cross-section for huggingface in test (#3042) by @colin-sentry
fix(django): Fix Django ASGI integration on Python 3.12 (#3027) by @bellini666
feat(perf): Add ability to put measurements directly on spans. (#2967) by @colin-sentry
fix(tests): Fix trytond tests (#3031) by @sentrivana
fix(tests): Update
pytest-asyncio
to fix CI (#3030) by @sentrivanafix(docs): Link to respective migration guides directly (#3020) by @sentrivana
docs(scope): Add docstring to
Scope.set_tags
(#2978) by @szokeasaurusrextest(scope): Fix typos in assert error message (#2978) by @szokeasaurusrex
feat(scope): New
set_tags
function (#2978) by @szokeasaurusrextest(scope): Add unit test for
Scope.set_tags
(#2978) by @szokeasaurusrexfeat(scope): Add
set_tags
to top-level API (#2978) by @szokeasaurusrextest(scope): Add unit test for top-level API
set_tags
(#2978) by @szokeasaurusrexfeat(tests): Parallelize tox (#3025) by @sentrivana
build(deps): Bump checkouts/data-schemas from
4aa14a7
to4381a97
(#3028) by @dependabotmeta(license): Bump copyright year (#3029) by @szokeasaurusrex
v2.0.1
Compare Source
Various fixes & improvements
pid
for test database name in Django tests (#2998) by @antonpirker1e17eb5
to4aa14a7
(#2997) by @dependabotv2.0.0
Compare Source
This is the first major update in a long time!
We dropped support for some ancient languages and frameworks (Yes, Python 2.7 is no longer supported). Additionally we refactored a big part of the foundation of the SDK (how data inside the SDK is handled).
We hope you like it!
For a shorter version of what you need to do, to upgrade to Sentry SDK 2.0 see: https://docs.sentry.io/platforms/python/migration/1.x-to-2.x
New Features
new_scope
,isolation_scope
. See the Deprecated section to see how they map to the existing APIs.Changed
(These changes are all backwards-incompatible. Breaking Change (if you are just skimming for that phrase))
authenticated_userid()
in a customAuthenticationPolicy
class.need_code_loation
of theMetricsAggregator
was renamed toneed_code_location
.BackgroundWorker
thread used to process events was renamed fromraven-sentry.BackgroundWorker
tosentry-sdk.BackgroundWorker
.reraise
function was moved fromsentry_sdk._compat
tosentry_sdk.utils
._ScopeManager
was moved fromsentry_sdk.hub
tosentry_sdk.scope
.tracing_utils_py3.py
totracing_utils.py
. Thestart_child_span_decorator
is now insentry_sdk.tracing_utils
.get_current_span
was moved tosentry_sdk.tracing_utils
.sentry_sdk.get_current_span
is still accessible as part of the top-level API.sentry_sdk.tracing_utils.add_query_source()
: Removed thehub
parameter. It is not necessary anymore.sentry_sdk.tracing_utils.record_sql_queries()
: Removed thehub
parameter. It is not necessary anymore.sentry_sdk.tracing_utils.get_current_span()
does now take ascope
instead of ahub
as parameter.sentry_sdk.tracing_utils.should_propagate_trace()
now takes aClient
instead of aHub
as first parameter.sentry_sdk.utils.is_sentry_url()
now takes aClient
instead of aHub
as first parameter.sentry_sdk.utils._get_contextvars
does not return a tuple with three values, but a tuple with two values. Thecopy_context
was removed.configure_scope
block this does not work anymore. Here is a recipe on how to change your code to make it work: Your existing implementation:later in the code execution:
later in the code execution:
The classes listed in the table below are now abstract base classes. Therefore, they can no longer be instantiated. Subclasses can only be instantiated if they implement all of the abstract methods.
Show table
| Class | Abstract methods | | ------------------------------------- | -------------------------------------- | | `sentry_sdk.integrations.Integration` | `setup_once` | | `sentry_sdk.metrics.Metric` | `add`, `serialize_value`, and `weight` | | `sentry_sdk.profiler.Scheduler` | `setup` and `teardown` | | `sentry_sdk.transport.Transport` | `capture_envelope` |Removed
(These changes are all backwards-incompatible. Breaking Change (if you are just skimming for that phrase))
last_event_id()
top level API. The last event ID is still returned bycapture_event()
,capture_exception()
andcapture_message()
but the top level APIsentry_sdk.last_event_id()
has been removed./store
endpoint. Everything is now sent to the/envelope
endpoint. If you're on SaaS you don't have to worry about this, but if you're running Sentry yourself you'll need version20.6.0
or higher of self-hosted Sentry.with_locals
configuration option was removed. Useinclude_local_variables
instead. See https://docs.sentry.io/platforms/python/configuration/options/#include-local-variables.request_bodies
configuration option was removed. Usemax_request_body_size
. See https://docs.sentry.io/platforms/python/configuration/options/#max-request-body-size.user.segment
. It was also removed from the trace header as well as from the dynamic sampling context.install
method for custom integrations. Please usesetup_once
instead.sentry_sdk.tracing.Span.new_span
. Usesentry_sdk.tracing.Span.start_child
instead.sentry_sdk.tracing.Transaction.new_span
. Usesentry_sdk.tracing.Transaction.start_child
instead.sentry_sdk.tracing.Span(transaction=...)
. To create a transaction, please usesentry_sdk.tracing.Transaction(name=...)
.sentry_sdk.utils.Auth.store_api_url
.sentry_sdk.utils.Auth.get_api_url
's now accepts asentry_sdk.consts.EndpointType
enum instead of a string as its only parameter. We recommend omitting this argument when calling the function, since the parameter's default value is the only possiblesentry_sdk.consts.EndpointType
value. The parameter exists for future compatibility.tracing_utils_py2.py
. Thestart_child_span_decorator
is now insentry_sdk.tracing_utils
.sentry_sdk.profiler.Scheduler.stop_profiling
method. Any calls to this method can simply be removed, since this was a no-op method.Deprecated
Using the
Hub
directly as well as using hub-based APIs has been deprecated. Where available, use the top-level API instead; otherwise use the scope API or the client API.Before:
do something
Hub cloning is deprecated.
Before:
do something with the cloned hub
configure_scope
is deprecated. Use the new isolation scope directly viaget_isolation_scope()
instead.Before:
do something with
scope
v1.45.1
Compare Source
This is a security backport release.
Don't send full env to subprocess (
892dd80
) by @kmichel-aivenSee also https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2
v1.45.0
Compare Source
This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.
Various fixes & improvements
Allow to upsert monitors (#2929) by @sentrivana
It's now possible to provide
monitor_config
to themonitor
decorator/context manager directly:v1.44.1
Compare Source
Various fixes & improvements
Make
monitor
async friendly (#2912) by @sentrivanaYou can now decorate your async functions with the
monitor
decorator and they will correctly report their duration and completion status.Fixed
Event | None
runtimeTypeError
(#2928) by @szokeasaurusrexv1.44.0
Compare Source
Various fixes & improvements
v1.43.0
Compare Source
Various fixes & improvements
Add optional
keep_alive
(#2842) by @sentrivanaIf you're experiencing frequent network issues between the SDK and Sentry, you can try turning on TCP keep-alive:
...your usual settings...
)
v1.42.0
Compare Source
Various fixes & improvements
New integration: OpenAI integration (#2791) by @colin-sentry
We added an integration for OpenAI to capture errors and also performance data when using the OpenAI Python SDK.
Useage:
This integrations is auto-enabling, so if you have the
openai
package in your project it will be enabled. Just initialize Sentry before you create your OpenAI client.For more information, see the documentation for OpenAI integration.
Discard open OpenTelemetry spans after 10 minutes (#2801) by @antonpirker
Propagate sentry-trace and baggage headers to Huey tasks (#2792) by @cnschn
Added Event type (#2753) by @szokeasaurusrex
Improve scrub_dict typing (#2768) by @szokeasaurusrex
Dependencies: bump types-protobuf from 4.24.0.20240302 to 4.24.0.20240311 (#2797) by @dependabot
v1.41.0
Compare Source
Various fixes & improvements
Add recursive scrubbing to
EventScrubber
(#2755) by @Cheapshot003By default, the
EventScrubber
will not search your events for potential PII recursively. With this release, you can enable this behavior with:...your usual settings...
)
scrub_list
(#2769) by @szokeasaurusrextypes-protobuf
from 4.24.0.20240129 to 4.24.0.20240302 (#2782) by @dependabotcheckouts/data-schemas
fromeb941c2
toed078ed
(#2781) by @dependabotv1.40.6
Compare Source
Various fixes & improvements
greenlet
/gevent
(#2756) by @sentrivanaclickhouse-driver==0.2.7
(#2752) by @sentrivanacheckouts/data-schemas
from6121fd3
toeb941c2
(#2747) by @dependabotv1.40.5
Compare Source
Various fixes & improvements
Deprecate
last_event_id()
. (#2749) by @antonpirkerWarn if uWSGI is set up without proper thread support (#2738) by @sentrivana
uWSGI has to be run in threaded mode for the SDK to run properly. If this is not the case, the consequences could range from features not working unexpectedly to uWSGI workers crashing.
Please make sure to run uWSGI with both
--enable-threads
and--py-call-uwsgi-fork-hooks
.parsed_url
can beNone
(#2734) by @sentrivanaPython 3.7 is not supported anymore by Lambda, so removed it and added 3.12 (#2729) by @antonpirker
v1.40.4
Compare Source
Various fixes & improvements
aa7058c
to6121fd3
(#2724) by @dependabotv1.40.3
Compare Source
Various fixes & improvements
v1.40.2
Compare Source
Various fixes & improvements
pytest
error (#2712) by @szokeasaurusrexv1.40.1
Compare Source
Various fixes & improvements
gevent
(#2694) by @sentrivanaengine.url
beingNone
(#2708) by @sentrivanasentry_sdk.utils._generate_installed_modules
(#2703) by @GlenWalkercodecov/codecov-action
from 3 to 4 (#2706) by @dependabotactions/cache
from 3 to 4 (#2661) by @dependabotactions/checkout
from 3.1.0 to 4.1.1 (#2561) by @dependabotgithub/codeql-action
from 2 to 3 (#2603) by @dependabotactions/setup-python
from 4 to 5 (#2577) by @dependabotv1.40.0
Compare Source
Various fixes & improvements
UnicodeDecodeError
on Python 2 ([#2657](https://redirect.github.com/gConfiguration
š Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).
š¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
ā» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.