Sourced from ddtrace's releases.

3.9.1

Bug Fixes

• LLM Observability:
  • Fix an issue where the trace ID exported from export_span was incorrect.

3.9.0

New Features

• DSM
  • Add support for context extraction for SQS -> Lambda messsage events.
• Add support for Python 3.13 on Windows.
• azure_functions
  • Add distributed tracing support for http triggers.
• Code Security (IAST)
  • Unvalidated Redirect detection for Django, Flask and FastAPI applications, which will be displayed on your DataDog Vulnerability Explorer dasard. See the Application Vulnerability Management documentation for more information about this feature.
• CI Visibility
  • This introduces report links to the pytest plugin. At the end of a test session, ddtrace shows links to the Datadog Test Optimization pages with the test results for the current commit and for the current CI job (provided that the CI environment variables with the current job and pipeline ID are available).
• AAP
  • This introduces the capability for the waf to decide of the sampling priority of the trace in case of a security event.
• litellm
  • Adds APM and LLM Observability tracing support for LiteLLM's synchronous and asynchronous completion and text_completion router methods.
• LLM Observability
  • add processor capability to process span inputs and outputs. See usage documentation [here](https://docs.datadoghq.com/llm_observability/setup/sdk/python/#span-processing).
  • Propagate the ml_app of the most recent LLM Observability span (or the global ml_app) when injecting distributed headers. In distributed services, uses the ml_app from the distributed trace headers.
  • This introduces tracing for system prompts in the OpenAI Agents SDK.
  • This introduces tracing for the content of tool call outputs passed to LLM spans for the OpenAI Agents integration.
• dynamic instrumentation
  • Add support for excluding identifiers from redaction with DD_DYNAMIC_INSTRUMENTATION_REDACTION_EXCLUDED_IDENTIFIERS

Upgrade Notes

• AAP
  • Upgrade the WAF value regex obfuscator.

Deprecation Notes

• tracing
  • Deprecates support for DD_TRACE_GLOBAL_TAGS in favor of DD_TAGS.
  • Removes support for APM Legacy App Analytics. There are still some remnants of App Analytics in the codebase, but they are not functional and output a deprecation warning.
• Deprecates starting the serverless mini agent from the tracer. Use the datadog-serverless-compat package instead.

Bug Fixes

• LLM Observability
  • This fix resolves an issue where error type was being set to the full error message for OpenAI Agents SDK errors, resulting in long error types.
  • This fix resolves an issue where LLM interactions were not being traced when a non-default base URL was provided for the Anthropic, Bedrock, LangChain, Open AI, and Azure Open AI integrations.
  • This fix resolves an issue where parsing token usage from langchain AI message types causes an attribute error.
  • Fixes an issue where using astream_events on a compiled graph would raise a KeyError.
• CI Visibility

... (truncated)

• faa79f4 fix(llmobs): make sure correct llmobs trace id is returned from export_span...
• eff5773 chore(ci): move slotscheck and conftest CI steps to riot (#13591)
• 4c7f8b2 chore(asm): make it possible to enable asm threat monitoring in AWS Lambda fo...
• 0e5abc9 chore(iast): fix fstring log message (#13601)
• 0b32ac2 Revert "chore(ci): move IAST testing to riot" (#13596)
• a68016f ci(perf): update ddtrace microbenchmarks to cover the full OpenTelemetry Trac...
• 07de3a4 chore: remove release script (#13597)
• 3b47ae7 chore(profiling): test v1 with libdd exporter (#13464)
• 327bde7 fix(llmobs): remove base URL checks for LLM Obs integrations (#13580)
• 7c82763 chore(aap): add trace tagging capability to waf interface (#13587)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)