Releases: DataDog/datadog-lambda-java
v1.4.1 -- Update aws-lambda-java-log4j to log4j2:1.3.0
Per https://aws.amazon.com/security/security-bulletins/AWS-2021-005/, users of aws-lambda-java-log4j2 should update to v1.3.0. We were not able to determine whether aws-lambda-java-log4j:1.0.1 was safe or not, so it was decided that we should update to aws-lambda-java-log4j2:1.3.0 to be sure.
datadog-lambda-java:1.4.1 should behave exactly the same as 1.4.0.
https://search.maven.org/artifact/com.datadoghq/datadog-lambda-java/1.4.1/jar
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:4
v0.3.4 -- Update aws-lambda-java-log4j to log4j2:1.3.0
Per https://aws.amazon.com/security/security-bulletins/AWS-2021-005/, users of aws-lambda-java-log4j2 should update to v1.3.0. We were not able to determine whether aws-lambda-java-log4j:1.0.1 was safe or not, so it was decided that we should update to aws-lambda-java-log4j2:1.3.0 to be sure.
datadog-lambda-java:0.3.4 should behave exactly the same as 0.3.3.
barring any additional critical security fixes, this will probably be the last update to datadog-lambda-java:0.3.x. Additional updates will be in v1.4.x
https://search.maven.org/artifact/com.datadoghq/datadog-lambda-java/0.3.4/jar
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:3
1.4.0
What's Changed
- Support for the extension - Add hello and flush routes and metric support by @maxday in #61
- Bump dependencies by @maxday in #62
- Fix typo in log message by @maxday in #63
- bump dogstatsd + add a try catch by @maxday in #64
- Bump version of log4j-api and log4j-core by @agocs in #65
This adds preliminary support for the Datadog Lambda Extension (additional documentation coming soon). Also includes the change to v0.3.3 that bumps our test-only Log4j dependency.
https://search.maven.org/artifact/com.datadoghq/datadog-lambda-java/1.4.0/jar
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:4
Contributors
Assets 2
0.3.3
This bumps the versions of log4j-api and log4j-core that were imported for testing. The old versions of log4j were found to be susceptible to a remote code execution attack. See the following resources for more info:
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://www.randori.com/blog/cve-2021-44228/
- https://www.cve.org/CVERecord?id=CVE-2021-44228
datadog-lambda-java only uses log4j in testing, and the log4j dependency does not make it into the published library. Regardless, we are going to cut a new version to be safe.
barring any additional critical security fixes, this will probably be the last update to datadog-lambda-java:0.3.x. Additional updates will be in v1.4.x
https://search.maven.org/artifact/com.datadoghq/datadog-lambda-java/0.3.3/jar
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:3
0.3.2
Fix NullPointerException in Kinesis trace context
Fixes a Null Pointer Exception that was encountered when the Tracer attempted to get the Datadog trace context from a Kineses event that contains no Datadog trace context.
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:3
Minor bugfix to dd-trace-java
The same as 0.2.4, but I'm bumping the minor version to match the dd-trace-java layer version 3. The new dd-trace-java layer includes a bugfix that appends a newline to the end of PrintWriter traces. This fixes a bug where sometimes Cloudwatch will consider the next thing logged to be the same logging event as the trace coming out of the tracer.
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:3
0.2.4
Adds a KinesisHeaderable and a function for getting the trace context JSON string.
https://repo1.maven.org/maven2/com/datadoghq/datadog-lambda-java/0.2.4/
Latest corresponding dd-trace-java layer ARN:
arn:aws:lambda:<AWS_REGION>:464622532012:layer:dd-trace-java:2