Skip to content

Commit

Permalink
Merge pull request #2958 from newrelic/prerelease_updates_9.16.0-pre
Browse files Browse the repository at this point in the history
Prerelease 9.16.0-pre
  • Loading branch information
kaylareopelle authored Nov 19, 2024
2 parents 9981434 + fb14a03 commit a2fe273
Show file tree
Hide file tree
Showing 3 changed files with 125 additions and 42 deletions.
4 changes: 2 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# New Relic Ruby Agent Release Notes

## dev
## v9.16.0

Version <dev> introduces instrumentation for the aws-sdk-lambda gem, allows users to opt-in to adding labels to logs, updates View Component instrumentation, and fixes a bug with explain plans on Rails 7.2+.
Version 9.16.0 introduces instrumentation for the aws-sdk-lambda gem, allows users to opt-in to adding labels to logs, updates View Component instrumentation, and fixes a bug with explain plans on Rails 7.2+.

- **Feature: Instrumentation for aws-sdk-lambda**

Expand Down
2 changes: 1 addition & 1 deletion lib/new_relic/version.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
module NewRelic
module VERSION # :nodoc:
MAJOR = 9
MINOR = 15
MINOR = 16
TINY = 0

STRING = "#{MAJOR}.#{MINOR}.#{TINY}"
Expand Down
161 changes: 122 additions & 39 deletions newrelic.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ common: &default_settings
# If true, the agent captures log records emitted by your application.
# application_logging.forwarding.enabled: true

# If true, the agent attaches labels to log records.
# application_logging.forwarding.labels.enabled: false

# A case-insensitive array or comma-delimited string containing the labels to
# exclude from log records.
# application_logging.forwarding.labels.exclude: []

# Sets the minimum level a log event must have to be forwarded to New Relic.
# This is based on the integer values of Ruby's Logger::Severity constants:
# https://github.com/ruby/ruby/blob/master/lib/logger/severity.rb
Expand Down Expand Up @@ -114,50 +121,49 @@ common: &default_settings
# audit_log.path: log/newrelic_audit.log

# An array of CLASS#METHOD (for instance methods) and/or CLASS.METHOD (for class
# methods) strings representing Ruby methods for the agent to automatically
# add custom instrumentation to without the need for altering any of the
# methods) strings representing Ruby methods that the agent can automatically
# add custom instrumentation to. This doesn't require any modifications of the
# source code that defines the methods.
#
# Use fully qualified class names (using the :: delimiter) that include any
# module or class namespacing.
#
# Here is some Ruby source code that defines a render_png instance method for an
# Image class and a notify class method for a User class, both within a
# MyCompany module namespace:
#
# module MyCompany
# class Image
# def render_png
# # code to render a PNG
# end
# end
#
# class User
# def self.notify
# # code to notify users
# end
# end
# module MyCompany
# class Image
# def render_png
# # code to render a PNG
# end
# end
# class User
# def self.notify
# # code to notify users
# end
# end
# end
#
# Given that source code, the newrelic.yml config file might request
# instrumentation for both of these methods like so:
#
# automatic_custom_instrumentation_method_list:
# - MyCompany::Image#render_png
# - MyCompany::User.notify
#
# That configuration example uses YAML array syntax to specify both methods.
# Alternatively, a comma-delimited string can be used instead:
#
# automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png, MyCompany::User.notify'
#
# Alternatively, you can use a comma-delimited string:
#
# automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png,
# MyCompany::User.notify'
#
# Whitespace around the comma(s) in the list is optional. When configuring the
# agent with a list of methods via the
# NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST environment variable,
# this comma-delimited string format should be used:
#
# export NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png, MyCompany::User.notify'
#
# use this comma-delimited string format:
#
# export
# NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png,
# MyCompany::User.notify'
#
# automatic_custom_instrumentation_method_list: []

# Specify a list of constants that should prevent the agent from starting
Expand Down Expand Up @@ -315,18 +321,7 @@ common: &default_settings
# If true, disables agent middleware for Sinatra. This middleware is responsible
# for advanced feature support such as cross application tracing, page load
# timing, and error collection.
# Cross application tracing is deprecated in favor of distributed tracing.
# Distributed tracing is on by default for Ruby agent versions 8.0.0 and above.
# Middlewares are not required to support distributed tracing.
# To continue using cross application tracing, update the following options in
# your newrelic.yml configuration file:
# ``yaml
# # newrelic.yml
# cross_application_tracer:
# enabled: true
# distributed_tracing:
# enabled: false
# ``
#
# disable_sinatra_auto_middleware: false

# If true, disables view instrumentation.
Expand Down Expand Up @@ -458,6 +453,10 @@ common: &default_settings
# prepend, chain, disabled.
# instrumentation.async_http: auto

# Controls auto-instrumentation of the aws_sdk_lambda library at start-up. May
# be one of auto, prepend, chain, disabled.
# instrumentation.aws_sdk_lambda: auto

# Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be
# one of: auto, prepend, chain, disabled.
# instrumentation.aws_sqs: auto
Expand Down Expand Up @@ -950,21 +949,105 @@ common: &default_settings
# NOTE: All "security.*" configuration parameters are related only to the
# security agent, and all other configuration parameters that may
# have "security" in the name somewhere are related to the APM agent.

# If true, the security agent is loaded (a Ruby 'require' is performed)
# security.agent.enabled: false

# The port the application is listening on. This setting is mandatory for
# Passenger servers. Other servers should be detected by default.
# Passenger servers. Other servers are detected by default.
# security.application_info.port: nil

# If true, the security agent is started (the agent runs in its event loop)
# security.enabled: false

# Defines API paths the security agent should ignore in IAST scans. Accepts an
# array of regex patterns matching the URI to ignore. The regex pattern should
# provide a complete match for the URL without the endpoint. For example,
# [".*account.*"], [".*/\api\/v1\/.*?\/login"]
# security.exclude_from_iast_scan.api: []

# An array of HTTP request body keys the security agent should ignore in IAST
# scans.
# security.exclude_from_iast_scan.http_request_parameters.body: []

# An array of HTTP request headers the security agent should ignore in IAST
# scans. The array should specify a list of patterns matching the headers to
# ignore.
# security.exclude_from_iast_scan.http_request_parameters.header: []

# An array of HTTP request query parameters the security agent should ignore in
# IAST scans. The array should specify a list of patterns matching the HTTP
# request query parameters to ignore.
# security.exclude_from_iast_scan.http_request_parameters.query: []

# If true, disables system command injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.command_injection: false

# If true, disables the detection of low-severity insecure settings (e.g., hash,
# crypto, cookie, random generators, trust boundary).
# security.exclude_from_iast_scan.iast_detection_category.insecure_settings: false

# If true, disables file operation-related IAST detections (File Access &
# Application integrity violation)
# security.exclude_from_iast_scan.iast_detection_category.invalid_file_access: false

# If true, disables Javascript injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.javascript_injection: false

# If true, disables LDAP injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.ldap_injection: false

# If true, disables NOSQL injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.nosql_injection: false

# If true, disables Reflected Cross-Site Scripting (RXSS) detection in IAST
# scans.
# security.exclude_from_iast_scan.iast_detection_category.rxss: false

# If true, disables SQL injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.sql_injection: false

# If true, disables Sever-Side Request Forgery (SSRF) detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.ssrf: false

# If true, disables XPATH injection detection in IAST scans.
# security.exclude_from_iast_scan.iast_detection_category.xpath_injection: false

# Unique test identifier when runnning IAST in CI/CD environment to
# differentiate between different test runs, e.g., a build number.
# security.iast_test_identifier: nil

# Defines the mode for the security agent to operate in. Currently only IAST is
# supported
# security.mode: IAST

# Sets the maximum number of HTTP requests allowed for the IAST scan per minute.
# Any Integer between 12 and 3600 is valid. The default value is 3600.
# security.scan_controllers.iast_scan_request_rate_limit: 3600

# If true, enables the sending of HTTP responses bodies. Disabling this also
# disables Reflected Cross-Site Scripting (RXSS) vulnerability detection.
# security.scan_controllers.report_http_response_body: true

# The number of application instances for a specific entity on which IAST
# analysis is performed.
# security.scan_controllers.scan_instance_count: 0

# If true, allows IAST to continuously gather trace data in the background.
# Collected data will be used by the security agent to perform an IAST scan at
# the scheduled time.
# security.scan_schedule.always_sample_traces: false

# Specifies the delay time (in minutes) before the IAST scan begins after the
# application starts.
# security.scan_schedule.delay: 0

# Specifies the length of time (in minutes) that the IAST scan will run.
# security.scan_schedule.duration: 0

# Specifies a cron expression that sets when the IAST scan should run.
# security.scan_schedule.schedule: ""

# Defines the endpoint URL for posting security-related data
# security.validator_service_url: wss://csec.nr-data.net

Expand Down

0 comments on commit a2fe273

Please sign in to comment.