The New Relic Java agent
Add HTTP/2 support for Netty 4.1.16.Final + 1815
Support external calls inside Spring Reactor call chains 1828
Support for Apache Pekko (i.e. the pekko-actor library). Support for Pekko HTTP coming soon. [1811] 1811
Add configuration to allow the OTel SDK integration to be completely disabled 1821
Configuration via yaml:
opentelemetry:
sdk:
autoconfigure:
enabled: false
Configuration via system property:
-Dnewrelic.config.opentelemetry.sdk.autoconfigure.enabled=false
Treat OpenTelemetry @WithSpan annotation as @Trace in the Java Agent API 1841
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.10.0...v8.11.0
:warning: NOTICE: This agent version introduced a bug that can cause a deadlock if your application uses HttpUrlConnection
(or any libraries that use it under the hood). This issue will be resolved in the 8.11.0 agent. Alternatively, downgrading to agent version 8.9.1 or disabling the HttpUrlConnection
instrumentation would resolve the issue (i.e. -Dnewrelic.config.class_transformer.com.newrelic.instrumentation.httpurlconnection.enabled=false
). Note that disabling this instrumentation will result in external calls made by the client no longer getting recorded and thus the recommended approach would be to use one of the recommended agent versions.
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.9.1...v8.10.0
HttpHost
instance for null prior to dereferencing it when certain execute() methods are called 1722
instanceof
check in the complete()
method prior to class cast 1719
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.9.0...v8.9.1
grpc-1.40.0
client instrumentation 1673
newrelic.config.custom_insights_events.max_attribute_value
). Default size is 255
characters and the max is 4095
. 1683
newrelic.config.class_transformer.enhanced_spring_transaction_naming
agent configuration option, which is false
by default. Thanks to @mgr32 for their help with validating the naming changes. 1675
SlowTransactionManager
1684
ProcessPointCut
over to a weaver instrumentation module to better handle cases where it is used in a multi-threaded environment. 1685
newrelic.config.labels
). Customers relying on lower-case, dotted environment variables should switch to the standard upper-case, underscore names (e.g. NEW_RELIC_CONFIG_LABELS
). There are no changes to documented system property behavior (via newrelic.config.
, server-side config, YAML, or standard environment variable (via NEW_RELIC_
). 1598
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
1.1.0
1710
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.8.0...v8.9.0
NullPointerException
when working with Synthetics headers 1690
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.8.0...8.8.1
Add support for Jetty 12, including Jetty’s implementation of the Jakarta EE 8, 9, and 10 specs. 1621
Add support for Vert.x versions 4.0.0 through 4.4.x 1588
Add instrumentation for graphql-java 21 1454
Instrument r2dbc-postgresql 0.9.2 till latest 1413
Reintroduce the legacy HTTP Attributes that were removed in v8.0.0 to support customers with alerts and dashboards that require them 1671 The attributes are:
httpResponseCode
httpResponseMessage
response.status
response.statusMessage
Attribute reporting is configurable via the following means.
YAML:
attributes:
http_attribute_mode: both
System property:
-Dnewrelic.config.attributes.http_attribute_mode=both
Environment variable:
NEW_RELIC_ATTRIBUTES_HTTP_ATTRIBUTE=both
The configuration options are:
standard
: The agent will send new standard attributes. This configuration is recommended but requires that any alerts or dashboards using attributes be updated to use these new attributes. This setting will reduce the amount of ingest used for attribute reporting.legacy
: The agent will send the legacy attributes referenced above. Customers with alerts or dashboard requiring these attributes can continue to be used as-is. This setting will reduce the amount of ingest used for attribute reporting.both
: This is the default configuration, the agent will send BOTH legacy AND standard HTTP attributes. This configuration was intended to support customers that are unable to modify their alerts or dashboards but this configuration will increase data ingest.Add an interface for our error API. Our error API can now be called via the code NewRelic.getAgent().getErrorApi()
1577
Add log4j2 JsonLayout support and support log4j2 till latest. 1545
Add httpstatus in the external segment for Spring Webclient 1610
Enable slow transaction detection by default and bump the threshold to 10 minutes 1629
Add support for string formatting with JBoss Logging. 1650
Add logic to remove specific classes from being excluded from being weaved if the IAST security feature is enabled. 1453
The affected classes belong in the following formats:
^java/security/.*
^javax/crypto/.*
These are crypto classes which can cause class circularity errors if they get too far along in the class transformer.^net/sf/saxon.*
If you wish to re-include these excluded rules, you can do so via the following means.
YAML:
class_transformer:
excludes: ^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*
System property:
-Dnewrelic.config.class_transformer.excludes=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*
Environment variable:
NEW_RELIC_CLASS_TRANSFORMER_EXCLUDES=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*
Prevent license_key value from being written to the agent logs when using debug and/or audit_mode logging 1653
Fix transaction naming in Spring controllers with a CGLIB proxy. Transactions now use the actual class name as opposed to the proxied class name. 1574
Fix a NullPointerException
caused by ServletContext in servlet instrumentation modules. 1636
Fix a memory leak caused by Lettuce instrumentation. Duplicate code for transaction linking has been removed from the Lettuce instrumentation and is handled by netty-reactor instead. 1608
Fix a bug where invalidating a license key causes a memory leak. Reconnection tasks are now capped in the event of a LicenseException
. 1606
Fix a NullPointerException
caused by RPMServiceManager 1604
Add a workaround for a memory leak that may occur in rare scenarios with instrumentation using the legacy async API in the Java Agent (which async servlets and Jetty Continuations use). 1555
The option can be configured via the following means:
Agent config file (this will update dynamically if the config file is changed)
common: &default_settings
legacy_async_api_skip_suspend: true
System Property
-Dnewrelic.config.legacy_async_api_skip_suspend=true
Environment Variable
NEW_RELIC_LEGACY_ASYNC_API_SKIP_SUSPEND=true
DynamoDB v2 issue: missing attribute values for conditionCheck method in case of transactWriteItems operation on DynamoDB 142
Fixed an Insecure cookie attack vulnerability. 142
Never print LicenseKey 142
The following instrumentation modules are deprecated and will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.7.0...v8.8.0
Adds support for Java 21 1546
Add experimental config option to run the agent with unsupported java versions 1480
Add intrinsic attribute thread.id to spans to allow for faceting queries by thread ID 1513
Include stack traces in client spans 1507
Adds support for getting the containerId from a docker container with Linux cgroup v2. 1529
Add database and external span attributes to correlate to metric data in accordance with Open Telemetry specs. Certain old attributes are removed. 1525
db.system
db.operation
db.collection
server.address
server.port
component
peer.hostname
Add slow transaction detection which can be configured. It is disabled by default. 1542 E.g:
slow_transactions:
enabled: true
threshold: 1000 # The threshold is measured in milliseconds
Add instrumentation for r2dbc postgresql 0.9.2 to 0.9.x 1410
Security Agent: Add new configuration to enable/disable low priority instrumentation security.low-priority-instrumentation.enabled
for the CSEC agent. Default value is false. 1515
Security Agent: Cassandra DB v3.0+ Support: The Security agent now supports Cassandra DB version 3.0 and above 122
Security Agent: HttpClient v5.0+ Support: The Security agent now also supports HttpClient version 5.0 and above 122
Security Agent: Support for std-out logging 122
Security Agent: Added feature for Daily log rollover 122
Security Agent: Support for logger config: log_file_count and log_limit_in_kbytes 122
Security Agent: Relocating all our instrumentation packages under the package com.newrelic.agent.security.instrumentation.*
122
Fixed a bug where a ClassCircularityError was thrown by Sonarqube9.9 1522
Fix a bug where the Java agent fails to detect spring-security-oauth2-client.jar
1462
Fix a bug where Spring 6/ Spring Boot3 does not report underlying exception/stacktrace when a @RestControllerAdvice class is used 1538
Fix HttpUrlConnection instrumentation so segment timing is accurate 1537
Fixes a bug in Spring 6 instrumentation where transactions are incorrectly named in certain scenarios. 1544 Such include:
@RestController
-like annotations, e.g. /actuator/health (see Actuator endpoints)@RestController
directly (e.g. using custom annotations)Add a fix for JBoss EAP / Wildfly where if customers are using the J2EE/Jakarta Management API, the application fails to startup. 1549
This is done by adding the system property com.newrelic.jboss.jsr77.fix
and setting it to true
.
E.g.
-Dcom.newrelic.jboss.jsr77.fix=true
Customers using JBoss EAP 7.4+ or Wildfly 23+ will need to manually configure the io.undertow.servlet
module and add
java.management
as a dependency.
This translates to doing the following steps:
modules/system/layers/base/io/undertow/servlet/main/module.xml
<module name="java.management"/>
inside the body of the <dependencies>
tagHere is what the configured XML file may look like:
<module name="io.undertow.servlet" xmlns="urn:jboss:module:1.9">
<resources>
<resource-root path="undertow-servlet-2.2.5.Final-redhat-00001.jar"/>
</resources>
<dependencies>
<module name="javax.annotation.api"/>
<module name="sun.jdk"/>
<module name="javax.servlet.api"/>
<module name="javax.servlet.jsp.api"/>
<module name="javax.servlet.jstl.api"/>
<module name="org.jboss.logging"/>
<module name="io.undertow.core"/>
<module name="org.jboss.xnio"/>
<module name="jdk.unsupported"/>
<module name="java.management"/>
</dependencies>
</module>
Resolve missing class exception on Scala instrumentation 1528
Security Agent: Fixed ClassNotFoundException for IOStreamHelper class with Glassfish 122
1.11.1
. This upgrade updates the underlying OkHttp dependency to version 4.12.0
1561
The following instrumentation modules will be removed in the next major release:
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.6.0...v8.7.0
This new instrumentation module allows you to see how your caches are performing. It provides hit/miss metrics as well as clear and evict. Search "Metrics Explorer" for the new metrics:
Cache/Spring/<cache-provider>/<cache-name>/hits
Cache/Spring/<cache-provider>/<cache-name>/misses
Cache/Spring/<cache-provider>/<cache-name>/clear
Cache/Spring/<cache-provider>/<cache-name>/evict
This is a new instrumentation for Kafka clients. It provides metrics similar to the existing instrumentation module, but this provides them by node/topic, whereas the existing one only uses topic. This module is disabled by default, check its documentation for more information.
This new instrumentation module sends the Kafka configuration as events periodically.
The Struts 2 instrumentation has been refactored to use a newer instrumentation technique, which allows it to be disabled.
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.5.0...v8.6.0
aws-wrap-0.7.0
java.completable-future-jdk8
play-2.3
spring-3.0.0
netty-3.4
Struts v1
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.4.0...v8.5.0
Added a public preview of the Interactive Application Security Testing (IAST) mode of the New Relic Security agent. 1224
Warning The New Relic Security agent IAST mode is in public preview and should only be used in non-production environments.
By default, the New Relic Security agent IAST mode is completely disabled. To enable it, set both newrelic.config.security.agent.enabled=true
and newrelic.config.security.enabled=true
.
Full configuration options are detailed below (note that the security
stanza should be indented two spaces under the pre-existing common
stanza in the newrelic.yml
config file):
# New Relic Security vulnerability detection.
security:
# Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is
# true, the security module will run but data will not be sent. Default is false.
enabled: false
# New Relic Security provides two modes: IAST and RASP
# Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a
# production environment or an environment where production data is processed.
mode: IAST
# New Relic Security’s SaaS connection URL
validator_service_url: wss://csec.nr-data.net
# To completely disable all security functionality, set this flag to false. This property is
# read only once at application start. Default is false.
agent:
enabled: false
# These are the category of security events that can be detected. Set to false to disable detection of
# individual event types. Default is true for each event type.
detection:
rci:
enabled: true
rxss:
enabled: true
deserialization:
enabled: true
Full Changelog: https://github.com/newrelic/newrelic-java-agent/compare/v8.3.0...v8.4.0