Skip to content

feat(trace-exporter): add fail-closed fallback to v04#2037

Open
anais-raison wants to merge 11 commits into
mainfrom
anais/add-v1-to-v04-fallback
Open

feat(trace-exporter): add fail-closed fallback to v04#2037
anais-raison wants to merge 11 commits into
mainfrom
anais/add-v1-to-v04-fallback

Conversation

@anais-raison
Copy link
Copy Markdown
Contributor

@anais-raison anais-raison commented May 26, 2026
edited by atlassian Bot
Loading

What does this PR do?

Adds runtime V1 trace protocol negotiation with fail-closed fallback to V0.4. Opt in via enable_v1_protocol() or DD_TRACE_AGENT_PROTOCOL_VERSION=1. V1 is only used after the agent advertises /v1.0/traces in /info.

Motivation

APMSP-2809
Makes V1 safe to enable: falls back to V0.4 against agents that don't support it.

Additional Notes

Dynamic rollback supported (if the agent stops advertising V1, the exporter switches back to V0.4).

How to test the change?

All test are working.
End to end tests against a real agent were done and successful as well.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026
edited
Loading

📚 Documentation Check Results

⚠️ 1637 documentation warning(s) found

📦 libdd-data-pipeline - 1051 warning(s)

📦 libdd-trace-utils - 586 warning(s)

Updated: 2026-05-26 16:30:20 UTC | Commit: 4f9a082 | missing-docs job results

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026
edited
Loading

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

  • Base Branch: origin/main
  • PR Branch: origin/anais/add-v1-to-v04-fallback

Summary by Rule

Rule Base Branch PR Branch Change
unwrap_used 2 2 No change (0%)
Total 2 2 No change (0%)

Annotation Counts by File

File Base Branch PR Branch Change
libdd-data-pipeline/src/trace_exporter/mod.rs 2 2 No change (0%)

Annotation Stats by Crate

Crate Base Branch PR Branch Change
clippy-annotation-reporter 5 5 No change (0%)
datadog-ffe-ffi 1 1 No change (0%)
datadog-ipc 21 21 No change (0%)
datadog-live-debugger 6 6 No change (0%)
datadog-live-debugger-ffi 10 10 No change (0%)
datadog-profiling-replayer 4 4 No change (0%)
datadog-remote-config 3 3 No change (0%)
datadog-sidecar 57 57 No change (0%)
libdd-common 13 13 No change (0%)
libdd-common-ffi 12 12 No change (0%)
libdd-data-pipeline 5 5 No change (0%)
libdd-ddsketch 2 2 No change (0%)
libdd-dogstatsd-client 1 1 No change (0%)
libdd-profiling 13 13 No change (0%)
libdd-telemetry 20 20 No change (0%)
libdd-tinybytes 4 4 No change (0%)
libdd-trace-normalization 2 2 No change (0%)
libdd-trace-obfuscation 3 3 No change (0%)
libdd-trace-stats 1 1 No change (0%)
libdd-trace-utils 13 13 No change (0%)
Total 196 196 No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026
edited
Loading

🔒 Cargo Deny Results

⚠️ 9 issue(s) found, showing only errors (advisories, bans, sources)

📦 libdd-data-pipeline - 5 error(s)

Show output 
error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:214:1
    │
214 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── libdd-common v4.1.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── libdd-data-pipeline v5.0.0
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v5.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.0
      │   │   │   │   └── libdd-data-pipeline v5.0.0 (*)
      │   │   │   └── libdd-trace-stats v4.0.0
      │   │   │       └── libdd-data-pipeline v5.0.0 (*)
      │   │   ├── libdd-trace-stats v4.0.0 (*)
      │   │   └── libdd-trace-utils v5.0.0
      │   │       ├── libdd-data-pipeline v5.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v3.1.0
      │   │       │   └── libdd-trace-stats v4.0.0 (*)
      │   │       ├── libdd-trace-stats v4.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v5.0.0 (*)
      │   ├── libdd-data-pipeline v5.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   └── libdd-data-pipeline v5.0.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.0 (*)
      │   ├── libdd-trace-obfuscation v3.1.0 (*)
      │   ├── libdd-trace-stats v4.0.0 (*)
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── (dev) libdd-data-pipeline v5.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── (dev) libdd-trace-stats v4.0.0 (*)
      ├── libdd-trace-utils v5.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── libdd-data-pipeline v5.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v5.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:278:1
    │
278 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v5.0.0

advisories FAILED, bans ok, sources ok

📦 libdd-trace-utils - 4 error(s)

Show output 
error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:177:1
    │
177 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.1.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   └── libdd-trace-utils v5.0.0
      │   │       └── (dev) libdd-trace-utils v5.0.0 (*)
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── libdd-trace-utils v5.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v5.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v5.0.0
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v5.0.0
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v5.0.0
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-05-26 16:32:01 UTC | Commit: 4f9a082 | dependency-check job results

@datadog-prod-us1-4
Copy link
Copy Markdown

datadog-prod-us1-4 Bot commented May 26, 2026
edited by datadog-prod-us1-3 Bot
Loading

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 98.61%
Overall Coverage: 72.84% (+0.08%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 73cbd6d | Docs | Datadog PR Page | Give us feedback!

@dd-octo-sts
Copy link
Copy Markdown
Contributor

dd-octo-sts Bot commented May 26, 2026
edited
Loading

Artifact Size Benchmark Report

aarch64-alpine-linux-musl
Artifact Baseline Commit Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a 82.02 MB 82.02 MB +0% (+1.53 KB) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so 7.57 MB 7.57 MB +0% (+48 B) 👌
aarch64-unknown-linux-gnu
Artifact Baseline Commit Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.17 MB 10.17 MB -0% (-384 B) 👌
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a 93.08 MB 93.08 MB +0% (+1.51 KB) 👌
libdatadog-x64-windows
Artifact Baseline Commit Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll 24.31 MB 24.32 MB +.01% (+4.00 KB) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib 81.48 KB 81.48 KB 0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb 177.00 MB 177.02 MB +.01% (+24.00 KB) 🔍
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib 911.16 MB 911.21 MB +0% (+48.90 KB) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll 7.91 MB 7.91 MB +.01% (+1.50 KB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib 81.48 KB 81.48 KB 0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb 23.49 MB 23.49 MB 0% (0 B) 👌
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib 46.91 MB 46.90 MB --.01% (-6.50 KB) 💪
libdatadog-x86-windows
Artifact Baseline Commit Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll 21.04 MB 21.04 MB +.02% (+4.50 KB) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib 82.76 KB 82.76 KB 0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb 180.83 MB 180.85 MB +0% (+16.00 KB) 👌
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib 904.36 MB 904.41 MB +0% (+46.67 KB) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll 6.12 MB 6.12 MB +0% (+512 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib 82.76 KB 82.76 KB 0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb 25.19 MB 25.18 MB --.03% (-8.00 KB) 💪
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib 44.61 MB 44.60 MB --.01% (-6.29 KB) 💪
x86_64-alpine-linux-musl
Artifact Baseline Commit Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a 73.12 MB 73.14 MB +.01% (+13.90 KB) 🔍
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so 8.44 MB 8.45 MB +.04% (+4.06 KB) 🔍
x86_64-unknown-linux-gnu
Artifact Baseline Commit Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a 88.53 MB 88.54 MB +.01% (+13.78 KB) 🔍
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.27 MB 10.27 MB +0% (+632 B) 👌

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.61111% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.83%. Comparing base (dd71a87) to head (73cbd6d).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2037      +/-   ##
==========================================
+ Coverage   72.75%   72.83%   +0.08%     
==========================================
  Files         458      458              
  Lines       75827    76005     +178     
==========================================
+ Hits        55168    55361     +193     
+ Misses      20659    20644      -15
Components Coverage Δ
libdd-crashtracker 65.21% <ø> (+0.01%) ⬆️
libdd-crashtracker-ffi 36.82% <ø> (ø)
libdd-alloc 98.59% <ø> (-0.18%) ⬇️
libdd-data-pipeline 85.84% <98.61%> (+0.57%) ⬆️
libdd-data-pipeline-ffi 70.51% <ø> (ø)
libdd-common 79.89% <ø> (ø)
libdd-common-ffi 74.41% <ø> (ø)
libdd-telemetry 73.37% <ø> (+0.02%) ⬆️
libdd-telemetry-ffi 31.36% <ø> (ø)
libdd-dogstatsd-client 82.64% <ø> (ø)
datadog-ipc 76.22% <ø> (ø)
libdd-profiling 81.69% <ø> (ø)
libdd-profiling-ffi 64.79% <ø> (ø)
libdd-sampling 97.46% <ø> (ø)
datadog-sidecar 29.19% <ø> (ø)
datdog-sidecar-ffi 10.17% <ø> (ø)
spawn-worker 48.86% <ø> (ø)
libdd-tinybytes 93.16% <ø> (ø)
libdd-trace-normalization 81.71% <ø> (ø)
libdd-trace-obfuscation 87.30% <ø> (ø)
libdd-trace-protobuf 68.25% <ø> (ø)
libdd-trace-utils 88.93% <ø> (+0.10%) ⬆️
libdd-tracer-flare 86.88% <ø> (ø)
libdd-log 74.83% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@anais-raison
Merge remote-tracking branch 'origin/main' into anais/add-v1-to-v04-f…
5b2ffab 
…allback

# Conflicts:
#	libdd-data-pipeline/src/trace_exporter/trace_serializer.rs
#	libdd-trace-utils/src/msgpack_encoder/v04/mod.rs
#	libdd-trace-utils/src/msgpack_encoder/v1/mod.rs
@anais-raison anais-raison marked this pull request as ready for review May 26, 2026 16:28
@anais-raison anais-raison requested review from a team as code owners May 26, 2026 16:28
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 73cbd6de94

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread libdd-data-pipeline/src/trace_exporter/mod.rs
header_tags,
&self.metadata,
self.agent_payload_response_version.as_ref(),
self.effective_output_format(),
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Snapshot effective output format per send

send_trace_chunks_inner uses self.effective_output_format() here for payload encoding, but the URL is resolved later through get_agent_url(), which reads v1_active again. During concurrent traffic, another thread can run check_agent_info and flip v1_active between those two reads (for example when /info changes), causing a v0.4 payload to be sent to /v1.0/traces or a v1 payload to /v0.4/traces. That protocol/path mismatch can produce avoidable request failures and dropped traces during agent capability transitions.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anais-raison I believe this is a valid concern.

What is the expected behavior? I assume the common scenario is that we don't have the response from /info yet so we fallback to v04 until agent_info is populated.

To solve for that scenario you probably want to capture the effective output at the start and pass that value through the call chain so we don't wind up serializing for one format but sending to the other format's endpoint.

Is it possible that after we get a response from /info that says V1 is supported that the agent could later change that to false? If that's possible, the fix becomes more complicated because we have to consider the retry logic, which currently doesn't re-check for v1 support.

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/src/trace_exporter/builder.rs
/// Returns true when the `DD_TRACE_AGENT_PROTOCOL_VERSION` environment variable opts in to
/// the V1 protocol. Accepts `"1"` and `"1.0"`. Other values (including unset) yield false.
fn env_requests_v1_protocol() -> bool {
Self::parse_v1_protocol_env(std::env::var("DD_TRACE_AGENT_PROTOCOL_VERSION").ok())
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not be checking env vars in libdatadog (normally). This should be handled by the SDK and passed via the builder.

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/src/trace_exporter/mod.rs
.info
.endpoints
.as_ref()
.is_some_and(|e| e.iter().any(|p| p == "/v1.0/traces"));
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/v1.0/traces should probably be a named const.

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/tests/test_trace_exporter.rs
// and the payload is encoded as V1.
let start = std::time::Instant::now();
while libdd_data_pipeline::agent_info::get_agent_info().is_none() {
if start.elapsed() > std::time::Duration::from_secs(5) {
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is probably ok, but we need to be careful anytime we introduce waiting to tests. Could we try to stress test this a bit to see if it's flaky on CI? I'd suggest temporarily modifying the CI workflow to run the tracing integration step 1000x on the various platforms in our matrix in a loop to see if any flakes appear.

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/src/trace_exporter/mod.rs
.as_ref()
.is_some_and(|e| e.iter().any(|p| p == "/v1.0/traces"));
let previous = self.v1_active.swap(supports_v1, Ordering::Relaxed);
match (previous, supports_v1) {
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also log (false, false)? Or is there somewhere else we should log the scenario where the SDK is requesting V1, but the agent doesn't support it? I'm not sure if we care about that?

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/src/trace_exporter/mod.rs
match (previous, supports_v1) {
(false, true) => debug!("V1 trace protocol enabled (agent advertises /v1.0/traces)"),
(true, false) => {
warn!("V1 trace protocol no longer advertised by agent; falling back to v0.4")
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related to this comment, when would this happen?

ekump
ekump reviewed May 26, 2026
View reviewed changes
Comment thread libdd-data-pipeline/src/trace_exporter/mod.rs
@@ -347,6 +351,9 @@ impl<C: HttpClientCapability + SleepCapability + MaybeSend + Sync + 'static> Tra
fn check_agent_info(&self) {
if let Some(agent_info) = agent_info::get_agent_info() {
if self.has_agent_info_state_changed(&agent_info) {
Copy link
Copy Markdown
Contributor

@ekump ekump May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be concern trolling here...but if a likely scenario we have to support is the agent advertising that it supports V1 to advertising it does not support v1 then it's possible we get trapped in a loop where we don't get a correct state hash from the agent.

  1. Agent says it's ok to send V1, we send V1.
  2. Agent changes its mind and does not support V1
  3. We check if agent state has changed based on the last successful response that happened before the agent changed its mind.
  4. We send V1, get a 404 because the endpoint isn't available. We don't get a new state hash on a 404.
  5. We keep sending V1, keep 404'ing, never get a new state hash.

We poll /info every 5 minutes independently of the state hash. But 5 minutes is a long time to be dropping traces.

I think this would also apply to CSS, which has the same logic. Is this a valid concern?

CC @VianneyRuhlmann and @ajgajg1134

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekump ekump ekump left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

data-pipeline mini-agent

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anais-raison @codecov-commenter @ekump