fix(deps): update module github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension to v0.107.0 [security] #7218
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
|
|
renovate-sh-app
bot
force-pushed
the
renovate/go-github.com-open-telemetry-opentelemetry-collector-contrib-extension-bearertokenauthextension-vulnerability
branch
from
9a2fc34 to
cf9e54c
Compare
renovate-sh-app
bot
force-pushed
the
renovate/go-github.com-open-telemetry-opentelemetry-collector-contrib-extension-bearertokenauthextension-vulnerability
branch
2 times, most recently
from
7e5a3e5 to
10d4191
Compare
…ector-contrib/extension/bearertokenauthextension to v0.107.0 [security] | datasource | package | from | to | | ---------- | -------------------------------------------------------------------------------------------- | ------- | -------- | | go | github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension | v0.96.0 | v0.107.0 | Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
renovate-sh-app
bot
force-pushed
the
renovate/go-github.com-open-telemetry-opentelemetry-collector-contrib-extension-bearertokenauthextension-vulnerability
branch
from
10d4191 to
de59fed
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.96.0->v0.107.0GitHub Vulnerability Alerts
CVE-2024-42368
Summary
The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens.
Details
https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/9128a9258fe1fee36f198f97b1e3371fc7b77a93/extension/bearertokenauthextension/bearertokenauth.go#L189-L196
For background on the type of vulnerability, see https://ropesec.com/articles/timing-attacks/.
Impact
This impacts anyone using the
bearertokenauthserver authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline.Fix
The observable timing vulnerability was fixed by @axw in v0.107.https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516/34516) by using constant-time comparison.
Workarounds
bearertokenauthto network segments accessible by potential attackers, orbearertokenauthopen-telemetry has an Observable Timing Discrepancy
CVE-2024-42368 / GHSA-rfxf-mf63-cpqv / GO-2024-3066
More information
Details
Summary
The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens.
Details
https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/9128a9258fe1fee36f198f97b1e3371fc7b77a93/extension/bearertokenauthextension/bearertokenauth.go#L189-L196
For background on the type of vulnerability, see https://ropesec.com/articles/timing-attacks/.
Impact
This impacts anyone using the
bearertokenauthserver authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline.Fix
The observable timing vulnerability was fixed by @axw in v0.107.https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516/34516) by using constant-time comparison.
Workarounds
bearertokenauthto network segments accessible by potential attackers, orbearertokenauthSeverity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
CVE-2024-42368 / GHSA-rfxf-mf63-cpqv / GO-2024-3066
More information
Details
open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Release Notes
open-telemetry/opentelemetry-collector-contrib (github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension)
v0.107.0This release fixes CVE-2024-42368 on the
bearerauthtokenextension(#34516)🛑 Breaking changes 🛑
clickhouseexporter: Addcompressoption to ClickHouse exporter, with default value oflz4(#34365)This change adds a new
compressoption to the config field and enables it by default.Prior to this change, compression was not enabled by default.
The only way to enable compression prior to this change was via the DSN URL.
With this change,
lz4compression will be enabled by default.The list of valid options is provided by the underlying
clickhouse-godriver.While this change is marked as breaking, there should be no effect to existing deployments by enabling compression.
Compression should improve network performance on most deployments that have a remote ClickHouse server.
Update the scope name for telemetry produce by components. The following table summarizes the changes:
azureeventhubreceiverotelcol/azureeventhubreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/azureeventhubreceivercloudfoundryreceiverotelcol/cloudfoundrygithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/cloudfoundryreceivercloudflarereceiverotelcol/cloudflaregithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/cloudflarereceiverazuremonitorreceiverotelcol/azuremonitorreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/azuremonitorreceiverfileconsumerotelcol/fileconsumergithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/fileconsumerloadbalancingexporterotelcol/loadbalancinggithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/loadbalancingexportersumologicexporterotelcol/sumologicgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/sumologicexporterprometheusremotewriteexporterotelcol/prometheusremotewritegithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusremotewriteexporteractivedirectorydsreceiverotelcol/activedirectorydsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/activedirectorydsreceiveraerospikereceiverotelcol/aerospikereceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/aerospikereceiverapachereceiverotelcol/apachereceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/apachereceiverapachesparkreceiverotelcol/apachesparkreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/apachesparkreceiverbigipreceiverotelcol/bigipreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/bigipreceiverchronyreceiverotelcol/chronyreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/chronyreceivercouchdbreceiverotelcol/couchdbreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/couchdbreceivercountconnectorotelcol/countconnectorgithub.com/open-telemetry/opentelemetry-collector-contrib/connector/countconnectordeltatocumulativeprocessorotelcol/deltatocumulativegithub.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessordockerstatsreceiverotelcol/dockerstatsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/dockerstatsreceiverelasticsearchreceiverotelcol/elasticsearchreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/elasticsearchreceiverexpvarreceiverotelcol/expvarreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/expvarreceiverfilestatsreceiverotelcol/filestatsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/filestatsreceiverfilterprocessorotelcol/filtergithub.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessorflinkmetricsreceiverotelcol/flinkmetricsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/flinkmetricsreceiverfluentforwardreceiverotelcol/fluentforwardreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/fluentforwardreceivergitproviderreceiverotelcol/gitproviderreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/gitproviderreceivergooglespannerreceiverotelcol/googlecloudspannermetricsgithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/googlespannerreceivergrafanacloudconnectorotelcol/grafanacloudgithub.com/open-telemetry/opentelemetry-collector-contrib/connector/grafanacloudconnectorgroupbyattrsprocessorotelcol/groupbyattrsgithub.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessorgroupbytraceprocessorotelcol/groupbytracegithub.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbytraceprocessorhaproxyreceiverotelcol/haproxyreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/haproxyreceiverhostmetricsreceiverreceiver's scrapersotelcol/hostmetricsreceiver/*github.com/open-telemetry/opentelemetry-collector-contrib/receiver/hostmetricsreceiver/internal/scraper/*httpcheckreceiverotelcol/httpcheckreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/httpcheckreceiveriisreceiverotelcol/iisreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/iisreceiverk8sattributesprocessorotelcol/k8sattributesgithub.com/open-telemetry/opentelemetry-collector-contrib/processor/k8sattributesprocessork8sclusterreceiverotelcol/k8sclusterreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiverkafkametricsreceiverotelcol/kafkametricsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/kafkametricsreceiverkafkareceiverotelcol/kafkareceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/kafkareceiverkubeletstatsreceiverotelcol/kubeletstatsreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/kubeletstatsreceivermemcachedreceiverotelcol/memcachedreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/memcachedreceivermongodbatlasreceiverotelcol/mongodbatlasreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/mongodbatlasreceivermongodbreceiverotelcol/mongodbreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/mongodbreceivermysqlreceiverotelcol/mysqlreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/mysqlreceivernginxreceiverotelcol/nginxreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/nginxreceivernsxtreceiverotelcol/nsxtreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/nsxtreceiveroracledbreceiverotelcol/oracledbreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/oracledbreceiverotelarrowreceiverotelcol/otelarrowreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/otelarrowreceiverpodmanreceiverotelcol/podmanreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/podmanreceiverpostgresqlreceiverotelcol/postgresqlreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/postgresqlreceiverprobabilisticsamplerprocessorotelcol/probabilisticsamplergithub.com/open-telemetry/opentelemetry-collector-contrib/processor/probabilisticsamplerprocessorprometheusreceiverotelcol/prometheusreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiverrabbitmqreceiverotelcol/rabbitmqreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/rabbitmqreceiversshcheckreceiverotelcol/sshcheckreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/sshcheckreceivervcenterreceiverotelcol/vcentergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/vcenterreceiverzookeeperreceiverotelcol/zookeepergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/zookeeperreceiverredisreceiverotelcol/redisreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/redisreceiverriakreceiverotelcol/riakreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/riakreceiverroutingprocessorotelcol/routinggithub.com/open-telemetry/opentelemetry-collector-contrib/processor/routingprocessorsaphanareceiverotelcol/saphanareceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/saphanareceiverservicegraphconnectorotelcol/servicegraphgithub.com/open-telemetry/opentelemetry-collector-contrib/connector/servicegraphconnectorsnmpreceiverotelcol/snmpreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/snmpreceiversnowflakereceiverotelcol/snowflakereceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/snowflakereceiversolacereceiverotelcol/solacereceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/solacereceiversplunkenterprisereceiverotelcol/splunkenterprisereceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/splunkenterprisereceiverstatsdreceiverotelcol/statsdreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/statsdreceivertailsamplingprocessorotelcol/tailsamplinggithub.com/open-telemetry/opentelemetry-collector-contrib/processor/tailsamplingprocessorsqlserverreceiverotelcol/sqlserverreceivergithub.com/open-telemetry/opentelemetry-collector-contrib/receiver/sqlserverreceiverelasticsearchreceiver: Enable more index metrics by default (#34396)This enables the following metrics by default:
elasticsearch.index.documentselasticsearch.index.operations.merge.currentelasticsearch.index.segments.countTo preserve previous behavior, update your Elasticsearch receiver configuration to disable these metrics.
vcenterreceiver: Enables all of the vSAN metrics by default. (#34409)The following metrics will be enabled by default now:
🚩 Deprecations 🚩
exporter/datadog: Deprecateslogs::dump_payloadssince it is invalid with the Datadog Agent logs pipeline, which will be enabled by default in the v0.108.0 release. (#34490)🚀 New components 🚀
logdedupprocessor: Add new logdedupprocessor processor that deduplicates log entries. (#34118)coralogixprocessor: creating new component for coralogix features (#33090)googlecloudmonitoringreceiver: Adding new component - Google Cloud monitoring receiver to fetch GCP Cloud Metrics and transform to OpenTelemetry compatible format. (#33762)💡 Enhancements 💡
awsemfexporter: AWS EMF Exporter to update ApplicationSignals log group name and namespace, and adjust AWS service name prefix logic in spans (#33798)azureeventhubreceiver: Added traces support in azureeventhubreceiver (#33583)exporter/prometheusremotewrite: Reduce unnecessary memory allocation by removing buffer that was not used by Snappy encoding function. (#34273)exporter/prometheusremotewrite: Reduce memory allocations of prometheus remote write exporter "batchtimeseries" when large batch sizes are used (#34269)clickhouseexporter: Updated the default logs table to a more optimized schema (#34203)Improved partitioning and time range queries.
bearertokenauthextension: use constant time comparison. This fixes CVE-2024-42368 (#34516)processor/k8sattributes: Add support forcontainer.image.repo_digestsmetadata (#34029)datadogconnector: Move feature gateconnector.datadogconnector.NativeIngestto beta (#34549)When this feature gate is enabled (default), the datadog connector uses the new API to produce APM stats under the hood. | The new API has better throughput when your spans have many attributes (especially container related attributes). Functional-wise the new API should have no user-facing change compared to the old API. | However if you observe any unexpected behaviors, you can disable this feature gate to revert to the old stats processing APIs.
elasticsearchexporter: Add opt-in support for the experimentalbatcherconfig (#32377)By enabling (or explicitly disabling) the batcher, the Elasticsearch exporter's
existing batching/buffering logic will be disabled, and the batch sender will be used.
elasticsearchexporter: Add summary support for metrics (#34560)hostmetricsreceiver: add reporting interval to entity event (#34240)elasticsearchreceiver: Add metric for active index merges (#34387)kafkaexporter: add an ability to partition logs based on resource attributes. (#33229)logdedupprocessor: Adds a histogram metric to record the number of aggregated log records. (#34579)logdedupprocessor: Updates stability level to alpha. (#34575)logdedup: Make the name of the log deduplication component consistent (#34571)logdedupprocessor: Ensures any pending aggregated logs are processed and sent to the next consumer before shutting down. (#34615)logdedupprocessor: Adds a scope aggregator to the logdedup processor enabling the aggregation of logs per scope. (#34606)logdedupprocessor: Simplifies the processor shutdown behaviour by removing the unnecessary done channel. (#34478)pkg/ottl: Add support for map literals in OTTL (#32388)pkg/ottl: Introduce ExtractGrokPatterns converter (#32593)pkg/ottl: Add theMD5function to convert thevalueinto a MD5 hash/digest (#33792)pkg/ottl: Introducesha512converter to generate SHA-512 hash/digest from given payload. (#34007)kafkametricsreceiver: Add option to configure cluster alias name and add new metrics for kafka topic configurations (#34148)receiver/splunkhec: Add a regex to enforce metrics naming for Splunk events fields based on metrics documentation. (#34275)telemetrygen: Support boolean values in--telemetry-attributesand--otlp-attributesflag (#18928)filelogreceiver: Check for unsupported fractional seconds directive when converting strptime time layout to native format (#34390)windowseventlogreceiver: Add remote collection support to Stanza operator windows pkg to support remote log collect for the Windows Event Log receiver. (#33100)🧰 Bug fixes 🧰
configauth: Fix unmarshaling of authentication in HTTP servers. (#34325)This brings in a bug fix from the core collector. See open-telemetry/opentelemetry-collector#10750.
docker_observer: Change default endpoint fordocker_observeron Windows tonpipe:////./pipe/docker_engine(#34358)pkg/translator/jaeger: Change the translation to jaeger spans to match semantic conventions. (#34368)otel.library.nameis deprecated and replaced byotel.scope.nameotel.library.versionis deprecated and replaced byotel.scope.versionpkg/stanza: Ensure that errors fromProcessandWritedo not break for loops (#34295)cmd/opampsupervisor: Start even if the OpAMP server cannot be contacted, and continually retry connecting. (#33408, #33799)cmd/opampsupervisor: Write the generated effective config and agent log files to the user-defined storage directory. (#34341)azuremonitorreceiver: Add Azure China as acloudoption. (#34315)postgresqlreceiver: Support unix socket based replication by handling null values in the client_addr field (#33107)splunkhecexporter: Copy the bytes to be placed in the request body to avoid corruption on reuse (#34357)This bug is a manifestation of golang/go#51907.
Under high load, the pool of buffers used to send requests is reused enough
that the same buffer is used concurrently to process data and be sent as request body.
The fix is to copy the payload into a new byte array before sending it.
syslogexporter: Fix issue where exporter may hang indefinitely while dialing. (#34393)clickhouseexporter: Use observed timestamp if timestamp is zero (#34150)Some OpenTelemetry libraries do not send timestamp for logs, but they should always send | the observed timestamp. In these cases the ClickHouse exporter just stored a zero timestamp | to the database. This changes the behavior to look into the observed timestamp if the timestamp | is zero.
webhookeventreceiver: added a timestamp to the logs generated from incoming events. (#33702)v0.106.1🧰 Bug fixes 🧰
configauth: Fix unmarshaling of authentication in HTTP servers. (#34325)This brings in a bug fix from the core collector. See open-telemetry/opentelemetry-collector#10750.
v0.106.0🛑 Breaking changes 🛑
vcenterreceiver: Enables various vCenter metrics that were disabled by default until v0.106.0 (#33607)The following metrics will be enabled by default "vcenter.datacenter.cluster.count", "vcenter.datacenter.vm.count", "vcenter.datacenter.datastore.count",
"vcenter.datacenter.host.count", "vcenter.datacenter.disk.space", "vcenter.datacenter.cpu.limit", "vcenter.datacenter.memory.limit",
"vcenter.resource_pool.memory.swapped", "vcenter.resource_pool.memory.ballooned", and "vcenter.resource_pool.memory.granted". The
"resourcePoolMemoryUsageAttribute" has also been bumped up to release v.0.107.0
googlemanagedprometheusexporter: Fix typo inexporter.googlemanagedpromethues.intToDoublefeature gate (#34232)🚩 Deprecations 🚩
k8sattributesprocessor: Deprecateextract.annotations.regexandextract.labels.regexconfig fields in favor of theExtractPatternsfunction in the transform processor. TheFieldExtractConfig.Regexparameter will be removed in version v0.111.0. (#25128)Deprecating of FieldExtractConfig.Regex parameter means that it is recommended to use the
ExtractPatternsfunction from the transform processor instead. To convert your current configuration please check theExtractPatternsfunction documentation. You should use thepatternparameter ofExtractPatternsinstead of using theFieldExtractConfig.Regexparameter.🚀 New components 🚀
otlpjsonconnector: New component that will allow extracting otlpjson data from incoming Logs. (#34239, #34208)redis_storage: Adds a new storage extension using Redis to store data in transit (#31682)💡 Enhancements 💡
processor/transform: Addscale_metricfunction that scales all data points in a metric. (#16214)vcenterreceiver: Adds vCenter vSAN host metrics. (#33556)Introduces the following vSAN host metrics to the vCenter receiver:
transformprocessor: Support aggregating metrics based on their attributes. (#16224)metricstransformprocessor: Adds the 'median' aggregation type to the Metrics Transform Processor. Also uses the refactored aggregation business logic from internal/core package. (#16224)telemetrygen: uses the go logging SDK instead of pdata (#18902)elasticsearchexporter: Add explicit bounds histogram support to metrics (#34045)hostmetricsreceiver: allow configuring log pipeline to send host EntityState event (#33927)elasticsearchexporter: Introduce an experimental OTel native mapping mode for logs (#33290)extension/healthcheckv2: Add extension/subcomponent management logic. (#26661)otlpjsonconnector: Add connector's implementations (#34249, #34208)windowsperfcountersreceiver: Improve handling of non-existing instances for Windows Performance Counters (#33815)It is an expected that when querying Windows Performance Counters the targeted instances may not be present.
The receiver will no longer require the use of
recreate_queryto handle non-existing instances.As soon as the instances are available, the receiver will start collecting metrics for them.
There won't be warning log messages when there are no matches for the configured instances.
kafkareceiver: Add settings session_timeout and heartbeat_interval to Kafka Receiver for group management facilities (#28630)otelarrowreceiver, otelarrowexporter: OTel-Arrow internal packages moved into this repository. (#33567)New integration testing between otelarrowexporter and otelarrowreceiver.
otlpjsonconnector: Move connector's stability to alpha. (#34208, #34253)pkg/ottl: Adds anFormatfunction to OTTL that callsfmt.Sprintf(#33405)vcenterreceiver: Adds a number of default disabled vSAN metrics for Clusters. (#33556)vcenterreceiver: Adds a number of default disabled vSAN metrics for Virtual Machines. (#33556)🧰 Bug fixes 🧰
clickhouseexporter: Increase the default number of queue consumers to 10 (#34176)opencensusreceiver: Do not report an error into resource status during receiver shutdown when the listener connection was closed. (#33865)datadogconnector: Produce stats for non-root client and producer spans whenconnector.datadogconnector.NativeIngestandcompute_top_level_by_span_kindare enabled (#34197)You should have only run into this bug when ALL the conditions below are met | 1. feature gate
connector.datadogconnector.NativeIngestis enabled | 2. configcompute_top_level_by_span_kindis set to true | 3. configcompute_stats_by_span_kindis unset or set to false | 4. you have child spans with client or producer span kinddatadogconnector: Respect_dd.measuredwhenconnector.datadogconnector.NativeIngestis enabled (#34197)Spans with attribute
_dd.measuredset to 1 will always get Datadog APM statsdeltatocumulativeprocessor: fix bucket counts when downscaling exp histograms with odd offsets (#33831)otelarrowreceiver: Fix potential goroutine leak when in stream-shutdown. (#34236)otelarrowreceiver: Eliminate one spurious span error. (#34175)pkg/ottl: Handle JSON array provided to ParseJSON function (#33535)exporter/datadog: Fixes a bug whereotelcol_exporter_sent_log_recordswas reporting double as many logs sent when using the logs agent feature gate. (#33887)statsdeceiver: Log only non-EOF errors when reading payload received via TCP. (#33951)vcenterreceiver: Adds destroys to the ContainerViews in the client. (#34254)This may not be necessary, but it should be better practice than not.
v0.105.0🛑 Breaking changes 🛑
skywalkingexporter: Remove unmaintained component (#23796)elasticsearchexporter: Make "dedup" option no-op, always de-duplicate. (#33773)Elasticsearch does not permit duplicate keys in JSON objects, so there is no value in being able to configure deduplication.
elasticsearchexporter: Remove defunct "file" and "fields" configuration settings. (#33803)This is a breaking change only because removing the attributes would prevent collector startup if those attributes are specified, but otherwise there is no functional change. These configuration attributes have never done anything.
stanza: errors from Operator.Process are returned instead of silently ignored. (#33783)This public function is affected: https://pkg.go.dev/github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.104.0/operator/helper#WriterOperator.Write
vcenterreceiver: Enables various vCenter metrics that were disabled by default until v0.105 (#34022)The following metrics will be enabled by default "vcenter.host.network.packet.drop.rate",
"vcenter.vm.cpu.readiness", "vcenter.host.cpu.capacity", and "vcenter.host.cpu.reserved".
🚩 Deprecations 🚩
lokiexporter: Deprecate component (#33916)🚀 New components 🚀
sumconnector: creates a wireframe and initial pr to develop from (#32669)extensions/observer/cfgardenobserver: Add a new observer that discovers containers through the Garden API (#33618)💡 Enhancements 💡
pkg/ottl: Added Hex() converter function (#31929)pkg/ottl: Add IsRootSpan() converter function. (#32918)Converter
IsRootSpan()returnstrueif the span in the corresponding context is root, that means itsparent_span_idequals the hexadecimal representation of zero. In all other scenarios function returnsfalse.vcenterreceiver: Adds additional vCenter resource pool metrics and a memory_usage_type attribute for vcenter.resource_pool.memory.usage metric to use. (#33607)Added "vcenter.resource_pool.memory.swapped", "vcenter.resource_pool.memory.ballooned", and "vcenter.resource_pool.memory.granted"
metrics. Also added an additional attribute, "memory_usage_type" for "vcenter.resource_pool.memory.usage" metric, which is
currently under a feature gate.
kubeletstatsreceiver: Addk8s.pod.memory.node.utilizationandk8s.container.memory.node.utilizationmetrics (#33591)vcenterreceiver: Adds vCenter metrics at the datacenter level. (#33607)Introduces various datacenter metrics which work by aggregating stats from datastores, clusters, hosts, and VM's.
processor/resource, processor/attributes: Add an option to extract value from a client address by specifyingclient.addressvalue in thefrom_contextfield. (#34051)awss3receiver: Add support for retrieving logs and metrics to the AWS S3 Receiver. (#30750)receiver/azuremonitorreceiver: Add support for Managed Identity and Default Credential auth (#31268, #33584)azuremonitorreceiver: Addmaximum_number_of_records_per_resourceconfig parameter in order to overwrite default (#32165)clickhouseexporter: Upgrading stability for logs to beta (#33615)The logs exporter has been proven to be stable for large scale production deployments.
Configuration options specific to logs are unlikely to change.
cloudfoundryreceiver: Add support to receive CloudFoundry Logs (#32671)datadogreceiver: Add support for metrics in Datadog receiver (#18278)datadogexporter: Add a feature gateexporter.datadogexporter.TraceExportUseCustomHTTPClientthat allows a custom HTTP client to be used in trace export (#34025)This is an experimental feature. By default the feature gate is disabled and trace export uses a default HTT
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
Need help?
You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.