Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Upgrade libddwaf-java to 15.0.0 #9022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 27, 2025
Merged

Upgrade libddwaf-java to 15.0.0 #9022

merged 6 commits into from
Jun 27, 2025

Conversation

sezen-datadog
Copy link
Contributor

@sezen-datadog sezen-datadog commented Jun 23, 2025
edited
Loading

What Does This Do

Removal of result object in waf in favor of a generic object caused a need to upgrade libddwaf-java so this PR updates the latest version of libddwaf-java

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-58057

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-57270-default-regex-change branch 2 times, most recently from 5734454 to 6e43ba5 Compare June 24, 2025 11:47
Base automatically changed from sezen.leblay/APPSEC-57270-default-regex-change to master June 24, 2025 12:37
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-15.0.0 branch from 373a52f to e413827 Compare June 25, 2025 13:03
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-15.0.0 branch from e413827 to 42a3465 Compare June 25, 2025 13:05
@sezen-datadog sezen-datadog marked this pull request as ready for review June 25, 2025 13:06
@sezen-datadog sezen-datadog requested a review from a team as a code owner June 25, 2025 13:06
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 25, 2025
edited
Loading

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@sezen-datadog sezen-datadog added comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements labels Jun 25, 2025
@pr-commenter
Copy link

pr-commenter bot commented Jun 25, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/upgrade-libddwaf-java-15.0.0
git_commit_date 1750965079 1751010176
git_commit_sha df6adb3 65f3749
release_version 1.51.0-SNAPSHOT~df6adb322c 1.51.0-SNAPSHOT~65f37495d5
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751012084 1751012084
ci_job_id 1001761089 1001761089
ci_pipeline_id 68949154 68949154
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-sjxaapn4-project-304-concurrent-0-c4k724em 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-sjxaapn4-project-304-concurrent-0-c4k724em 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 8 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (995.347 ms) : 0, 995347
Total [baseline] (10.594 s) : 0, 10594399
Agent [candidate] (996.492 ms) : 0, 996492
Total [candidate] (10.525 s) : 0, 10524534
section appsec
Agent [baseline] (1.176 s) : 0, 1176205
Total [baseline] (10.801 s) : 0, 10801470
Agent [candidate] (1.175 s) : 0, 1174967
Total [candidate] (10.724 s) : 0, 10723954
section iast
Agent [baseline] (1.13 s) : 0, 1129859
Total [baseline] (10.821 s) : 0, 10820659
Agent [candidate] (1.137 s) : 0, 1137271
Total [candidate] (10.82 s) : 0, 10819638
section profiling
Agent [baseline] (1.249 s) : 0, 1248614
Total [baseline] (10.923 s) : 0, 10923283
Agent [candidate] (1.254 s) : 0, 1253985
Total [candidate] (11.13 s) : 0, 11130380
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 995.347 ms -
Agent appsec 1.176 s 180.858 ms (18.2%)
Agent iast 1.13 s 134.512 ms (13.5%)
Agent profiling 1.249 s 253.267 ms (25.4%)
Total tracing 10.594 s -
Total appsec 10.801 s 207.072 ms (2.0%)
Total iast 10.821 s 226.261 ms (2.1%)
Total profiling 10.923 s 328.884 ms (3.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 996.492 ms -
Agent appsec 1.175 s 178.475 ms (17.9%)
Agent iast 1.137 s 140.778 ms (14.1%)
Agent profiling 1.254 s 257.493 ms (25.8%)
Total tracing 10.525 s -
Total appsec 10.724 s 199.421 ms (1.9%)
Total iast 10.82 s 295.104 ms (2.8%)
Total profiling 11.13 s 605.846 ms (5.8%) 
gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.196 ms) : 0, 687196
BytebuddyAgent [candidate] (687.688 ms) : 0, 687688
GlobalTracer [baseline] (242.025 ms) : 0, 242025
GlobalTracer [candidate] (242.719 ms) : 0, 242719
AppSec [baseline] (30.526 ms) : 0, 30526
AppSec [candidate] (30.392 ms) : 0, 30392
Debugger [baseline] (6.018 ms) : 0, 6018
Debugger [candidate] (6.036 ms) : 0, 6036
Remote Config [baseline] (661.942 µs) : 0, 662
Remote Config [candidate] (670.931 µs) : 0, 671
Telemetry [baseline] (8.201 ms) : 0, 8201
Telemetry [candidate] (8.239 ms) : 0, 8239
section appsec
BytebuddyAgent [baseline] (712.356 ms) : 0, 712356
BytebuddyAgent [candidate] (710.781 ms) : 0, 710781
GlobalTracer [baseline] (236.139 ms) : 0, 236139
GlobalTracer [candidate] (235.42 ms) : 0, 235420
AppSec [baseline] (170.288 ms) : 0, 170288
AppSec [candidate] (171.456 ms) : 0, 171456
Debugger [baseline] (5.786 ms) : 0, 5786
Debugger [candidate] (5.829 ms) : 0, 5829
Remote Config [baseline] (605.22 µs) : 0, 605
Remote Config [candidate] (608.63 µs) : 0, 609
Telemetry [baseline] (8.092 ms) : 0, 8092
Telemetry [candidate] (8.129 ms) : 0, 8129
IAST [baseline] (22.107 ms) : 0, 22107
IAST [candidate] (22.001 ms) : 0, 22001
section iast
BytebuddyAgent [baseline] (807.02 ms) : 0, 807020
BytebuddyAgent [candidate] (813.395 ms) : 0, 813395
GlobalTracer [baseline] (232.183 ms) : 0, 232183
GlobalTracer [candidate] (233.158 ms) : 0, 233158
AppSec [baseline] (28.386 ms) : 0, 28386
AppSec [candidate] (27.638 ms) : 0, 27638
Debugger [baseline] (5.825 ms) : 0, 5825
Debugger [candidate] (5.808 ms) : 0, 5808
Remote Config [baseline] (576.39 µs) : 0, 576
Remote Config [candidate] (573.889 µs) : 0, 574
Telemetry [baseline] (7.962 ms) : 0, 7962
Telemetry [candidate] (7.942 ms) : 0, 7942
IAST [baseline] (27.144 ms) : 0, 27144
IAST [candidate] (27.851 ms) : 0, 27851
section profiling
ProfilingAgent [baseline] (102.801 ms) : 0, 102801
ProfilingAgent [candidate] (104.234 ms) : 0, 104234
BytebuddyAgent [baseline] (681.648 ms) : 0, 681648
BytebuddyAgent [candidate] (685.952 ms) : 0, 685952
GlobalTracer [baseline] (362.047 ms) : 0, 362047
GlobalTracer [candidate] (361.875 ms) : 0, 361875
AppSec [baseline] (32.976 ms) : 0, 32976
AppSec [candidate] (31.516 ms) : 0, 31516
Debugger [baseline] (10.68 ms) : 0, 10680
Debugger [candidate] (10.562 ms) : 0, 10562
Remote Config [baseline] (653.391 µs) : 0, 653
Remote Config [candidate] (1.372 ms) : 0, 1372
Telemetry [baseline] (8.816 ms) : 0, 8816
Telemetry [candidate] (9.552 ms) : 0, 9552
Profiling [baseline] (102.825 ms) : 0, 102825
Profiling [candidate] (104.259 ms) : 0, 104259
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.003 s) : 0, 1002514
Total [baseline] (8.564 s) : 0, 8564231
Agent [candidate] (1.001 s) : 0, 1001323
Total [candidate] (8.577 s) : 0, 8577221
section iast
Agent [baseline] (1.132 s) : 0, 1132220
Total [baseline] (9.271 s) : 0, 9270585
Agent [candidate] (1.139 s) : 0, 1139093
Total [candidate] (9.305 s) : 0, 9304750
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.003 s -
Agent iast 1.132 s 129.706 ms (12.9%)
Total tracing 8.564 s -
Total iast 9.271 s 706.354 ms (8.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.001 s -
Agent iast 1.139 s 137.77 ms (13.8%)
Total tracing 8.577 s -
Total iast 9.305 s 727.529 ms (8.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.533 ms) : 0, 692533
BytebuddyAgent [candidate] (691.589 ms) : 0, 691589
GlobalTracer [baseline] (243.434 ms) : 0, 243434
GlobalTracer [candidate] (243.29 ms) : 0, 243290
AppSec [baseline] (30.644 ms) : 0, 30644
AppSec [candidate] (30.618 ms) : 0, 30618
Debugger [baseline] (6.111 ms) : 0, 6111
Debugger [candidate] (6.055 ms) : 0, 6055
Remote Config [baseline] (672.641 µs) : 0, 673
Remote Config [candidate] (667.727 µs) : 0, 668
Telemetry [baseline] (8.302 ms) : 0, 8302
Telemetry [candidate] (8.239 ms) : 0, 8239
section iast
BytebuddyAgent [baseline] (808.855 ms) : 0, 808855
BytebuddyAgent [candidate] (813.568 ms) : 0, 813568
GlobalTracer [baseline] (233.137 ms) : 0, 233137
GlobalTracer [candidate] (234.297 ms) : 0, 234297
AppSec [baseline] (26.593 ms) : 0, 26593
AppSec [candidate] (25.393 ms) : 0, 25393
Debugger [baseline] (5.775 ms) : 0, 5775
Debugger [candidate] (5.896 ms) : 0, 5896
Remote Config [baseline] (579.144 µs) : 0, 579
Remote Config [candidate] (592.211 µs) : 0, 592
Telemetry [baseline] (7.888 ms) : 0, 7888
Telemetry [candidate] (7.961 ms) : 0, 7961
IAST [baseline] (28.728 ms) : 0, 28728
IAST [candidate] (30.589 ms) : 0, 30589
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/upgrade-libddwaf-java-15.0.0
git_commit_date 1750965079 1751010176
git_commit_sha df6adb3 65f3749
release_version 1.51.0-SNAPSHOT~df6adb322c 1.51.0-SNAPSHOT~65f37495d5
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751011765 1751011765
ci_job_id 1001761090 1001761090
ci_pipeline_id 68949154 68949154
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-5adhey-w-project-304-concurrent-0-343twskn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-5adhey-w-project-304-concurrent-0-343twskn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 3 performance improvements and 1 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast:high_load better
[-518.501µs; -195.923µs] or [-5.541%; -2.094%]		 unstable
[-38.653op/s; +77.841op/s] or [-7.794%; +15.696%]		 9.001ms 515.531op/s 9.358ms 495.938op/s
scenario:load:petclinic:tracing:high_load better
[-2.056ms; -1.276ms] or [-4.698%; -2.916%]		 unstable
[-4.593op/s; +10.385op/s] or [-4.241%; +9.590%]		 42.089ms 111.188op/s 43.755ms 108.291op/s
scenario:load:petclinic:code_origins:high_load worse
[+1.121ms; +1.942ms] or [+2.534%; +4.390%]		 unstable
[-11.727op/s; +2.075op/s] or [-10.952%; +1.938%]		 45.772ms 102.250op/s 44.240ms 107.076op/s
scenario:load:petclinic:profiling:high_load better
[-2.224ms; -1.313ms] or [-4.537%; -2.679%]		 unstable
[-3.388op/s; +10.613op/s] or [-3.548%; +11.114%]		 47.249ms 99.100op/s 49.017ms 95.487op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.031 ms) : 36736, 37326
.   : milestone, 37031,
appsec (47.094 ms) : 46666, 47521
.   : milestone, 47094,
code_origins (44.24 ms) : 43862, 44619
.   : milestone, 44240,
iast (44.288 ms) : 43889, 44688
.   : milestone, 44288,
profiling (49.017 ms) : 48579, 49456
.   : milestone, 49017,
tracing (43.755 ms) : 43377, 44134
.   : milestone, 43755,
section candidate
no_agent (37.908 ms) : 37600, 38217
.   : milestone, 37908,
appsec (48.309 ms) : 47880, 48737
.   : milestone, 48309,
code_origins (45.772 ms) : 45387, 46157
.   : milestone, 45772,
iast (44.114 ms) : 43716, 44513
.   : milestone, 44114,
profiling (47.249 ms) : 46841, 47657
.   : milestone, 47249,
tracing (42.089 ms) : 41744, 42435
.   : milestone, 42089,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.031 ms [36.736 ms, 37.326 ms] -
appsec 47.094 ms [46.666 ms, 47.521 ms] 10.063 ms (27.2%)
code_origins 44.24 ms [43.862 ms, 44.619 ms] 7.21 ms (19.5%)
iast 44.288 ms [43.889 ms, 44.688 ms] 7.258 ms (19.6%)
profiling 49.017 ms [48.579 ms, 49.456 ms] 11.987 ms (32.4%)
tracing 43.755 ms [43.377 ms, 44.134 ms] 6.725 ms (18.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.908 ms [37.6 ms, 38.217 ms] -
appsec 48.309 ms [47.88 ms, 48.737 ms] 10.4 ms (27.4%)
code_origins 45.772 ms [45.387 ms, 46.157 ms] 7.864 ms (20.7%)
iast 44.114 ms [43.716 ms, 44.513 ms] 6.206 ms (16.4%)
profiling 47.249 ms [46.841 ms, 47.657 ms] 9.34 ms (24.6%)
tracing 42.089 ms [41.744 ms, 42.435 ms] 4.181 ms (11.0%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.418 ms) : 4365, 4471
.   : milestone, 4418,
iast (9.358 ms) : 9205, 9512
.   : milestone, 9358,
iast_FULL (14.307 ms) : 14022, 14593
.   : milestone, 14307,
iast_GLOBAL (9.861 ms) : 9690, 10032
.   : milestone, 9861,
profiling (8.51 ms) : 8381, 8639
.   : milestone, 8510,
tracing (7.708 ms) : 7597, 7818
.   : milestone, 7708,
section candidate
no_agent (4.337 ms) : 4287, 4386
.   : milestone, 4337,
iast (9.001 ms) : 8855, 9147
.   : milestone, 9001,
iast_FULL (13.811 ms) : 13540, 14082
.   : milestone, 13811,
iast_GLOBAL (9.916 ms) : 9746, 10086
.   : milestone, 9916,
profiling (8.454 ms) : 8320, 8588
.   : milestone, 8454,
tracing (7.574 ms) : 7466, 7681
.   : milestone, 7574,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.418 ms [4.365 ms, 4.471 ms] -
iast 9.358 ms [9.205 ms, 9.512 ms] 4.94 ms (111.8%)
iast_FULL 14.307 ms [14.022 ms, 14.593 ms] 9.889 ms (223.8%)
iast_GLOBAL 9.861 ms [9.69 ms, 10.032 ms] 5.442 ms (123.2%)
profiling 8.51 ms [8.381 ms, 8.639 ms] 4.092 ms (92.6%)
tracing 7.708 ms [7.597 ms, 7.818 ms] 3.289 ms (74.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.337 ms [4.287 ms, 4.386 ms] -
iast 9.001 ms [8.855 ms, 9.147 ms] 4.664 ms (107.6%)
iast_FULL 13.811 ms [13.54 ms, 14.082 ms] 9.474 ms (218.5%)
iast_GLOBAL 9.916 ms [9.746 ms, 10.086 ms] 5.579 ms (128.7%)
profiling 8.454 ms [8.32 ms, 8.588 ms] 4.117 ms (94.9%)
tracing 7.574 ms [7.466 ms, 7.681 ms] 3.237 ms (74.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/upgrade-libddwaf-java-15.0.0
git_commit_date 1750965079 1751010176
git_commit_sha df6adb3 65f3749
release_version 1.51.0-SNAPSHOT~df6adb322c 1.51.0-SNAPSHOT~65f37495d5
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751012258 1751012258
ci_job_id 1001761091 1001761091
ci_pipeline_id 68949154 68949154
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-mrfdvp1-project-304-concurrent-0-rq3c79qb 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-mrfdvp1-project-304-concurrent-0-rq3c79qb 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1466, 1489
.   : milestone, 1477,
appsec (2.407 ms) : 2358, 2456
.   : milestone, 2407,
iast (2.192 ms) : 2131, 2254
.   : milestone, 2192,
iast_GLOBAL (2.243 ms) : 2181, 2306
.   : milestone, 2243,
profiling (2.5 ms) : 2325, 2675
.   : milestone, 2500,
tracing (2.01 ms) : 1963, 2058
.   : milestone, 2010,
section candidate
no_agent (1.478 ms) : 1467, 1490
.   : milestone, 1478,
appsec (2.407 ms) : 2359, 2456
.   : milestone, 2407,
iast (2.189 ms) : 2128, 2251
.   : milestone, 2189,
iast_GLOBAL (2.239 ms) : 2177, 2301
.   : milestone, 2239,
profiling (2.05 ms) : 2000, 2100
.   : milestone, 2050,
tracing (2.004 ms) : 1956, 2051
.   : milestone, 2004,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.466 ms, 1.489 ms] -
appsec 2.407 ms [2.358 ms, 2.456 ms] 929.551 µs (62.9%)
iast 2.192 ms [2.131 ms, 2.254 ms] 714.925 µs (48.4%)
iast_GLOBAL 2.243 ms [2.181 ms, 2.306 ms] 765.782 µs (51.8%)
profiling 2.5 ms [2.325 ms, 2.675 ms] 1.023 ms (69.2%)
tracing 2.01 ms [1.963 ms, 2.058 ms] 532.971 µs (36.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.478 ms [1.467 ms, 1.49 ms] -
appsec 2.407 ms [2.359 ms, 2.456 ms] 929.317 µs (62.9%)
iast 2.189 ms [2.128 ms, 2.251 ms] 711.14 µs (48.1%)
iast_GLOBAL 2.239 ms [2.177 ms, 2.301 ms] 761.143 µs (51.5%)
profiling 2.05 ms [2.0 ms, 2.1 ms] 572.15 µs (38.7%)
tracing 2.004 ms [1.956 ms, 2.051 ms] 525.656 µs (35.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~65f37495d5, baseline=1.51.0-SNAPSHOT~df6adb322c
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.004 s) : 15004000, 15004000
.   : milestone, 15004000,
appsec (14.809 s) : 14809000, 14809000
.   : milestone, 14809000,
iast (18.394 s) : 18394000, 18394000
.   : milestone, 18394000,
iast_GLOBAL (17.923 s) : 17923000, 17923000
.   : milestone, 17923000,
profiling (15.16 s) : 15160000, 15160000
.   : milestone, 15160000,
tracing (14.8 s) : 14800000, 14800000
.   : milestone, 14800000,
section candidate
no_agent (15.487 s) : 15487000, 15487000
.   : milestone, 15487000,
appsec (15.01 s) : 15010000, 15010000
.   : milestone, 15010000,
iast (18.725 s) : 18725000, 18725000
.   : milestone, 18725000,
iast_GLOBAL (18.063 s) : 18063000, 18063000
.   : milestone, 18063000,
profiling (15.235 s) : 15235000, 15235000
.   : milestone, 15235000,
tracing (15.055 s) : 15055000, 15055000
.   : milestone, 15055000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.004 s [15.004 s, 15.004 s] -
appsec 14.809 s [14.809 s, 14.809 s] -195.0 ms (-1.3%)
iast 18.394 s [18.394 s, 18.394 s] 3.39 s (22.6%)
iast_GLOBAL 17.923 s [17.923 s, 17.923 s] 2.919 s (19.5%)
profiling 15.16 s [15.16 s, 15.16 s] 156.0 ms (1.0%)
tracing 14.8 s [14.8 s, 14.8 s] -204.0 ms (-1.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.487 s [15.487 s, 15.487 s] -
appsec 15.01 s [15.01 s, 15.01 s] -477.0 ms (-3.1%)
iast 18.725 s [18.725 s, 18.725 s] 3.238 s (20.9%)
iast_GLOBAL 18.063 s [18.063 s, 18.063 s] 2.576 s (16.6%)
profiling 15.235 s [15.235 s, 15.235 s] -252.0 ms (-1.6%)
tracing 15.055 s [15.055 s, 15.055 s] -432.0 ms (-2.8%)

@sezen-datadog sezen-datadog enabled auto-merge (squash) June 26, 2025 10:47
@sezen-datadog sezen-datadog merged commit b1bbdd5 into master Jun 27, 2025
508 checks passed
@sezen-datadog sezen-datadog deleted the sezen.leblay/upgrade-libddwaf-java-15.0.0 branch June 27, 2025 08:55
@github-actions github-actions bot added this to the 1.51.0 milestone Jun 27, 2025
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Jul 10, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
48e635d 
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://github.com/google/error-prone)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` |
|
[org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/)
([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) |
dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.17.0` -> `3.18.0` |
|
[org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator)
| plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` ->
`0.18.1` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.50.1` -> `1.51.0` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |

---

### Release Notes

<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>

###
[`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0):
Error Prone 2.40.0

Changes:

- Bug fixes and improvements
- Releases (including snapshots) have migrated from [OSSRH to the
Central Publisher
Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate)

Full changelog:
google/error-prone@v2.39.0...v2.40.0

</details>

<details>
<summary>Kotlin/binary-compatibility-validator
(org.jetbrains.kotlinx.binary-compatibility-validator)</summary>

###
[`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1)

[Compare
Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1)

#### What's Changed

- Fixed a bug preventing use of cross-compilation support during KLIB
dump validation
\[[#&#8203;304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#&#8203;306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)]

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0):
1.51.0

### Components

#### Application Security Management (IAST)

- 🐛 Fix verify error when ctor params are used after a call site
([#&#8203;9083](DataDog/dd-trace-java#9083) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Limit the maximum size of the location path in IAST
vulnerabilities
([#&#8203;9028](DataDog/dd-trace-java#9028) -
[@&#8203;jandro996](https://github.com/jandro996))
- 🐛 Fix IAST gRPC handler with null superclass
([#&#8203;8984](DataDog/dd-trace-java#8984) -
[@&#8203;smola](https://github.com/smola))
- ✨ Optimize IAST Vulnerability Detection
([#&#8203;8885](DataDog/dd-trace-java#8885) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Application Security Management (WAF)

- ✨ Upgrade libddwaf-java to 15.0.0
([#&#8203;9022](DataDog/dd-trace-java#9022) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Extract RestEasy json body response schemas
([#&#8203;9015](DataDog/dd-trace-java#9015) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Enable API Security by default and make it lazy loading
([#&#8203;9009](DataDog/dd-trace-java#9009) -
[@&#8203;smola](https://github.com/smola))
- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Fix Jackson nodes introspection for request/response schema
extraction
([#&#8203;8980](DataDog/dd-trace-java#8980) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Default obfuscation regexp update
([#&#8203;8937](DataDog/dd-trace-java#8937) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Build & Tooling

- ✨ Cancel GitLab running pipeline on new PR push
([#&#8203;9023](DataDog/dd-trace-java#9023) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))
- ✨ Migrate publishing to Maven Central Portal
([#&#8203;8807](DataDog/dd-trace-java#8807) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Continuous Integration Visibility

- 🐛 Fix Test Optimization to work with JDK 24
([#&#8203;9114](DataDog/dd-trace-java#9114) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Add repo root as safe directory on git client creation
([#&#8203;9033](DataDog/dd-trace-java#9033) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Add PR number tag and improve PR information building
([#&#8203;8990](DataDog/dd-trace-java#8990) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Update impacted tests logic
([#&#8203;8923](DataDog/dd-trace-java#8923) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))

#### Data Streams Monitoring

- 🧹 Clean up DSM context injection
([#&#8203;8776](DataDog/dd-trace-java#8776) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Database Monitoring

- 🐛 Set trace\_injected in try block
([#&#8203;9025](DataDog/dd-trace-java#9025) -
[@&#8203;natashadada](https://github.com/natashadada))

#### Dynamic Instrumentation

- 🐛 Add source file tracking enable option
([#&#8203;9115](DataDog/dd-trace-java#9115) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Add java.util.Date support
([#&#8203;9111](DataDog/dd-trace-java#9111) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Update file probe format
([#&#8203;9047](DataDog/dd-trace-java#9047) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ add safe local var hoisting
([#&#8203;9034](DataDog/dd-trace-java#9034) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- 🧹 Add new config for debugger upload interval
([#&#8203;8959](DataDog/dd-trace-java#8959) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Enable Code Origin with Dynamic instrumentation
([#&#8203;8940](DataDog/dd-trace-java#8940) -
[@&#8203;jpbempel](https://github.com/jpbempel))

#### ML Observability (LLMObs)

- 💡 LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang),
[@&#8203;nayeem-kamal](https://github.com/nayeem-kamal))

#### Metrics

- 🐛 Ensure client stat reporter is started when the agent is not
available at bootstrap
([#&#8203;9082](DataDog/dd-trace-java#9082) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Create metric: appsec.waf.config\_errors
([#&#8203;8394](DataDog/dd-trace-java#8394) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Platform components

- ✨ Introduce environment component
([#&#8203;9071](DataDog/dd-trace-java#9071) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Profiling

- 🐛 Remove annoying warning for smap event parsing
([#&#8203;9119](DataDog/dd-trace-java#9119) -
[@&#8203;jbachorik](https://github.com/jbachorik))
- 🐛 Fix ByteCountingInputStream when reading past EOF
([#&#8203;8988](DataDog/dd-trace-java#8988) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Realtime User Monitoring

- ✨ Add RUM SDK injection for servlet based web servers
([#&#8203;9110](DataDog/dd-trace-java#9110) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)
[@&#8203;amarziali](https://github.com/amarziali))

#### Telemetry

- ✨ Update the config origin metric to match what it's mapping
([#&#8203;9045](DataDog/dd-trace-java#9045) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Testing

- ✨ Add testing for latest stable version (JDK 24)
([#&#8203;8875](DataDog/dd-trace-java#8875) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Trace context propagation

- 🐛 Fix bug with dropping baggage when
`TracePropagationBehaviorExtract=IGNORE`
([#&#8203;9037](DataDog/dd-trace-java#9037) -
[@&#8203;mhlidd](https://github.com/mhlidd))
- 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper
([#&#8203;9032](DataDog/dd-trace-java#9032) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer core

- 🐛 Fix `Error` handling for trace interceptors
([#&#8203;9097](DataDog/dd-trace-java#9097) -
[@&#8203;AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD))
- 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling
for Http Response headers
([#&#8203;9067](DataDog/dd-trace-java#9067) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer public API

- 💡 Add LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang))

### Instrumentations

#### Akka instrumentation

- 🐛 Fix NPE in akka-http and pekko-http integrations
([#&#8203;9019](DataDog/dd-trace-java#9019) -
[@&#8203;mcculls](https://github.com/mcculls))

#### Eclipse Vert.x instrumentation

- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Write http.route tag as soon as possible in vert.x
([#&#8203;8952](DataDog/dd-trace-java#8952) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### JAX-WS instrumentation

- 💡⚠️ Enable jax-ws integration by default
([#&#8203;9030](DataDog/dd-trace-java#9030) -
[@&#8203;bm1549](https://github.com/bm1549))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Mule instrumentation

- 🐛 Propagate grizzly http span in filters if nothing is active
([#&#8203;9016](DataDog/dd-trace-java#9016) -
[@&#8203;amarziali](https://github.com/amarziali))

#### Play Framework instrumentation

- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Ratpack instrumentation

- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Spring instrumentation

- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements
Projects
None yet
Milestone
1.51.0
Development

Successfully merging this pull request may close these issues.
3 participants
@sezen-datadog @smola @manuel-alvarez-alvarez