23.5.1

Bug Fixes:

• Sample only transaction events instead of sampling both transactions and errors. (#2130)
• Fix tagging of incoming errors with sampled that was not done due to lack of sampling state. (#2148)
• Remove profiling feature flag. (#2146)

Internal:

• Mark all URL transactions as sanitized when txNameReady flag is set. (#2128, #2139)
• Tag incoming errors with the new sampled field in case their DSC is sampled. (#2026)
• Enable PII scrubbing for urls field (#2143)

23.5.0

Bug Fixes:

• Enforce rate limits for monitor check-ins. (#2065)
• Allow rate limits greater than u32::MAX. (#2079)
• Do not drop envelope when client closes connection. (#2089)

Features:

• Scrub sensitive keys (passwd, token, ...) in Replay recording data. (#2034)
• Add support for old 'violated-directive' CSP format. (#2048)
• Add document_uri to csp filter. (#2059)
• Store geo.subdivision of the end user location. (#2058)
• Scrub URLs in span descriptions. (#2095)

Internal:

• Remove transaction metrics allowlist. (#2092)
• Include unknown feature flags in project config when serializing it. (#2040)
• Copy transaction tags to the profile. (#1982)
• Lower default max compressed replay recording segment size to 10 MiB. (#2031)
• Increase chunking limit to 15MB for replay recordings. (#2032)
• Add a data category for indexed profiles. (#2051, #2071)
• Differentiate between Profile and ProfileIndexed outcomes. (#2054)
• Split dynamic sampling implementation before refactoring. (#2047)
• Refactor dynamic sampling implementation across relay-server and relay-sampling. (#2066)
• Adds support for replay_id field for the DynamicSamplingContext's FieldValueProvider. (#2070)
• On Linux, switch to jemalloc instead of the system memory allocator to reduce Relay's memory footprint. (#2084)
• Scrub sensitive cookies __session. (#2105))
• Parse profiles' metadata to check if it should be marked as invalid. (#2104)
• Set release as optional by defaulting to an empty string and add a dist field for profiles. (#2098, #2107)
• Accept source map debug images in debug meta for Profiling. (#2097)

23.4.0

Breaking Changes:

This release contains major changes to the web layer, including TCP and HTTP handling as well as all web endpoint handlers. Due to these changes, some functionality was retired and Relay responds differently in specific cases.

Configuration:

• SSL support has been dropped. As per official guidelines, Relay should be operated behind a reverse proxy, which can perform SSL termination.
• Connection config options max_connections, max_pending_connections, and max_connection_rate no longer have an effect. Instead, configure the reverse proxy to handle connection concurrency as needed.

Endpoints:

• The security endpoint no longer forwards to upstream if the mime type doesn't match supported mime types. Instead, the request is rejected with a corresponding error.
• Passing store payloads as ?sentry_data=<base64> query parameter is restricted to GET requests on the store endpoint. Other endpoints require the payload to be passed in the request body.
• Requests with an invalid content-encoding header will now be rejected. Exceptions to this are an empty string and UTF-8, which have been sent historically by some SDKs and are now treated as identity (no encoding). Previously, all unknown encodings were treated as identity.
• Temporarily, response bodies for some errors are rendered as plain text instead of JSON. This will be addressed in an upcoming release.

Metrics:

• The route tag of request metrics uses the route pattern instead of schematic names. There is an exact replacement for every previous route. For example, "store-default" is now tagged as "/api/:project_id/store/".
• Statsd metrics event.size_bytes.raw and event.size_bytes.uncompressed have been removed.

Features:

• Allow monitor checkins to paass monitor_config for monitor upserts. (#1962)
• Add replay_id onto event from dynamic sampling context. (#1983)
• Add product-name for devices, derived from the android model. (#2004)
• Changes how device class is determined for iPhone devices. Instead of checking processor frequency, the device model is mapped to a device class. (#1970)
• Don't sanitize transactions if no clustering rules exist and no UUIDs were scrubbed. (#1976)
• Add thread.lock_mechanism field to protocol. (#1979)
• Add origin to trace context and span. (#1984)
• Add jvm debug file type. (#2002)
• Add new mechanism fields to protocol to support exception groups. (#2020)
• Change lock_reason attribute to a held_locks dictionary in the thread interface. (#2018)

Internal:

• Add BufferService with SQLite backend. (#1920)
• Upgrade the web framework and related dependencies. (#1938)
• Apply transaction clustering rules before UUID scrubbing rules. (#1964)
• Use exposed device-class-synthesis feature flag to gate device.class synthesis in light normalization. (#1974)
• Adds iPad support for device.class synthesis in light normalization. (#2008)
• Pin schemars dependency to un-break schema docs generation. (#2014)
• Remove global service registry. (#2022)
• Apply schema validation to all topics in local development. (#2013)

Monitors:

• Monitor check-ins may now specify an environment (#2027)

23.3.1

Features:

• Indicate if OS-version may be frozen with '>=' prefix. (#1945)
• Normalize monitor slug parameters into slugs. (#1913)
• Smart trim loggers for Java platforms. (#1941)
• PII scrub span.data by default. (#1953)

23.3.0

Features:

• Extract attachments from transaction events and send them to kafka individually. (#1844)
• Protocol validation for source map image type. (#1869)
• Strip quotes from client hint values. (#1874)
• Add Dotnet, Javascript and PHP support for profiling. (#1871, #1876, #1885)
• Initial support for the Crons beta. (#1886)
• Scrub span.data.http.query with default scrubbers. (#1889)
• Synthesize new class attribute in device context using specs found on the device, such as processor_count, memory_size, etc. (#1895)
• Add thread.state field to protocol. (#1896)
• Move device.class from contexts to tags. (#1911)
• Optionally mark scrubbed URL transactions as sanitized. (#1917)
• Perform PII scrubbing on meta's original_value field. (#1892)
• Add links to docs in YAML config file. (#1923)
• For security reports, add the request's origin header to sentry events. (#1934)

Bug Fixes:

• Enforce rate limits for session replays. (#1877)

Internal:

• Revert back the addition of metric names as tag on Sentry errors when relay drops metrics. (#1873)
• Tag the dynamic sampling decision on count_per_root_project to measure effective sample rates. (#1870)
• Deprecate fields on the profiling sample format. (#1878)
• Remove idle samples at the start and end of a profile and useless metadata. (#1894)
• Move the pending envelopes buffering into the project cache. (#1907)
• Remove platform validation for profiles. (#1933)

23.2.0

Features:

• Use client hint headers instead of User-Agent when available. (#1752, #1802, #1838)
• Apply all configured data scrubbing rules on Replays. (#1731)
• Add count transactions toward root project. (#1734)
• Add or remove the profile ID on the transaction's profiling context. (#1801)
• Implement a new sampling algorithm with factors and multi-matching. (#1790

Bug Fixes:

• Fix a bug where the replays ip-address normalization was not being applied when the user object was omitted. (#1805)
• Improve performance for replays, especially memory usage during data scrubbing. (#1800, #1825)
• When a transaction is rate limited, also remove associated profiles. (#1843)

Internal:

• Add metric name as tag on Sentry errors from relay dropping metrics. (#1797)
• Make sure to scrub all the fields with PII. If the fields contain an object, the entire object will be removed. (#1789)
• Keep meta for removed custom measurements. (#1815)
• Drop replay recording payloads if they cannot be parsed or scrubbed. (#1683)

23.1.1

Features:

• Add error and sample rate fields to the replay event parser. (#1745)
• Add instruction_addr_adjustment field to RawStacktrace. (#1716)
• Add SSL support to relay-redis crate. It is possible to use rediss scheme to connnect to Redis cluster using TLS. (#1772)

Internal:

• Fix type errors in replay recording parsing. (#1765)

23.1.0

Features:

• Add support for limits.keepalive_timeout configuration. (#1645)
• Add support for decaying functions in dynamic sampling rules. (#1692)
• Stop extracting duration metric for session payloads. (#1739)

Internal:

• Remove concurrent profiling. (#1697)
• Use the main Sentry SDK to submit crash reports instead of a custom curl-based backend. This removes a dependency on libcurl and ensures compliance with latest TLS standards for crash uploads. Note that this only affects Relay if the hidden _crash_db option is used. (#1707)
• Support transaction naming rules. (#1695)
• Add PII scrubbing to URLs captured by replay recordings (#1730)
• Add more measurement units for profiling. (#1732)
• Add backoff mechanism for fetching projects from the project cache. (#1726)

22.12.0

Features:

• The level of events created from Unreal Crash Reports now depends on whether it was an actual crash or an assert. (#1677)
• Dynamic sampling is now based on the volume received by Relay by default and does not include the original volume dropped by client-side sampling in SDKs. This is required for the final dynamic sampling feature in the latest Sentry plans. (#1591)
• Add OpenTelemetry Context. (#1617)
• Add app.in_foreground and thread.main flag to protocol. (#1578)
• Add support for View Hierarchy attachment_type. (#1642)
• Add invalid replay recording outcome. (#1684)
• Stop rejecting spans without a timestamp, instead giving them their respective event timestamp and setting their status to DeadlineExceeded. (#1690)
• Add max replay size configuration parameter. (#1694)
• Add abnormal_mechanism field to SessionUpdate protocol. (#1665)

Bug Fixes:

• Make attachment_type on envelope items forward compatible by adding fallback variant. (#1638)
• Relay no longer accepts transaction events older than 5 days. Previously the event was accepted and stored, but since metrics for such old transactions are not supported it did not show up in parts of Sentry such as the Performance landing page. (#1663)
• Apply dynamic sampling to transactions from older SDKs and even in case Relay cannot load project information. This avoids accidentally storing 100% of transactions. (#1667)
• Replay recording parser now uses the entire body rather than a subset. (#1682)
• Fix a potential OOM in the Replay recording parser. (#1691)

Internal:

• Emit a service.back_pressure metric that measures internal back pressure by service. (#1583)
• Track metrics for OpenTelemetry events. (#1618)
• Normalize transaction name for URLs transaction source, by replacing UUIDs, SHAs and numerical IDs in transaction names by placeholders. (#1621)
• Parse string as number to handle a release bug. (#1637)
• Expand Profiling's discard reasons. (#1661, #1685)
• Allow to rate limit profiles on top of transactions. (#1681)

22.11.0

Features:

• Add PII scrubber for replay recordings. (#1545)
• Support decaying rules. Decaying rules are regular sampling rules, but they are only applicable in a specific time range. (#1544)
• Disallow - in measurement and breakdown names. These items are converted to metrics, which do not allow - in their name. (#1571)

Bug Fixes:

• Validate the distribution name in the event. (#1556)
• Use correct meta object for logentry in light normalization. (#1577)

Internal:

• Implement response context schema. (#1529)
• Support dedicated quotas for storing transaction payloads ("indexed transactions") via the transaction_indexed data category if metrics extraction is enabled. (#1537, #1555)
• Report outcomes for dynamic sampling with the correct indexed transaction data category to restore correct totals. (#1561)
• Add fields to the Frame object for the sample format. (#1562)
• Move kafka related code into separate relay-kafka crate. (#1563)