newrelic_rpm 9.10.2 → 9.12.0

data/lib/new_relic/agent/instrumentation/logstasher/chain.rb

@@ -0,0 +1,21 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher::Chain
+    def self.instrument!
+      ::LogStasher.singleton_class.class_eval do
+        include NewRelic::Agent::Instrumentation::LogStasher
+
+        alias_method(:build_logstash_event_without_new_relic, :build_logstash_event)
+
+        def build_logstash_event(*args)
+          build_logstash_event_with_new_relic(*args) do
+            build_logstash_event_without_new_relic(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher/instrumentation.rb

@@ -0,0 +1,24 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher
+    INSTRUMENTATION_NAME = NewRelic::Agent.base_name(name)
+
+    def self.enabled?
+      NewRelic::Agent.config[:'instrumentation.logstasher'] != 'disabled'
+    end
+
+    def build_logstash_event_with_new_relic(*args)
+      logstasher_event = yield
+      log = logstasher_event.instance_variable_get(:@data)
+
+      ::NewRelic::Agent.record_instrumentation_invocation(INSTRUMENTATION_NAME)
+      ::NewRelic::Agent.agent.log_event_aggregator.record_logstasher_event(log)
+      ::NewRelic::Agent::LocalLogDecorator.decorate(log)
+
+      logstasher_event
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher/prepend.rb

@@ -0,0 +1,13 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher::Prepend
+    include NewRelic::Agent::Instrumentation::LogStasher
+
+    def build_logstash_event(*args)
+      build_logstash_event_with_new_relic(*args) { super }
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher.rb

@@ -0,0 +1,27 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require_relative 'logstasher/instrumentation'
+require_relative 'logstasher/chain'
+require_relative 'logstasher/prepend'
+
+DependencyDetection.defer do
+  named :logstasher
+
+  depends_on do
+    defined?(LogStasher) &&
+      Gem::Version.new(LogStasher::VERSION) >= Gem::Version.new('1.0.0') &&
+      NewRelic::Agent.config[:'application_logging.enabled']
+  end
+
+  executes do
+    NewRelic::Agent.logger.info('Installing LogStasher instrumentation')
+
+    if use_prepend?
+      prepend_instrument LogStasher.singleton_class, NewRelic::Agent::Instrumentation::LogStasher::Prepend
+    else
+      chain_instrument NewRelic::Agent::Instrumentation::LogStasher::Chain
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/rack/instrumentation.rb

@@ -13,6 +13,7 @@ module NewRelic
             attr_accessor :_nr_deferred_detection_ran
           end
           builder_class._nr_deferred_detection_ran = false
+          NewRelic::Control::SecurityInterface.instance.wait = true
         end
 
         def deferred_dependency_check
@@ -21,6 +22,8 @@ module NewRelic
           NewRelic::Agent.logger.info('Doing deferred dependency-detection before Rack startup')
           DependencyDetection.detect!
           self.class._nr_deferred_detection_ran = true
+          NewRelic::Control::SecurityInterface.instance.wait = false
+          NewRelic::Control::SecurityInterface.instance.init_agent
         end
 
         def check_for_late_instrumentation(app)

data/lib/new_relic/agent/instrumentation/rails_notifications/action_controller.rb

@@ -32,15 +32,19 @@ DependencyDetection.defer do
     NewRelic::Agent::Instrumentation::ActionControllerSubscriber \
       .subscribe(/^process_action.action_controller$/)
 
-    subs = %w[send_file
+    subs = %w[exist_fragment?
+      expire_fragment
+      halted_callback
+      read_fragment
+      redirect_to
       send_data
+      send_file
       send_stream
-      redirect_to
-      halted_callback
-      unpermitted_parameters]
+      write_fragment
+      unpermitted_parameters].map { |s| Regexp.escape(s) }
 
     # have to double escape period because its going from string -> regex
     NewRelic::Agent::Instrumentation::ActionControllerOtherSubscriber \
-      .subscribe(Regexp.new("^(#{subs.join('|')})\\.action_controller$"))
+      .subscribe(Regexp.new("^(?:#{subs.join('|')})\\.action_controller$"))
   end
 end

data/lib/new_relic/agent/instrumentation/redis/cluster_middleware.rb

@@ -0,0 +1,26 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module RedisClient
+    module ClusterMiddleware
+      include NewRelic::Agent::Instrumentation::Redis
+
+      # Until we decide to move our Redis instrumentation entirely off patches
+      # keep the middleware instrumentation for the call and connect methods
+      # limited to the redis-clustering instrumentation.
+      #
+      # Redis's middleware option does not capture errors as high in the stack
+      # as our patches. Leaving the patches for call and connect on the main
+      # Redis gem limits the feature disparity our customers experience.
+      def call(*args, &block)
+        call_with_tracing(args[0]) { super }
+      end
+
+      def connect(*args, &block)
+        connect_with_tracing { super }
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/redis/instrumentation.rb

@@ -9,14 +9,14 @@ module NewRelic::Agent::Instrumentation
     INSTRUMENTATION_NAME = NewRelic::Agent.base_name(name)
 
     def connect_with_tracing
-      with_tracing(Constants::CONNECT, database: db) { yield }
+      with_tracing(Constants::CONNECT, database: _nr_db) { yield }
     end
 
     def call_with_tracing(command, &block)
       operation = command[0]
       statement = ::NewRelic::Agent::Datastores::Redis.format_command(command)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     # Used for Redis 4.x and 3.x
@@ -24,22 +24,15 @@ module NewRelic::Agent::Instrumentation
       operation = pipeline.is_a?(::Redis::Pipeline::Multi) ? Constants::MULTI_OPERATION : Constants::PIPELINE_OPERATION
       statement = ::NewRelic::Agent::Datastores::Redis.format_pipeline_commands(pipeline.commands)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     # Used for Redis 5.x+
     def call_pipelined_with_tracing(pipeline)
-      db = begin
-        _nr_redis_client_config.db
-      rescue StandardError => e
-        NewRelic::Agent.logger.error("Failed to determine configured Redis db value: #{e.class} - #{e.message}")
-        nil
-      end
-
       operation = pipeline.flatten.include?('MULTI') ? Constants::MULTI_OPERATION : Constants::PIPELINE_OPERATION
       statement = ::NewRelic::Agent::Datastores::Redis.format_pipeline_commands(pipeline)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     private
@@ -94,5 +87,15 @@ module NewRelic::Agent::Instrumentation
         config
       end
     end
+
+    def _nr_db
+      # db is a method on the Redis client in versions < 5.x
+      return db if respond_to?(:db)
+      # db is accessible through the RedisClient::Config object in versions > 5.x
+      return _nr_redis_client_config.db if _nr_redis_client_config.respond_to?(:db)
+    rescue StandardError => e
+      NewRelic::Agent.logger.debug("Failed to determine configured Redis db value: #{e.class} - #{e.message}")
+      nil
+    end
   end
 end

data/lib/new_relic/agent/instrumentation/redis/middleware.rb

@@ -6,6 +6,9 @@ module NewRelic::Agent::Instrumentation
   module RedisClient
     module Middleware
       # This module is used to instrument Redis 5.x+
+      #
+      # It only instruments call_pipelined because connect and call are accessed
+      # too late in the stack to capture all errors
       include NewRelic::Agent::Instrumentation::Redis
 
       def call_pipelined(*args, &block)

data/lib/new_relic/agent/instrumentation/redis.rb

@@ -10,6 +10,7 @@ require_relative 'redis/chain'
 require_relative 'redis/constants'
 require_relative 'redis/prepend'
 require_relative 'redis/middleware'
+require_relative 'redis/cluster_middleware'
 
 DependencyDetection.defer do
   # Why not :redis? newrelic-redis used that name, so avoid conflicting
@@ -33,6 +34,10 @@ DependencyDetection.defer do
     NewRelic::Agent.logger.info('Installing Redis Instrumentation')
     if NewRelic::Agent::Instrumentation::Redis::Constants::HAS_REDIS_CLIENT
       RedisClient.register(NewRelic::Agent::Instrumentation::RedisClient::Middleware)
+
+      if defined?(Redis::Cluster::Client)
+        return RedisClient.register(NewRelic::Agent::Instrumentation::RedisClient::ClusterMiddleware)
+      end
     end
 
     if use_prepend?

data/lib/new_relic/agent/instrumentation/stripe_subscriber.rb

@@ -10,6 +10,7 @@ module NewRelic
         EVENT_ATTRIBUTES = %i[http_status method num_retries path request_id].freeze
         ATTRIBUTE_NAMESPACE = 'stripe.user_data'
         ATTRIBUTE_FILTER_TYPES = %i[include exclude].freeze
+        PATH_PORTION_PATTERN = %r{^/([^/]+/[^/]+)(?:/|\z)}.freeze
 
         def start_segment(event)
           return unless is_execution_traced?
@@ -39,7 +40,27 @@ module NewRelic
         end
 
         def metric_name(event)
-          "Stripe#{event.path}/#{event.method}"
+          # Grab only the first 2 items from the slash (/) delimited event path.
+          # These items are the API version string and the category. Grabbing
+          # any more of the path will result in unique method names that will
+          # easily grow to be too numerous to sort through in the UI and
+          # possibly even violate default New Relic metric count thresholds.
+          # See newrelic/newrelic-ruby-agent#2654 and
+          # newrelic/newrelic-ruby-agent#2709 for more details.
+          #
+          # In Ruby v3.4 benchmarks, using regex to get at the first two path
+          # elements was seen as more performant than using String#split.
+          #
+          # Regex legend:
+          #
+          # ^ = starts with
+          # / = a literal '/'
+          # () = capture
+          # (?:) = don't capture
+          # [^/]+ = 1 or more characters that are not '/'
+          # /|\z = a literal '/' OR the end of the string
+          path_portion = event.path =~ PATH_PORTION_PATTERN ? Regexp.last_match(1) : NewRelic::UNKNOWN
+          "Stripe/#{path_portion}/#{event.method}"
         end
 
         def add_stripe_attributes(segment, event)

data/lib/new_relic/agent/local_log_decorator.rb

@@ -12,6 +12,12 @@ module NewRelic
         return message unless decorating_enabled?
 
         metadata = NewRelic::Agent.linking_metadata
+
+        if message.is_a?(Hash)
+          message.merge!(metadata) unless message.frozen?
+          return
+        end
+
         formatted_metadata = " NR-LINKING|#{metadata[ENTITY_GUID_KEY]}|#{metadata[HOSTNAME_KEY]}|" \
                              "#{metadata[TRACE_ID_KEY]}|#{metadata[SPAN_ID_KEY]}|" \
                              "#{escape_entity_name(metadata[ENTITY_NAME_KEY])}|"
@@ -23,7 +29,8 @@ module NewRelic
 
       def decorating_enabled?
         NewRelic::Agent.config[:'application_logging.enabled'] &&
-          NewRelic::Agent::Instrumentation::Logger.enabled? &&
+          (NewRelic::Agent::Instrumentation::Logger.enabled? ||
+            NewRelic::Agent::Instrumentation::LogStasher.enabled?) &&
           NewRelic::Agent.config[:'application_logging.local_decorating.enabled']
       end
 

data/lib/new_relic/agent/log_event_aggregator.rb

@@ -20,7 +20,8 @@ module NewRelic
       DROPPED_METRIC = 'Logging/Forwarding/Dropped'.freeze
       SEEN_METRIC = 'Supportability/Logging/Forwarding/Seen'.freeze
       SENT_METRIC = 'Supportability/Logging/Forwarding/Sent'.freeze
-      OVERALL_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/Logger/%s'.freeze
+      LOGGER_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/Logger/%s'.freeze
+      LOGSTASHER_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/LogStasher/%s'.freeze
       METRICS_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Metrics/Ruby/%s'.freeze
       FORWARDING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Forwarding/Ruby/%s'.freeze
       DECORATING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/LocalDecorating/Ruby/%s'.freeze
@@ -58,38 +59,71 @@ module NewRelic
       end
 
       def record(formatted_message, severity)
-        return unless enabled?
+        return unless logger_enabled?
 
         severity = 'UNKNOWN' if severity.nil? || severity.empty?
+        increment_event_counters(severity)
+
+        return if formatted_message.nil? || formatted_message.empty?
+        return unless monitoring_conditions_met?(severity)
+
+        txn = NewRelic::Agent::Transaction.tl_current
+        priority = LogPriority.priority_for(txn)
 
-        if NewRelic::Agent.config[METRICS_ENABLED_KEY]
-          @counter_lock.synchronize do
-            @seen += 1
-            @seen_by_severity[severity] += 1
+        return txn.add_log_event(create_event(priority, formatted_message, severity)) if txn
+
+        @lock.synchronize do
+          @buffer.append(priority: priority) do
+            create_event(priority, formatted_message, severity)
           end
         end
+      rescue
+        nil
+      end
 
-        return if severity_too_low?(severity)
-        return if formatted_message.nil? || formatted_message.empty?
-        return unless NewRelic::Agent.config[FORWARDING_ENABLED_KEY]
-        return if @high_security
+      def record_logstasher_event(log)
+        return unless logstasher_enabled?
+
+        # LogStasher logs do not inherently include a message key, so most logs are recorded.
+        # But when the key exists, we should not record the log if the message value is nil or empty.
+        return if log.key?('message') && (log['message'].nil? || log['message'].empty?)
+
+        severity = determine_severity(log)
+        increment_event_counters(severity)
+
+        return unless monitoring_conditions_met?(severity)
 
         txn = NewRelic::Agent::Transaction.tl_current
         priority = LogPriority.priority_for(txn)
 
-        if txn
-          return txn.add_log_event(create_event(priority, formatted_message, severity))
-        else
-          return @lock.synchronize do
-            @buffer.append(priority: priority) do
-              create_event(priority, formatted_message, severity)
-            end
+        return txn.add_log_event(create_logstasher_event(priority, severity, log)) if txn
+
+        @lock.synchronize do
+          @buffer.append(priority: priority) do
+            create_logstasher_event(priority, severity, log)
           end
         end
       rescue
         nil
       end
 
+      def monitoring_conditions_met?(severity)
+        !severity_too_low?(severity) && NewRelic::Agent.config[FORWARDING_ENABLED_KEY] && !@high_security
+      end
+
+      def determine_severity(log)
+        log['level'] ? log['level'].to_s.upcase : 'UNKNOWN'
+      end
+
+      def increment_event_counters(severity)
+        return unless NewRelic::Agent.config[METRICS_ENABLED_KEY]
+
+        @counter_lock.synchronize do
+          @seen += 1
+          @seen_by_severity[severity] += 1
+        end
+      end
+
       def record_batch(txn, logs)
         # Ensure we have the same shared priority
         priority = LogPriority.priority_for(txn)
@@ -104,15 +138,17 @@ module NewRelic
         end
       end
 
-      def create_event(priority, formatted_message, severity)
-        formatted_message = truncate_message(formatted_message)
-
-        event = LinkingMetadata.append_trace_linking_metadata({
+      def add_event_metadata(formatted_message, severity)
+        metadata = {
           LEVEL_KEY => severity,
-          MESSAGE_KEY => formatted_message,
           TIMESTAMP_KEY => Process.clock_gettime(Process::CLOCK_REALTIME) * 1000
-        })
+        }
+        metadata[MESSAGE_KEY] = formatted_message unless formatted_message.nil?
+
+        LinkingMetadata.append_trace_linking_metadata(metadata)
+      end
 
+      def create_prioritized_event(priority, event)
         [
           {
             PrioritySampledBuffer::PRIORITY_KEY => priority
@@ -121,6 +157,31 @@ module NewRelic
         ]
       end
 
+      def create_event(priority, formatted_message, severity)
+        formatted_message = truncate_message(formatted_message)
+        event = add_event_metadata(formatted_message, severity)
+
+        create_prioritized_event(priority, event)
+      end
+
+      def create_logstasher_event(priority, severity, log)
+        formatted_message = log['message'] ? truncate_message(log['message']) : nil
+        event = add_event_metadata(formatted_message, severity)
+        add_logstasher_event_attributes(event, log)
+
+        create_prioritized_event(priority, event)
+      end
+
+      def add_logstasher_event_attributes(event, log)
+        log_copy = log.dup
+        # Delete previously reported attributes
+        log_copy.delete('message')
+        log_copy.delete('level')
+        log_copy.delete('@timestamp')
+
+        event['attributes'] = log_copy
+      end
+
       def add_custom_attributes(custom_attributes)
         attributes.add_custom_attributes(custom_attributes)
       end
@@ -166,10 +227,14 @@ module NewRelic
         super
       end
 
-      def enabled?
+      def logger_enabled?
         @enabled && @instrumentation_logger_enabled
       end
 
+      def logstasher_enabled?
+        @enabled && NewRelic::Agent::Instrumentation::LogStasher.enabled?
+      end
+
       private
 
       # We record once-per-connect metrics for enabled/disabled state at the
@@ -177,8 +242,8 @@ module NewRelic
       def register_for_done_configuring(events)
         events.subscribe(:server_source_configuration_added) do
           @high_security = NewRelic::Agent.config[:high_security]
-
-          record_configuration_metric(OVERALL_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
+          record_configuration_metric(LOGGER_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
+          record_configuration_metric(LOGSTASHER_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
           record_configuration_metric(METRICS_SUPPORTABILITY_FORMAT, METRICS_ENABLED_KEY)
           record_configuration_metric(FORWARDING_SUPPORTABILITY_FORMAT, FORWARDING_ENABLED_KEY)
           record_configuration_metric(DECORATING_SUPPORTABILITY_FORMAT, DECORATING_ENABLED_KEY)

data/lib/new_relic/control/instance_methods.rb

@@ -73,6 +73,7 @@ module NewRelic
         init_config(options)
         NewRelic::Agent.agent = NewRelic::Agent::Agent.instance
         init_instrumentation
+        init_security_agent
       end
 
       def determine_env(options)

data/lib/new_relic/control/private_instance_methods.rb

@@ -43,6 +43,10 @@ module NewRelic
           DependencyDetection.detect!
         end
       end
+
+      def init_security_agent
+        SecurityInterface.instance.init_agent
+      end
     end
   end
 end

data/lib/new_relic/control/security_interface.rb

@@ -0,0 +1,57 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'singleton'
+
+module NewRelic
+  class Control
+    class SecurityInterface
+      include Singleton
+
+      attr_accessor :wait
+
+      SUPPORTABILITY_PREFIX_SECURITY = 'Supportability/Ruby/SecurityAgent/Enabled/'
+      SUPPORTABILITY_PREFIX_SECURITY_AGENT = 'Supportability/Ruby/SecurityAgent/Agent/Enabled/'
+      ENABLED = 'enabled'
+      DISABLED = 'disabled'
+
+      def agent_started?
+        (@agent_started ||= false) == true
+      end
+
+      def waiting?
+        (@wait ||= false) == true
+      end
+
+      def init_agent
+        return if agent_started? || waiting?
+
+        record_supportability_metrics
+
+        if Agent.config[:'security.agent.enabled'] && !Agent.config[:high_security]
+          Agent.logger.info('Invoking New Relic security module')
+          require 'newrelic_security'
+
+          @agent_started = true
+        else
+          Agent.logger.info('New Relic Security is completely disabled by one of the user-provided configurations: `security.agent.enabled` or `high_security`. Not loading security capabilities.')
+          Agent.logger.info("high_security = #{Agent.config[:high_security]}")
+          Agent.logger.info("security.agent.enabled = #{Agent.config[:'security.agent.enabled']}")
+        end
+      rescue LoadError
+        Agent.logger.info('New Relic security agent not found - skipping')
+      rescue StandardError => exception
+        Agent.logger.error("Exception in New Relic security module loading: #{exception} #{exception.backtrace}")
+      end
+
+      def record_supportability_metrics
+        Agent.config[:'security.agent.enabled'] ? security_agent_metric(ENABLED) : security_agent_metric(DISABLED)
+      end
+
+      def security_agent_metric(setting)
+        NewRelic::Agent.record_metric_once(SUPPORTABILITY_PREFIX_SECURITY_AGENT + setting)
+      end
+    end
+  end
+end

data/lib/new_relic/control.rb

@@ -8,7 +8,6 @@ require 'new_relic/local_environment'
 require 'new_relic/language_support'
 require 'new_relic/helper'
 
-require 'singleton'
 require 'erb'
 require 'socket'
 require 'net/https'
@@ -18,6 +17,7 @@ require 'new_relic/control/server_methods'
 require 'new_relic/control/instrumentation'
 require 'new_relic/control/class_methods'
 require 'new_relic/control/instance_methods'
+require 'new_relic/control/security_interface'
 
 require 'new_relic/agent'
 require 'new_relic/delayed_job_injection'

data/lib/new_relic/rack/browser_monitoring.rb

@@ -20,15 +20,15 @@ module NewRelic
       # examine in order to look for a RUM insertion point.
       SCAN_LIMIT = 50_000
 
-      CONTENT_TYPE = 'Content-Type'.freeze
-      CONTENT_DISPOSITION = 'Content-Disposition'.freeze
-      CONTENT_LENGTH = 'Content-Length'.freeze
+      CONTENT_TYPE = 'Content-Type'
+      CONTENT_DISPOSITION = 'Content-Disposition'
+      CONTENT_LENGTH = 'Content-Length'
       ATTACHMENT = /attachment/.freeze
       TEXT_HTML = %r{text/html}.freeze
 
-      BODY_START = '<body'.freeze
-      HEAD_START = '<head'.freeze
-      GT = '>'.freeze
+      BODY_START = '<body'
+      HEAD_START = '<head'
+      GT = '>'
 
       ALREADY_INSTRUMENTED_KEY = 'newrelic.browser_monitoring_already_instrumented'
       CHARSET_RE = /<\s*meta[^>]+charset\s*=[^>]*>/im.freeze
@@ -120,7 +120,11 @@ module NewRelic
       end
 
       def streaming?(env, headers)
-        # Chunked transfer encoding is a streaming data transfer mechanism available only in HTTP/1.1
+        # Up until version 8.0, Rails would set 'Transfer-Encoding' to 'chunked'
+        # to trigger the desired HTTP/1.1 based streaming functionality in Rack.
+        # With version v8.0+, Rails assumes that the web server will be using
+        # Rack v3+ or an equally modern alternative and simply leaves the
+        # streaming behavior up to them.
         return true if headers && headers['Transfer-Encoding'] == 'chunked'
 
         defined?(ActionController::Live) &&

data/lib/new_relic/version.rb

@@ -6,8 +6,8 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 10
-    TINY = 2
+    MINOR = 12
+    TINY = 0
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"
   end

data/lib/tasks/config.rake

@@ -23,13 +23,16 @@ namespace :newrelic do
       'browser_monitoring' => "The <InlinePopover type='browser' /> [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
       'application_logging' => "The Ruby agent supports [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). For some tips on configuring logs for the Ruby agent, see [Configure Ruby logs in context](/docs/logs/logs-context/configure-logs-context-ruby).\n\nAvailable logging-related config options include:",
       'analytics_events' => '[New Relic dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-new-relic-one-dashboards) is a resource to gather and visualize data about your software and what it says about your business. With it you can quickly and easily create real-time dashboards to get immediate answers about end-user experiences, clickstreams, mobile activities, and server transactions.',
-      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>"
+      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>",
+      'security_agent' => "[New Relic Interactive Application Security Testing](https://docs.newrelic.com/docs/iast/introduction/) (IAST) tests your applications for any exploitable vulnerability by replaying the generated HTTP request with vulnerable payloads.\n\n<Callout variant='important'>Run IAST with non-production deployments only to avoid exposing vulnerabilities on your production software. \
+        IAST mode requires Ruby agent version 9.12.0 or higher and the [newrelic_security](https://rubygems.org/gems/newrelic_security) gem. Security agent configurations are disabled by default.</Callout>"
     }
 
     NAME_OVERRIDES = {
       'slow_sql' => 'Slow SQL [#slow-sql]',
       'custom_insights_events' => 'Custom Events [#custom-events]',
-      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]'
+      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]',
+      'security_agent' => 'Security Agent [#security-agent]'
     }
 
     desc 'Describe available New Relic configuration settings'