newrelic_rpm 9.11.0 → 9.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc36449c6f2ea3322f353181809c05d3e84e28f85fb15544c82e088946384046
-  data.tar.gz: f8fa907597f05f47c5dbe9c38a005cb1d09f971183aa7075664e6ade029186fc
+  metadata.gz: 4322e3b796a1a4656be8f68f98c18f79a4f6f86f3dd36ba1186def73a993c6db
+  data.tar.gz: e87b88f88a979bc1ff4259643081308670dd860750d12e21cfb6cd45fa3b6004
 SHA512:
-  metadata.gz: 622cdf275eb70aa1f57e027f2e73559855c17c4351741c80ec0db8ae45b773f2d7aa2831ae562e228b24a71a0532ae93dced167be3ecfdd3561886224d212070
-  data.tar.gz: a68a148e494bfc0e5f9da3c369eb56f7170664e78ffd12cc178e77b7361da39edefbc967b5c71c2905b993b5d4075b2189abc3ec7692081d6b4dd422149902f3
+  metadata.gz: e53d1172e55be6cf3f66f12f3926361af7485361e1e8c2e097f725241148bbbc5cb59853ce6d255a7c34871f3530424466b621b5cab467383d9e654c0c8108d4
+  data.tar.gz: b61902a91a3909760b52797c74f7ef24e5b6f5c282ffd1bfb95451585b052004323fe6c3eb9843e208dcdfdd9382684d8f01a950051e8f7d082269d2ed7134e0

data/CHANGELOG.md

@@ -1,5 +1,117 @@
 # New Relic Ruby Agent Release Notes
 
+## v9.13.0
+
+Version 9.13.0 enhances support for AWS Lambda functions, adds experimental OpenSearch instrumentation, updates framework detection, silences a Bundler deprecation warning, fixes Falcon dispatcher detection, fixes a bug with Redis instrumentation installation, and addresses a JRuby-specific concurrency issue.
+
+- **Feature: Enhance AWS Lambda function instrumentation**
+
+When utilized via the latest [New Relic Ruby layer for AWS Lambda](https://layers.newrelic-external.com/), the agent now offers enhanced support for AWS Lambda function instrumentation. 
+* The agent's instrumentation for AWS Lambda functions now supports distributed tracing. 
+* Web-triggered invocations are now identified as being "web"-based when an API Gateway call is involved, with support for both API Gateway versions 1.0 and 2.0. 
+* Web-based calls have the HTTP method, URI, and status code recorded. 
+* The agent now recognizes and reports on 12 separate AWS resources that are capable of triggering a Lambda function invocation: ALB, API Gateway V1, API Gateway V2, CloudFront, CloudWatch Scheduler, DynamoStreams, Firehose, Kinesis, S3, SES, SNS, and SQS. 
+* The type of the triggering resource and its ARN will be recorded for each resource, and for many of them, extra resource-specific attributes will be recorded as well. For example, Lambda function invocations triggered by S3 bucket activity will now result in the S3 bucket name being recorded.
+[PR#2811](https://github.com/newrelic/newrelic-ruby-agent/pull/2811)
+
+- **Feature: Add experimental OpenSearch instrumentation**
+
+  The agent will now automatically instrument the `opensearch-ruby` gem. We're marking this instrumentation as experimental because more work is needed to fully test it. OpenSearch instrumentation provides telemetry similar to Elasticsearch. Thank you, [@Earlopain](https://github.com/Earlopain) for reporting the issue and [@praveen-ks](https://github.com/praveen-ks) for an initial draft of the instrumentation. [Issue#2228](https://github.com/newrelic/newrelic-ruby-agent/issues/2228) [PR#2796](https://github.com/newrelic/newrelic-ruby-agent/pull/2796)
+
+- **Feature: Improve framework detection accuracy for Grape and Padrino**
+
+  Previously, applications using the Grape framework would set `ruby` as their framework within the Environment Report. Now, Grape applications will be set to `grape`. Similarly, applications using the Padrino framework would be set to `sinatra`. Now, they will be set to `padrino`. This will help the New Relic security agent compatibility checks. Thank you, [@prateeksen](https://github.com/prateeksen) for making this change. [Issue#2777](https://github.com/newrelic/newrelic-ruby-agent/issues/2777) [PR#2789](https://github.com/newrelic/newrelic-ruby-agent/pull/2789)
+
+- **Feature: Silence Bundler `all_specs` deprecation warning**
+
+  `Bundler.rubygems.all_specs` was deprecated in favor of `Bundler.rubygems.installed_specs` in Bundler versions 2+, causing the agent to emit deprecation warnings. The method has been updated when Bundler 2+ is detected and warnings are now silenced. Thanks to [@jcoyne](https://github.com/jcoyne) for reporting this issue. [Issue#2733](https://github.com/newrelic/newrelic-ruby-agent/issues/2733) [PR#2823](https://github.com/newrelic/newrelic-ruby-agent/pull/2823)
+
+- **Bugfix: Fix Falcon dispatcher detection**
+
+  Previously, we tried to use the object space to determine whether the [Falcon web server](https://github.com/socketry/falcon) was in use. However, Falcon is not added to the object space until after the environment report is generated, resulting in a `nil` dispatcher. Now, we revert to an earlier strategy that discovered the dispatcher using `File.basename`. Thank you, [@prateeksen](https://github.com/prateeksen) for reporting this issue and researching the problem. [Issue#2778](https://github.com/newrelic/newrelic-ruby-agent/issues/2778) [PR#2795](https://github.com/newrelic/newrelic-ruby-agent/pull/2795)
+
+- **Bugfix: Fix for a Redis instrumentation error when Redis::Cluster::Client is present**
+
+  The Redis instrumentation previously contained a bug that would cause it to error out when `Redis::Cluster::Client` was present, owing to the use of a Ruby `return` outside of a method. Thanks very much to [@jdelStrother](https://github.com/jdelStrother) for not only reporting this bug but pointing us to the root cause as well. [Issue#2814](https://github.com/newrelic/newrelic-ruby-agent/issues/2814) [PR#2816](https://github.com/newrelic/newrelic-ruby-agent/pull/2816)
+
+- **Bugfix: Address JRuby concurrency issue with config hash accessing**
+
+  The agent's internal configuration class maintains a hash that occassionally gets rebuilt. During the rebuild, certain previously dynamically determined instrumentation values are preserved for the benefit of the [New Relic Ruby security agent](https://github.com/newrelic/csec-ruby-agent). After reports from JRuby customers regarding concurrency issues related to the hash being accessed while being modified, two separate fixes went into the hash rebuild logic previously: a `Hash#dup` operation and a `synchronize do` block. But errors were still reported. We ourselves remain unable to reproduce these concurrency errors despite using the same exact versions of JRuby and all reported software. After confirming that the hash access code in question is only needed for the Ruby security agent (which operates only in non-production dedicated security testing environments), we have introduced a new fix for JRuby customers that will simply skip over the troublesome code when JRuby is in play but the security agent is not. [PR#2798](https://github.com/newrelic/newrelic-ruby-agent/pull/2798)
+
+## v9.12.0
+
+Version 9.12.0 adds support for the `newrelic_security` agent, introduces instrumentation for the LogStasher gem, improves instrumentation for the `redis-clustering` gem, and updates the Elasticsearch instrumentation to only attempt to get the cluster name once per client, even if it fails.
+
+- **Feature: Add support for the newrelic_security agent**
+
+  [New Relic Interactive Application Security Testing (IAST)](https://docs.newrelic.com/docs/iast/introduction/) can help you prevent cyberattacks and breaches on your applications by probing your running code for exploitable vulnerabilities.
+
+  The `newrelic_security` gem provides this feature for Ruby. It depends on `newrelic_rpm`. This is the first version of `newrelic_rpm` compatible with `newrelic_security`.
+
+  At this time, the security agent is intended for use only within a dedicated security testing environment with data that can tolerate modification or deletion. The security agent is available as a separate Ruby gem, `newrelic_security`. It is recommended that this separate gem only be introduced to a security testing environment by leveraging Bundler grouping like so:
+
+  ```ruby
+    # Gemfile
+    gem 'newrelic_rpm'               # New Relic APM observability agent
+    gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+
+    group :security do
+      gem 'newrelic_security', require: false        # New Relic security agent
+    end
+  ```
+
+  In order to run the security agent, you need to update your configuration. At a minimum, `security.agent.enabled` and `security.enabled` must be set to `true`. They are `false` by default. Similar to the gem installation, we recommend you set these configurations for a special security testing environment only.
+
+  Here's an example using `newrelic.yml`:
+
+  ```yaml
+    common: &default_settings
+      license_key: <%= ENV['NEW_RELIC_LICENSE_KEY'] %>
+      app_name: "Example app"
+
+    development:
+      <<: *default_settings
+      app_name: <%= app_name %> (Development)
+
+    security:
+      <<: *default_settings
+      security.enabled: true
+      security.agent.enabled: true
+
+    production:
+      <<: *default_settings
+  ```
+
+  The following configuration relate to the `newrelic_security` gem:
+
+  | Configuration name | Default | Behavior |
+  | ------------------ | ------- |----------|
+  | security.agent.enabled | `false` | If `true`, the security agent is loaded (a Ruby 'require' is performed) |
+  | security.enabled | `false` |  If `true`, the security agent is started (the agent runs in its event loop) |
+  | security.mode | `'IAST'` | Defines the mode for the security agent to operate in. Currently only 'IAST' is supported |
+  | security.validator_service_url | `'wss://csec.nr-data.net'` | Defines the endpoint URL for posting security related data |
+  | security.detection.rci.enabled | `true` | If `true`, enables RCI (remote code injection) detection |
+  | security.detection.rxss.enabled | `true` | If `true`, enables RXSS (reflected cross-site scripting) detection |
+  | security.detection.deserialization.enabled | `true` |  If `true`, enables deserialization detection |
+  | security.application_info.port | `nil` | An Integer representing the port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default. |
+
+- **Feature: Add instrumentation for LogStasher**
+
+  The agent will now record logs generated by [LogStasher](https://github.com/shadabahmed/logstasher). Versions 1.0.0 and above of the LogStasher gem are supported. [PR#2559](https://github.com/newrelic/newrelic-ruby-agent/pull/2559)
+
+- **Feature: Add instrumentation for redis-clustering**
+
+  Version 5.x of the `redis` gem moved cluster behavior into a different gem, `redis-clustering`. This gem can access instrumentation registered through `RedisClient::Middleware`. Previously, the agent only instrumented the `call_pipelined` method through this approach, but now users of the `redis-clustering` gem will also have instrumentation registered for `connect` and `call` methods. In addition, the way the `database_name` attribute is set for Redis datastore spans is now compatible with all versions of Redis supported by the New Relic Ruby agent. Thank you, [@praveen-ks](https://github.com/praveen-ks) for bringing this to our attention. [Issue#2444](https://github.com/newrelic/newrelic-ruby-agent/issues/2444) [PR#2720](https://github.com/newrelic/newrelic-ruby-agent/pull/2720)
+
+- **Bugfix: Update Elasticsearch instrumentation to only attempt to get the cluster name once per client**
+
+  Previously, the agent would attempt to get the cluster name every time a call was made if it was not already captured. This could lead to a large number of failures if the cluster name could not be retrieved. Now, the agent will only attempt to get the cluster name once per client, even if it fails. Thank you, [@ascoppa](https://github.com/ascoppa) for bringing this to our attention. [Issue#2730](https://github.com/newrelic/newrelic-ruby-agent/issues/2730) [PR#2743](https://github.com/newrelic/newrelic-ruby-agent/pull/2743)
+
+- **Feature: Produce metrics for 4 additional Action Controller Rails notifications**
+
+  Four additional Action Controller related Rails notifications are now subscribed to by the agent to produce telemetry. These 4 are `exist_fragment?`, `expire_fragment`, `read_fragment`, and `write_fragment`. As with instrumentation for Action Controller itself, these notifications are enabled by default and can be disabled by setting `:disable_action_controller` to `true` in the agent's `newrelic.yml` configuration file. [PR#2745](https://github.com/newrelic/newrelic-ruby-agent/pull/2745)
+
+
 ## v9.11.0
 
 Version 9.11.0 introduces instrumentation for the aws-sdk-sqs gem, fixes a bug related to expected errors not bearing a "true" value for the "expected" attribute if expected as a result of an HTTP status code match and changes the way Stripe instrumentation metrics are named to prevent high-cardinality issues.

data/README.md

@@ -1,6 +1,6 @@
 <a href="https://opensource.newrelic.com/oss-category/#community-plus"><picture><source media="(prefers-color-scheme: dark)" srcset="https://github.com/newrelic/opensource-website/raw/main/src/images/categories/dark/Community_Plus.png"><source media="(prefers-color-scheme: light)" srcset="https://github.com/newrelic/opensource-website/raw/main/src/images/categories/Community_Plus.png"><img alt="New Relic Open Source community plus project banner." src="https://github.com/newrelic/opensource-website/raw/main/src/images/categories/Community_Plus.png"></picture></a>
 
-# New Relic Ruby Agent
+# New Relic Ruby agent
 
 The New Relic Ruby agent monitors your applications to help you
 [identify and solve performance issues](https://docs.newrelic.com/docs/agents/ruby-agent/getting-started/introduction-new-relic-ruby#monitor-performance).
@@ -15,7 +15,7 @@ This code is actively maintained by New Relic engineering teams and delivered he
 
 [![Gem Version](https://badge.fury.io/rb/newrelic_rpm.svg)](https://badge.fury.io/rb/newrelic_rpm)
 
-## Supported Environments
+## Supported environments
 
 An up-to-date list of Ruby versions and frameworks for the latest agent
 can be found on [our docs site](http://docs.newrelic.com/docs/ruby/supported-frameworks).
@@ -23,14 +23,11 @@ can be found on [our docs site](http://docs.newrelic.com/docs/ruby/supported-fra
 You can also monitor non-web applications. Refer to the "Other
 Environments" section below.
 
-We offer an AWS Lambda layer for instrumenting your serverless Ruby functions.
-Details can be found on our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
-
-## Installing and Using
+## Installing and using
 
 The latest released gem for the Ruby agent can be found at [RubyGems.org](https://rubygems.org/gems/newrelic_rpm)
 
-### Quick Start
+### Quick start
 
 #### With Bundler
 
@@ -56,7 +53,7 @@ and then require the New Relic Ruby agent in your Ruby start-up sequence:
 require 'newrelic_rpm'
 ```
 
-#### Other Environments
+#### Other environments
 
 Assuming you have installed the agent per above, you may also need to tell the Ruby agent to start for some frameworks and non-framework environments. To do so, add the following to your Ruby start-up sequence start the agent:
 
@@ -64,29 +61,29 @@ Assuming you have installed the agent per above, you may also need to tell the R
 NewRelic::Agent.manual_start
 ```
 
-### Complete Install Instructions
+### Complete install instructions
 
 For complete documentation on installing the New Relic Ruby agent, see the following links:
 
 * [Introduction](https://docs.newrelic.com/docs/agents/ruby-agent/getting-started/introduction-new-relic-ruby)
-* [Install the New Relic Ruby agent](https://docs.newrelic.com/docs/agents/ruby-agent/installation/install-new-relic-ruby-agent)
+* [Install the New Relic Ruby agent](https://docs.newrelic.com/docs/agents/ruby-agent/installation/install-new-relic-ruby-agent). See also these docs that cover specific install scenarios:
+  * [Rails plugin installation](https://docs.newrelic.com/docs/agents/ruby-agent/installation/ruby-agent-installation-rails-plugin)
+  * [AWS Lambda](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/instrument-your-own/)
+  * [GAE Flexible Environment](https://docs.newrelic.com/docs/agents/ruby-agent/installation/install-new-relic-ruby-agent-gae-flexible-environment)
+  * [Pure Rack apps](http://docs.newrelic.com/docs/ruby/rack-middlewares)
+  * [Ruby agent and Heroku](https://docs.newrelic.com/docs/agents/ruby-agent/installation/ruby-agent-heroku)
+  * [Background jobs](https://docs.newrelic.com/docs/agents/ruby-agent/background-jobs/monitor-ruby-background-processes)
 * [Configure the agent](https://docs.newrelic.com/docs/agents/ruby-agent/configuration/ruby-agent-configuration)
 * [Update the agent](https://docs.newrelic.com/docs/agents/ruby-agent/installation/update-ruby-agent)
-* [Rails plugin installation](https://docs.newrelic.com/docs/agents/ruby-agent/installation/ruby-agent-installation-rails-plugin)
-* [GAE Flexible Environment](https://docs.newrelic.com/docs/agents/ruby-agent/installation/install-new-relic-ruby-agent-gae-flexible-environment)
-* [Pure Rack Apps](http://docs.newrelic.com/docs/ruby/rack-middlewares)
-* [Ruby agent and Heroku](https://docs.newrelic.com/docs/agents/ruby-agent/installation/ruby-agent-heroku)
-* [Background Jobs](https://docs.newrelic.com/docs/agents/ruby-agent/background-jobs/monitor-ruby-background-processes)
 * [Uninstall the Ruby agent](https://docs.newrelic.com/docs/agents/ruby-agent/installation/uninstall-ruby-agent)
 
-### Recording Deploys
+### Recording deploys
 
 The Ruby agent supports recording deployments in New Relic via a command line
 tool or Capistrano recipes. For more information on these features, see
 [our deployment documentation](http://docs.newrelic.com/docs/ruby/recording-deployments-with-the-ruby-agent)
 for more information.
 
-
 ## Support
 
 Should you need assistance with New Relic products, you are in good hands with several support diagnostic tools and support channels.
@@ -97,11 +94,10 @@ New Relic offers NRDiag, [a client-side diagnostic utility](https://docs.newreli
 
 If the issue has been confirmed as a bug or is a Feature request, please file a GitHub issue.
 
-**Support Channels**
+**Support channels**
 
 * [New Relic Documentation](https://docs.newrelic.com/docs/agents/ruby-agent): Comprehensive guidance for using our platform
 * [New Relic Community](https://forum.newrelic.com): The best place to engage in troubleshooting questions
-* [New Relic Developer](https://developer.newrelic.com/): Resources for building a custom observability applications
 * [New Relic University](https://learn.newrelic.com/): A range of online training for New Relic users of every level
 * [New Relic Technical Support](https://support.newrelic.com/) 24/7/365 ticketed support. Read more about our [Technical Support Offerings](https://docs.newrelic.com/docs/licenses/license-information/general-usage-licenses/support-plan).
 
@@ -135,7 +131,7 @@ As of version 6.12 (released July 16, 2020), the New Relic Ruby agent is license
 
 The New Relic Ruby agent may use source code from third-party libraries. When used, these libraries will be outlined in [THIRD_PARTY_NOTICES.md](THIRD_PARTY_NOTICES.md).
 
-## Thank You
+## Thank you
 
 We always look forward to connecting with the community. We welcome [contributions](https://github.com/newrelic/newrelic-ruby-agent#contributing) to our source code and suggestions for improvements, and would love to hear about what you like and want to see in the future. 
 

data/lib/new_relic/agent/agent_logger.rb

@@ -4,6 +4,7 @@
 
 require 'thread'
 require 'logger'
+require 'singleton'
 require 'new_relic/agent/hostname'
 require 'new_relic/agent/log_once'
 require 'new_relic/agent/instrumentation/logger/instrumentation'

data/lib/new_relic/agent/configuration/default_source.rb

@@ -72,7 +72,7 @@ module NewRelic
           value_from_defaults(key, :transform)
         end
 
-        def self.config_search_paths # rubocop:disable Metrics/AbcSize
+        def self.config_search_paths
           proc {
             yaml = 'newrelic.yml'
             config_yaml = File.join('config', yaml)
@@ -130,8 +130,10 @@ module NewRelic
                 ::NewRelic::Agent.logger.warn("Detected untested Rails version #{Rails::VERSION::STRING}")
                 :rails_notifications
               end
+            when defined?(::Padrino) && defined?(::Padrino::PathRouter::Router) then :padrino
             when defined?(::Sinatra) && defined?(::Sinatra::Base) then :sinatra
             when defined?(::Roda) then :roda
+            when defined?(::Grape) then :grape
             when defined?(::NewRelic::IA) then :external
             else :ruby
             end
@@ -1112,7 +1114,7 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => true,
-          :description => "If `true`, the agent will report source code level metrics for traced methods.\nsee: " \
+          :description => "If `true`, the agent will report source code level metrics for traced methods.\nSee: " \
                           'https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/'
         },
         # Cross application tracer
@@ -1149,9 +1151,10 @@ module NewRelic
           :type => Integer,
           :allowed_from_server => true,
           :dynamic_name => true,
+          # Keep the extra two-space indent before the second bullet to appease translation tool
           :description => <<~DESC
-            * Specify a maximum number of custom events to buffer in memory at a time.'
-            * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
+            * Specify a maximum number of custom events to buffer in memory at a time.
+              * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
             set to max value `100000`. This ensures the agent captures the maximum amount of LLM events.
           DESC
         },
@@ -1444,6 +1447,7 @@ module NewRelic
         },
         :'instrumentation.async_http' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1452,12 +1456,22 @@ module NewRelic
         },
         :'instrumentation.bunny' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of bunny at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.opensearch' => {
+          :default => 'auto',
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the opensearch-ruby library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.aws_sqs' => {
           :default => 'auto',
           :public => true,
@@ -1468,6 +1482,7 @@ module NewRelic
         },
         :'instrumentation.dynamodb' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1476,6 +1491,7 @@ module NewRelic
         },
         :'instrumentation.fiber' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1484,6 +1500,7 @@ module NewRelic
         },
         :'instrumentation.concurrent_ruby' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1510,6 +1527,7 @@ module NewRelic
         },
         :'instrumentation.elasticsearch' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1518,6 +1536,7 @@ module NewRelic
         },
         :'instrumentation.ethon' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1535,6 +1554,7 @@ module NewRelic
         },
         :'instrumentation.grape' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1603,8 +1623,18 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of Ruby standard library Logger at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.logstasher' => {
+          :default => instrumentation_value_from_boolean(:'application_logging.enabled'),
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the LogStasher library at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.memcache' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1698,6 +1728,7 @@ module NewRelic
         },
         :'instrumentation.rake' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1706,6 +1737,7 @@ module NewRelic
         },
         :'instrumentation.redis' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1723,6 +1755,7 @@ module NewRelic
         },
         :'instrumentation.roda' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1731,6 +1764,7 @@ module NewRelic
         },
         :'instrumentation.sinatra' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1746,6 +1780,7 @@ module NewRelic
         },
         :'instrumentation.view_component' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1782,6 +1817,7 @@ module NewRelic
         },
         :'instrumentation.thread' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1804,6 +1840,7 @@ module NewRelic
         },
         :'instrumentation.tilt' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1842,6 +1879,21 @@ module NewRelic
           :allowed_from_server => true,
           :description => 'If `true`, the agent obfuscates Mongo queries in transaction traces.'
         },
+        # OpenSearch
+        :'opensearch.capture_queries' => {
+          :default => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => true,
+          :description => 'If `true`, the agent captures OpenSearch queries in transaction traces.'
+        },
+        :'opensearch.obfuscate_queries' => {
+          :default => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => true,
+          :description => 'If `true`, the agent obfuscates OpenSearch queries in transaction traces.'
+        },
         # Process host
         :'process_host.display_name' => {
           :default => proc { NewRelic::Agent::Hostname.get },
@@ -1997,9 +2049,10 @@ module NewRelic
           :public => true,
           :type => Integer,
           :allowed_from_server => true,
+          # Keep the extra two-space indent before the second bullet to appease translation tool
           :description => <<~DESC
             * Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
-            * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
+              * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
             This ensures the agent captures the maximum amount of distributed traces.
           DESC
         },
@@ -2514,6 +2567,84 @@ module NewRelic
           :type => Integer,
           :allowed_from_server => false,
           :description => 'This value represents the total amount of memory available to the host (not the process), in mebibytes (1024 squared or 1,048,576 bytes).'
+        },
+        # security agent
+        :'security.agent.enabled' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => "If `true`, the security agent is loaded (a Ruby 'require' is performed)"
+        },
+        :'security.enabled' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, the security agent is started (the agent runs in its event loop)'
+        },
+        :'security.mode' => {
+          :default => 'IAST',
+          :external => true,
+          :public => true,
+          :type => String,
+          :allowed_from_server => true,
+          :allowlist => %w[IAST RASP],
+          :description => 'Defines the mode for the security agent to operate in. Currently only `IAST` is supported',
+          :dynamic_name => true
+        },
+        :'security.validator_service_url' => {
+          :default => 'wss://csec.nr-data.net',
+          :external => true,
+          :public => true,
+          :type => String,
+          :allowed_from_server => true,
+          :description => 'Defines the endpoint URL for posting security-related data',
+          :dynamic_name => true
+        },
+        :'security.detection.rci.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables RCI (remote code injection) detection'
+        },
+        :'security.detection.rxss.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables RXSS (reflected cross-site scripting) detection'
+        },
+        :'security.detection.deserialization.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables deserialization detection'
+        },
+        :'security.application_info.port' => {
+          :default => nil,
+          :allow_nil => true,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => false,
+          :description => 'The port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default.'
+        },
+        :'security.request.body_limit' => {
+          :default => 300,
+          :allow_nil => true,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => false,
+          :description => 'Defines the request body limit to process in security events (in KB). The default value is 300, for 300KB.'
         }
       }.freeze
       # rubocop:enable Metrics/CollectionLiteralLength

data/lib/new_relic/agent/configuration/manager.rb

@@ -382,6 +382,14 @@ module NewRelic
         def reset_cache
           return new_cache unless defined?(@cache) && @cache
 
+          # Modifying the @cache hash under JRuby - even with a `synchronize do`
+          # block and a `Hash#dup` operation - has been known to cause issues
+          # with JRuby for concurrent access of the hash while it is being
+          # modified. The hash really only needs to be modified for the benefit
+          # of the security agent, so if JRuby is in play and the security agent
+          # is not, don't attempt to modify the hash at all and return early.
+          return @cache if NewRelic::LanguageSupport.jruby? && !Agent.config[:'security.agent.enabled']
+
           @lock.synchronize do
             preserved = @cache.dup.select { |_k, v| DEPENDENCY_DETECTION_VALUES.include?(v) }
             new_cache

data/lib/new_relic/agent/database/obfuscator.rb

@@ -2,6 +2,7 @@
 # See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
 # frozen_string_literal: true
 
+require 'singleton'
 require 'new_relic/agent/database/obfuscation_helpers'
 
 module NewRelic

data/lib/new_relic/agent/instrumentation/active_merchant.rb

@@ -35,17 +35,4 @@ DependencyDetection.defer do
       end
     end
   end
-
-  executes do
-    next unless Gem::Version.new(ActiveMerchant::VERSION) < Gem::Version.new('1.65.0')
-
-    deprecation_msg = 'The Ruby agent is dropping support for ActiveMerchant versions below 1.65.0 ' \
-      'in version 9.0.0. Please upgrade your ActiveMerchant version to continue receiving full support. ' \
-
-    NewRelic::Agent.logger.log_once(
-      :warn,
-      :deprecated_active_merchant_version,
-      deprecation_msg
-    )
-  end
 end

data/lib/new_relic/agent/instrumentation/bunny/instrumentation.rb

@@ -48,6 +48,12 @@ module NewRelic
                 correlation_id: opts[:correlation_id],
                 exchange_type: type
               )
+              if segment
+                segment.add_agent_attribute('server.address', channel&.connection&.hostname)
+                segment.add_agent_attribute('server.port', channel&.connection&.port)
+                segment.add_agent_attribute('messaging.destination.name', destination) # for produce, this is exchange name
+                segment.add_agent_attribute('messaging.rabbitmq.destination.routing_key', opts[:routing_key])
+              end
             rescue => e
               NewRelic::Agent.logger.error('Error starting message broker segment in Bunny::Exchange#publish', e)
               yield
@@ -94,6 +100,14 @@ module NewRelic
                 queue_name: name,
                 start_time: t0
               )
+              if segment
+                segment.add_agent_attribute('server.address', channel&.connection&.hostname)
+                segment.add_agent_attribute('server.port', channel&.connection&.port)
+                segment.add_agent_attribute('messaging.destination.name', name) # for consume, this is queue name
+                segment.add_agent_attribute('messaging.destination_publish.name', exch_name)
+                segment.add_agent_attribute('message.queueName', name)
+                segment.add_agent_attribute('messaging.rabbitmq.destination.routing_key', delivery_info&.routing_key)
+              end
             rescue => e
               NewRelic::Agent.logger.error('Error starting message broker segment in Bunny::Queue#pop', e)
             else

data/lib/new_relic/agent/instrumentation/delayed_job_instrumentation.rb

@@ -93,23 +93,4 @@ DependencyDetection.defer do
       chain_instrument NewRelic::Agent::Instrumentation::DelayedJob::Chain
     end
   end
-
-  executes do
-    next unless delayed_job_version < Gem::Version.new('4.1.0')
-
-    deprecation_msg = 'Instrumentation for DelayedJob versions below 4.1.0 is deprecated.' \
-      'It will stop being monitored in version 9.0.0. ' \
-      'Please upgrade your DelayedJob version to continue receiving full support. ' \
-
-    NewRelic::Agent.logger.log_once(
-      :warn,
-      :deprecated_delayed_job_version,
-      deprecation_msg
-    )
-  end
-
-  def delayed_job_version
-    # the following line needs else branch coverage
-    Gem.loaded_specs['delayed_job'].version if Gem.loaded_specs['delayed_job'] # rubocop:disable Style/SafeNavigation
-  end
 end