Node.js agent release notesRSS

New features

• Added @newrelic/koa as a dependency.

  This introduces instrumentation for Koa v2.0.0 or higher. It will be treated as first-party instrumentation within the agent, but publishing it as a separate module allows it to be installed independently according to users' needs.

Improvements

• Refactored instrumentation hooks to work with modules.

  With this change it is now possible to link against external instrumentation modules.

Improvements

• Promise based web framework middleware instrumentation now supports callback based sequencing.

  Previously, a promise based middleware was assumed to continue to the next middleware once the promise it returned resolved. This assumption has been relaxed to allow for a callback to be supplied to the middleware to invoke the next middleware.

Improvements

• Removed the ssl configuration option.

  TLS is now always used in communication with New Relic Servers. The ssl configuration value and NEW_RELIC_USE_SSL environment value are no longer used. Setting either value to anything other than true will result in a warning.

• Security bulletin NR18-05:

  Fixes issue introduced in 2.8.0 where the agent may have captured all transaction attributes, even with High-security mode enabled on the account. This may have included sensitive data attached to transactions.

• All request parameters now prefixed with request.parameters..

  Previously request parameters such as route and query parameters were added as attributes without any name changes. For example /foo?bar=value would add the attribute bar to the transaction. Now this attribute would be named request.parameters.bar.

  Any Insights dashboards, alerts, or other NRQL queries using these attributes must be updated to use the new attribute names.

• Adds support for EU Datacenter

Bug fixes

• Security bulletin NR18-06:

  Fixes issue introduced in 2.8.0 where the agent may have captured all transaction attributes, even with High-security mode enabled on the account. This may have included sensitive data attached to transactions.

• Removed support for agent attributes include/exclude rules.

  These will be coming back in Node Agent v3.0.0. The fix for the above security bulletin required a backwards incompatible change to our attributes.

• Fixed bug in Bluebird instrumentation.

  Some methods were not instrumented correctly. This would cause a problem if a function was passed to these methods.

  Special thanks to Andreas Lind (@papandreou) for helping us find this bug.

Note

This release is deprecated due to an issue where the agent may capture transaction attributes regardless of agent settings. If you are using this release, upgrade your agent to agent version 2.9.1 or higher. For more information, see Security Bulletin NR18-06.

Improvements

• Added the WebFrameworkShim#savePossibleTransactionName method.

  This method may be used to mark the current running middleware as a potential responder. savePossibleTransactionName should be used if a middleware can't be determined to be a terminal middleware while it executes, but may be responsible for responding after execution has finished.

• Fixed dns.resolve results assertion.

• Expanded async_hooks tests around maintain transaction context.

• Added Koa to metric naming objects.

• Added callback prop to middlewareWithPromiseRecorder return spec.

  While we aren't actually wrapping any callback, this is a workaround that gives us access to the active segment. This ensures that all segments inside Koa transaction traces are named correctly, particularly in cases when transaction context may be lost.

• Updated after prop in middlewareWithPromiseRecorder return spec to set txInfo.errorHandled = true in cases when there is no error.

  Because Koa has no concept of errorware in the same sense as Express or Connect ((err, req, res, next)), the agent now assumes if a middleware resolves, any error that may have occurred can be marked as handled.

Fixes

• Added check for parentSegment in async_hooks instrumentation, to help ensure that transaction context is maintained.

Note

This release is deprecated due to an issue where the agent may capture transaction attributes regardless of agent settings. If you are using this release, upgrade your agent to agent version 2.9.1 or higher. For more information, see Security Bulletin NR18-06.

New features

• Added instrumentation support for MongoDB version 3.

  Version 3 of mongodb is now supported. Previously datastore host information (instance metrics) was incorrectly captured by the agent with mongodb v3. This has been fixed and all features should be functional now.

Improvements

• Updated documentation for apdex_t setting and removed environment variable.

  This was never configurable on client side and the documentation was misleading.

• Documented environment variables for slow_sql configurations.

  Thanks to Olivier Tassinari (@oliviertassinari) for the update!

• Updated hapi/hapi-pre-17/package.json to run errors.tap.js in more versions.

• Added internal cache to unwrapped core modules for agent use.

• Improved logging around environment facts gathering.

Bug fixes

• Enable certain agent attributes when high-security mode is enabled.

  During the switch from the old capture_params/ignored_params to the new attribute include/exclude rules, high-security mode was over-zealous in what attributes it disallowed. This has been trimmed back to be in line with other agents.

Notes

• Changed attributes.enabled to true by default.

  In the previous version we defaulted this to false to maintain parity with capture_params which defaulted to false. However, this is a invalid parity because attribute.enabled controls more attributes than capture_params.

Improvements

• Removed unnecessary checks around Timer.unref() calls.

  unref has been supported since Node v0.9, meaning it will always be present in timers set by the agent (with 0.10 being the earliest supported version).

• Added a split in the node versions for the mysql2 and cassandra versioned tests.

  As of mysql2 v1.3.1 and cassandra v3.4.0 the minimum supported version of Node is 4.

• Replaced as many instances of {} as possible with Object.create(null).

• Removed extraneous logger arg in addCustomAttribute call.

Bug fixes

• The agent will no longer generate browser data for ignored transactions.

• Expanded Hapi instrumentation to support route pre handlers.

  This is a Hapi route config option that was previously uninstrumented, causing transaction names to become invalid. This expanded instrumentation ensures that all additional handlers are wrapped and associated with the main route.

New features

• Added agent attribute filtering via include and exclude rules.

  Agent attributes can now be controlled using fine grained include and exclude rules. These rules, described below, replace capture_params and ignored_params. Any attributes listed in ignored_params will be migrated to attributes.exclude internally, unless attributes.exclude is explicitly set.

  There are three new configuration properties added to the root config and each destination (more on destinations later). These new configurations are:

  • attributes.enabled - Enables collection of attributes for the destination.
  • attributes.include - A list of attributes or wildcard rules to include.
  • attributes.exclude - A list of attributes or wildcard rules to exclude.

  The include and exclude rules can be exact rules (for example request.headers.contentLength), or wildcard rules which match just the beginning of attribute keys (for example request.headers.* would match any request header).

  These rules can be specified globally at the root of the configuration, or for specific destinations. These destinations are:

  • transaction_tracer - Controls transaction trace attributes.
  • transaction_events - Controls transaction event attributes.
  • error_collector - Controls error event attributes.
  • browser_monitoring - Controls browser/RUM transaction attributes.

• Renamed addCustomParameter to addCustomAttribute.

  The addCustomParameter method is now deprecated and will be removed in a future release of the agent. The addCustomAttribute method is a drop-in replacement for it.

• Added cache to agent attribute filtering.

  To minimize the overhead of applying attribute rules, the agent caches results of filtering specific attribute keys and destinations. The cache is limited to 1000 destination-key pairs by default but can be configured with attributes.filter_cache_limit. This cache offers a 10x improvement for applying filter rules for cache-hits.

• Added allow_all_headers to config options and updated http instrumentation.

  When set to true, the agent will collect all request headers. This collection respects the agent attribute include and exclude rules. A default set of exclusion rules are provided in newrelic.js. These rules exclude all cookies and authentication headers.

• Segments may now be flagged as opaque, causing internal segments to be omitted from the transaction trace.

Improvements

• Added limits for agent attributes to keep monitoring overhead down.

  Attribute keys and values are limited to 255 bytes each. Keys which are larger than 255 bytes are dropped, and a warning message is logged. Values larger than 255 bytes are truncated to 255 bytes, respecting multi-byte UTF-8 encoding. Custom attributes are limited to 64 per transaction. Attributes beyond the 64th are silently ignored.

• Added error to collector connection failure log message.

• Renamed request_uri attribute to request.uri.

  This brings the attribute name in line with all other request attributes.

• Updated https-proxy-agent dependency from ^0.3.5 to ^0.3.6.

• Updated versioned tests where applicable to ensure most minor versions of instrumented modules work as expected.

• Fixed stalling test for v1 line of Mongo driver.

• Added tests verifying Hapi 404 transactions result in correctly named metrics.

  The Hapi instrumentation was doing the correct thing, but we did not have tests for this specific case.

Bug fixes

• The agent will no longer crash when crypto.DEFAULT_ENCODING has been changed.

  Previously, the agent would assume the result of hash.digest() was an instance of a Buffer. If crypto.DEFAULT_ENCODING is changed, hash.digest() will return a string and the agent would crash. The agent now ensures that the value is a Buffer instance before moving on.

• Fixed error if process.config.variables.node_prefix missing.

  If process.config.variables.node_prefix is falsey (which can happen if using electron, leading to this issue https://discuss.newrelic.com/t/new-relic-on-electron-nodejs/53601) the getGlobalPackages function in lib/environment.js will give an err when it shouldn't.

  Thanks to Jarred Filmer (@BrighTide) for the fix!

Improvements

• Added regression test for promise instrumentation and stack overflows.

Bug fixes

• Fixed naming bug in Restify instrumentation regarding parameters to next.

  The instrumentation previously considered any truthy value passed to next to be an error. It is possible to pass a string or boolean to next in Restify to control further routing of the request. This would cause the middleware's mounting path to be erroneously appended to the transaction name.

• Fixed access to bluebird.coroutine.addYieldHandler.

  This was accidentally not copied by our instrumentation making access to the function fail. This has been resolved and tests expanded to ensure no other properties were missed.