APM and distributed tracing for PHP
The Datadog PHP Tracer brings APM and distributed tracing to PHP.
License: BSD 3-Clause
| Version | Release | Download |
| 1.21.0 | 2026-06-05 | datadog_trace-1.21.0.tgz |
| 1.20.0 | 2026-05-20 | datadog_trace-1.20.0.tgz |
| 1.19.2 | 2026-05-06 | datadog_trace-1.19.2.tgz |
| 1.19.1 | 2026-04-30 | datadog_trace-1.19.1.tgz |
| 1.19.0 | 2026-04-28 | datadog_trace-1.19.0.tgz |
| Version | Message |
| 1.21.0 |
## All products ### Changed - The sidecar is now always spawned unconditionally, regardless of configuration #3912 ### Internal - Bump Rust MSRV to 1.87 #3926 ## Tracer ### Added - Add PHP feature flag evaluation including evaluation metrics via OTLP #3906, #3909, #3910, #3911 - Add `dynamic_service` DBM propagation mode as a convenience alias for `service` mode with base hash injection; this mode will replace `service` on the long term #3940 - Add `DD_DBM_ALWAYS_APPEND_SQL_COMMENT` to unconditionally append SQL comments in DBM regardless of sampling #3954 - Recognize PCF Garden container IDs for Cloud Foundry deployments DataDog/libdatadog#2025 ### Fixed - Fix remote config not being delivered after forking #3958 - Fix span pointer invalidation crash during inferred span serialization with `DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED` #3934 - Fix buffer overflow in autoload path construction for oversized class/path names #3932 - Fix Swoole integration parsing the POST body regardless of `DD_TRACE_HTTP_POST_DATA_PARAM_ALLOWED` #3931 - Guard JIT blacklist rewrite to prevent crashes with non-tracing JIT metadata #3929 - Fix OTel polyfill post hooks with `:void` return type overwriting the instrumented function's actual return value #3920 - Fix span stats broken for nested services due to incorrect `top_level` span detection #3916 - Fix `php.compilation.total_time_ms` reporting values 1000x too large (microseconds labeled as milliseconds) #3915 (thank you @dortort!) - Fix memory corruption of INIs in ZTS builds #3898 - Fix data race in curl header assignment (non-atomic write to `_Atomic` field) #3945 - Fix sample rate normalization to 0..1 range, preventing incorrect Knuth hash computation #3935 - Fix multi-request failures caused by incorrect rinit ordering after tracer/ext split #3946 ### Internal - Split the tracer code into a separate `tracer/` directory within the extension #3912 - Improve crashtracker reliability: socket-based thread collection, incomplete stack handling, and `language:native` tag DataDog/libdatadog#2080, DataDog/libdatadog#2079, DataDog/libdatadog#2083 ## Profiling ### Fixed - Fix macOS release builds for the profiler #3923 ### Internal - Support PHP DEBUG builds for the profiler, enabling ASAN testing in CI #3908 ## AppSec ### Added - Collect `x-datadog-endpoint-scan` and `x-datadog-security-test` security testing headers as span tags on HTTP entry spans, independent of `DD_TRACE_HEADER_TAGS` and AppSec enablement #3925 ### Fixed - Fix out-of-bounds iteration in PHP <8.1 backtrace `HashTable` loop in the AppSec backtrace collection path #3933 |
| 1.20.0 |
## All products ### Fixed - Properly reset SSI loader global state on shutdown to cleanly support reloading #3881 ### Internal - Spawn the sidecar via dynamic linker instead of trampoline #3869 ## Tracer ### Added - Add support for OpenTelemetry logs (`DD_LOGS_OTEL_ENABLED=true`, disabled by default) #3748 ### Changed - Crashtracking now collects stack traces from all threads at the moment of a crash #3866 ### Fixed - Fix NULL dereference crash in ZTS mode during sidecar/telemetry shutdown #3886 - Ensure remote config processing happens strictly after request initialization #3882 - Strip libpq-style paired quotes from PostgreSQL `dbname` DSN value in PDO integration #3885 - Fix use-after-realloc crash in tracestate formatting #3874 ## Profiling ### Fixed - Prevent panics in profiling encoding under out-of-memory and out-of-bounds conditions #3888 ## AppSec ### Added - Add AppSec integrations to Laminas Framework (http.route, endpoint collection, login events) #3716 ### Changed - Update recommended ruleset to v1.18.0, adding Stripe and LLM endpoint detection rules #3859 ### Fixed - Treat cleared shared memory as no-config rather than an error in AppSec helper #3876 - Avoid the possibility of sensitive data going to the telemetry logs backend via WAF strings #3884 ### Internal - Fix `blocked_request` metric tag detection in AppSec helper #3863 - Add `block` tag to `rasp.rule.match` metric #3870 - RFC-1012 metrics improvements: WAF duration distributions, rule_variant tag, and tag fixes #3850 |
| 1.19.2 |
## Tracer ### Changed - Restrict the accepted amount of extracted tags and baggage #3854 ### Fixed - Fix parentId refcount underflow #3851 - Fix SpanStack active reference corruption #3853 - Retry FFI telemetry batches when session config not yet available DataDog/libdatadog#1929 - Fallback to ftruncate if fallocate gets EPERM DataDog/libdatadog#1938 |
| 1.19.1 |
## Tracer ### Fixed - Fix catastrophic backtracking in PDO integration #3848 |
| 1.19.0 |
## All products ### Fixed - Fix critical ZTS race condition in INI value refcounting that caused use-after-free crashes under concurrent load #3832 - Ensure a unique installation directory to avoid conflicts with other tools #3835 ## Tracer ### Added - Implement client-side stats computation using shared memory for zero-copy stats delivery, with fallback to socket on first payloads #3756, #3811, #3815, #3836 ### Changed - Use a webserver-wide session ID for sidecar instead of per-fork session IDs, and propagate it to child processes via environment #3828, #3838 ### Fixed - Fix ZTS race condition in `process_tags.serialized` refcounting on shared inter-thread string #3831 - Fix dynamic instrumentation installation regression when enabling via dynamic config #3843 - Handle `APM_MULTI_CONFIG` remote configuration and fix missing data for exception replay #3791 - Fix duration of httpstream and live debugger spans being incorrectly reported as zero #3821 - Fix `instanceof` type aliases for PHP 7.x in live debugger DSL (`integer`/`double` vs `int`/`float`) #3813 - Obfuscate `:name` placeholder parameters in PDO queries for correct DBM correlation #3801 - Fix locale settings breaking ksr resolution #3797 (thank you @jdmaguire for the report!) - Fix exception in PDO::__construct when signals arrive during database connection setup #3841 - Fix infinite loop in crashtracker runtime stack collection #3845 ### Internal - Add timeout to sidecar info fetcher DataDog/libdatadog#1890 - Allow sidecar worker to be stopped cleanly after fork DataDog/libdatadog#1893 - Use a dedicated sidecar connection per PHP thread, reducing lock contention and enabling per-thread request queuing #3770 - Emit environment variable names in telemetry config (e.g., `DD_TRACE_GENERATE_ROOT_SPAN`) instead of INI dot notation #3783 - Default crash report upload to errors intake to be enabled DataDog/libdatadog#1902 - Flush telemetry on anticipated sidecar shutdown to avoid data loss for short-lived sidecars #3806 - Skip sending empty telemetry payloads DataDog/libdatadog#1894 - Wire telemetry extended heartbeat interval through sidecar SessionConfig DataDog/libdatadog#1882, #3800 ## Profiling ### Added - Support generator unwinding in stack traces #3807 ## AppSec ### Fixed - Fix Remote Config regression in Rust helper #3840 - Fix double-logging of broken connections as errors and improve connection error handling in Rust helper #3792, #3803 ### Internal - Enable helper-rust by default also on PHP 8.4 #3842 - Update vendored libxml2 from 2.15.2 to 2.15.3 #3814 |