Merge branch 'master' into ci/update-gradle-dependencies-instrumentation-20260323

AlexeyKuznetsov-DD · web-flow · commit 99baaa7e4c2a · 2026-03-23T17:14:06.000-04:00
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -222,18 +222,24 @@ maven-central-pre-release-check:
   image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base
   stage: .pre
   rules:
+    - if: '$CI_COMMIT_BRANCH == "master"'
+      when: on_success
+      allow_failure: false
     - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
       when: on_success
       allow_failure: false
   script:
     - |
       MAVEN_CENTRAL_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
       MAVEN_CENTRAL_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
-      # See https://central.sonatype.org/publish/publish-portal-api/
-      # 15e0cbbb-deff-421e-9e02-296a24d0cada is deployment, any deployment id listed in central  work, the idea is to check whether the token can authenticate
-      curl --request POST --include --fail https://central.sonatype.com/api/v1/publisher/status?id=15e0cbbb-deff-421e-9e02-296a24d0cada --header "Authorization: Bearer $(printf "$MAVEN_CENTRAL_USERNAME:$MAVEN_CENTRAL_PASSWORD" | base64)"
-      if [ $? -ne 0 ]; then
-        echo "Failed to authenticate against central. Check credentials, see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
+      # See https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/
+      # Use the staging API search endpoint to validate the tokens without relying on a specific deployment
+      AUTHORIZATION_HEADER="Authorization: Bearer $(printf '%s:%s' "$MAVEN_CENTRAL_USERNAME" "$MAVEN_CENTRAL_PASSWORD" | base64)"
+      if ! curl --silent --show-error --fail \
+        "https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?ip=any" \
+        --header "$AUTHORIZATION_HEADER" \
+        > /dev/null; then
+        echo "Failed to authenticate tokens against maven central staging API. Check credentials and see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
         exit 1
       fi
 
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/rmi/ContextPayload.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/rmi/ContextPayload.java
@@ -17,6 +17,7 @@
 public class ContextPayload {
 
   private static final Logger log = LoggerFactory.getLogger(ContextPayload.class);
+  private static final int MAX_CONTEXT_SIZE = 1000;
   private final Map<String, String> context;
   public static final InjectAdapter SETTER = new InjectAdapter();
 
@@ -39,20 +40,26 @@ public static ContextPayload from(final AgentSpan span) {
   }
 
   public static ContextPayload read(final ObjectInput oi) throws IOException {
-    try {
-      final Object object = oi.readObject();
-      if (object instanceof Map) {
-        return new ContextPayload((Map<String, String>) object);
-      }
-    } catch (final ClassCastException | ClassNotFoundException ex) {
-      log.debug("Error reading object", ex);
+    final int size = oi.readInt();
+    if (size < 0 || size > MAX_CONTEXT_SIZE) {
+      log.debug("Dropping RMI context payload: size {} exceeds maximum {}", size, MAX_CONTEXT_SIZE);
+      return null;
     }
-
-    return null;
+    final Map<String, String> context = new HashMap<>(size * 2);
+    for (int i = 0; i < size; i++) {
+      final String key = oi.readUTF();
+      final String value = oi.readUTF();
+      context.put(key, value);
+    }
+    return new ContextPayload(context);
   }
 
   public void write(final ObjectOutput out) throws IOException {
-    out.writeObject(context);
+    out.writeInt(context.size());
+    for (final Map.Entry<String, String> entry : context.entrySet()) {
+      out.writeUTF(entry.getKey());
+      out.writeUTF(entry.getValue());
+    }
   }
 
   @ParametersAreNonnullByDefault
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/rmi/ContextPropagator.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/rmi/ContextPropagator.java
@@ -20,7 +20,7 @@ public class ContextPropagator {
   private static final ObjID REGISTRY_ID = new ObjID(ObjID.REGISTRY_ID);
 
   // RMI object id used to identify DataDog instrumentation
-  public static final ObjID DD_CONTEXT_CALL_ID = new ObjID("Datadog.v1.context_call".hashCode());
+  public static final ObjID DD_CONTEXT_CALL_ID = new ObjID("Datadog.v2.context_call".hashCode());
 
   // Operation id used for checking context propagation is possible
   // RMI expects these operations to have negative identifier, as positive ones mean legacy
diff --git a/dd-java-agent/ddprof-lib/gradle.lockfile b/dd-java-agent/ddprof-lib/gradle.lockfile
@@ -4,7 +4,7 @@
 ch.qos.logback:logback-classic:1.2.13=testCompileClasspath,testRuntimeClasspath
 ch.qos.logback:logback-core:1.2.13=testCompileClasspath,testRuntimeClasspath
 com.datadoghq:dd-javac-plugin-client:0.2.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-com.datadoghq:ddprof:1.39.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.datadoghq:ddprof:1.40.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 com.github.javaparser:javaparser-core:3.25.6=codenarc
 com.github.spotbugs:spotbugs-annotations:4.9.8=compileClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath
 com.github.spotbugs:spotbugs:4.9.8=spotbugs
