getsentry
diff --git a/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎sentry-android-core/src/main/java/io/sentry/android/core/ManifestMetadataReader.java‎
Lines changed: 12 additions & 0 deletions b/‎sentry-android-core/src/main/java/io/sentry/android/core/ManifestMetadataReader.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎sentry-android-core/src/test/java/io/sentry/android/core/ManifestMetadataReaderTest.kt‎
Lines changed: 50 additions & 0 deletions b/‎sentry-android-core/src/test/java/io/sentry/android/core/ManifestMetadataReaderTest.kt‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎sentry-opentelemetry/sentry-opentelemetry-core/src/main/java/io/sentry/opentelemetry/SentrySampler.java‎
Lines changed: 1 addition & 1 deletion b/‎sentry-opentelemetry/sentry-opentelemetry-core/src/main/java/io/sentry/opentelemetry/SentrySampler.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎sentry-opentelemetry/sentry-opentelemetry-core/src/main/java/io/sentry/opentelemetry/SentrySpanProcessor.java‎
Lines changed: 1 addition & 1 deletion b/‎sentry-opentelemetry/sentry-opentelemetry-core/src/main/java/io/sentry/opentelemetry/SentrySpanProcessor.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎sentry-spring-7/src/test/kotlin/io/sentry/spring7/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions b/‎sentry-spring-7/src/test/kotlin/io/sentry/spring7/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sentry-spring-7/src/test/kotlin/io/sentry/spring7/webflux/SentryWebFluxTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions b/‎sentry-spring-7/src/test/kotlin/io/sentry/spring7/webflux/SentryWebFluxTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sentry-spring-jakarta/src/test/kotlin/io/sentry/spring/jakarta/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions b/‎sentry-spring-jakarta/src/test/kotlin/io/sentry/spring/jakarta/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sentry-spring-jakarta/src/test/kotlin/io/sentry/spring/jakarta/webflux/SentryWebFluxTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions b/‎sentry-spring-jakarta/src/test/kotlin/io/sentry/spring/jakarta/webflux/SentryWebFluxTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sentry-spring/src/test/kotlin/io/sentry/spring/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions b/‎sentry-spring/src/test/kotlin/io/sentry/spring/tracing/SentryTracingFilterTest.kt‎
Lines changed: 1 addition & 0 deletions
@@ -1,5 +1,14 @@
 # Changelog
 
+## Unreleased
+
+### Features
+
+- Prevent cross-organization trace continuation ([#5136](https://github.com/getsentry/sentry-java/pull/5136))
+  - By default, the SDK now extracts the organization ID from the DSN (e.g. `o123.ingest.sentry.io`) and compares it with the `sentry-org_id` value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
+  - New option `strictTraceContinuation` (default `false`): when enabled, both the SDK's org ID **and** the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected.
+  - New option `orgId`: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code, `sentry.properties` (`org-id`), or Android manifest (`io.sentry.org-id`).
+
 ## 8.34.1
 
 ### Fixes
 
@@ -167,6 +167,9 @@ final class ManifestMetadataReader {
 
   static final String FEEDBACK_SHOW_BRANDING = "io.sentry.feedback.show-branding";
 
+  static final String STRICT_TRACE_CONTINUATION = "io.sentry.strict-trace-continuation";
+  static final String ORG_ID = "io.sentry.org-id";
+
   static final String SPOTLIGHT_ENABLE = "io.sentry.spotlight.enable";
 
   static final String SPOTLIGHT_CONNECTION_URL = "io.sentry.spotlight.url";
@@ -662,6 +665,15 @@ static void applyMetadata(
         feedbackOptions.setShowBranding(
             readBool(metadata, logger, FEEDBACK_SHOW_BRANDING, feedbackOptions.isShowBranding()));
 
+        options.setStrictTraceContinuation(
+            readBool(
+                metadata, logger, STRICT_TRACE_CONTINUATION, options.isStrictTraceContinuation()));
+
+        final @Nullable String orgId = readString(metadata, logger, ORG_ID, null);
+        if (orgId != null) {
+          options.setOrgId(orgId);
+        }
+
         options.setEnableSpotlight(
             readBool(metadata, logger, SPOTLIGHT_ENABLE, options.isEnableSpotlight()));
 
 
@@ -2436,4 +2436,54 @@ class ManifestMetadataReaderTest {
     // maskAllImages should also add WebView
     assertTrue(fixture.options.screenshot.maskViewClasses.contains("android.webkit.WebView"))
   }
+
+  @Test
+  fun `applyMetadata reads strictTraceContinuation and keeps default value if not found`() {
+    // Arrange
+    val context = fixture.getContext()
+
+    // Act
+    ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+    // Assert
+    assertFalse(fixture.options.isStrictTraceContinuation)
+  }
+
+  @Test
+  fun `applyMetadata reads strictTraceContinuation to options`() {
+    // Arrange
+    val bundle = bundleOf(ManifestMetadataReader.STRICT_TRACE_CONTINUATION to true)
+    val context = fixture.getContext(metaData = bundle)
+
+    // Act
+    ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+    // Assert
+    assertTrue(fixture.options.isStrictTraceContinuation)
+  }
+
+  @Test
+  fun `applyMetadata reads orgId and keeps null if not found`() {
+    // Arrange
+    val context = fixture.getContext()
+
+    // Act
+    ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+    // Assert
+    assertNull(fixture.options.orgId)
+  }
+
+  @Test
+  fun `applyMetadata reads orgId to options`() {
+    // Arrange
+    val bundle = bundleOf(ManifestMetadataReader.ORG_ID to "12345")
+    val context = fixture.getContext(metaData = bundle)
+
+    // Act
+    ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+    // Assert
+    assertEquals("12345", fixture.options.orgId)
+  }
 }
@@ -91,7 +91,7 @@ public SamplingResult shouldSample(
     final @NotNull PropagationContext propagationContext =
         sentryTraceHeader == null
             ? new PropagationContext(new SentryId(traceId), randomSpanId, null, baggage, null)
-            : PropagationContext.fromHeaders(sentryTraceHeader, baggage, randomSpanId);
+            : PropagationContext.fromHeaders(sentryTraceHeader, baggage, randomSpanId, scopes.getOptions());
 
     final @NotNull TransactionContext transactionContext =
         TransactionContext.fromPropagationContext(propagationContext);
 
@@ -127,7 +127,7 @@ public void onStart(final @NotNull Context parentContext, final @NotNull ReadWri
                   new SentryId(traceData.getTraceId()), spanId, null, null, null)
               : TransactionContext.fromPropagationContext(
                   PropagationContext.fromHeaders(
-                      traceData.getSentryTraceHeader(), traceData.getBaggage(), spanId));
+                      traceData.getSentryTraceHeader(), traceData.getBaggage(), spanId, scopes.getOptions()));
       ;
       transactionContext.setName(transactionName);
       transactionContext.setTransactionNameSource(transactionNameSource);
 
@@ -96,6 +96,7 @@ class SentryTracingFilterTest {
             logger,
             it.arguments[0] as String?,
             it.arguments[1] as List<String>?,
+            null,
           )
         )
       }
 
@@ -98,6 +98,7 @@ class SentryWebFluxTracingFilterTest {
             logger,
             it.arguments[0] as String?,
             it.arguments[1] as List<String>?,
+            null,
           )
         )
       }
 
@@ -96,6 +96,7 @@ class SentryTracingFilterTest {
             logger,
             it.arguments[0] as String?,
             it.arguments[1] as List<String>?,
+            null,
           )
         )
       }
 
@@ -98,6 +98,7 @@ class SentryWebFluxTracingFilterTest {
             logger,
             it.arguments[0] as String?,
             it.arguments[1] as List<String>?,
+            null,
           )
         )
       }
 
@@ -96,6 +96,7 @@ class SentryTracingFilterTest {
             logger,
             it.arguments[0] as String?,
             it.arguments[1] as List<String>?,
+            null,
           )
         )
       }
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ public void onStart(final @NotNull Context parentContext, final @NotNull ReadWri`
`127`	`127`	`new SentryId(traceData.getTraceId()), spanId, null, null, null)`
`128`	`128`	`: TransactionContext.fromPropagationContext(`
`129`	`129`	`PropagationContext.fromHeaders(`
`130`		`- traceData.getSentryTraceHeader(), traceData.getBaggage(), spanId));`
	`130`	`+ traceData.getSentryTraceHeader(), traceData.getBaggage(), spanId, scopes.getOptions()));`
`131`	`131`	`;`
`132`	`132`	`transactionContext.setName(transactionName);`
`133`	`133`	`transactionContext.setTransactionNameSource(transactionNameSource);`
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ class SentryTracingFilterTest {`
`96`	`96`	`logger,`
`97`	`97`	`it.arguments[0] as String?,`
`98`	`98`	`it.arguments[1] as List<String>?,`
	`99`	`+ null,`
`99`	`100`	`)`
`100`	`101`	`)`
`101`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,7 @@ class SentryWebFluxTracingFilterTest {`
`98`	`98`	`logger,`
`99`	`99`	`it.arguments[0] as String?,`
`100`	`100`	`it.arguments[1] as List<String>?,`
	`101`	`+ null,`
`101`	`102`	`)`
`102`	`103`	`)`
`103`	`104`	`}`