dependabot[bot] opened a new pull request, #23320: URL: https://github.com/apache/camel/pull/23320
Bumps [io.opentelemetry.instrumentation:opentelemetry-log4j-appender-2.17](https://github.com/open-telemetry/opentelemetry-java-instrumentation) from 2.27.0-alpha to 2.28.0-alpha. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases";>io.opentelemetry.instrumentation:opentelemetry-log4j-appender-2.17's releases</a>.</em></p> <blockquote> <h2>Version 2.27.0</h2> <p>This release targets the OpenTelemetry SDK 1.61.0.</p> <p>Note that many artifacts have the <code>-alpha</code> suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see <a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/VERSIONING.md#opentelemetry-java-instrumentation-versioning";>VERSIONING.md</a> for more details.</p> <h3>⚠️ Breaking changes to non-stable APIs</h3> <ul> <li>Make <code>AbstractKtorServerTelemetryBuilder.isOpenTelemetryInitialized()</code> protected (previously public). (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17509";>#17509</a>)</li> <li>Replace <code>ExperimentalInstrumentationModule.injectClasses(ClassInjector)</code> with <code>exposedClassNames()</code> for exposing helper classes to the application class loader. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17765";>#17765</a>)</li> <li>Moved <code>WebApplicationContextInstrumentation</code> from the <code>spring-web</code> instrumentation module to <code>spring-webmvc</code>; users who disabled it via <code>otel.instrumentation.spring-web.enabled=false</code> must now use <code>otel.instrumentation.spring-webmvc.enabled=false</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17856";>#17856</a>)</li> </ul> <h3>🚫 Deprecations</h3> <ul> <li>Deprecated <code>KafkaTelemetryBuilder.setMessagingReceiveInstrumentationEnabled(boolean)</code> in favor of <code>setMessagingReceiveTelemetryEnabled(boolean)</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17092";>#17092</a>)</li> <li>Deprecated GraphQL builder methods <code>setSanitizeQuery()</code> and <code>setAddOperationNameToSpanName()</code>, and deprecated config key <code>otel.instrumentation.graphql.add-operation-name-to-span-name.enabled</code> in favor of <code>setQuerySanitizationEnabled()</code>, <code>setOperationNameInSpanNameEnabled()</code>, and <code>otel.instrumentation.graphql.operation-name-in-span-name.enabled</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17093";>#17093</a>)</li> <li>Deprecate <code>Experimental.setEnableSqlCommenter()</code> in JDBC and R2DBC instrumentation in favor of <code>Experimental.setSqlCommenterEnabled()</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17094";>#17094</a>)</li> <li>Rename <code>otel.instrumentation.servlet.capture-request-parameters</code> to <code>otel.instrumentation.servlet.experimental.capture-request-parameters</code> and <code>otel.instrumentation.servlet.add-trace-id-request-attribute</code> to <code>otel.instrumentation.servlet.experimental.trace-id-request-attribute.enabled</code>; old property names are deprecated. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17113";>#17113</a>)</li> <li>Deprecated the declarative config name <code>statement_sanitizer</code> in favor of <code>query_sanitization</code>, and the declarative config group <code>common.database</code> in favor of <code>common.db</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17116";>#17116</a>)</li> <li>Deprecated the GraphQL declarative config name <code>query_sanitizer</code> in favor of <code>query_sanitization</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17455";>#17455</a>)</li> <li>Deprecated the DB query sanitization system property names <code>otel.instrumentation.common.db-statement-sanitizer.enabled</code>, <code>otel.instrumentation.jdbc.statement-sanitizer.enabled</code>, <code>otel.instrumentation.mongo.statement-sanitizer.enabled</code>, and <code>otel.instrumentation.r2dbc.statement-sanitizer.enabled</code> in favor of the corresponding <code>*.query-sanitization.enabled</code> names, deprecated <code>otel.instrumentation.common.experimental.db-sqlcommenter.enabled</code> in favor of <code>otel.instrumentation.common.db.experimental.sqlcommenter.enabled</code>, and deprecated <code>otel.instrumentation.graphql.query-sanitizer.enabled</code> in favor of <code>otel.instrumentation.graphql.query-sanitization.enabled</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17464";>#17464</a>)</li> <li>Deprecate <code>InstrumentationModule.isIndyModule()</code>; indy mode is now determined by the agent distribution configuration instead of per-module overrides. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17713";>#17713</a>)</li> </ul> <h3>📈 Enhancements</h3> <ul> <li>Remove <code>log4j.map_message.</code> prefix from MapMessage attributes when <code>otel.instrumentation.common.v3-preview</code> is enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/13871";>#13871</a>)</li> <li>Stop normalizing messaging header names (dash to underscore) when <code>otel.instrumentation.common.v3-preview</code> is enabled, so captured header attribute keys now preserve the original header name. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/14554";>#14554</a>)</li> <li>Add <code>db.system.name</code> attribute to Vertx SQL client instrumentation when stable database semantic conventions are enabled (<code>otel.semconv-stability.opt-in=database</code>). (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16254";>#16254</a>)</li> <li>JDBC instrumentation now supports the <code>db.system.name</code> attribute with stable semantic convention values (e.g., <code>postgresql</code>, <code>oracle.db</code>, <code>ibm.db2</code>, <code>sap.hana</code>) when stable database semantic conventions are enabled (<code>otel.semconv-stability.opt-in=database</code>). (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16277";>#16277</a>)</li> <li>Add <code>otel.instrumentation.common.v3-preview</code> flag that enables upcoming 3.0 breaking changes early. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16459";>#16459</a>)</li> <li>Optimized log event MDC attribute mapping in jboss-logmanager, log4j, and logback appenders by pre-computing attribute keys at initialization. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16765";>#16765</a>)</li> <li>Add <code>messaging.kafka.bootstrap.servers</code> attribute to Kafka producer spans when <code>otel.instrumentation.kafka.experimental-span-attributes</code> is enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17065";>#17065</a>)</li> <li>Disable servlet trace-id request attribute by default when <code>otel.instrumentation.common.v3-preview</code> is enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17173";>#17173</a>)</li> <li>Disable thread details span processor (<code>otel.javaagent.add-thread-details</code>) by default when <code>otel.instrumentation.common.v3-preview</code> is enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17215";>#17215</a>)</li> <li>Improved javaagent startup optimization by decomposing disjunction matchers, allowing more transformations to be skipped during class loading. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17227";>#17227</a>)</li> <li>Add stable <code>messaging.kafka.offset</code> attribute to Kafka instrumentation, gated behind <code>otel.semconv-stability.preview=messaging</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17785";>#17785</a>)</li> <li>Preserve original casing of servlet request parameter names in attribute keys when <code>otel.instrumentation.common.v3-preview</code> is enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17822";>#17822</a>)</li> <li>Replace reflective mutation of Byte Buddy's <code>AgentBuilder.Default.transformations</code> with a <code>ClassFileTransformer</code> hook, avoiding a JDK 26 JEP 500 warning about writing to a final field via reflection. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17824";>#17824</a>)</li> <li>Add javaagent bridging support for OpenTelemetry API 1.61 stable methods including <code>Tracer.isEnabled()</code>, metric instrument <code>isEnabled()</code>, and <code>Logger.setBody(Body)</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/17849";>#17849</a>)</li> </ul> <h3>🛠️ Bug fixes</h3> <ul> <li>Fix <code>WebClientBeanPostProcessor</code> and <code>RestClientBeanPostProcessor</code> to avoid replacing user-customized builder beans when the OpenTelemetry tracing filter/interceptor is already registered. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/15546";>#15546</a>)</li> <li>Fix memory leak where bridged observable metric callbacks were never closed when the application-side instrument was garbage collected. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16219";>#16219</a>)</li> <li>Fix Ktor server instrumentation leaking scope across requests due to <code>restoreThreadContext</code> not always being called by Ktor coroutine machinery. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16487";>#16487</a>)</li> <li>Add missing <code>schemaUrl</code> to servlet response instrumenter. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16560";>#16560</a>)</li> <li>Fix <code>OpenTelemetryContextDataProvider</code> calling <code>GlobalOpenTelemetry.get()</code> during class initialization, which could interfere with SDK setup ordering. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16638";>#16638</a>)</li> <li>Fix ZIO instrumentation destroying caller thread context on fiber suspend, which caused spans created after <code>unsafe.run</code> to lose their parent. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16647";>#16647</a>)</li> <li>Fix Spring Boot starter adding a duplicate OpenTelemetry logback appender when the appender is nested inside another appender. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16697";>#16697</a>)</li> <li>Fix bridging of <code>VALUE</code>-type attributes set via <code>AttributeKey.valueKey()</code> on spans and log records through the javaagent API bridge. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16750";>#16750</a>)</li> <li>Fix unsafe deserialization in RMI instrumentation that could lead to remote code execution (<a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-xw7x-h9fj-p2c7";>CVE-2026-33701</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/16986";>#16986</a>, also released in 2.26.1)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/CHANGELOG.md";>io.opentelemetry.instrumentation:opentelemetry-log4j-appender-2.17's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>Unreleased</h2> <h2>Version 2.28.0 (2026-05-19)</h2> <p>This release targets the OpenTelemetry SDK 1.62.0.</p> <p>Note that many artifacts have the <code>-alpha</code> suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see <a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/VERSIONING.md#opentelemetry-java-instrumentation-versioning";>VERSIONING.md</a> for more details.</p> <h3>⚠️ Breaking changes to non-stable APIs</h3> <ul> <li>Removed the obsolete internal <code>ClassInjector</code>/<code>ProxyInjectionBuilder</code> API used by the old <code>ExperimentalInstrumentationModule.injectClasses(ClassInjector)</code> path; use <code>ExperimentalInstrumentationModule.exposedClassNames()</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18112";>#18112</a>)</li> <li>Removed previously deprecated non-stable API methods and the deprecated <code>opentelemetry-runtime-telemetry-java8</code> and <code>opentelemetry-runtime-telemetry-java17</code> library aliases. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18136";>#18136</a>)</li> <li>Removed the previously deprecated <code>captureEventName</code> library builder setting from the logback-appender-1.0 and log4j-appender-2.17 <code>OpenTelemetryAppender</code>, and the corresponding <code>otel.instrumentation.{logback-appender,log4j-appender,jboss-logmanager}.experimental.capture-event-name</code> javaagent properties. Use the <code>otel.event.name</code> key in MDC / context data / key-value pairs / Logstash markers / structured arguments instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18223";>#18223</a>)</li> <li>Removed previously deprecated experimental config properties <code>otel.instrumentation.http.client.experimental.redact-query-parameters</code> and <code>otel.instrumentation.common.experimental.db-sqlcommenter.enabled</code>; use <code>otel.instrumentation.sanitization.url.experimental.sensitive-query-parameters</code> and <code>otel.instrumentation.common.db.experimental.sqlcommenter.enabled</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18229";>#18229</a>)</li> <li>Removed the deprecated <code>otel.instrumentation.servlet.experimental.add-trace-id-request-attribute</code> property; use <code>otel.instrumentation.servlet.experimental.trace-id-request-attribute.enabled</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18237";>#18237</a>)</li> <li>Reshaped the ktor <code>Experimental</code> helper from a class with a <code>companion object</code> to a top-level <code>object</code>. Kotlin source callers (<code>Experimental.emitExperimentalTelemetry(...)</code>) are unaffected, but pre-compiled consumers must be recompiled against the new artifact. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-java-instrumentation/pull/18343";>#18343</a>)</li> </ul> <h3>🚫 Deprecations</h3> <ul> <li>Deprecate <code>otel.instrumentation.jaxws-cxf-3.0.enabled</code> in favor of <code>otel.instrumentation.jaxws-2.0-cxf-3.0.enabled</code>, and <code>otel.instrumentation.jaxws-metro-2.2.enabled</code> in favor of <code>otel.instrumentation.jaxws-2.0-metro-2.2.enabled</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/open-telemetry/opentelemetry-java-instrumentation/commits";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
