1.67.0 — 6th April
Updates
Enhanced percentage-based sampling support for AppSec data collection
Percentage-based probabilistic sampling is now supported across TPA, libtraceable, and ext_cap integrations, with improved behavior when used with rate-limited sampling.
If both percentage-based and rate limit sampling rules are configured, the configured percentage of traffic is allowed until the rate limit is reached. This enables better control over data volume while maintaining predictable limits.
You can define sampling rules based on percentage and apply them using filters such as service, environment, and URL. The sampling rule is applied per URL for the matched conditions, ensuring that each URL follows the configured sampling behavior.
For example, for a given service and environment, a 10% sampling rule is applied independently per URL for the matching traffic.
At least one span per URL per minute is preserved to maintain visibility even at low sampling percentages.
Set Helm value setAppProtocolForService to false by default
The Helm chart now sets setAppProtocolForService to false by default.
This provides better control over whether appProtocol is set on the Kubernetes Service and helps improve compatibility across different deployment environments and gateway configurations.
Resolved Issues
Resolved collector crash due to missing port in endpoint
Resolved an issue where the collector could crash when the endpoint configuration did not include a port.
Resolved header case sensitivity issue in ext_cap endpoints
Resolved an issue where request or response bodies could fail to parse if the Content-Type header was not in lowercase. Header handling is now case-insensitive as expected.
Resolved missing Apigee and HSL ports exposure in Kubernetes service
Resolved an issue where Apigee and HSL ports were not exposed on the agent Kubernetes service even when enabled.
When apigeeServer.enabled or hslServer.enabled is set to true, the corresponding ports are now correctly exposed, allowing integrations to connect as expected.
1.66.0 — 3rd March
Traceable Platform Agent 1.66.0 provides the following:
Traceable Platform Agent Version 1.66.0
Updates
Added Kubernetes Service appProtocol for kgateway compatibility
The TPA Helm chart now sets appProtocol: kubernetes.io/h2c on the Kubernetes Service port to ensure compatibility with kgateway.
This allows kgateway to correctly detect and route HTTP/2 traffic to the TPA service, thereby avoiding protocol-mismatch issues. Existing Kubernetes deployments that do not use kgateway are not impacted.
Migrated OpenTelemetry Collector health check to v2
The TPA health check extension has been migrated from the deprecated OpenTelemetry Collector v1 implementation to the supported v2 extension.
This removes deprecation warnings related to unmaintained components while keeping the health check behavior unchanged. No configuration changes are required.
Added support for Argon2Id and Scrypt hashing for data obfuscation
TPA now supports additional hashing algorithms, including Argon2Id and Scrypt, for obfuscating sensitive data.
This allows you to align obfuscation strategies with your organization’s security and compliance requirements while continuing to protect sensitive data.
Added probabilistic sampling for AppSec data collection
TPA now supports percentage-based probabilistic sampling for traces collected via libtraceable.
This allows you to control the volume of spans sent to the platform using configurable sampling percentages, while still retaining a representative dataset for analysis.
Upgraded OpenTelemetry Collector to v0.145.0
TPA now uses OpenTelemetry Collector version 0.145.0, which includes stability improvements and bug and vulnerability fixes.
Added Terraform support for ECS deployments
You can now deploy TPA on Amazon ECS using Terraform, in addition to the existing CloudFormation option.
This enables infrastructure-as-code workflows and allows consistent deployment across Fargate and EC2 environments using existing AWS configurations.
Resolved Issues
Resolved data directory ownership and service startup issues
Resolved issues where incorrect file ownership and service behavior during installation or upgrade could cause TPA to fail to start, especially when using custom data directories or non-root user and group configurations.
TPA now correctly preserves ownership and ensures a reliable startup across supported environments.
Upgraded yq to v4.52.4
Resolved issues related to older yq versions by upgrading to v4.52.4, addressing known bugs and security vulnerabilities.
1.65.2 — 27th February
Traceable Platform Agent 1.65.2 provides the following:
Resolved Issues
Resolved Service Startup Failures Related to TA_DATA_DIR Permissions
Resolved an issue where the Traceable Platform Agent service could fail to start after an upgrade when custom data directories or non-root user and group settings were used. This occurred because file ownership could be incorrectly set to root during installation.
TPA now stops the service during package download and installation when required and correctly preserves ownership for configured user and group settings. As a result, the agent starts reliably after upgrades across supported Debian and RPM environments, including air-gapped deployments.
1.65.1 — 20th February
Traceable Platform Agent 1.65.1 provides the following:
Resolved Issues
Blocked Spans for Excluded APIs Are Now Retained
Resolved an issue where blocked requests that matched API exclusion rules could be dropped by the TPA span remover and not appear in the platform.
TPA now ensures that spans marked as blocked are always retained and sent to the platform, even if they match an exclusion rule. This allows blocked requests, such as excluded OPTIONS calls, to appear correctly in Security Events, Analytics, and span search results while preserving the intended exclusion behavior for non blocked traffic.
1.65.0 — 1st February
Traceable Platform Agent 1.65.0 provides the following:
Updates
Upgraded yq to v4.50.1
The bundled version of yq has been upgraded to v4.50.1 to address bugs and security vulnerabilities.
Upgraded OpenTelemetry Collector to v0.143.0
TPA now uses OpenTelemetry Collector version 0.143.0, which includes bug fixes and security improvements.
Added event index to SSE attributes
Server Sent Events processing now includes an event index attribute, improving event traceability and downstream analysis.
Added TA_DEPLOYMENT_NAME environment variable
A new environment variable, TA_DEPLOYMENT_NAME, can now be used to configure the deployment name associated with a TPA instance. This value is used along with the host name for identification.
Updated haproxy-init container base image to Ubuntu
The haproxy-init container now uses an Ubuntu base image instead of Alpine to address outstanding vulnerabilities in the Alpine base image.
Added configurable log sampling for collector logs
A new log sampling configuration is available to reduce repetitive collector log entries while preserving useful diagnostic information. This helps lower log volume, reduce storage usage, and make important messages easier to identify during troubleshooting.
VM deployments using config.yaml
collector:
log_sampling:
enabled: true
window_ms: 60000
threshold_min: 2
threshold_max: 10Kubernetes deployments using values.yaml
collector:
logSampling:
enabled: true
window_ms: 60000
threshold_min: 2
threshold_max: 10Within each window_ms interval, the first threshold_min occurrences of a repeated log line are always logged. After that, only one out of every threshold_max occurrences is logged. This significantly reduces high frequency noisy logs while retaining enough signal for debugging.
Resolved Issues
Resolved issue where SSE parser added extra newline characters
Resolved an issue where the SSE data parser added an extra newline when handling unparsed events.
Resolved TPA crash during debug information upload
Resolved an issue where TPA could crash while sending debug information to the platform. TPA now safely handles empty HTTP responses during debug uploads.
Resolved issue where sensitive private key material could appear in logs
Resolved an issue where private key data could be written to logs under certain conditions.
Resolved JSON parser issue
Resolved an issue in the JSON parser that could lead to incorrect parsing behavior in specific scenarios.
1.64.2 — 25th January
Updates
Safeguard Azure APIM policy against misconfiguration
Improved safeguards have been added to the Azure APIM policy used for data collection. These checks help prevent traffic disruption caused by policy misconfiguration and add resiliency when unexpected responses are received from the TPA endpoint.
1.64.1 — 21st January
Updates
TA_DATA_DIR is now set by default in all deployments
TPA now sets TA_DATA_DIR by default across all supported deployment methods, including Helm, Terraform, RPM, DEB, Windows, and installer-based deployments.
IP resolution strategy configuration support for blocking
TPA now supports IP resolution strategy configuration for blocking evaluation.
Default rules are provided to align with existing behavior. Users can modify, enable, disable, or delete these rules using the UI. Rule evaluation supports service-environment matching, and all matching rules are applied to a given service and environment.
Upgrade to opentelemetry-go 1.39
Upgraded opentelemetry-go dependency to version 1.39.
Support wildcard content type capture in ext_cap
Added support for wildcard content type capture in ext_cap.
Users can configure allowed_content_types to capture request and response bodies even when the content type is missing or not explicitly listed.
1.64.0 — 6th January
Updates
Mirroring agent upgraded to version 1.7.2
The Mirroring Agent has been upgraded to version 1.7.2.
Log exporting enabled by default
Log exporting to the platform is now enabled by default.
libtraceable gRPC version upgraded
The gRPC version used by libtraceable has been upgraded.
Resolved Issues
JSON parser fix
Resolved an issue in the JSON parser.