core: bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations from 2.27.0 to 2.28.1 in /core in the minor group

[dependabot]

Bumps the minor group in /core with 1 update: io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations.

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations from 2.27.0 to 2.28.1

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations's releases.

Version 2.28.1

This release targets the OpenTelemetry SDK 1.62.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see VERSIONING.md for more details.

🛠️ Bug fixes

• Fix javaagent startup failures when declarative configuration uses bundled contrib components, such as the rule-based routing sampler. (#18813)

Version 2.28.0

This release targets the OpenTelemetry SDK 1.62.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see VERSIONING.md for more details.

⚠️ Breaking changes to non-stable APIs

• Removed the obsolete internal ClassInjector/ProxyInjectionBuilder API used by the old ExperimentalInstrumentationModule.injectClasses(ClassInjector) path; use ExperimentalInstrumentationModule.exposedClassNames() instead. (#18112)
• Removed previously deprecated non-stable API methods and the deprecated opentelemetry-runtime-telemetry-java8 and opentelemetry-runtime-telemetry-java17 library aliases. (#18136)
• Removed the previously deprecated captureEventName library builder setting from the logback-appender-1.0 and log4j-appender-2.17 OpenTelemetryAppender, and the corresponding otel.instrumentation.{logback-appender,log4j-appender,jboss-logmanager}.experimental.capture-event-name javaagent properties. Use the otel.event.name key in MDC / context data / key-value pairs / Logstash markers / structured arguments instead. (#18223)
• Removed previously deprecated experimental config properties otel.instrumentation.http.client.experimental.redact-query-parameters and otel.instrumentation.common.experimental.db-sqlcommenter.enabled; use otel.instrumentation.sanitization.url.experimental.sensitive-query-parameters and otel.instrumentation.common.db.experimental.sqlcommenter.enabled instead. (#18229)
• Removed the deprecated otel.instrumentation.servlet.experimental.add-trace-id-request-attribute property; use otel.instrumentation.servlet.experimental.trace-id-request-attribute.enabled instead. (#18237)
• Reshaped the ktor Experimental helper from a class with a companion object to a top-level object. Kotlin source callers (Experimental.emitExperimentalTelemetry(...)) are unaffected, but pre-compiled consumers must be recompiled against the new artifact. (#18343)

🚫 Deprecations

• Deprecate otel.instrumentation.jaxws-cxf-3.0.enabled in favor of otel.instrumentation.jaxws-2.0-cxf-3.0.enabled, and otel.instrumentation.jaxws-metro-2.2.enabled in favor of otel.instrumentation.jaxws-2.0-metro-2.2.enabled. (#18184)

🌟 New javaagent instrumentation

• Add Apache Thrift 0.13 instrumentation for RPC client and server spans and metrics. (#18405)

🌟 New library instrumentation

• Add Apache Thrift 0.13 library instrumentation for RPC client and server spans and metrics. (#18405)

📈 Enhancements

• Couchbase 3.1 javaagent instrumentation now emits the more conventional instrumentation scope name io.opentelemetry.couchbase-3.1 instead of io.opentelemetry.javaagent.couchbase-3.1 when otel.instrumentation.common.v3-preview is enabled. (#18426)
• Wicket resource requests now use the resource reference class name in the server span name when otel.instrumentation.common.v3-preview is enabled. (#18312, #18775)
• Decide whether javaagent helper classes are injected into the application class loader or isolated based on the advice classes used by an instrumentation. (#17815)
• Improve cgroup v2 container ID detection for Podman by supporting additional mountinfo layouts and warning when multiple candidate IDs are found. (#18272)

🛠️ Bug fixes

• Fix Pekko HTTP and Tapir server route tracking so server span names and http.route preserve the most specific matched route across nested directives, exceptions, and timeouts; this may change span names and http.route values for affected routes. (#16390)
• Fix context loss in Finagle HTTP instrumentation across Netty-to-Finagle request conversion and twitter-util Future/Promise asynchronous boundaries. (#17867)
• Fix virtual-thread pinning caused by weak-map stale-entry cleanup running on virtual threads; cleanup now runs from the background thread instead. (#18113)
• Avoid linking batch consumer spans to the ambient consumer span when records or messages have no propagation headers. (#18154)
• Fix resetOnEachOperator() for Reactor 3.1 so it also removes the scheduler hook when instrumentation is disabled. (#18258)
• End spans when RxJava 1.0 subscriptions throw synchronously. (#18265)

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations's changelog.

Version 2.28.1 (2026-05-20)

This release targets the OpenTelemetry SDK 1.62.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see VERSIONING.md for more details.

🛠️ Bug fixes

• Fix javaagent startup failures when declarative configuration uses bundled contrib components, such as the rule-based routing sampler. (#18813)

Version 2.28.0 (2026-05-19)

This release targets the OpenTelemetry SDK 1.62.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they will continue to have breaking changes. Please see VERSIONING.md for more details.

⚠️ Breaking changes to non-stable APIs

• Removed the obsolete internal ClassInjector/ProxyInjectionBuilder API used by the old ExperimentalInstrumentationModule.injectClasses(ClassInjector) path; use ExperimentalInstrumentationModule.exposedClassNames() instead. (#18112)
• Removed previously deprecated non-stable API methods and the deprecated opentelemetry-runtime-telemetry-java8 and opentelemetry-runtime-telemetry-java17 library aliases. (#18136)
• Removed the previously deprecated captureEventName library builder setting from the logback-appender-1.0 and log4j-appender-2.17 OpenTelemetryAppender, and the corresponding otel.instrumentation.{logback-appender,log4j-appender,jboss-logmanager}.experimental.capture-event-name javaagent properties. Use the otel.event.name key in MDC / context data / key-value pairs / Logstash markers / structured arguments instead. (#18223)
• Removed previously deprecated experimental config properties otel.instrumentation.http.client.experimental.redact-query-parameters and otel.instrumentation.common.experimental.db-sqlcommenter.enabled; use otel.instrumentation.sanitization.url.experimental.sensitive-query-parameters and otel.instrumentation.common.db.experimental.sqlcommenter.enabled instead. (#18229)
• Removed the deprecated otel.instrumentation.servlet.experimental.add-trace-id-request-attribute property; use otel.instrumentation.servlet.experimental.trace-id-request-attribute.enabled instead. (#18237)

... (truncated)

Commits

• 7ad453a [release/v2.28.x] Prepare release 2.28.1 (#18818)
• 1f0b4b2 Prepare change log for upcoming patch release (#18816)
• f4b9d76 [release/v2.28.x] fix(deps): update opentelemetry-java-contrib monorepo to v1...
• 9ef68e6 [release/v2.28.x] Prepare release 2.28.0 (#18791)
• 5d26f13 Draft release notes (#18774)
• 3754062 Gate Wicket resource span names on v3 preview (#18775)
• f6f123d Preserve Spring resource provider class names (#18785)
• 4c6155a Normalize internal and resource javaagent packages (#18746)
• d7b88ce Rename servlet common root package (#18778)
• d52a5ff Rename servlet common snippet package (#18777)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions