Datadog/Datadog Agent

Datadog Agent

$npx -y @buildinternet/releases show datadog-agent

Sun

Mon

Tue

Wed

Thu

Fri

Sat

AprMayJunJulAugSepOctNovDecJanFebMarApr

Less

Releases15Avg5/moVersionsv7.74.1 → v7.78.0

Jul 2, 2025

Agent

Prelude

Release on: 2025-07-02

Please refer to the 7.67.1 tag on integrations-core for the list of changes on the Core Checks

Enhancement Notes

Agents are now built with Go 1.23.10.

Bug Fixes

Fixes invalid logs compression error in DDOT, sets DDOT logs compression to gzip.
Permissions are no longer applied recursively to the Datadog installer data directory on Windows.

This fixes an issue that causes Agent updates to restrict access to the .NET APM tracer libraries that were previously installed by the DD_APM_INSTRUMENTATION_LIBRARIES option, preventing them from being loaded by IIS.
Fixes an issue in Install-Datadog.ps1 that could malform datadog.yaml and cause the Agent to fail to start. When datadog.yaml does not end with a new line the remote_updates option was incorrectly appended to the last line in the file instead of to a new line.

Datadog Cluster Agent

Prelude

Released on: 2025-07-02 Pinned to datadog-agent v7.67.1: CHANGELOG.

Jun 18, 2025

Agent

Prelude

Release on: 2025-06-18

Please refer to the 7.67.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

Bump the Python version to 3.12.11
Upgraded JMXFetch to 0.49.7 <https://github.com/DataDog/jmxfetch/releases/0.49.7> which switches from snakeyaml to snakeyaml-engine, adding support for YAML 1.2. See 0.49.7 <https://github.com/DataDog/jmxfetch/releases/tag/0.49.7> for more details.
In order to avoid unnecessary DNS queries, the agent now uses FQDN when connecting to Datadog intakes. Specifically, it adds a trailing dot at the end of the Datadog intake hostnames. While most users may not notice this change, it can affect setups where connections between the agent and Datadog intakes are intercepted for deep packet inspection or TLS man-in-the-middle by proxies or firewalls. Users that have such a proxy or L7 firewall should ensure that the rules for agent connections to *.datadoghq.com hosts are also valid for connections to *.datadoghq.com. (with an additional trailing dot) hosts.
Update go-sqllexer to 0.1.6.

New Features

In the Systemd core check add the option to use regular expressions to select units to monitor.
Added a new variable extra_dbm to Aurora Autodiscovery. This variable matches the value of the datadoghq.com/dbm tag on the database instance.
Released a new ddot-collector container image that packages the [Datadog Distribution of OpenTelemetry Collector](https://docs.datadoghq.com/opentelemetry/setup/ddot_collector/).
The MacOS Agent now supports the Network Path feature by including system-probe and the traceroute module.
Windows: Added the Windows Certificate Store integration to monitor the expiration of certificates in the local machine certificate store.
Introducing a new setting collect_ec2_instance_info to collect basic EC2 instance information as host tags. This reproduces some of the behaviors of the AWS integration for users that can't enable it. The [AWS integration](https://docs.datadoghq.com/integrations/amazon_web_services/) should still be use whenever possible as it offers a better and more in depth integration.
Feature parity between Python disk check and Go disk check. The new version of the disk check is disabled by default for now, but it will be enabled later on. It can be enabled by setting use_diskv2_check: true in your configuration.
Pretty printed/multi-line JSON messages are now aggregated into a single line when auto multiline detection is enabled. This ensures the log is treated a structured log when processed by Datadog. Aggregation can be disabled by setting logs_config.auto_multi_line.enable_json_aggregation to false.
Add a networkv2 check that is a port of the Python network check to Go. This version is disabled by default but can be enabled with use_networkv2_check in your configuration.
Adds a new diagnostic check that identifies firewall rules blocking SNMP traps and NetFlow traffic on Windows systems.
Enables support for NetPath on Windows client versions. To enable set tcp_method to syn_socket in the network_path.d configuration file.
SNMP integration now defaults to use the Core loader instead of Python.
A new core check, agentprofiling, has been introduced to automatically generate a flare with profiles when the Datadog Agent exceeds a configured memory or CPU usage threshold. When a valid config file is set, the Agent monitors its own memory and CPU usage and, upon crossing the threshold, generates a flare with profiles that is either saved locally or sent to a Zendesk ticket.

This enhancement simplifies troubleshooting memory-related issues that are difficult to reproduce or time, allowing users to passively capture critical memory data without manual intervention.

Enhancement Notes

APM: Improve the performance of the Trace Agent's QuantizePeerIPAddresses function, providing a marginal reduction in CPU usage for most workloads.
Added a new configuration option, ad_allowed_env_vars, which allows users to restrict which environment variables can be resolved in Autodiscovery check configurations. When set, only the environment variables listed are resolved.
Added a new configuration option, ad_disable_env_var_resolution, which lets users disable environment variable resolution in Autodiscovery check configurations.
Agents are now built with Go 1.23.9.
Enable HA support for Oracle integration.
Network devices autodiscovery now deduplicates devices based on their name, description and uptime with config flag use_deduplication.
Adds a compression_kind tag to the logs.encoded_bytes_sent telemetry metric, enabling aggregation and monitoring of log compression type usage during rollout.
The log agent now uses zstd compression as default for improved performance and reduced bandwidth usage. By default, zstd compression is used when no additional endpoints are configured.
Improved logging compression settings across different agent pipelines. Debug logs now clearly indicate whether compression settings are coming from pipeline-specific configuration, global logs configuration, or default fallback settings. This helps debug compression behavior across different pipelines.
Improved the behavior of the SQL obfuscator cache key computation. The cache key is now computed conditionally based on whether the cache is enabled.

Known Issues

In rare cases, profiles generated by the Agent (including those triggered by the new agentprofiling check) may become corrupted. This is a known limitation of the underlying profile generation system and is not specific to this feature. Corrupted profiles are unusable for analysis. If profiles are still needed, Datadog recommends restarting the Agent and contacting Datadog support for assistance.

Deprecation Notes

The remote tagger for the process-agent is now always enabled and cannot be disabled. The process_config.remote_tagger config entry is removed.

Bug Fixes

APM: Fix an issue where the Trace-Agent socket could be deleted during an Agent upgrade by the previous Trace-Agent during shutdown.
Fixes an issue where the extra_dbname variable in the Aurora Discovery template would default to an empty string if no database name was specified in the cluster resource. It now correctly falls back to the engine's default database name.
Fix the Python script used when installing the Agent RPM from leaving behind bytecode.
Do not drop the leading zeroes of the AWS account ID in the account_id tag.
Fix SBOM generation when container images are scanned using the overlayfs direct scan method (overlayfs_direct_scan: true).
Fix SNMP autodiscovery status to take into account ignored IP addresses.
Remove the FIPS Proxy status section from the Agent status page when running the FIPS Agent.
Increased the Agent GUI cookie persistence to one year. This ensures uninterrupted session continuity for users who configure an infinite session duration.
APM: Fix bug where agent status command would show zero traces being written out.
The Windows Agent MSI no longer fails if it is unable to delete temporary files related to extracting the embedded Python distribution.
The kubelet core check now respects the timeout parameter of the check configuration file.
Fixed potential compatibility issues with non-Datadog intakes by ensuring gzip compression is used when additional endpoints are configured.
Fixed event platform forwarder to use correct pipeline-specific compression settings instead of log endpoint settings. All non-log pipelines now default to zstd compression unless configured otherwise.
Use FQDNs when the Agent builds intake hostnames with DD_SITE to prevent generating as many DNS queries as there are entries in the search section of the /etc/resolv.conf` file. If an intake full URL is explicitly set with add_url`` parameter, then, the parameter is used as-is and using FQDNs or not remains a user choice.
[oracle]: Set hostname for Oracle autonomous database.
[oracle]: Fix Active Connections with active_session_history: true.
Fix incorrect connection stats with active session history (ASH) sampling by sending each ASH snapshot in a separate payload.
If a metric transaction can't be sent to the endpoint, this transaction can be serialized to disk. When this occurs, the API key must be sanitized. This ensures that when an API key sourced from a secret is refreshed, the replacer continues to sanitize the new key.
Fix rare panic in the flush mechanism of the serverless logs pipeline
SNMP: Correctly decode strings with trailing 00s.
Avoid running the Agent MSI a second time when rolling back a remote upgrade on Windows.
Do not fail remote upgrade on Windows when the Agent service takes more than 3 minutes to start
Windows: Prevent unnecessary failing access to process memory when a process is protected

Other Notes

Add metrics origins for wlan integration.
The compression behavior is now also determined by the presence of additional endpoints:
- When additional endpoints are configured: gzip compression is used
- When no additional endpoints are configured: the default zstd compression is used
Add system. prefix to wlan.* metrics. Rename transmit_rate and receive_rate metrics to txrate and rxrate respectively.
Adds Agent telemetry for Service Discovery.
Update our dogstatsd standalone image base to Alpine Linux 3.21.
Update libkrb5 to 1.21.3.

Datadog Cluster Agent

Prelude

Released on: 2025-06-18 Pinned to datadog-agent v7.67.0: CHANGELOG.

Deprecation Notes

The Kubernetes State check no longer supports VPA versions <0.7.0.

Bug Fixes

Fixes a bug where the Kubernetes State check could not generate VPA metrics for VPA versions 1.3.0+
Fix data race in the orchestrator check for the sensitive data scrubber. Note: This would only occur when running the check on Datadog cluster check runners.

Jun 4, 2025

Agent

Prelude

Release on: 2025-06-03

Please refer to the 7.66.1 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

Fixes issue parsing pod list from kubelet when the InPlacePodVerticalScaling feature gate is enabled on the cluster.

Datadog Cluster Agent

Prelude

Released on: 2025-06-03 Pinned to datadog-agent v7.66.1: CHANGELOG.

May 22, 2025

Agent

Known issue

This version (and previous) of the Datadog Agent is not compatible with Kubernetes 1.33+ versions due to the Feature Gate InPlacePodVerticalScaling that became enabled by default. This flag modifies the kubelet /pods output preventing the correct behaviour of the Datadog Agent. The recommendation is to upgrade to Agent v7.66.1, which is fully compatible with the latest (and previous) Kubernetes versions. More details can be found in this issue.

Prelude

Release on: 2025-05-22

Please refer to the 7.66.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

If you use a custom Agent username and password on Windows with an Active Directory domain account and you want to remotely upgrade the Agent using Fleet Automation then you must provide the DDAGENTUSER_PASSWORD option when upgrading to 7.66 or later. For more information see the features release notes.
Breaking change: Added a new feature flag disable_operation_and_resource_name_logic_v2 in DD_APM_FEATURES that replaces enable_operation_and_resource_name_logic_v2. The new operation name logic for OTLP is now opt-out instead of opt-in.

New Features

Added a new WLAN check that monitors the Wi-Fi interface on the host system. This check is only available for macOS systems.
Fleet Automation now supports remote upgrades when using a custom Agent username and password on Windows.

Windows stores the password as an encrypted LSA local private data object that is only accessible to local Administrators. Windows Service Manager stores service account passwords in the same location. For more information, see the Microsoft documentation on Storing Private Data and Private Data Objects.

Uninstalling the Agent removes the encrypted password from the LSA.

To avoid providing and manually managing the account password, consider using a Group Managed Service Account (gMSA). For more information, see Installing the Agent with a gMSA account.
Adds support for persisting of non-core integrations during Agent upgrades on Windows platforms. To disable, set the INSTALL_PYTHON_THIRD_PARTY_DEPS="0" property during the installation of the MSI.
adds the ability for the Agent to tail logs via the kubelet's API.
Support multiple authentication methods for a subnet in network devices autodiscovery.
Use cdpCacheSecondaryMgmtAddr and cdpCacheAddress for CDP topology links in case cdpCachePrimaryMgmtAddr is empty or of an unsupported type.
Enable language detection via tracers metadata

Enhancement Notes

Add a build option (--glibc, enabled by default) to build the Agent on glibc environment. On the other libc environments like musl, the Agent should be built with --no-glibc option. The option enables system-probe gpu module and corechecks gpu collector using github.com/NVIDIA/go-nvml which depends on a glibc-extended definition.
OpenTelemetry instrumentation scope attributes are now converted into span attributes.
Utilize distributed senders and rtt fairness algorithms to improve logs pipeline throughput and fairness.
Adds | separator to the DogstatsD debug table (from agent dogstatsd-stats) when not requesting JSON output. This allows the table to render properly in markdown format.
Get the k8s cluster name from an AKS node label if present
APM: Improve debug logging for ignore_resources configuration by showing what rule resulted in a trace being ignored.
Added an option for the Oracle integration to template the database instance identifier.
The Oracle integration now supports the empty_default_hostname option to omit host from metrics
Added the exclude_hostname option to the Oracle integration
The OTLP receiver gRPC server in the trace agent now respects the config otlp_config.receiver.protocols.grpc.max_recv_msg_size_mib or env var DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_MAX_RECV_MSG_SIZE_MIB.
added new expvar "submission_error_count" on process endpoint to be shown during user status checks
Reduce the memory footprint of the logs pipeline by eliminating unnecessary fields in the log payload.
The Windows Agent MSI now sets the Agent account password to the provided DDAGENTUSER_PASSWORD value when it is a local account. Previously, if the provided password did not match the account password, the Agent would fail to start.

Bug Fixes

Addressed a bug in the cluster-agent API that prevented tag extraction for annotations from working due to client side filtering. The fix was implemented in both the node-agent and the cluster-agent. Now, node-agent clients specify the annotations filter when querying the cluster-agent.
APM: Fix an issue where apm_config.ignore_resources only removes the root span instead of discarding the whole trace when using OTLP ingestion.
When using OTLP ingest with metrics, the instrumentation_scope_metadata_as_tags option now outputs the instrumentation_scope tag instead of the deprecated instrumentation_library tag.
Prevents the index out of range error caused when trying to match inspect layer digests to history layers on some images.
Fix clusterchecks dispatching on the Cloud Foundry Cluster Agent
Fixed an issue in the KSM check where, when using pod_collection_mode: node_kubelet, the Agent reported incorrect values for the kubernetes_state.container.status_report.count.waiting metric.
Fixes a bug that Agent OTLP ingestion fails to start when the config otlp_config.receiver.protocols.grpc.max_recv_msg_size_mib or env var DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_MAX_RECV_MSG_SIZE_MIB is set to a string.
Process Agent files are added to the flare archive instead of displaying "no session token provided".

Other Notes

Add a new Agent telemetry tag auth to the API telemetry metrics. This tag is used to evaluate the impact of reworking the authentication system for inter-process communication.
Add a new metric counter to the Agent telemetry for status rendering errors. This is used to detect potential issues with an ongoing change in the status rendering.

Datadog Cluster Agent

Prelude

Released on: 2025-05-22 Pinned to datadog-agent v7.66.0: CHANGELOG.

New Features

For workload selection in auto-instrumentation, users can now use the Kubernetes native valueFrom as an alternative to value in ddTraceConfigs. This enables dynamic, user-defined and label based value propagation to the tracing SDKs, like DD_SERVICE.
Collect EndpointSlice manifests in the orchestrator check.
Tag resources from Cluster Agent Orchestrator check with all static tags.

Bug Fixes

Fix major data races in the orchestrator check for the Kubernetes resource collection.
Fix data race in autodiscovery cluster checks provider.
Fix data race in autodiscovery kube services provider.
Fixes an issue with autoinstrumentation where sometimes a DD_SERVICE is not consistent between containers and init containers.
The auto-instrumentation webhook no longer mutates the istio-proxy container. This fixes an issue with Kubernetes-native sidecars and the istio service mesh where a standard sidecar is moved to be the first init container by istio after it was mutated by auto-instrumentation.
The cluster-agent kubernetes_metadata API now supports client specified annotations filtering. Clients can pass along filters as query parameters like '?filter=abc&filter=def'.

May 14, 2025

Agent

Prelude

Release on: 2025-05-13

Please refer to the 7.65.2 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

(datadog-fips-agent) Ensure the post-install script always rebuilds fipsmodule.cnf in case the embedded OpenSSL is updated.
The embedded OpenSSL on Windows no longer links against zlib (which wasn't included), preventing errors related to accidentally loading a version of zlib installed on the host.
On Windows, restarting the datadogagent service now also restarts the Datadog Installer service to ensure configuration changes take effect.

Datadog Cluster Agent

Prelude

Released on: 2025-05-13 Pinned to datadog-agent v7.65.2: CHANGELOG.

Bug Fixes

Fix wrong computation of the init container resources in the autoinstrumentation webhook.

May 8, 2025

Agent

Prelude

Release on: 2025-05-08

Please refer to the 7.65.1 tag on integrations-core for the list of changes on the Core Checks

Datadog Cluster Agent

Prelude

Released on: 2025-05-08 Pinned to datadog-agent v7.65.1: CHANGELOG.

Bug Fixes

Customers relying on the deprecated v1 implementation of the auto instrumentation webhook will no longer be forced to use the v2 implementation. This will provide additional time for customers to migrate from the v1 to the v2 implementation and ensure the v2 implementation adequately supports all existing use cases.

May 6, 2025

Agent

Prelude

Release on: 2025-05-06

Please refer to the 7.65.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

Covers more gRPC status code values sent by tracer libraries
Aggregate APM stats payloads by gRPC code

New Features

The Agent MSI for Windows now installs the .NET APM Instrumentation libraries and automatically configures APM Instrumentation for IIS. To enable this feature, specify the following properties in the MSI command line:

DD_APM_INSTRUMENTATION_ENABLED=iis DD_APM_INSTRUMENTATION_LIBRARIES=dotnet:3

Requires IIS 10.0 or later. For more information see [Single Step APM Instrumentation](https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/).
APM: Added new OpenLineage event proxy endpoint.
A new implementation of auto multi-line detection for logs is now available. This new implementation is more flexible and powerful than the previous one. It now supports arbitrary timestamps, continuous matching, and more flexible configuration. It will be enabled automatically when logs_config.auto_multi_line_detection is set to true. You can opt out of the new implementation by setting logs_config.force_auto_multi_line_detection_v1 to true.
APM: Container-based primary tags are now available by default.

Enhancement Notes

Add a new host tag called orch_cluster_id that is set to the Kubernetes cluster ID generated by the cluster-agent. This is added only for the hosts that are part of a Kubernetes cluster. This tag is also used on every cluster-level resources like kubernetes_state.* metrics, kubernetes events, and orchestrator level resources.
Add admission.datadoghq.com/apm-inject.debug: "true" annotation to inject DD_APM_INSTRUMENTATION_DEBUG=true, DD_TRACE_STARTUP_LOGS=true and DD_TRACE_DEBUG=true to an application container. This is useful for debugging Single Step Instrumentation or tracer issues in Kubernetes environments.
Add metrics origins for Sonatype Nexus, Silverstripe CMS and Anecdote integrations.
Add the propagate_agent_tags setting. When set to true, the tags from the Agent host are added to the check's tag for all instances.
Agents are now built with Go 1.23.7.
Agents are now built with Go 1.23.8.
Allow integrations to self-declare as HA Supported.
Improved trace context creation from Step Function execution context:
- Now utilizes State.RetryCount and Execution.RedriveCount to generate parent IDs deterministically, preventing collisions with retry spans.
- Supports multi-level trace merging, allowing an arbitrary number of Lambda and Step Function traces to be linked together while maintaining root context.
This update brings feature parity with Node and Python Lambda layers in the Universal runtimes.
The hostname subcommand for the Agent now tries to reach out to the running Agent, and falls back to computing the hostname locally if the Agent is not running. You can use the --local option to force the local computation.
Cisco SD-WAN: improve memory usage.
Adds a metadata_ip_resolution_from_hostname config option to use hostname DNS resolution as the preferred method to compute the host IP address
Metrics are now sent over HTTP/2 when possible. A slight change to the connection handling to take full advantage of this means multiple requests can be in flight at any one time. This can be configured with the forwarder_max_concurrent_requests option, default is 10.
Added configurations network_path.collector.source_excludes and network_path.collector.dest_excludes, which allow ignoring CIDR ranges in the Network Path collector.
Added support for querying the pod list through the API server. This feature, enabled by setting kubeletUseApiServer to true, allows the Agent to retrieve pod metadata directly from the API server instead of the kubelet. This resolves issues when direct access to the kubelet /pods endpoint is restricted. The agent will continue to query the kubelet for /metrics and /stats/summary. Must add pods to Agent cluster role.
Process checks now run in the core Agent by default on Linux. Process Agent will only run if needed for other configured features.
Include container_instance_arn in ECS Task payloads.
Include APIVersion and Kind to Kubernetes manifests.
The Python runtime is now loaded when the first check is loaded, rather than when the agent starts. This will eventually avoid having to load Python when no Python check is enabled. This change can be reverted by setting python_lazy_loading: false in your configuration.
When the API key can't be accessed in serverless, it is now logged as an error instead of debug.
Added FIPS compliance support for Lambda Extension GovCloud customers. The Lambda Extension now uses FIPS-enabled endpoints for AWS KMS and Secrets Manager when running in GovCloud regions.
APM: Return the correct content-type header when rejecting trace payloads.
APM: Expose an "obfuscation_version" value via the /info endpoint. Accept a new header "Datadog-Obfuscation-Version" for incoming stats payloads; if any non-zero value is set, the trace-agent will not attempt to obfuscate these payloads as they have already been obfuscated by the tracer.
Adds functionality to construct a DD span from datadog. attributes on an incoming span. By default, it checks for a span attribute starting with datadog.; if present, it uses this to compute the corresponding Datadog field (e.g., datadog.service is used to set ddspan.Service). This will override other sources for the same field (e.g., if both datadog.service and service.name are present, datadog.service is used). By default, if a field is missing, it will be recomputed (e.g., if there's no datadog.env, it will look for env in deployment.environment). However, if the config option otlp_config.traces.ignore_missing_datadog_fields is specified, the field will not be recomputed. This option allows users to explicitly specify blank fields if they desire (e.g., set datadog.env = "").

The following functionality is removed: if both http.response.status_code and http.status_code were present in the span attributes, the former was preferred. Similarly, http.request.method was preferred over http.method. In this release, the key encountered first is the one used.

Security Notes

The OPENSSL_CONF and OPENSSL_MODULES environment variables are now set when running the datadog-fips-agent in FIPS mode. This allows applications to use the OpenSSL configuration and modules configured with the Agent installation.

Bug Fixes

Fixes bugs in the analyze-logs subcommand, and validates the logs config for invalid syntax.
Fixes a race condition introduced in PR #33521 around the PythonHome getting set in an init hook.
Fix the NVIDIA Jetson check to support parsing the tegrastats output when there are multiple Graphics Processing Clusters (GPCs). In that case, the metric nvidia.jetson.gpu.freq is emitted for each GPC and tagged with gpc:0, gpc:1, and so on.
Fixes issue where the CRI-O image status endpoint would be queried when container_image.enabled was set to false.
CWS: Fixed a bug that prevented more than one runtime security rule from being disabled, and caused incorrect policy information to be reported in ruleset loaded events.
Fixed a spinlock corruption in the Windows driver ddprocmon.sys that can cause system hangs and memory corruption when system-probe.exe is shutting down.
Fixes an issue where the system-probe would spuriously log the error netlink conntracker requires NET_ADMIN capability on the Fargate CNM preview.
Cisco SD-WAN: fix an issue that could lead to incorrect metrics tagging.
Fix the shebang of the gstatus binary to use the embedded Python environment.
APM: fix issue where a new span field for span events wasn't properly serialized when received in MessagePack format.
Environment variables that the kubelet collector receives and are not explicitly defined in plaintext will now be ignored.

Other Notes

PHP support is enabled by default in the Cluster Agent
Metrics Origin entries for Infiniband and Celery integrations
Update OpenSSL from 3.4.0 to 3.4.1.
PHP support for Single Step Instrumentation is now installed by default.
Add metric origin for the Velero integration.
Adds the Datadog Installer service to the Agent MSI. The Datadog Installer service will start on boot but will exit unless the Remote Upgrades preview is enabled.

Datadog Cluster Agent

Prelude

Released on: 2025-05-06 Pinned to datadog-agent v7.65.0: CHANGELOG.

New Features

[PREVIEW] Add support for mounting Datadog CSI volumes instead of hostpath volumes in the admission controller config webhook for sharing DogStatsD and APM UDS sockets with user applications. This requires the Datadog CSI driver to be installed and running on the cluster.

Enhancement Notes

Collect terminated Kubernetes resources.

Apr 10, 2025

Agent

Prelude

Release on: 2025-04-10

Enhancement Notes

Agents are now built with Go 1.23.8.

Bug Fixes

Add a configuration option, enable_nvml_detection, disabled by default, to stop the Agent from trying to find the NVML library on startup.
Fix remote tagger initialization log message to be logged only once.

Datadog Cluster Agent

Prelude

Released on: 2025-04-10 Pinned to datadog-agent v7.64.3: CHANGELOG.

Apr 2, 2025

Agent

Prelude

Release on: 2025-04-02

Please refer to the 7.64.2 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

Process Agent files are added to the flare archive instead of displaying "no session token provided".

Datadog Cluster Agent

Prelude

Released on: 2025-04-02 Pinned to datadog-agent v7.64.2: CHANGELOG.

Mar 20, 2025

Agent

Prelude

Release on: 2025-03-20

Please refer to the 7.64.1 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

Fixed Python package dependency issue preventing integrations from loading on Windows

Datadog Cluster Agent

Prelude

Released on: 2025-03-20 Pinned to datadog-agent v7.64.1: CHANGELOG

Mar 19, 2025

Agent

Known Issues

This version contains a Python package dependency (cryptography) issue that can prevent Python integrations from loading on Windows. A workaround is to set the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 at the machine level and restart the Agent. If the issue persists, the recommendation at this time is to downgrade to Agent v7.63.3 or upgrade to v7.64.1 when it becomes available.

Prelude

Release on: 2025-03-19

Please refer to the 7.64.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

Add the new following docker images, containing every components of the Datadog Agent, including the new Otel-Agent:
- 7.X.Y-full
- 7-full
- latest-full
The datadog-fips-agent now builds with the 'requirefips' buildtag in the 7.64 Linux release and no longer needs the GOFIPS=1 environment variable set to enable FIPS mode. When upgrading from 7.63, this can be removed.
Enables IMDSv2 by default on all EC2 instance hosts by updating theec2_imdsv2_transition_payload_enabled flag from false to true. If IMDSv2 hasn’t been explicitly enabled and the hostname isn’t set to the instance ID, the display name may change to the instance ID without affecting Agent behavior. For more information, see the IMDSv2 Enablement by Default documentation.
Bump the Python version to 3.12.9
ECS task collection is now enabled by default (see ecs_task_collection_enabled in the datadog.yaml configuration).

New Features

Added support for obfuscation for valkey command. This feature is enabled by default. To disable it, set DD_APM_OBFUSCATION_VALKEY_ENABLED=false. To replace all valkey command arguments with a single ?, set DD_APM_OBFUSCATION_VALKEY_REMOVE_ALL_ARGS=true (default: false).
APM: Add support for multi-region failover. This feature is controlled via Remote Config and allows the trace-agent to switch to a failover data center when enabled.
Add new card: common field to DogStatsD Datagram specification to allow customer to specify the cardinality of the metric. This field is optional.
Log Agent now officially supports http2 transport to proxy.

Enhancement Notes

Add per-process GPU tagging when running process checks on the Core Agent.
Enable pymem.inuse metric when Agent telemetry is enabled
In rare cases, when the Agent's Network Performance Monitor is enabled and the Agent is identified as contributing to a "Blue Screen of Death" (BSOD) event, Agent telemetry is used to generate a payload that includes Agent's driver code offset for further analysis.
Adds a flag for setting the inactivity timeout and adds support for "check name" for the analyze logs subcommand
Agents are now built with Go 1.23.6.
Added a new feature flag disable_receive_resource_spans_v2 in DD_APM_FEATURES that replaces enable_receive_resource_spans_v2 - the refactored implementation of ReceiveResourceSpans for OTLP is now opt-out instead of opt-in.
Enable IMDSv2 by default for all EC2 instance hosts if IMDSv2 usage was not explicitly enabled.
Added capability to generate profiling data in a flare requested via Remote Config
Image layer digests will no longer report as "<missing>" from Docker runtimes.
Upgraded github.com/DataDog/go-sqllexer to v0.1.1, resulting in reduced CPU usage and improved memory allocation efficiency.
Upgraded github.com/DataDog/go-sqllexer to v0.1.3 to fix a bug that caused the lexer to panic when trimming identifier quotes.
Added a new language detector that uses the apm-inject propagated language, if available.
The KSM core check is now capable of retrying its coordination with the Kubernetes API Server. Failed queries in the check configuration will no longer block the check from being scheduled.
- Add logging for log compression configuration.
- The Agent now validates the log compression setting and falls back to the default compression if an invalid option is provided.
Report resource requirements as native sidecars when restartPolicy=Always is used.
Improved the behavior of the SQL obfuscator cache to allow caching of both obfuscated and normalized queries
APM: Fix a formatting bug where the trace-agent's PID from "agent status" could be displayed in scientific notation for large PIDs.

Deprecation Notes

logs.processed and logs.sent metrics are no longer emitted by the Agent
Deprecation warnings added for the fips-proxy configuration keys (e.g. fips.*) as this is planned to be unsupported in 7.65+ releases of the datadog-agent. Please use the datadog-fips-agent for FIPS compliance instead.
APM: The existing /config/set endpoint on the trace-agent is now deprecated in favor of the /config/set endpoint on the debug port on the trace-agent (default: 5012). The old endpoint will be removed in a future version.

Bug Fixes

Fixed parsing of group resource strings to support groups with periods.
Fixed a bug in the DogStatsD Unix socket server that caused metrics to miss container tags and the Agent to report matched PID for the process is 0 warnings.
Fix issue with FIPS image where some build tags were missing for the process and trace agents during packaging.
Makes CWS report the correct container ID on EKS Fargate.
Fix an issue where ingestion_reason:probabilistic is set even when an OTLP span was sampled by the Error Sampler. To enable the Error Sampler for OTLP spans, you need to set DD_OTLP_CONFIG_TRACES_PROBABILISTIC_SAMPLER_SAMPLING_PERCENTAGE to 99 or lower, or enable DD_APM_PROBABILISTIC_SAMPLER_ENABLED and set DD_APM_PROBABILISTIC_SAMPLER_PERCENTAGE to 99 or lower.
version-manifest.json and version-manifest.txt files now correctly reflect the packages content.
Prevent journald and windows event logs from being errantly marked as truncated in specific circumstances.
Obfuscation Cache Size Calculation: Resolved an issue where the cache item size was underestimated by not accounting for the Go struct overhead (including struct fields and headers for strings and slices). This fix ensures a more accurate calculation of cache item memory usage, leading to better memory efficiency and preventing over-allocation of NumCounters in cache configurations.
Fix potential panic in journald and Windows event tailers during system shutdown
Remove leading expressions in parentheses during SQL normalization.
APM: Fix a rare panic that can occur when using client side stats in the tracers.
APM: Fix an issue where the environment tag was normalized incorrectly. This resulted in some valid envs, like 123foo, having the leading digits removed. This fix allows these envs to pass through unedited.

Other Notes

Add multi line log aggregation telemetry.

Datadog Cluster Agent

Prelude

Released on: 2025-03-19 Pinned to datadog-agent v7.64.0: CHANGELOG.

Upgrade Notes

Datadog Autoscaling is upgraded to use DatadogPodAutoscaler CRD v1alpha2 instead of v1alpha1. Remote (created in Datadog) autoscalers are automatically migrated. In-cluster (Local) autoscalers need to be migrated manually.

New Features

Enable collection of Pod Disruption Budgets by default in the orchestrator check.
Target-based workload selection is now available for Single Step Instrumentation. This feature enables you to instrument specific workloads using pod and namespace label selectors. By applying user-defined labels, you can select workloads for instrumentation without modifying applications. For example, the following configuration injects the Python tracer with a default version for pods labeled with language=python:

instrumentation:
  enabled: true
  targets:
    - name: "Python Services"
      podSelector:
        matchLabels:
          language: "python"
      ddTraceVersions:
        python: "default"

Targets can also be chained together, with the first matching rule taking precedence. For example, the following configuration installs the Python tracer for pods labeled language=python and the Java tracer for pods in a namespace labeled language=java. If a pod matches both rules, the first match takes precedence:

instrumentation:
  enabled: true
  targets:
    - name: "Python Services"
      podSelector:
        matchLabels:
          language: "python"
      ddTraceVersions:
        python: "default"
    - name: "Java Namespaces"
      namespaceSelector:
        matchLabels:
          language: "java"
      ddTraceVersions:
        python: "default"

Targets support tracer configuration options in the form of environment variables. All options must have the DD_ prefix. The following example installs the Python tracer with profiling and data jobs enabled:

instrumentation:
  enabled: true
  targets:
    - name: "Python Apps"
      podSelector:
        matchLabels:
          language: "python"
      ddTraceVersions:
        python: "v2"
      ddTraceConfigs:
        - name: "DD_PROFILING_ENABLED"
          value: "true"
        - name: "DD_DATA_JOBS_ENABLED"
          value: "true"

Enhancement Notes

Enrich kubernetes_state metrics with resource labels or annotations as tags.
The Datadog Cluster Agent admission controller agent sidecar injection now sets up Agent sidecars to run with securityContext of readOnlyRootFilesystem:false by default. Advanced users can customize the securityContext through clusterAgent.admissionController.agentSidecarInjection.profiles.
When there are no pinned library versions in the autoinstrumentation webhook, use detected languages to omit unnecessary libraries.
Error messages displayed in the DatadogMetric Error condition has been improved to reflect more accurately the source of the error.

Deprecation Notes

DD_APM_INSTRUMENTATION_VERSION=v1 has been deprecated and will default to v2.

Bug Fixes

Include gpu_vendor pod tags on the Datadog Cluster Agent when enabling datadog.clusterTagger.collectKubernetesTags.
When the Datadog Cluster Agent injects the Datadog Agent as a sidecar on a Job, the agent will now exit when the main Job completes.

Mar 4, 2025

Agent

Prelude

Release on: 2025-03-04

Please refer to the 7.63.3 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

Fully disable the X25519Kyber768Draft00 key exchange mechanism to avoid issues with firewalls not supporting multi-packet key exchanges, in particular AWS Network Firewall and Suricata.

Datadog Cluster Agent

Prelude

Released on: 2025-03-04 Pinned to datadog-agent v7.63.3: CHANGELOG.

Feb 28, 2025

Agent

Known issues

This version contains a TLS change that can in some circumstances prevent the Agent from communicating with our backend through AWS Network Firewalls due to an upstream issue. If you are using this combination of systems, the recommendation at this time is to downgrade to Agent v7.61 or upgrade to v7.63.3 when it becomes available.

Prelude

Release on: 2025-02-28

Please refer to the 7.63.2 tag on integrations-core for the list of changes on the Core Checks

Datadog Cluster Agent

Prelude

Released on: 2025-02-28 Pinned to datadog-agent v7.63.2: CHANGELOG.

Feb 26, 2025

Agent

Known issues

Prelude

Release on: 2025-02-26

Please refer to the 7.63.1 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

Publish image tags of the datadog-fips-agent build.

Datadog Cluster Agent

Prelude

Released on: 2025-02-26 Pinned to datadog-agent v7.63.1: CHANGELOG.

Feb 19, 2025

Agent

Known issues

Prelude

Release on: 2025-02-19

Please refer to the 7.63.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

Bump the Python version to 3.12.8

New Features

Add support of CIS AlmaLinux 9 Benchmark in CSPM.

Enhancement Notes

Adds a kube_cronjob tag to kubernetes_state.job.duration metric.
Increase the Agent's default ecs_metadata_timeout from 500ms to 1000ms to avoid timeouts.
Enhanced the Containerd Check to use a cache for container image sizes, reducing redundant API calls and improving performance.
Add apm_config.obfuscation.cache.max_size to set the maximum size of the cache in bytes.
Add TCP diagnosis check for logs_config.force_use_tcp.
Added the Linux kernel's dmesg logs into the Agent flare. This information will appear in system-probe/dmesg.log.
Begin collecting metrics from all internal Prometheus registries. Previously, the default registry was ignored, resulting in the omission of the point.sent and point.dropped metrics. This change ensures that all metrics are collected.
Agents are now built with Go 1.23.5.
Include Datadog Process Monitor (ddprocmon) service status in flare on Windows
Language detection adds support for detecting PHP.
When apm.features.enable_receive_resource_spans_v2 is set, trace agent OTLPReceiver now maps HTTP attributes from OTLP conventions to DD conventions. See the full list of attributes here: https://docs.datadoghq.com/opentelemetry/schema_semantics/semantic_mapping/?tab=datadogexporter#http
Adds initial Windows support for UDP probes in Network Path.
Updated Oracle check to lazily initialize the obfuscator. This should improve performance each time the Oracle check runs and collects SQL statements.
The Windows Agent MSI now shows the user an error message if the provided password contains a semicolon.
APM: Introduce sql_obfuscation_mode parameter. The value obfuscate_and_normalize is recommended for DBM customers to enhance APM/DBM correlation.
APM: Adds span events as a top level payload field. Span events received this way will be altered according to rules defined by DD_APM_REPLACE_TAGS. Credit card obfuscation will also be applied to span event attributes.
APM: If apm_config.obfuscation.remove_stack_traces is enabled the trace agent will now also remove the value at span tag exception.stacktrace replacing it with a "?".

Security Notes

Update OpenSSL from 3.3.2 to 3.3.3 addressing CVE-2024-12797.
On Windows, the named pipe \pipedd_system_probe from system probe is now restricted to Local System, Administrators, and the ddagentuser. Any other custom users are not supported.

Bug Fixes

Fixes some existing metric transformer unit tests by correcting their assertions.
Datadog span.Type and span.Resource attributes are set correctly for OTel spans processed via OTel Agent and Datadog Exporter when client span type is a database span.Type.

span.Type logic update is limited to ReceiveResourceSpansV2 logic, set using "enable_receive_resource_spans_v2" in DD_APM_FEATURES

span.Resource logic update is limited to OperationAndResourceNameV2 logic, set using "enable_operation_and_resource_name_logic_v2" in DD_APM_FEATURES

Users should set a span.type attribute on their telemetry if they wish to override the default span type.
Agent flare service status search for datadog services is now case insensitive on Windows
Fixed an issue where the "source" and "service" tags were incorrectly set to "kubernetes" in logs when the Agent runs on ECS EC2.
Bypass sending blank logs configs to the integrations launcher to prevent the launcher from sending JSON parse error logs.
Respect proxy config in symdb endpoint.
Fix IsUserAnAdmin call on Windows to use correct API.
Fixed a bug that occurs when reinstalling marketplace/extra integrations for a RPM package after an Agent upgrade.
Windows installer will not abort if the LanmanServer (Server) service is not running (regression introduced in 7.47.0).
Fix the removal of non-core integrations during Agent upgrades on Windows platforms. To enable persisting non-core integration during install, set INSTALL_PYTHON_THIRD_PARTY_DEPS="1" property during the installation of the MSI.

Datadog Cluster Agent

Prelude

Released on: 2025-02-19 Pinned to datadog-agent v7.63.0: CHANGELOG.

Enhancement Notes

Added support for kubernetesResourcesLabelsAsTags and kubernetesResourcesAnnotationsAsTags in the orchestrator check. Kubernetes resources processed by the orchestrator check can now include labels and annotations as tags, improving consistency with existing tagging configurations.
The Cluster Agent is now able to delete ValidatingAdmissionWebhook and MutatingAdmissionWebhook depending on the admission_controller.validation.enabled and admission_controller.mutation.enabled settings. Note that admission_controller.enabled must be set to true to allow the Cluster Agent to interact with the Kubernetes Admission Controller.

Bug Fixes

Fixes an issue with the datadog.cluster_agent.cluster_checks.configs_dispatched metric emitted by the Cluster Agent telemetry. The metric values could become inaccurate after the Cluster Agent loses and then regains leader status.

Feb 14, 2025

Agent

Known issues

Prelude

Release on: 2025-02-14

Please refer to the 7.62.3 tag on integrations-core for the list of changes on the Core Checks

Datadog Cluster Agent

Prelude

Released on: 2025-02-14 Pinned to datadog-agent v7.62.3: CHANGELOG.

Feb 10, 2025

Agent

Known issues

Prelude

Release on: 2025-02-10

Please refer to the 7.62.2 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

Removes Datadog user's full control of the Datadog data directory on Windows. If you are using custom configured values for log files, confd_path, run_path, or additional_checksd that are within the Datadog ProgramData folder, then you will have to explicitly give the Datadog user write permissions to the folders and files configured.

Security Notes

Removes Datadog user's full control of the Datadog data directory on Windows.

Bug Fixes

On Windows, ensures the ipc_perm.pem file's permissions are updated during installation.
Disables fentry by default in event stream.

Datadog Cluster Agent

Prelude

Released on: 2025-02-10 Pinned to datadog-agent v7.62.2: CHANGELOG.

Bug Fixes

Fix issue where annotations as tags were not showing up properly when certain resource collectors were enabled.

Feb 3, 2025

Agent

Known issues

Prelude

Released on: 2025-02-03

Bug Fixes

Fixes a connection tracking regression in the 7.62 Fargate preview for Cloud Network Monitoring.

Datadog Cluster Agent

Prelude

Released on: 2025-02-03 Pinned to datadog-agent v7.62.1: CHANGELOG.

Jan 29, 2025

Agent

Known issues

Prelude

Released on: 2025-01-29

Please refer to the 7.62.0 tag on integrations-core for the list of changes on the Core Checks

New Features

The Agent will now tag TLS enhanced metrics like tls_version and tls_cipher. This will allow you to filter and aggregate metrics based on the TLS version and cipher used in the connection. The tags will be added in CNM and USM.
Add new system.cpu.user.total, system.cpu.nice.total, system.cpu.system.total, system.cpu.idle.total, system.cpu.iowait.total, system.cpu.irq.total, system.cpu.softirq.total, system.cpu.steal.total, system.cpu.guest.total, system.cpu.guestnice.total metrics with core tag for each one of them.
Implement External Data resolution for APM. This is needed to support the latest Origin Detection spec and resolution with nested virtualization.
The Logs Agent Analyze feature introduces a new subcommand, agent analyze-logs, within the Datadog Agent. This tool helps users test log configurations, regular expressions, and processing rules in isolation. It offers a streamlined, cost-effective way to validate log configurations without running the entire Datadog Agent or sending data to Datadog. This allows users to quickly identify configuration issues.

Enhancement Notes

On Windows, Agent flares now include event logs for .NET applications.
Emit new field: integration for TopologyLinkMetadata for better metrics collection.
Adds tagger tags to pod manifests.
Added the output of sestatus into the Agent flare. This information will appear in system-probe/selinux_sestatus.log.
Extended Agent telemetry histogram details, specifically:
- Added previously omitted and implicit +Inf bucket value to histogram payload.
- Added p75, p95, and p99 histogram values (expressed as the upper-bound for the matching bucket).
Use HTTP zstd compression for the Agent telemetry payloads.
Agents are now built with Go 1.23.3.
Added the output of semodule -l to the Agent flare; this information appears in system-probe/selinux_semodule_list.log.
Metric payloads are compressed using zstd compression by default. This can be reverted to the previous compression kind by adding serializer_compressor_kind: zlib to the configuration.
Network Path will use recent DNS lookups to infer the destination hostname, if they are available. If a DNS lookup is not found, it will query reverse DNS the same way as before.
Adds support for the none cardinality type in the tagger.
For OpenTelemetry GraphQL request spans, the span resource name is now the GraphQL operation type and name.
All process agent endpoints now require authentication.
Extends extra configuration available for templating from Aurora Database Discovery to include %%extra_dbname%% allowing instances which are configured with non-standard DBName field to be discovered successfully
APM: The trace agent endpoint for changing the configured log level now requires authentication so it is only accessible to other Agent processes.

Deprecation Notes

CWS: the runtime_security_config.policies.watch_dir option has been removed. Use remote configuration for dynamically updating policies, or send the SIGHUP signal to the system-probe process to reload the policies.
SNMP profiles containing metric_tags without a specified tag field will now show an error and be ignored, similar to other profile syntax errors.

Security Notes

Move the embedded Python cache out of the installation directory on Windows.

Bug Fixes

Upgrade gstatus binary to version 1.0.9 to work with newer version of GlusterFS.
Fix Windows file permissions on authToken to give access to the Datadog user even when privilege processes create it.
Fixes Windows CTRL-C handler on the agent run command.
Corrects host tagging for the oracle.can_connect service check
Use /var/run/syslog as the default syslog socket path on macOS.
Fixes consistency issue with container image filters. Depending on the Agent configuration, filters were sometimes behaving differently for metrics and logs. For example, an image filter that worked for excluding logs didn't work when used to exclude metrics, and vice versa. The exclusion logic is now consistent between metrics and logs.
Fixed race condition in stream UDS clients of Dogstatsd that allowed for the loss of received data.

Other Notes

Add metrics origins for Quarkus integration.
Add metric origins for Platform Integrations: Cloud Foundry, Jenkins, KubeVirt API, KubeVirt Controller, and KubeVirt Handler.

Datadog Cluster Agent

Prelude

Released on: 2025-01-29 Pinned to datadog-agent v7.62.0: CHANGELOG.

Enhancement Notes

Added support for EndpointSlices in the metadata controller. This feature, enabled by setting kubernetesUseEndpointSlices to true, resolves limitations of Endpoints resources, particularly for services with more than 1000 addresses. Must add endpointslices to DCA cluster role.
The kubernetes_state_core check now collects only metadata for configmaps, reducing memory, CPU, and network usage in the Cluster Agent while preserving full metric functionality.
The Datadog Cluster Agent admission controller agent sidecar injection now sets up Agent sidecars to run with securityContext of readOnlyRootFilesystem:false by default. Advanced users can customize the securityContext via clusterAgent.admissionController.agentSidecarInjection.profiles.

Bug Fixes

Resolved a bug where kube_service tags were not properly deleted when a service's ties to pods on a specific node were removed but the service itself was not deleted.
Add mapping for apiservices and customresourcedefinitions to KSM check to prevent errors on startup with discovering resources.
Include gpu_vendor pod tags on the Datadog Cluster Agent when enabling datadog.clusterTagger.collectKubernetesTags.
When the Datadog Cluster Agent injects the Datadog Agent as a sidecar on a Job, the agent will now exit when the main Job completes.

Jan 23, 2025

Agent

Prelude

Release on: 2025-01-23

Please refer to the 7.53.0 tag on integrations-core for the list of changes on the Core Checks

Enhancement Notes

Agents are now built with Go 1.21.11.
The Datadog agent container image is now using Ubuntu 24.04 noble as the base image.

Security Notes

Fix CVE 2024-41110.
Update golang.org/x/crypto to fix CVE-2024-45337.
Fix CVE-2025-21613.

Datadog Cluster Agent

Prelude

Released on: 2025-01-23 Pinned to datadog-agent v6.53.1: CHANGELOG.

Enhancement Notes

The Datadog cluster-agent container image is now using Ubuntu 24.04 noble as the base image.

Previous 1 2 3 4 5 Next

Similar releases

Other sources from this team

Similar sources

Latest

7.78.0

Source

@DataDog/datadog-agent

Changelog

View changelog

Tracking Since

Apr 20, 2023

Last fetched Apr 19, 2026

.json·.md·.atom