7.76.3

Agent

Prelude

Released on: 2026-03-09

• Please refer to the 7.76.3 tag on integrations-core for the list of changes on the Core Checks

Security Notes

• Bump github.com/cloudflare/circl to fix v1.6.3 to fix CVE-2026-1229.
• Fixed a limited out-of-bounds memory read and DoS vulnerability in Windows kernel driver while handling TLS traffic. The host must have the ddnpm kernel driver service running, by having system_probe_config and network_config enabled, to be affected. This configuration is not enabled by default. Query with PowerShell: Get-Service ddnpm Query with command prompt: sc query ddnpm

Bug Fixes

• Fixed IPv6 address matching logic that caused network traffic to be tracked incorrectly. Fixed failed classification of HTTP DELETE requests. Added additional memory handling and overflow safety checks.

Datadog Cluster Agent

Prelude

Released on: 2026-03-09 Pinned to datadog-agent v7.76.3: CHANGELOG.

7.76.2

Agent

Prelude

Released on: 2026-03-05

• Please refer to the 7.76.2 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

• The infra_mode tag is now correctly added to system.cpu.user on Windows when infrastructure_mode is not set to "full", matching the behavior of the Linux cpu check.

Datadog Cluster Agent

Prelude

Released on: 2026-03-05 Pinned to datadog-agent v7.76.2: CHANGELOG.

7.76.1

Agent

Prelude

Released on: 2026-02-26

• Refer to the 7.76.1 tag on integrations-core for the list of changes on the Core Checks

Security Notes

• APM: On span tags, add obfuscation for ACL command.

Bug Fixes

• Fixes a rare crash in the system-probe process caused by concurrent access to an internal LRU cache.
• Fix a Windows file-permission issue that prevented workload selection policy files from being updated after the initial write.
• Fixed a bug in the disk Go check (diskv2) where custom tags from one check instance would leak into metrics from other instances. Tags are now correctly isolated per instance.
• GPU: ensure gpu.nvlink.speed metric is emitted in Blackwell or newer devices.

Datadog Cluster Agent

Prelude

Released on: 2026-02-26 Pinned to datadog-agent v7.76.1: CHANGELOG.

7.76.0

Agent

Prelude

Released on: 2026-02-23

• Please refer to the 7.76.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

• DDOT now submits Fleet Automation metadata through the upstream datadogextension, which is enabled by default. As a result, your DDOT configuration will now appear under the OTel Collector tab. If you configured otelcollector.converter.features, you may need to add the datadog feature to enable Fleet Automation, as DDOT Fleet Automation metadata is no longer submitted through the ddflareextension.

New Features

• Allow users to filter agent check instances using a new --instance-id parameter, which filters by the instance hash found in the agent status.

• Add privateactionrunner binary in Agent artifacts to allow running actions using the Agent, and enable running it on Linux. The binary is disabled by default. To enable it, set privateactionrunner.enabled: true in your configuration file.

• Integration check failures are now automatically reported to the Agent Health Platform component when enabled via health_platform.enabled: true. This provides structured health issue tracking with:

  • Detailed error context including check name, error message, and configuration source
  • Actionable remediation steps for debugging check failures
  • Automatic issue resolution when checks recover
  • Integration with the health platform telemetry and reporting system

  This feature helps users proactively identify and troubleshoot integration issues across their fleet.

• The Agent Profiling check now supports automatic Agent termination after flare generation when memory or CPU thresholds are exceeded. This feature is useful in resource-constrained environments where the Agent needs to be restarted after generating diagnostic information.

  Enable this feature by setting terminate_agent_on_threshold: true in the Agent Profiling check configuration. When enabled, the Agent uses its established shutdown mechanism to trigger graceful shutdown after successfully generating a flare, ensuring proper cleanup before exit.

  Warning: This feature will cause the Agent to exit. This feature is disabled by default and should be used with caution.

• Experimental support the ConfigSync HTTP endpoints over unix sockets with agent_ipc.use_socket: true (defaults to false).

• Implements the flare command for the otel-agent binary. Now you can run otel-agent flare directly in the otel-agent container to get OTel flares.

• Adds system info metadata collection for macOS end-user devices.

• Adds system info metadata collection for Windows end-user devices.

• Added GPU runtime discovery support for ECS EC2 environments. The Datadog Agent can now detect GPU device UUIDs assigned to containers by extracting the NVIDIA_VISIBLE_DEVICES environment variable from the Docker container configuration. This enables GPU-to-container mapping for GPU metrics without requiring the Kubernetes PodResources API, which is not available in ECS environments.

• After falling back to TCP, the Logs Agent periodically retries to establish HTTP and upgrades the connection once HTTP connectivity is available.

• Container logs now include a LogSource tag indicating whether each log message originated from stdout or stderr. This applies to logs parsed via Docker and Kubernetes CRI runtimes.

• Added paging file metrics to the Windows memory check for pagefile.sys usage.

Enhancement Notes

• Add a new global_view_db variable to AWS Autodisovery templates. By default this is the value of the datadoghq.com/global_view_db tag on the instance or cluster.

• Add NotReady endpoint processing to be on par with EndpointSlices processing.

• The agentprofiling check now retries flare generation 2 times with exponential backoff (1 minute after first failure, 5 minutes after second failure) when flare creation or sending fails. This improves reliability when encountering transient failures during flare generation.

• Adds a kubernetes_kube_service_new_behavior flag (default false) to alter kube_service tag behavior. If the flag is set to true, kube_service tag is attached unconditionally. Previously, the tag was only attached when the Kubernetes service has the status Ready.

• APM: Add custom protobuf encoder for trace writer v1 with string compaction to reduce payload size.

• Extended the autodiscovery secret resolver to support refreshing secrets.

• Agents are now built with Go 1.25.7.

• The datadog-installer setup command now prints human-readable errors instead of mixing JSON and text.

• Added GPUDeviceIDs field to the workloadmeta Container entity to store GPU device UUIDs. This field is populated by the Docker collector in ECS environments from the NVIDIA_VISIBLE_DEVICES environment variable (e.g., GPU-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

• The GPU collector now uses GPUDeviceIDs from workloadmeta as the primary source for GPU-to-container mapping in ECS, with fallback to procfs for regular Docker environments and PodResources API for Kubernetes.

• GPU: add new tag gpu_type to the GPU metrics to identify the type of GPU (e.g., a100, h100).

• Improve eBPF conntracker support by using alternate probes when the primary probe is unavailable, enabling compatibility with GKE Autopilot and other environments running Google COS.

• The logs.dropped metric now tracks dropped logs for both TCP and HTTP log transports. Previously, this metric was only available when using TCP transport. Customers can now monitor dropped logs with a single unified metric regardless of which transport protocol is configured, making it easier to detect and troubleshoot log delivery issues.

• The logs agent now supports using start_position: beginning and start_position: forceBeginning with wildcard file paths. Previously, configurations like path: /var/log/*.log with start_position: beginning would fail validation. The agent's fingerprinting system when enabled prevents duplicate log reads during file rotation, making this combination safe to use.

• Site config URLs are now lowercased for consistent handling.

• APM: Add tags databricks_job_id, databricks_job_run_id, databricks_task_run_id, config.spark_app_startTime, config.spark_databricks_job_parentRunId to the default list of tags that are known to not be credit card numbers so they are skipped by the credit card obfuscator.

• Add option to switch on/off Infra-Attribute-Processor for traces in the OTLP ingest pipeline.
  otlp_config:
  traces:
  infra_attributes:
  enabled: false

  These settings can be configured in the Agent config file or by using the environment variables.

• The Datadog Agent now collects AWS Spot preemption events (requires IMDS access) as Datadog events.

• Added network_config.dns_monitoring_ports, which is a list of DNS ports Cloud Network Monitoring will use to monitor DNS traffic on.

• Automatically tag, but don't aggregate, multiline logs. Logs are tagged with the number of other logs they could potentially be aggregated with.

• Update the histogram helpers API in the pkg/opentelemetry-mapping-go/otlp/metrics package. The API now accepts accept pointers to the OTLP data points, and returns blank DDSketches when the pointer is nil.

• Update image resolution attempt telemetry to include the tag specified in the configuration, and remove the registry and digest_resolution tags.

• Windows: Add a new flare artifact agent_loaded_modules.json listing loaded DLLs with metadata (full path, timestamp, size, perms) and version info (CompanyName, ProductName, OriginalFilename, FileVersion, ProductVersion, InternalName). Keeps <flavor>_open_files.txt for compatibility.

Deprecation Notes

• The command agent diagnose show-metadata inventory-otel has been removed. To display DDOT metadata, you can query the datadog extension endpoint: http://localhost:9875/metadata.

Bug Fixes

• Properly scrub sensitive information from Kubernetes pod specifications in agent flares. Environment variables with sensitive names are now redacted.
• Fixed a bug where long Kubernetes event bundles were being truncated by dogweb.
• APM: Fix a bug where the Agent would log a warning when the DD_APM_MODE environment variable was unset.
• Properly parse the image_tag tag when defining a container spec that uses both an image tag and a digest like nginx:1.23@sha256:xxx.
• Updates tag enrichment logic to retry on failed tag resolution attempts. This regression was introduced in #41587 on Agent v7.73+. Impacts origin detection on cgroup v2 runtimes with DogStatsD, which led to tags not being enriched, even if origin detection was possible by using other methods like container ID from socket or ExternalData.
• Fixed a regression in the Go-native disk check (diskv2) where a failure in IO counter collection (e.g. ERROR_INVALID_FUNCTION from DeviceIoControl on Windows Server 2016) caused all disk metrics to be discarded, including successfully collected partition/usage metrics such as system.disk.total, system.disk.used, and system.disk.free. IO counter collection is now best-effort: known errors such as ERROR_INVALID_FUNCTION are logged at debug level, while unexpected errors are logged as warnings. Neither prevent partition metrics from being reported.
• Fleet installer: ensure the DD_LOGS_ENABLED environment variable is honored again when running setup scripts, so Windows installs using the new installer flow properly. Sets logs_enabled in datadog.yaml.
• Fixes a bug introduced in 7.73.0 that can cause a remote Agent update through Fleet Automation to fail to restore the previous version if the MSI fails a...

7.75.4

Agent

Prelude

Released on: 2026-02-17

• Please refer to the 7.75.4 tag on integrations-core for the list of changes on the Core Checks

Enhancement Notes

• Agents are now built with Go 1.25.7.

Security Notes

• APM: On span tags, add obfuscation for HELLO and MIGRATE Redis commands.
  Similar to AUTH, all arguments passed to these commands will be obfuscated and replaced with ?.

Datadog Cluster Agent

Prelude

Released on: 2026-02-17 Pinned to datadog-agent v7.75.4: CHANGELOG.

7.75.3

Agent

Prelude

Released on: 2026-02-11

• Please refer to the 7.75.3 tag on integrations-core for the list of changes on the Core Checks

Security Notes

• Bump the version of envoyproxy/gateway to 1.5.7

Datadog Cluster Agent

Prelude

Released on: 2026-02-11 Pinned to datadog-agent v7.75.3: CHANGELOG.

7.75.2

Agent

Prelude

Released on: 2026-02-04

• Please refer to the 7.75.2 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

• Update OpenJDK to 11.0.30. This release includes changes that may negatively affect JMX integrations that use TLS. Refer to OpenJDK release notes for more information.

Bug Fixes

• Disable the SNMP device scan by default.
• Fixes a regression introduced in version 7.75 that caused Workload Protection File Integrity Monitoring to be disabled by default when installing the Datadog Agent via the Helm chart.
• Fixes a bug introduced in Agent v7.74 where unresolved SSH sessions could cause Workload Protection events to be delayed for several minutes, potentially blocking the delivery of other Workload Protection events.
• GPU: fix metric type for gpu.nvlink.*, gpu.pci.replay_counter and gpu.remapped_rows.* metric that were reported as counters instead of gauges

Datadog Cluster Agent

Prelude

Released on: 2026-02-04 Pinned to datadog-agent v7.75.2: CHANGELOG.

7.75.1

Agent

Prelude

Release on: 2026-01-28

• Please refer to the 7.75.1 tag on integrations-core for the list of changes on the Core Checks

Enhancement Notes

• Agents are now built with Go 1.25.6.

Bug Fixes

• GPU: fix an issue where containerd image creation could be blocked sporadically when advanced eBPF metrics are enabled
• Change the Log Agent default TCP port for datadoghq.eu from the incorrect value of 10516 to the correct 443.
• Resolves an issue where NetFlow metrics are submitted every 10 seconds, instead of aggregating for the full interval per Source/Destination pair.

Datadog Cluster Agent

Prelude

Released on: 2026-01-28 Pinned to datadog-agent v7.75.1: CHANGELOG.

7.75.0

Agent

Known issues

• This Agent version contains a bug that increases Netflow flush frequency by 2-30x due to missing flushConfig in ImmediateFlowScheduler, causing unexpected billing spikes for Netflow customers. Use Agent versions 7.75.1 or later instead.

Prelude

Release on: 2026-01-21

• Please refer to the 7.75.0 tag on integrations-core for the list of changes on the Core Checks

Upgrade Notes

• system-probe will now attempt to read datadog.yaml from the same directory as system-probe.yaml. Previously, system-probe would always use the default configuration directory to read datadog.yaml. If you need to specify a different directory for datadog.yaml, you may use the --datadogcfgpath CLI argument to system-probe.

New Features

• Added support for infrastructure_mode: end_user_device configuration option. When enabled, this mode automatically activates key monitoring features tailored for end-user devices including process collection, software inventory tracking, and notable events monitoring. These settings can still be individually overridden in the configuration file if needed.
• Make MSI install the DDOT OCI package via command line option.
• Add a new collector that will collect all CustomResourceDefinitions on the cluster.
• Add new Data Streams intake for Kafka messages
• [APM] Add support for DD_APM_MODE=edge. This mode configures the Agent to receive traces from edge devices.
• The datadog-agent now uses datadog-secret-backend v1.5.0 which added support for Kubernetes secrets via the Secrets API, Kubernetes file-based secrets, support for Docker secrets, and support for plaintext file secrets.
• Collect feature gate and version data as part of kubernetes api server workloadmeta collector.
• Added a system battery check for macOS hosts to monitor battery health.
• Added a system battery check for Windows hosts to monitor battery health.

Enhancement Notes

• Add a new azure_metadata_api_version configuration option to allow customers to specify the Azure Instance Metadata Service (IMDS) API version used by the Agent. The default value is now 2021-02-01. This setting can be configured via azure_metadata_api_version in datadog.yaml or the DD_AZURE_METADATA_API_VERSION environment variable.

• The Agent's embedded Python has been upgraded from 3.13.10 to 3.13.11

• Fixed a potential race condition in the Cloud Foundry CCCache locking mechanism by replacing custom lock management with singleflight. This change improves handling of concurrent cache misses.

• Add the canonical version annotation to the image named internal.apm.datadoghq.com/[lang/injector]-canonical-version. This makes it easier to track the actual version of the image used in the cluster, instead of just a digest or mutable tag.

• Dogstatsd named pipe on Windows is now read/writeable for everyone by default. This prevents an Access is denied error when opening a named pipe for dogstatsd server on a Windows Azure App Service Web app. Security descriptor for the named pipe can be customized via dogstatsd_windows_pipe_security_descriptor.

• Detect connection issue when using FQDN in agent diagnose

• Agents are now built with Go 1.25.5.

• The datadog-secret-backend now allows implicit Vault authentication to be set as a config option or an env var Added a configurable max_file_read_size config option to file.yaml, file.json, & file.text to prevent OOM reads

• Added Microsoft Store apps to Windows Software Inventory integration.

• Added a new boolean environment variable DD_OTELCOLLECTOR_GATEWAY_MODE for precise identification of the DDOT operating mode. The variable automatically configured via the Helm chart, the Operator, or set manually. Acceptable string values are (case insensitive): "true", "false", "1", "0"

• The Discovery module is now enabled by default if system-probe is enabled. It can be disabled by setting discovery.enabled: false in system-probe.yaml, or by setting the DD_DISCOVERY_ENABLED environment variable to false.

• The Agent's logger has been rewritten with a more modern library to improve security and performance. No visible change is expected for users. In case of issues, the previous logger can still be used by setting log_use_slog to false in the Agent configuration. This configuration will be removed in a future release.

• Enable the orchestrator_explorer.kubelet_config_check.enabled by default.

• Bump OpenTelemetry Collector dependencies to v0.141.0/v1.47.0

• OTLP spans describing an HTTP error without an explicit error message will now fallback to one with a description, eg. "500 Internal Server Error" instead of just "500". Users who relied on the error message to extract the status code should use http.response.status_code instead.

  Additionally, the error message is no longer sourced from the deprecated http.status_text attribute. This behavior can be overridden by explicitly setting the span's status message.

• On Windows, adds process name to live processes via file properties.

• Single Step Instrumentation now uses the Python tracer major version 4 by default. Customers instrumenting Python applications through SSI should review the [4.0.0](https://github.com/DataDog/dd-trace-py/releases/tag/v4.0.0) release notes and the [compatibility guide](https://docs.datadoghq.com/tracing/trace_collection/compatibility/python/) to ensure their Python applications are compatible.

• Add flare support for workloadfilter component.

Deprecation Notes

• APM: Removed unused configuration options apm_config.service_writer.queue_size, and apm_config.service_writer.connection_limit. These options were already ignored.
• macOS 11 is not supported anymore, macOS 12 becomes the new minimally supported version.

Bug Fixes

• Reduced log verbosity in the aggregator by changing the log level from Info to Debug for the message logged when no value is returned for a check metric.
• Add missing files (runtime config dump, go routines) in cluster-agent flare.
• Fix small bug in Cluster Autoscaling when checking Target Hash value.
• Fixed ddnpm to report TLS cipher suite and chosen TLS version.
• Fixes a bug on ecs fargate where the container check on the core agent was not reporting the status of the container
• Fixed incorrect docker.cpu.shares metric values on cgroups v2 systems running runc >= 1.3.2 or crun >= 1.23. The new container runtimes use a different formula to convert CPU shares to cgroup v2 weight, which caused the Agent to report wrong values (e.g., 2597 instead of 1024 for default shares). The Agent now auto-detects which conversion formula the runtime uses and applies the correct inverse transformation.
• Fixed ECS ARN parsing to support AWS GovCloud (aws-us-gov) and China (aws-cn) regions. Previously, only the standard aws partition was accepted, causing ECS metadata extraction to fail for customers running the Datadog Agent in GovCloud or China regions. This resulted in empty region and account ID values, breaking ECS monitoring for these customers.
• Fixed live process file descriptor resolution on Windows to use the full executable path.
• Fixes a bug in the SNMP integration, where some metrics defined in an instance config were not reported.
• Fixed a bug in the SNMP integration, where a custom profile's sysObjectIDs could conflict with default profiles' when defining the name field in the custom profile.
• Fixes remote tagger implementation to backoff when the stream is initialized but receiving events through the stream fails.
• Fix SNMP Autodiscovery bug where the Agent had to be restarted to take into account new devices discovered in a subnet.
• Fixes a rare crash on Windows during the Wi-Fi check when the Agent cannot find a matching Wi-Fi adapter on some computers.
• Fixed ownership and permissions for the /opt/datadog-agent/run directory in Agent and Cluster Agent Docker images. This resolves permission errors encountered by Remote Configuration when running as a non-root user (UID 100), such as in AWS ECS Fargate environments.
• The NTP check now submits the ntp.offset metric using the timestamp returned by the NTP server rather than the local system clock. This restores the behavior present in Agent v5 and prevents incorrect metric alignment when host clocks are skewed.
• OTLP span events recording exceptions no longer have their stack trace duplicated on the parent span. This previously led to duplicate errors on the Error Tracking page.
• Fixed SNMP network topology metadata where LLDP remote device IP addresses could be incorrectly mapped when multiple devices shared the same remote index on different ports.

Other Notes

• This feature is currently in development and is protected under the feature flag:
  cluster_checks.crd_collection

• For up-to-date docs, check out the secret-backend changelog, and the Datadog Secrets Management documentation

• Refactored Cloud Foundry CCCache and BBSCache to use dep...

7.74.1

Agent

Known issues

• This Agent version contains a bug that increases Netflow flush frequency by 2-30x due to missing flushConfig in ImmediateFlowScheduler, causing unexpected billing spikes for Netflow customers. Use Agent versions 7.75.1 or later instead.

Prelude

Release on: 2026-01-12

• Please refer to the 7.74.1 tag on integrations-core for the list of changes on the Core Checks

Bug Fixes

• Fix fatal concurrent map access errors that might occur when system-probe evaluates SSH monitoring security rules.
• Fix a bug that crashes the Agent when remotely changing the system-probe configuration from Fleet Automation.

Datadog Cluster Agent

Prelude

Released on: 2026-01-12 Pinned to datadog-agent v7.74.1: CHANGELOG.