Kubernetes 2.0 Container Agent

Enhancements

Prometheus Kubernetes Service Discovery Receiver Support

The OpsRamp Kubernetes 2.0 Agent now supports the Prometheus Kubernetes Service Discovery (K8s SD) receiver, enabling automatic discovery and collection of metrics from workloads that expose Prometheus-compatible metrics endpoints in Kubernetes environments.

With Kubernetes service discovery, the Agent dynamically discovers scrape targets using the Kubernetes REST API and continuously keeps them in sync with the current cluster state. This eliminates the need for static target configuration and ensures newly created or updated workloads are monitored automatically.

The receiver also supports the use of relabel_configs, allowing you to:

  • Filter metrics and targets
  • Enrich metrics with custom labels
  • Normalize label values for consistent querying

See the Prometheus Kubernetes Service Discovery document for more information.

NVIDIA GPU Monitoring Support

The OpsRamp Kubernetes 2.0 Agent now supports NVIDIA GPU monitoring, making it suitable for AI, ML, and high-performance computing (HPC) workloads.

Using this integration, the Kubernetes 2.0 Agent can collect GPU metrics related to:

  • GPU health
  • Resource utilization
  • Workload behavior

See the NVIDIA DCGM Exporter document for more information.

Redis Dependency and Version Update

The OpsRamp Kubernetes Agent 2.0 includes Redis as a dependent library for internal operations. As part of this release, the following Redis components and versions are supported:

  • Redis image version: 8.2.2
  • Redis Sentinel image version: 8.2.1-debian-12-r0

Kubernetes 1.0 Container Agent

Enhancements

GPU Serial Number Support

The OpsRamp Kubernetes 1.0 Agent now supports adding GPU serial numbers as metric labels when available.

You can add the label:

  • DCGM_FI_DEV_SERIAL

This label is included only if the DCGM exporter exposes the serial number metric. If the serial label is not present in the exporter’s metrics, it is not added.

VM Agent

Enhancements

Alibaba Cloud Environment Support

The OpsRamp Agent now supports Alibaba Cloud environments, expanding cloud platform compatibility.

  • Unique identification and discovery of Alibaba Cloud instances by the Agent
  • Transmission of Alibaba Cloud metadata (such as provider type and instance ID) to the OpsRamp cloud platform

Logical AND Operator Support in Custom Application Definitions

Custom Application Definitions now support the logical AND operator, enabling more accurate and targeted application discovery.

Previously, discovery rules evaluated conditions using only the OR operator, which limited the ability to require multiple criteria for application identification. With this enhancement, discovery rules can now evaluate multiple required conditions simultaneously, improving precision. Supported condition types include:

  • Service checks
  • Process checks
  • Port checks

Example:

- name: mongodb 
  version: 1 
  instance-checks: 
    logical-and-operation : true 
    service-check: 
     - mongod 
     - mongodb 
    process-check: 
     - mongodb 
     - mongod 
    port-check: 
     - 27017 
     - 27018 
     - 27019

See the App Definitions document for more information.

Patch Scan Progress Status Support

The OpsRamp Agent now reports patch scan progress statuses, providing better visibility into patch operations. Supported statuses include:

  • Initiated
  • In Progress
  • Completed

Previously, progress status was available only for patch installation jobs. This enhancement extends the same visibility to patch scan jobs, enabling you to better track and manage patching activities.

See the Patch Scan document for more information.

Support for Credential Macros within Scripts

When executing scripts using Process Automation, you can now use credential macros within the scripts. These macros are replaced with actual credentials during script execution.

Removal of WMIC Dependency in Windows Agent

The OpsRamp Windows Agent no longer depends on the WMIC (Windows Management Instrumentation Command-line) tool for device discovery.

WMIC is being deprecated and removed in newer Windows Server versions, including Windows Server 2025. Earlier versions of the agent relied on WMIC to collect basic system information such as:

  • DNS details
  • Device serial number

To ensure continued compatibility with modern Windows platforms, the agent now uses alternative Windows-native discovery mechanisms to retrieve this information.

Bug Fixes

  • Fixed an issue where disk usage reporting could fail when a disk reaches 100% capacity. The Agent now skips the affected iteration and reports the correct count in the subsequent iteration, ensuring continued metric collection.
  • Fixed an issue where RDP and VNC information had poor contrast in dark theme. Updated the HTML styling to support all theme colors consistently across both new and old UI versions.

Security Fixes

This release includes security updates to address multiple vulnerabilities, improving the overall security posture of the Agent and its dependencies.

  • CVE-2025-47914 – Added message size validation in SSH Agent processing to prevent crashes from malformed requests.
  • CVE-2025-47912 – Enforced strict URL host validation to allow only valid IPv6 addresses inside brackets, per RFC standards.
  • CVE-2025-58181 – Added limits and validation for GSSAPI authentication mechanisms to prevent unbounded memory usage.
  • CVE-2025-58183 – Introduced bounds on sparse region handling when reading tar archives to prevent excessive memory allocation.
  • CVE-2025-58185 – Updated ASN.1/DER parsing to validate payloads before allocating memory, preventing memory exhaustion.
  • CVE-2025-68121 – Fixed TLS session resumption logic to re-validate certificates and trust chains during resumed handshakes.
  • CVE-2025-61728 – Optimized ZIP archive indexing to prevent CPU exhaustion from maliciously crafted archives.
  • CVE-2025-61730 – Corrected TLS 1.3 handshake processing to ensure messages are handled at the correct encryption level.
  • CVE-2025-61726 – Added limits on query parameter parsing to prevent memory exhaustion from large URL-encoded forms.
  • CVE-2025-61723 – Improved PEM parsing to ensure linear-time processing, preventing high CPU usage from malformed inputs.
  • CVE-2025-15467 – Fixed a critical OpenSSL issue by validating AEAD parameters and preventing stack buffer overflows when parsing encrypted CMS messages.