Soda Agent - Release notes
Review release notes for Soda Agent, a Helm chart for deployment on EKS clusters.
soda-agent 1.3.2
soda-agent 1.3.2
02 October, 2025
Soda Library version: 1.12.24
Bump contracts launcher to 0.1.13
Introduced support for reconciliation checks in data contracts.
Fixed an issue for profiling columns with special characters in the column name. This would previously fail with query errors on various data sources.
Security: [CVE-2025-50817] A known vulnerability exists in python-future which is an indirect dependency of soda-agent. No patched version of python-future is available. It is exploitable only if attackers can write files on the server. Soda's cloud infrastructure is hardened against this attack. Users should ensure servers are hardened to prevent unauthorized file writes.
Security: [CVE-2025-59375] A known vulnerability exists in libexpat, a library for parsing XML files. It is included with the JRE environment used by soda-agent. The Soda agent application does not use any XML files. No impact and no action required.
soda-agent 1.3.1
soda-agent 1.3.1
25 September, 2025
Introduced preview support for diagnostics warehouse.
Full diagnostic information for data contracts.
Identify rows failing data contract verification.
Available on supported checks:
Missing check
Invalid check
Available on supported data sources:
PostgreSQL
SQL Server (max 10,000 failed rows)
Snowflake
Databricks
BigQuery
This is a preview release which may still have issues for large data volumes.
Introduced support for warning threshold in data contracts.
Introduced support for group-by check in data contracts.
Fixed an issue for the last modification time observability monitor on PostgreSQL.
Security: [CVE-2025-50817] A known vulnerability exists in python-future which is an indirect dependency of soda-agent. No patched version of python-future is available. It is exploitable only if attackers can write files on the server. Soda's cloud infrastructure is hardened against this attack. Users should ensure servers are hardened to prevent unauthorized file writes.
Security: [CVE-2025-59375] A known vulnerability exists in libexpat, a library for parsing XML files. It is included with the JRE environment used by soda-agent. The Soda agent application does not use any XML files. No impact and no action required.
v4 initial release - soda-agent 1.3.0
soda-agent 1.3.0
01 September, 2025
Introduced automatic partition column detection.
Based on warehouse metadata.
Based on data patterns.
Introduced support for metric monitoring (both dataset- and column-level monitors).
Group column-level monitor by any column to get insights per segment.
Configurable threshold strategy, exclusion values and sensitivity.
Support for user feedback to flag anomalies & improve algorithm performance.
Support for configurable frequencies.
Supported frequencies: hourly, two-hourly, three-hourly, four-hourly, six-hourly, eight-hourly, 12-hourly, daily, weekly.
Available on supported data sources:
Athena, Bigquery, Databricks, Fabric, Postgres, Redshift, Snowflake, SQL Server, Synapse.
Introduced sampling strategy for dataset profiling.
You can now choose between the top 1,000,000 rows or the last 30 days of data (based on partition column).
Increased default resource limits to meet increased demand for metric monitoring features.
Requests
CPU: 250m (unchanged)
Memory: 250 MiB → 500 MiB
Limits
CPU: 250m → 500m
Memory: 250 MiB → 750 MiB
SECURITY: [CVE-2025-50817] A known vulnerability exists in python-future which is an indirect dependency of soda-agent. No patched version of python-future is available. It is exploitable only if attackers can write files on the server. Soda's cloud infrastructure is hardened against this attack. Users should ensure servers are hardened to prevent unauthorized file writes.
SECURITY: [CVE-2025-47907] Race condition in Go’s database/sql package. This item is listed for transparency because it was flagged by our automated scanning. The version of kubectl distributed by Kubernetes and included in soda-agent is built against a Go release that includes the affected code, but kubectl does not use the vulnerable functionality. No advisory has been issued by the Kubernetes project and no patched version of kubectl is currently available. No impact and no action required.
Last updated
Was this helpful?