Changelog

Due to the retirement of the kubernetes/ingress-nginx in March 2026, DataDome will deprecate support of the Ingress Nginx controller module and its docker image.

• Fix CVE-2025-6020, CVE-2025-68973, and CVE-2025-15467

@datadome/module-express

• Add Model Context Protocol (MCP) support
• Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
• Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features

• Add support for partitioned cookies (CHIPS)
• Detection improvements

• Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
• Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features

• Add GraphQL support

• Collect Skyfire-Pay-ID header for AI bot monetization
• Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
• Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features

• Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
• Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features

• Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
• Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features