Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

September 26, 2024

Anthos Config Management

You can now configure Config Sync fleet defaults with gcloud commands starting in gcloud version 494.0.0. See the Config Sync gcloud documentation for reference.

Upgraded the git-sync dependency from v4.2.3 to v4.2.4.

Apigee API hub

On September 26, 2024, Apigee announced the GA launch of Apigee API hub.

A new "Get started with API hub" page was added to the user interface. This new page includes valuable getting started information, including a new FAQ, to help you get the most out of API hub.

We added a new Supply chain page where you can create, view and manage your dependencies across API operations. The same dependencies can also be created from the API operations page. See Manage dependencies.

The Semantic Search (formerly Smart Search) user interface has been improved, and search results are shown across all API hub entities, such as APIs, deployments, specifications, and versions. See Search and filter APIs.

We added support for GMEK and CMEK in the provisioning steps. While provisioning, you can also choose to host your Vertex search data in a different location or disable Vertex search altogether. See Provision API hub.

We added support for Cloud audit logging.

The List APIs for specifications, dependencies, and external APIs have been enhanced to return a complete response, including user-defined attributes.

While you can use API hub by making direct REST over HTTP requests, we now provide client libraries for several popular languages. See API hub client libraries.

Significant user interface improvements were made, such as standardization of cards on the API details page, unlinking of deployments, various performance fixes, and more.

Cloud Data Fusion

The SAP ODP batch source plugin version 0.11.3 is available in Cloud Data Fusion versions 6.8.0 and later. This release includes the following changes:

  • Fixed an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage. To address the issue, you must upgrade the Cloud Storage client library to version 2.3.0 or later.

  • Fixed an issue causing memory errors in the SAP system. You can choose to load changed data without loading historical data first. You can select this option in the plugin properties.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in Frankfurt, Germany, Europe (europe-west3-a).

Google Kubernetes Engine

(2024-R37) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1577000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
    • 1.30.4-gke.1476000
    • 1.31.0-gke.1506000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1577000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1577000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

Stable channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

No channel

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1476000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

September 25, 2024

AlloyDB for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Application Integration

View logs in Cloud Logging

Viewing integration execution logs in Cloud Logging is now generally available (GA). For more information, see View logs in Cloud Logging

Bigtable

You can perform similarity vector search in Bigtable by finding the K-nearest neighbors. This feature is available as part of the GoogleSQL for Bigtable Preview.

Cloud SQL for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Cloud Storage

Cross-bucket replication is now available in Cloud Storage. You can use cross-bucket replication to copy new and updated objects asynchronously from a source bucket to a destination bucket. For more information on how to use cross-bucket replication, see Using cross-bucket replication.

Generative AI on Vertex AI

The Llama 3.2 90B model is available in Preview on Vertex AI. Llama 3.2 90B enables developers to build and deploy the latest generative AI models and applications that use Llama's capabilities, such as image reasoning. Llama 3.2 is also designed to be more accessible for on-device applications. For more information, see Llama models.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1000-gke.59 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1000-gke.59 runs on Kubernetes v1.28.13-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following vulnerabilities in 1.28.1000-gke.59:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.100-gke.96

Google Distributed Cloud for bare metal 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.100-gke.96 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Added --skip-preflight flag to the bmctl upgrade command to prevent preflight checks from running during an upgrade.

The following container image security vulnerabilities have been fixed in 1.30.100-gke.96:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Spanner

Spanner now supports the spanner.farm_fingerprint() hash function in PostgreSQL-dialect databases.

Vertex AI Agent Builder

Vertex AI Search: gemini-1.5-flash-002/answer_gen/v1 model

The gemini-1.5-flash-002/answer_gen/v1 model is available for answer generation. This model is based on the gemini-1.5-flash-002 model and has been further tuned to address question and answering tasks.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: Update to the preview model

The preview model for answer generation has been updated to gemini-1.5-pro-002 from gemini-1.5-pro-001.

For more information, see Answer generation model versions and lifecycle.

September 24, 2024

Application Integration

The Resolve JSON Path data transformer function is now available. This function resolves a JSON path on a given JSON object by using the JSONPath reference.

BigQuery

You can now use Cloud KMS Autokey to automate the creation and use of customer-managed encryption keys (CMEKs), including the Cloud HSM service. This feature is generally available (GA).

BigQuery ML now offers the following expanded embedding support features:

Try these capabilities with the following tutorials:

These features are generally available (GA).

BigQuery ML now offers the following AI features:

These BigQuery ML feature are generally available (GA).

Cloud Database Migration Service

Database Migration Service support for homogeneous SQL Server to Cloud SQL for SQL Server migrations is now generally available (GA). For more information, see Database Migration Service for homogeneous SQL Server documentation.

Database Migration Service for homogeneous PostgreSQL migrations to AlloyDB for PostgreSQL now supports PostgreSQL version 16. See Supported source and destination databases in AlloyDB for PostgreSQL migrations.

Cloud Key Management Service

Cloud KMS with Autokey is now in General Availability for Cloud Storage, Compute Engine, BigQuery, Secret Manager, Cloud SQL, and Spanner.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings. For more information, see Autokey overview.

Cloud Run

GPU support (Preview) is now available in the following region: asia-southeast1.

Cloud Storage

Cloud Storage is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys. To learn more about Cloud KMS Autokey, see Autokey overview.

Generative AI on Vertex AI

New stable versions of Gemini 1.5 Pro (gemini-1.5-pro-002) and Gemini 1.5 Flash (gemini-1.5-flash-002) are Generally Available. These models introduce broad quality improvements over the previous 001 versions, with significant gains in the following categories:

  • Factuality and reduce model hallucinations
  • Openbook Q&A for RAG use cases
  • Instruction following
  • Multilingual understanding in 102 languages, especially in Korean, French, German, Spanish, Japanese, Russian, and Chinese.
  • SQL generation
  • Audio understanding
  • Document understanding
  • Long context
  • Math and reasoning

For more information about differences with the previous model versions, see Model versions and lifecycle.

Gemini 1.5 Pro and Gemini 1.5 Flash now support multimodal input with function calling. This feature is in Preview.

The Vertex AI prompt optimizer adapts your prompts using the optimal instructions and examples to elicit the best performance from your chosen model. This feature is available in Preview. To learn more, see Optimize prompts.

Gemini 1.5 Pro and Gemini 1.5 Flash Tuning is now available in GA. Tune Gemini with text, image, audio, and document data types using the latest models:

  • gemini-1.5-pro-002
  • gemini-1.5-flash-002

Gemini 1.0 tuning remains in preview.

For more information on tuning Gemini, see Tune Gemini models by using supervised fine-tuning.

The latest versions of Gemini 1.5 Flash (gemini-1.5-flash-002) and Gemini 1.5 Pro (gemini-1.5-pro-002) use dynamic shared quota, which distributes on-demand capacity among all queries being processed. Dynamic shared quota is Generally Available.

Google Kubernetes Engine

GKE clusters using the Network Policy feature and Pods specifying a hostPort might have experienced networking connectivity issues after control plane upgrades. As a precaution, GKE disabled auto-upgrades for potentially impacted clusters.

The following GKE versions contain a fix for this issue and are safe to manually upgrade to:

  • 1.27.16-gke.1342000 or later
  • 1.28.13-gke.1078000 or later
  • 1.29.8-gke.1157000 or later
  • 1.30.4-gke.1282000 or later
  • 1.31 or later

GKE control plane upgrades are now resumed and clusters will be auto-upgraded when the patch version becomes an auto-upgrade target for your clusters, honoring maintenance windows and exclusions.

Looker

The following Gemini in Looker features are available in Public Preview:

To learn more about how to activate these features, see Administer Gemini on your Looker (Google Cloud core) instance.

Spanner

Spanner now offers editions, a tier-based pricing model that provides greater flexibility, better cost transparency, and opportunities for cost savings. You can choose between the Standard, Enterprise, and Enterprise Plus editions, letting you pick the right set of capabilities to fit your needs and budget. To learn more, read the Spanner editions overview and blog.

Spanner is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys (CMEK) overview. To learn more about Cloud KMS Autokey, see the Autokey overview.

September 23, 2024

App Engine flexible environment PHP App Engine standard environment PHP BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.0 (2024-09-18)

Features
  • bigquery/migration: Update MS API stubs with Unified API (1bb4c84)
  • bigquery: Add support for Go 1.23 iterators (84461c0)
  • bigquery: New client(s) (#10774) (9638b8d)
Bug Fixes
  • bigquery: Bump dependencies (2ddeb15)
  • bigquery: ProcessStream check ctx done when queuing non retryable err (#10675) (60ad7f3)
  • bigquery: Properly handle RANGE type arrays (#10883) (ce3d492)
  • bigquery: Remove retry on FailedPrecondition (#10671) (ab9a961)
  • bigquery: Update dependencies (257c40b)
  • bigquery: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • bigquery/datatransfer: Add a note to the CreateTransferConfigRequest and UpdateTransferConfigRequest to disable restricting service account usage (2710d0f)
  • bigquery/datatransfer: Deprecate authorization_code (84461c0)
  • bigquery/migration: A comment for field name in message .google.cloud.bigquery.migration.v2.MigrationWorkflow is changed to include 'Identifier' (1bb4c84)
  • bigquery/migration: A comment for field translation_config_details in message .google.cloud.bigquery.migration.v2.MigrationTask is changed (1bb4c84)
  • bigquery/migration: A comment for field type in message .google.cloud.bigquery.migration.v2.MigrationTask is changed to include new supported types (1bb4c84)
  • bigquery/storage: A comment for field location_uri in message .google.cloud.bigquery.storage.v1alpha.StorageDescriptor is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsRequest is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsResponse is changed (2710d0f)

You can now create workflows to execute code assets in sequence at a scheduled time. This feature is in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.44.0 (2024-09-16)

Features
Dependencies
Buildpacks Carbon Footprint

Scope 2 market-based emissions data is now Generally Available. This metric represents purchased electricity, incorporating Google's annual renewable energy purchases. Scope 2 emissions on this page are estimated using annual emissions factors from government sources (IEA, EPA & AIB). You can learn more here about the methodology and the difference between location-based and market-based emission metrics.

Scope 2 market-based emissions data is available only from January 2023 onwards and can be accessed in:

Cloud Build

Cloud Build is now available in the africa-south1 region.

For more information, see Cloud Build locations.

Cloud Data Fusion

The Cloud Data Fusion version 6.10.1.1 patch revision is generally available (GA). 6.10.1.1 includes the following changes:

The Cloud Data Fusion version 6.9.2.4 patch revision is GA. 6.9.2.4 includes the following changes:

  • Cloud Data Fusion stores lineage-related information for 30 days by default, in addition to cleaning up run records (CDAP-21053).
  • Added support to disable Field level lineage. For more information, see Explore Data Lineage using metadata (CDAP-21007).
  • Fixed an issue causing the maximum concurrent runs setting not to work as expected for scheduled pipeline runs (CDAP-20988).
  • Fixed an issue causing upgrades to fail when the schedule name had hyphens, spaces, or other symbols (CDAP-20999).
Cloud Monitoring

The layout of the incident detail page has been updated. You can now view related incidents, and switch between viewing only the time series that caused the condition to be met and viewing all time series that the alerting policy evaluated. For more information, see Incidents for metric-based alerting policies and Incidents for log-based alerting policies.

Cloud Run Cloud Run functions Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.13.0 (2024-09-17)

Features
  • storage: Add support for 'fields' query parameter to getFiles (#2521) (f78fe92)
Bug Fixes

Java

Changes for google-cloud-storage

2.43.0 (2024-09-13)

Features
  • Allow specifying an expected object size for resumable operations. (#2661) (3405611), closes #2511
Bug Fixes
  • Close pending zero-copy responses when Storage#close is called (#2696) (1855308)
  • Github workflow vulnerable to script injection (#2663) (9151ac2)
  • Make ParallelCompositeUploadBlobWriteSessionConfig.ExecutorSupplier#cachedPool a singleton (#2691) (1494809)
Dependencies
  • Promote storage-v2 artifacts to beta (9d22597)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240819-2.0.0 (#2665) (3df1000)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2698) (1dd51c3)

In order to set a bucket to store Cloud Storage usage logs and storage logs, the bucket must now reside within the same organization as the bucket being logged.

  • If the bucket being logged is not associated with an organization, then the bucket storing the logs must reside within the same project instead.

You can now use hierarchical namespace with Cloud Storage FUSE. To learn more about how mounting buckets with hierarchical namespace enabled can help improve performance, see Mount buckets with hierarchical namespace enabled.

Cloud Workstations

Cloud Workstations is available in the us-west4 region (Las Vegas, Nevada, North America). For more information, see Locations.

Colab Enterprise

You can now use customer-managed encryption keys (CMEK) to protect notebooks in Colab Enterprise.

For more information, see Use customer-managed encryption keys.

Config Connector

Config Connector version 1.123.1 is now available.

Starting from this version, all new CustomResources (CRs) have the cnrm.cloud.google.com/state-into-spec annotation field default to absent. For more information about this behavior, see the spec fields documentation. The behavior of existing CRs is not impacted by this change.

You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

If you use the CloudIdentityGroup, CloudBuildTrigger and FirestoreIndex resources, do not use version 1.123.0, as it contains regression issues for these resources due to the state-into-spec setting.

BigQueryDataTransferConfig (v1alpha1) now uses direct reconciliation.

BigQueryConnectionConnection (v1alpha1) now uses direct reconciliation.

DataformRepository is promoted from alpha to beta.

Added FirestoreDatabase (v1alpha1). This uses direct reconciliation.

Contact Center AI Platform

Version 3.26 is released

All release notes published on this date are part of version 3.26.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent-level deflections

With agent-level deflections, you can let your agents set their own deflection options for agent to agent calls. There are deflections for over-capacity, after-hours, and automatic redirection. Agents can choose to deflect to a queue, a phone number, an outbound SIP transfer, voicemail, callback, or keep waiting. Agent-level deflections can also be configured globally.

Rich messaging

With rich messaging, you can do the following when creating and sending messages: use bold, italic, and underline formatting; create bulleted and numbered lists; and add links. You can also add emojis to messages. This capability is available to agents in the chat adapter. It's also available to administrators when they configure chat shortcuts and the initial chat messages for the web SDK and the mobile SDKs. For more information, see Rich messaging.

First In First Out queue routing

With First In First Out queue routing, you can set equal priority for transferred calls and chats and non-transferred (standard) calls and chats. By default, transferred calls and chats have priority. For more information, see First in first out queue routing.

Direct inbound calling

With direct inbound calling, you can create direct phone numbers and assign them to agents or queues. This lets end-users call directly to an individual agent or queue, bypassing IVR queue trees. Administrators can enable inbound call recording and configure deflection options for direct inbound calls. For more information, see Direct phone numbers.

Fixed an issue where the Interaction JSON metadata file was sometimes not being sent to the Kustomer CRM after a chat or call ended.

Fixed an issue where the queue duration of a chat was sometimes doubled in reporting.

Fixed an issue where messages were not sent to chat participants for chats initiated by the chat API.

Fixed an issue where co-browse metadata was not saved when the recording option was disabled.

Fixed an issue where co-browse session events were not generated at session start and end.

Made improvements to barge.

Fixed an issue where users with a permission group in workforce management could not be created or edited .

Fixed an issue where the generic message was played for custom after hours deflection.

Fixed an issue where agents had more permissions than that role permits.

Fixed an agent assist integration timeout issue.

Implemented a change that prevents the administrator account from being deactivated or changed using bulk user update.

VPC Service Controls are GA

VPC Service Controls in Contact Center AI Platform are GA. For more information, see Product launch stages.

Mobile SDK 2.9 is released

Mobile SDK 2.9 includes the following updates:

  • Android SDK and iOS SDK:
    • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
  • Android SDK:
    • Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.

Web SDK 2.24 is released

Web SDK 2.24 includes the following update:

  • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
Container Optimized OS

cos-113-18244-151-80

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to 1.7.22.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

cos-beta-117-18613-0-57

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Upgraded app-admin/fluent-bit to v3.1.8.

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-44996 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45020 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811711 -> 811780

cos-105-17412-448-49

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812689

cos-109-17800-309-69

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

cos-101-17162-528-49

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-42131 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Dataproc

Dataproc Serverless for Spark: In runtime versions 1.2 and 2.2, minimized the dynamic memory footprint of the Spark application by setting XX:MaxHeapFreeRatio to 30% and XX:MinHeapFreeRatio to 10%.

Dataproc Serverless for Spark: Added the google-cloud-dlp Python package by default to the Dataproc Serverless for Spark runtimes.

Dataproc Serverless for Spark: Fixed an issue that would cause some batches and sessions to fail to start when using the premium compute tier.

Document AI

Models pretrained-expense-v1.3.2-2024-09-11 and pretrained-expense-v1.4.2-2024-09-12 are available as Release Candidates (RC) for Expense Parser. They are upgrades over v1.3 and v1.4 with an enhanced underlying vision model.

For more information about available models, see Expense parser processor versions.

Google Distributed Cloud (software only) for VMware

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.28.1000-gke.60

Google Distributed Cloud for bare metal 1.28.1000-gke.60 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1000-gke.60 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

The following container image security vulnerabilities have been fixed in 1.28.1000-gke.60:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google SecOps SOAR

Release 6.3.18 is now in General Availability.

Memorystore for Redis Cluster

Added support for cross-region replication (Preview). For more details, see About cross-region replication.

Network Intelligence Center

Network Analyzer now includes additional information in the IP address utilization summary insights. In the case of Shared VPC, Network Analyzer gives a summary of the IP address utilization of all relevant subnet ranges of the host project, and also provides the insights of the service projects. For more information, see IP address utilization summary insights.

SAP on Google Cloud

New SAP HANA certifications: X4 bare metal machine types for OLTP workloads

SAP has certified the Compute Engine bare metal machine types x4-megamem-960-metal, x4-megamem-1440-metal, and x4-megamem-1920-metal, for use with SAP HANA OLTP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Google Cloud storage manager for SAP HANA standby nodes version 2.8

Version 2.8 of the Google Cloud storage manager for SAP HANA standby nodes is generally available (GA). This version includes bug fixes and supportability improvements.

For more information about the storage manager, see Storage Manager for SAP HANA.

September 22, 2024

Google SecOps SOAR

Release 6.3.19 is currently in Preview.

Case Report can now be exported in PDF format.

The comment count on the case wall is not updating correctly. (ID #53266243)

The HTML widget refresh is not affecting the JS code. (ID #00266956)

September 21, 2024

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.119-debian10, 2.0.103-rocky8, 2.0.103-ubuntu18
  • 2.1.67-debian11, 2.1.51-rocky8, 2.1.51-ubuntu20, 2.1.51-ubuntu20-arm
  • 2.2.33-debian12, 2.2.17-rocky9, 2.2.17-ubuntu22

September 20, 2024

Apigee X

On September 20, 2024, we released an updated version of Apigee (1-13-0-apigee-5).

Bug ID Description
366039324 Fixed PEM parsing error in JWT/JWS policies

Resolved a PEM parsing error in JWT/JWS policy execution caused by a problematic PEM format.

353527851 Resolved dropped WebSocket connection

Fixed issue causing a dropped WebSocket connection when using the OAuthV2 policy and the VerifyJWTAccessToken operation or VerifyJWT.

361166073 Fixed issue with JWKS rejection in GenerateJWT policy

Fixed an issue where valid JWKS used to sign encrypted JWTs with the GenerateJWT Policy are incorrectly rejected with steps.jwt.NoMatchingPublicKey.

352593965 Resolved SSL enforcement bug in proxies using the <SSLInfo> block

This release fixes an SSL enforcement bug in proxies where an <SSLInfo> block specifies both <IgnoreValidationErrors> and <Enforce> as true. The bug results in no enforcement for one specific type of SSL violation - a mismatch between the certificate subject name and the real host name of the target (No Subject Alternative Name, or NSAN). With this fix, <Enforce> uniformly overrides <IgnoreValidationErrors> in all cases, including NSAN.

N/A Updates to security infrastructure and libraries.
Confidential VM

Support for AMD SEV on C3D machine types is now released to General Availability.

Generative AI on Vertex AI

Add label metadata to generateContent and streamGenerateContent API calls. For details, see Add labels to API calls.

GitLab on Google Cloud

Gitlab on Google cloud is Generally Available.

The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components.

To get started, try the GitLab end-to-end tutorial.

Identity-Aware Proxy

Preview: You can now use authorization policies to delegate authorization to Identity-Aware Proxy (IAP) and Identity and Access Management (IAM). For more information, see Use authorization policies to delegate authorization to IAP and IAM.

NetApp Volumes

Auto-tiering in Preview is now generally available for allow-listed users. Auto-tiering is now available for Premium and Extreme service levels. Auto-tiering reduces the overall cost of storage by identifying data that is infrequently used and transparently moves it from primary hot storage to less expensive but slower cold storage. For more information, see Auto-tiering.

September 19, 2024

BigQuery

You can perform model monitoring in BigQuery ML. The following model monitoring functions are now generally available (GA):

  • ML.DESCRIBE_DATA: compute descriptive statistics for a set of training or serving data.
  • ML.VALIDATE_DATA_SKEW: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.
  • ML.VALIDATE_DATA_DRIFT: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.
  • ML.TFDV_DESCRIBE: compute fine-grained descriptive statistics for a set of training or serving data. This function provides the same behavior as the TensorFlow tfdv.generate_statistics_from_csv API.
  • ML.TFDV_VALIDATE: compute and compare the statistics for training and serving data, or two sets of serving data, in order to identify anomalous differences between the two data sets. This function provides the same behavior as the TensorFlow tfdv.validate_statistics API.
Cloud Data Fusion

The SAP SLT No RFC Replication plugin version 0.11.3 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage.

Cloud Logging

You can now query your log data from the Log Analytics page by using reserved BigQuery slots. For more information, see Query and view logs in Log Analytics.

Cloud SQL for PostgreSQL

You can now use gcloud or the Cloud SQL Admin API to switch the storage location of the transaction logs used for point-in-time recovery on your instance without downtime to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.

Cloud Service Mesh

1.23.2-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.2-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.2 subject to the list of supported features.

Cloud Service Mesh 1.23.2-asm.2 uses Envoy v1.31.1.

This release contains the fix for the security vulnerability listed in GCP-2024-052.

Managed Cloud Service Mesh 1.23 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

1.22.5-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.5-asm.1 uses Envoy v1.30.5.

1.21.5-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.7 uses Envoy v1.29.8.

1.20.8-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.7 uses Envoy v1.28.6.

Dialogflow

Dialogflow CX and Vertex AI: The text-bison@002, text-bison and code-bison models will be deprecated on October 21, 2024 and automatically upgraded to the gemini-1.5-flash-001 model. This change applies to Vertex AI agents and the following Dialogflow CX Generative Features:

  • Vertex AI agent apps
  • Data store agents (also known as Chat agents)
  • Generators

After the upgrade on October 21, 2024, gemini-1.5-flash-001 will be automatically selected in the console. We recommend that you upgrade to the new model early to allow enough time for testing and to ensure that your solution works as intended.

Dialogflow CX & ES: Text-to-speech Journey Voices now supports MULAW output audio_encoding (CX, ES) in addition to LINEAR16. Future updates to Journey Voices will appear in the Cloud Text-to-Speech documentation.

Dialogflow CX: Cloud Text-to-Speech europe-west1 and europe-west3 regions for Neural2 voices will temporarily use the eu mulit-region instead.

Google Cloud Architecture Center

(New guide) Migrate from Amazon RDS and Amazon Aurora for PostgreSQL to Cloud SQL and AlloyDB for PostgreSQL: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) or Amazon Aurora for PostgreSQL to Cloud SQL.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.500-gke.160 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.500-gke.160 runs on Kubernetes v1.29.7-gke.1200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.29.500-gke.160:

  • Fixed the known issue where updating DataplaneV2 ForwardMode didn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file regenerated incorrectly during admin workstation upgrade.

Fixed the following vulnerabilities in 1.29.500-gke.160:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R36) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Regular channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Stable channel

Extended channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

No channel

(2024-R36) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Memorystore for Redis Cluster

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

Memorystore for Valkey

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

NetApp Volumes

Flex service level now offers regional storage pools and volumes. Regional volumes provide high-availability across zones by synchronously replicating the data between the two zones selected by the user and automatically failing over to the replica zone in the event of a zone failure. This feature is now generally available.

Customer Managed Encryption Keys (CMEK) for the Flex service level which is in Preview is now generally available. For more information, see About CMEK.

Flex service level is now available in all Google Cloud regions.

You can now create more than one active directive policy per region. For more information, see Active Directory.

Flex service level now supports the optional feature Block volume from deletion when clients are connected. This option is required for using NetApp Volumes with Google Cloud VMware Engine (GCVE) datastores. When this option is enabled, it prevents the deletion of a volume if the volume is mounted as a GCVE datastore.

September 18, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni operator is now available in Preview on Google Distributed Cloud (GDC) connected. For more information, see Install AlloyDB Omni on Kubernetes.

Apigee UI

On September 18, 2024, we released an updated version of the Apigee UI.

Bug ID Description
349284447 All API products associated with a key now displayed in the UI

All API products associated with a key can now be viewed in the App detail page of the UI using pagination. Previously, a maximum of 50 API products could be displayed.

Apigee X

On September 18, 2024 we released an updated version of Apigee

Release of Cloud IAM-based authorization and authentication and the VerifyIAM policy.

This release introduces Cloud IAM-based authorization and authentication for Apigee API access. With this IAM-based solution, access to invoke an API requires the API consumer to have a specific Google Cloud IAM role or permissions.

For information, see IAM-based API authentication overview and VerifyIAM policy.

Cloud Composer

Airflow 2.9.3 is available in Cloud Composer images.

(Cloud Composer 2) Fixed the issue where environment create and update operations could fail in rare cases because of the scheduler probe timeouts.

(Cloud Composer 3) Fixed the issue that caused KubernetesPodOperator tasks to fail if they ran for longer than 15 minutes.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.0
  • composer-3-airflow-2.9.1-build.7 (default)
  • composer-3-airflow-2.7.3-build.16

Cloud Composer 2.9.4 images are available:

  • composer-2.9.4-airflow-2.9.3
  • composer-2.9.4-airflow-2.9.1 (default)
  • composer-2.9.4-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.1 are supported until September 18, 2025.

Cloud Composer versions 2.4.2 and 2.4.3 have reached their end of support period.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL now automatically enables point-in-time recovery (PITR) for the destination instance when you promote the migration job. Previously, you had to turn on PITR after you promoted an instance.

For more information, see Promote a migration and Known limitations.

Database Migration Service doesn't automatically enable PITR for homogeneous PostgreSQL migrations to Cloud SQL. For more information, see the release note entry for October 7, 2024.

Compute Engine

You can determine the number of running VMs and reservations that match the properties of a future reservation request. By subtracting this number from the total count specified in a future reservation request, you can determine the number of reserved VMs that an existing future reservation provisions at its start time. For more information, see Determine the number of provisioned VMs.

You can create a future reservation request by reusing the properties of an existing VM. This lets you consume the auto-created reservations for the future reservation by creating VMs with properties that exactly match the reference VM's properties. For more information, see the following:

Generally available: Hyperdisk Balanced volumes can be created in Confidential mode and attached to Confidential VMs.

Generative AI on Vertex AI

Model Garden supports an organization policy so that administrators can limit access to certain models and capabilities. For more information, see Control access to Model Garden models

Security Command Center

Assign high-value resources based on Sensitive Data Protection insights for Amazon S3 buckets

The attack path simulations feature can now automatically set the resource value of an Amazon S3 bucket based on the sensitivity of the data that the bucket contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

Vertex AI Agent Builder

Vertex AI Agent Builder: Redirection URI for grounded results (GA)

When you use Grounding with Google Search, the grounded result contains a redirection URI that leads you to the publisher's URI. This redirection URI remains accessible for up to 30 days after the grounded result is generated.

This feature is Generally available (GA). For more information, see Generate grounded answers with RAG.

September 17, 2024

AlloyDB for PostgreSQL

You can now add the predefined CMEK organization policy for your AlloyDB clusters and backups. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Developer Connect
    • developerconnect.googleapis.com/Connection
    • developerconnect.googleapis.com/GitRepositoryLink
  • Cloud Logging
    • logging.googleapis.com/LogView
    • logging.googleapis.com/Settings
    • logging.googleapis.com/RecentQuery
    • logging.googleapis.com/SavedQuery
Cloud Run

The Direct VPC egress feature of Cloud Run now supports Secure Web Proxy.

Cloud Service Mesh

Cloud Service Mesh with a Traffic Director control plane implementation is still incompatible with Envoy version v1.31.0.

If you manually control your Envoy version, do not upgrade to v1.31.0 as there is an existing issue with connecting to the Traffic Director API. Instead, upgrade to Envoy version 1.31.1 where this issue is fixed, or set GRPC_DNS_RESOLVER=native for v1.31.0 as a workaround.

If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select an incompatible version for you.

Google Cloud Architecture Center

(New guide) Scalable BigQuery backup automation: Build a solution to automate recurrent BigQuery backup operations at scale, with two backup methods: BigQuery snapshots and exports to Cloud Storage. This architecture is accompanied by a deployment guide.

NetApp Volumes

Large capacity volumes in Preview is now generally available for allow-listed users. Premium and Extreme service levels now offer large capacity volumes. Large capacity volumes can be sized between 15TiB and 1 PiB in increments of 1 GiB, and deliver throughput performance of up to 12.5 GiBps. Large capacity volumes offer six storage endpoints (IP addresses) to load-balance client traffic to the volume and achieve higher performance. For more information, see Large capacity volumes.

Sensitive Data Protection

The POLITICAL_TERM infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The NEW_ZEALAND_NHI_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI

To ensure that VM resources are available when your custom training and prediction jobs need them, you can now use Compute Engine reservations. Reservations provide a high level of assurance in obtaining capacity for Compute Engine resources. This feature is available in Preview for A2 and A3 machine series reservations.

For more information, see Use reservations with training and Use reservations with prediction.

To reduce the cost of running your training and prediction jobs, you can now use Spot VMs. Spot VMs are virtual machine (VM) instances that are excess Compute Engine capacity. Spot VMs have significant discounts, but Compute Engine might preemptively stop or delete Spot VMs to reclaim the capacity at any time. This feature is available in Preview.

For more information, see Use Spot VMs with training and Use Spot VMs with prediction.

Vertex AI Agent Builder

Vertex AI Search: Firestore and Cloud SQL import (GA)

Importing data from Firestore and Cloud SQL is Generally available.

For more information, see Import from Firestore and Import from Cloud SQL.

September 16, 2024

AlloyDB for PostgreSQL

The postgres_ann extension has been renamed to alloydb_scann. Before you upgrade to AlloyDB Omni Kubernetes operator version 1.1.1, you must drop any indexes created using the earlier postgres_ann version, then upgrade AlloyDB Omni, and then create the indexes again using the alloydb_scann extension.

Added a tutorial that shows you how to set up a connection from an application running in a Google Kubernetes Engine autopilot cluster to an AlloyDB instance.

AlloyDB Omni Kubernetes operator version 1.1.1 is now available. This patch fixes the following issues:

  • Fixed a regression for the AlloyDB Vertex AI integration.
  • Fixed a bug in which upgrading from version 1.0.0 to version 1.1.0 failed when using injected sidecars.
  • Fixed a bug in which backups weren't reestablished correctly across failovers when using the Commvault sidecar with high availability (HA) configurations.
  • Fixed a bug that caused a status to be incorrectly set by the load balancer, resulting in erroneous reports that the database cluster wasn't ready.

Upgrading to version 1.1.1 of the AlloyDB Omni Kubernetes operator might result in a brief interruption to all database clusters. No data loss is expected.

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Reduction of the total requirement for Transaction and Account data from 41 to 30 months
  • Performance improvements across several feature families, focusing on more recent high risk activity
  • Adjustment to the calculation of the PartyRecall metric in the rare corner case when many customers have the same prediction score and it's not possible to yield exactly partyInvestigationsPerPeriod positive predictions
  • Uses the latest FATF high risk geos, published in Jan 2024 (High-Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring)
AutoML Translation

AutoML Translation API is deprecated and will no longer be available on Google Cloud after September 30, 2025. You can replicate the functionality of custom models through Cloud Translate - Advanced (v3).

BigQuery

You can now batch migrate classic saved queries to saved queries. This feature is in Preview for projects that have fewer than 2500 classic saved queries.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.3 (2024-09-12)

Dependencies
  • Update actions/upload-artifact action to v4.4.0 (#3467) (08b28c5)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#3472) (fa9ac5d)

You can now use a CREATE MODEL statement to create a contribution analysis model in BigQuery ML. You can use a contribution analysis model with the ML.GET_INSIGHTS function to generate insights about changes to key metrics in your multi-dimensional data.

Try this feature with the Get data insights from a contribution analysis model tutorial.

This feature is in preview.

You can store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is Generally Available.

BigQuery Engine for Apache Flink

BigQuery Engine for Apache Flink is now in Preview. BigQuery Engine for Apache Flink is a Google Cloud service that helps you run Apache Flink.

Cloud Load Balancing

Envoy-based Application Load Balancers now support authorization policies that let you establish access control checks for incoming traffic. For details, see Authorization policy.

This feature is available in Preview.

Cloud Logging

You can now create and manage your log scopes by using the Logging API in addition to using the Cloud Console. This feature is in public preview. For more information, see Create and manage log scopes.

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.2 (2024-09-12)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1683) (31ec2b9)
Cloud Monitoring

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

Cloud Run

You can now apply custom constraints for projects that get enforced by organization policies on your Cloud Run services and jobs (in Preview).

Cloud SQL for MySQL

Cloud SQL is discontinuing support for legacy high availability (HA) instance configuration on January 6, 2025. After this date, you can't create Cloud SQL for MySQL instances with the legacy configuration for high availability. You also can't enable the legacy configuration for high availability on existing instances. Until January 6, 2025, legacy HA instances are still covered by the Cloud SQL SLA. We recommend that you upgrade your existing legacy HA instances to regional persistent disk HA instances as soon as possible and create new HA instances using regional persistent disk instead.

Starting on May 1, 2025, Cloud SQL will migrate any remaining instances that use the legacy HA configuration to the current HA configuration automatically.

Cloud Workstations

Cloud Workstations preconfigured base images use Ubuntu 24.04. The last images built on Ubuntu 22.04 are tagged with last-ubuntu2204 for building backwards compatible custom images.

Cloud Workstations preconfigured base images default to Python 3.12.3.

Container Optimized OS

cos-beta-117-18613-0-41

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44943 in the Linux kernel

Fixed CVE-2024-43891 in the Linux kernel

Fixed CVE-2024-43892 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44957 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811784 -> 811711

cos-109-17800-309-59

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated dev-lang/python to 3.8.19_p1. This fixes

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812274 -> 812257

cos-113-18244-151-57

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812022 -> 812026

cos-105-17412-448-36

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-6232 in dev-lang/python and upgraded to v3.8.19 which fixes CVE-2007-4559.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

cos-101-17162-528-40

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-6232 in dev-lang/python.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-39468 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

cos-dev-121-18667-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.51 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated the Linux kernel to v6.6.51.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811782

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.1 (2024-09-12)

Bug Fixes
  • dataflow: Bump dependencies (2ddeb15)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.118-debian10, 2.0.118-rocky8, 2.0.118-ubuntu18
  • 2.1.66-debian11, 2.1.66-rocky8, 2.1.66-ubuntu20, 2.1.66-ubuntu20-arm
  • 2.2.32-debian12, 2.2.32-rocky9, 2.2.32-ubuntu22
Dialogflow

Dialogflow CX and Vertex AI Agents: Generative features will migrate to the gemini-1.5-flash-001 model on September 30, 2024. See the email notification.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.21.3 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1561) (5a79fd8)
  • Update dependency com.google.errorprone:error_prone_core to v2.31.0 (#1523) (8d3af32)
  • Update dependency com.google.guava:guava-testlib to v33.3.0-jre (#1548) (18ba37f)
  • Update dependency org.easymock:easymock to v5.4.0 (#1482) (ee788a1)
Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Updated guidance about storage recommendations and storage options decision tree with information about Hyperdisk ML and Hyperdisk Balanced. Updated file storage guidance based on performance scalability and supported file system protocols.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Identity and Access Management

Privileged Access Manager (PAM) is now released to General Availability. The following features have been added:

Media CDN

HTTP method filtering for specific route rules is now Generally Available. You can now also implement such filtering by using the GUI.

Migrate to Virtual Machines

As Container Registry is deprecated, Migrate to Virtual Machines is transitioning from Container Registry to Artifact Registry to store images running on Migrate Connector. This transition will be completed by October 15, 2025. For the most part, this change should not affect your usage of Migrate Connector or Migrate to Virtual Machines. However, for some configurations, you might have to add VPC-SC rules to allow Migrate Connector to access Artifact Registry. If you need help using Artifact Registry with Migrate to Virtual Machines, contact the Migrate to Virtual Machines support team.

Oracle Database@Google Cloud

Oracle Database@Google Cloud is now Generally Available (GA).

Google Cloud's partnership with Oracle allows you to combine Oracle Cloud Infrastructure (OCI) and Google Cloud technologies. With native integration, you can deploy your Oracle database services in a Google Cloud data center running on OCI Exadata hardware with minimal latency. Oracle Database@Google Cloud supports the following OCI products on Google Cloud:

  • Exadata Database Service
  • Autonomous Database Service

For more information about Oracle Database@Google Cloud, see the Product overview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.2 (2024-09-13)

Bug Fixes

Go

Changes for pubsub/apiv1

1.43.0 (2024-09-09)

Features
  • pubsub: Add support for Go 1.23 iterators (84461c0)
  • pubsub: Allow trace extraction from protobuf message (#10827) (caa826c)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.132.2 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.1 (#2152) (1457489)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.2 (#2157) (d671347)
  • Update dependency com.google.cloud:google-cloud-core to v2.43.0 (#2161) (05a37b7)
  • Update dependency com.google.cloud:google-cloud-storage to v2.42.0 (#2145) (77c3e78)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2162) (27eaffd)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.4 (#2153) (32c78b3)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.0 (#2155) (5f61fe1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.1 (#2167) (bb8ea71)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.10.7 (#2165) (e7fb60e)

Python

Changes for google-cloud-pubsub

2.23.1 (2024-09-09)

Bug Fixes
  • Replace asserts with None checks for graceful shutdown (#1244) (ced4f52)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.1 (2024-09-12)

Bug Fixes
  • secretmanager: Bump dependencies (2ddeb15)
Service Extensions

Authorization extensions help you configure Cloud Load Balancing authorization policies to use custom authorization engines. This feature is in Preview.

You can now also host an extension on a backend service that uses serverless NEGs pointing to Cloud Run services. For more information, see Supported backends for extension services.

Vertex AI

Schedule Vertex AI custom training jobs based on resource availability. For details, see the Vertex AI documentation.

September 15, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

Release 6.3.18 is currently in Preview.

September 13, 2024

Apigee hybrid

hybrid v1.12.2

On September 13, 2024 we released an updated version of the Apigee hybrid software, 1.12.2.

Bug ID Description
362305438 You can now add additional env variables to the runtime component.
347798999 You can now configure forward proxy for opentelemetry pods in Apigee hybrid.
Bug ID Description
N/A Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.
This addresses the following vulnerability:
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Secure Web Proxy
    • networksecurity.googleapis.com/FirewallEndpoint
    • networksecurity.googleapis.com/FirewallEndpointAssociation
    • networksecurity.googleapis.com/SecurityProfile
    • networksecurity.googleapis.com/SecurityProfileGroup
    • networkservices.googleapis.com/ServiceLbPolicy
    • networksecurity.googleapis.com/TlsInspectionPolicy
Cloud SQL for SQL Server

For Cloud SQL Enterprise Plus edition, you can set the number of days of retained transaction logs from 1 to 35. For more information, see Use point-in-time recovery (PITR).

Dataproc

Dataproc Serverless for Spark: Fixed a bug that caused some batches and sessions to fail to start when using the premium compute tier.

Memorystore for Redis Cluster

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

Memorystore for Valkey

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

SAP on Google Cloud

Support for version 1 of Google Cloud's Agent for SAP has ended

Version 1 of Google Cloud's Agent for SAP has reached the end of support.

If you're using version 1 of the agent, then we strongly recommend that you update to using a supported version as soon as possible. For information about supported versions, see Supported versions for SAP on Google Cloud. For information about how to update to a supported version of the agent, see Update Google Cloud's Agent for SAP.

Virtual Private Cloud

You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.

Workflows

The maximum number of concurrent workflow executions has increased from 7,500 to 10,000.

September 12, 2024

Access Approval

Access Approval supports Database Center in the Preview stage.

Access Transparency

Access Transparency supports Database Center in the Preview stage.

Apigee X

On September 12, 2024, we released an updated version of Apigee.

With this release, Apigee supports Workforce Identity Federation.

Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access Apigee services.

See Access Apigee using Workforce Identity Federation for more information.

Bug ID Description
338285095 Fixed a problem where apps associated with an AppGroup did not appear in the Apps list in the Apigee UI in Cloud Console. As a result, users could not access the app's App Detail page in the console. Using search in the console with a partial app name or API key search for the app was not available.

With this fix, users can now view apps associated with an AppGroup in the Apps list, and view details for each app or delete the app. Users will still not be able to create or edit AppGroup apps.

Apigee hybrid organizations were not impacted by this problem, as they use the Classic UI to view the app details.

PEM parsing error in JWT/JWS policies due to non-standard format

For Apigee and Apigee hybrid versions 1.13 and higher, any deviations in the required PEM format of keys used in Apigee JWS or JWT policies may result in a parsing error.

For more information, see Apigee known issues.

Application Integration

The XSLT Transform data transformer function is now available. This function transforms the specified XML string using the specified XSL string.

BigQuery

You can now use the partial ordering mode in BigQuery DataFrames to generate more efficient queries. This feature is in Preview.

Cloud SQL for MySQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now upgrade the minor version of a Cloud SQL for MySQL Enterprise Plus edition instance with near-zero downtime. To upgrade the minor version of your Cloud SQL for MySQL 8.0 instance, see Upgrade the minor version.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for PostgreSQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for SQL Server

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Google Distributed Cloud (software only) for bare metal

Release 1.29.500-gke.163

Google Distributed Cloud for bare metal 1.29.500-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.500-gke.163 runs on Kubernetes v1.29.7-gke.1200.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following container image security vulnerabilities have been fixed in 1.29.500-gke.163:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Identity and Access Management

You can manage IAM deny policies using the Google Cloud console. For more information, see Deny access to resources.

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Text wrapping for pivot table column headers

You can choose to wrap column header text in pivot table charts by enabling the Wrap text option in the Style tab.

Public Preview of Gemini in Looker Conversational Analytics

You can query data in natural language. The Conversational Analytics feature is a Gemini-powered data querying experience that makes it easier to find answers, explore data, and share insights using natural language. This feature is now available in Public Preview.

Learn more about Gemini in Looker and how to enable it in Looker Studio.

September 11, 2024

Apigee Advanced API Security

Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

This issue impacts Risk Assessment v2 only, which is in preview.

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

BigQuery

You can now use Terraform to manage IAM tags on datasets and tables. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Pub/Sub
    • pubsub.googleapis.com/Schema
  • Secure Web Proxy
    • networksecurity.googleapis.com/GatewaySecurityPolicy
    • networksecurity.googleapis.com/GatewaySecurityPolicyRule
    • networksecurity.googleapis.com/UrlList
Cloud Storage

You can now specify United States regions when using regional endpoints.

Config Connector

Config Connector version 1.122.0 is now available.

The state-into-spec field now defaults to Absent in all Config Controller clusters.

RedisCluster (Alpha) now uses direct reconciliation.

SQLInstance now uses direct reconciliation.

Added RedisCluster (Alpha) resource for service Redis.

ContainerCluster

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

ContainerNodePool

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

SQLInstance

Add the spec.cloneSource field to clone a SQLInstance.

RunJob

Add the spec.template.template.volumes[].cloudSqlInstance field to configure Cloud SQL instance.

Google Kubernetes Engine

For GPU node pools created in GKE Standard clusters running version 1.30.1-gke.115600 or later, GKE automatically installs the default NVIDIA GPU driver version corresponding to the GKE version if you don't specify the gpu-driver-version flag.

(2024-R35) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

Stable channel

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

No channel

(2024-R35) Version updates

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

Looker

Looker 24.16 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, September 16, 2024

  • Expected Looker (original) final deployment and download available: Thursday, September 26, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, September 16, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, September 30, 2024

Beginning in Looker 24.18, the October 2024 Looker release, Google Maps will be the only visualization engine for all map visualizations. The Legacy Maps chart type will be removed. Please go to the Legacy features page in the Admin panel and disable "Allow legacy maps"; if you encounter any issues, contact Looker Support.

The LookML Validator now checks for incompatible types in Liquid comparison expressions and, if it finds them, returns an error.

You can change the width of the panels in the Looker IDE, both the feature panel (which contains File Browser, Object Browser, and Git Actions) and the side panel (which contains Project Health, Quick Help, and Metadata). The size of the side panels is persisted across logins and refreshes.

The Chart Config Editor now supports sunburst visualizations.

The Redshift driver is now configured with AWS's recommended TCP keep-alive settings.

The content_summary API endpoint is now generally available. You can use this endpoint to search for recently viewed content or content that you have marked as a favorite.

Comprehensive API support for Looker Connected Sheets is now accessible through both AppsScript and the Google Sheets APIs. API support enables automated data refresh, custom workflows, and integration with external tools and services.

Looker instances with the Redshift license feature enabled will now use the driver version 2.1.0.30.

The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel), and the size of the IDE side panels. You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE supports Vim and Emacs editors in addition to the default Looker IDE editor. You now can set your editor preference in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

An issue has been fixed where measures would remove COALESCE SQL expressions from dimensions during query generation. This feature now performs as expected.

CJK characters are now displayed properly in mobile browsers when they are included within inline table email attachments.

An issue has been fixed that was causing the Collapse All Folders button in the Looker IDE to not work correctly. This feature now performs as expected.

An issue has been fixed where some schedules would fail to send if a PDT was rebuilding. This feature now performs as expected.

An issue where downloaded queries would not show error messages has been fixed. This feature now performs as expected.

An issue has been fixed where the progress bar on single value visualizations could overlap with the visualization note. This feature now performs as expected.

The LookML validator no longer forces the full_suggestions parameter to be enabled in certain situations involving Liquid variables and derived tables.

The Chart Config Editor now displays a more informative error message if you try to use an unsupported visualization type.

An issue has been fixed where the LookML Validator would return incorrect errors on cancel_grouping_fields in Explores with joins. This feature now performs as expected.

An issue has been fixed where the Looker SQL Interface could not connect to Tableau using OAuth. This feature now performs as expected.

Internal database calls during LookML validation have been reduced.

An issue where the LookML Validator could crash if a LookML file incorrectly referenced a dimension_group in a filters parameter has been fixed. This feature now performs as expected.

An issue has been fixed where Looker was incorrectly sanitizing some of the allowed CSS properties. This feature now performs as expected.

The child_count property can now be omitted from dashboard and Look API responses when a feature flag is enabled.

An issue has been fixed with the TRUNC function on some Denodo 8 dialects. This feature now performs as expected.

An issue has been fixed where query metrics were not appearing in the Explore list. This feature now performs as expected.

An issue has been fixed where the LookML validator would not return an error when value_format and named_value_format were both defined for a field. This feature now performs as expected.

The render event has been added to the audit log list.

Looker (Google Cloud Core) provides comprehensive audit logging through Cloud Audit Logs, including full Data Access and System Event audit log coverage. Previously, Cloud Audit Logs for Looker (Google Cloud core) captured only admin activities like instance creation and deletion. Note: Item added to release notes on September 16, 2024.

An issue with SAML authentication has been fixed.

The audit log buffer is now persisted to minimize log data loss.

A new Labs feature, Delegate Model Set Management, lets admins grant a new permission, manage_modelsets_restricted. This permission grants users permissions that are similar to manage_models, but only for model sets to which the users have access.

Secure Source Manager

Secure Source Manager branch protection is Generally Available. To learn more about branch protection, see the Branch protection overview and Configure branch protection.

Secure Source Manager integration with Cloud Build lets you define your Cloud Build configuration and build triggers in your Secure Source Manager repository. To learn how to trigger builds automatically, see Connect to Cloud Build.

Security Command Center

Validate updates to integrations in the Security Command Center Enterprise use case

Updates to the threat response playbook blocks and use case flows are available in the SCC Enterprise - Cloud Orchestration & Remediation use case for Security Command Center Enterprise. To get these changes, upgrade the integrations to the latest versions.

For more information, see Validate integration versions in the use case.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Amazon S3. You can run discovery to generate data profiles of your S3 buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an AWS connector in Security Command Center that has Sensitive Data Protection enabled.

To get started on profiling Amazon S3 data, see the following:

For more information about sensitive data discovery, see Data profiles.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Natural language query filters (Public preview)

For queries on structured data stores, the natural language queries can be reformulated as filters and a residual query. For example, "Find a coffee shop serving banana bread" becomes "query": "banana bread", "filter": "type": ANY(\"cafe\").

The natural-language query understanding feature only applies to generic apps. It is recommended for structured data stores but can also be applied to unstructured data stores with metadata and to website data stores with structured data.

This feature is in Public preview. For more information, see Filter with natural language understanding.

Vertex AI APIs: Updated model for ranking and reranking documents for RAG

The ranking API model is upgraded. This underlying model significantly improves the relevance of top-ranked documents and provides more nuanced scores. For more information about ranking documents, see Rank and rerank documents with RAG.

September 10, 2024

Apigee Advanced API Security

On September 10, 2024 we released an updated version of Advanced API Security.

Proxy-specific security actions

You can now create security actions that apply only to one or more specified proxies.

This new functionality is not available with Apigee hybrid at this time.

See Security actions to learn more about proxy-specific security actions.

Google Kubernetes Engine

We previously identified a potential issue that could cause downtime for traffic directed to your GKE-managed internal passthrough Network Load Balancers after certain cluster operations, like node upgrades. This issue specifically affected clusters with GKE subsetting and Services configured with externalTrafficPolicy=Cluster. See the Aug 14, 2024 release note for details.

A fix for this issue is now available. We recommend upgrading your GKE cluster's control plane to the following patch versions or later:

  • 1.27.16-gke.1258000
  • 1.28.13-gke.1024000
  • 1.29.8-gke.1057000
  • 1.30.4-gke.1129000
  • 1.31.0-gke.1506000
Memorystore for Redis

Added support for CMEK organization policies.

SAP on Google Cloud

New SAP certification for operating system

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 8.10.

For more information about SAP-certified operating systems, see:

Sensitive Data Protection

The DOD_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Text-to-Speech

Journey Voices is now in Preview and supports text streaming.

Vertex AI Workbench

The ability to back up and restore data on a Vertex AI Workbench instance is now available in Preview. For more information, see Back up and restore an instance.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.1 is now available for Android.

This version contains the compatibility fix for Android 6 and earlier.

September 09, 2024

Access Approval

Access Approval supports Cloud Data Fusion in the GA stage.

BigQuery

The BigQuery Data Transfer Service can now transfer campaign reporting and configuration data from Display & Video 360 into BigQuery, including Creative, Partner, and Advertiser tables. This feature is generally available (GA).

Cloud Monitoring

Table and TopList widgets can now display the results of multiple queries. You can also configure the column headers, data alignment, and color-code cells based on how a numeric value compares to a threshold. For more information, see the following documents:

Cloud Storage

You can now use the Google Cloud console to do the following:

Container Optimized OS

cos-109-17800-309-46

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-44987 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-41076 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812274

cos-dev-121-18657-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.49 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.

Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.

Updated the Linux kernel to v6.6.49.

Removed chromeos-base/ec-utils and chromeos-base/ec-utils.

Removed dev-libs/confuse and dev-embedded/libftdi.

Removed dev-python/setuptools.

Removed dev-python/webcolors.

Replaced cos-extensions with new Go binary.

Updated google-osconfig-agent to v20240822.00.

Fixes CVE-2023-7256 in net-libs/libpcap.

Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Runtime sysctl changes:

  • Changed: fs.file-max: 811752 -> 811768

cos-113-18244-151-50

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41058 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812039 -> 812022

cos-105-17412-448-29

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812696 -> 812685
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-101-17162-528-34

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-40959 in the Linux kernel.

Fixes CVE-2024-40995 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-41055 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-40958 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41049 in the Linux kernel.

cos-beta-117-18613-0-25

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Fixes CVE-2024-43889 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811778 -> 811784

Dataform

You can now set a default Dataform customer-managed encryption keys (CMEK) key for your project to encrypt multiple Dataform repositories with the same CMEK key. For more information, see Use Dataform default CMEK keys.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

2.3.2 (2024-07-15)

Bug Fixes
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.900-gke.113 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.900-gke.113 runs on Kubernetes v1.28.12-gke.1100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.28.900-gke.113:

  • Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file was regenerated incorrectly during an admin workstation upgrade.
  • Fixed the known issue where the etcdctl command was not found during cluster upgrade at the admin cluster backup stage.

Fixed the following vulnerabilities in 1.28.900-gke.113:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google SecOps SIEM

The following new YARA-L 2.0 functions are available in Rules and Search:

  • arrays.concat
  • arrays.join_string
  • arrays.max
  • arrays.min
  • arrays.size
  • arrays.index_to_int
  • cast.as_bool
  • cast.as_float
  • math.ceil
  • math.floor
  • math.geo_distance
  • math.is_increasing
  • math.pow
  • math.random
  • strings.contains
  • strings.count_substrings
  • strings.extract_domain
  • strings.extract_hostname
  • strings.from_hex
  • strings.ltrim
  • strings.reverse
  • strings.rtrim
  • strings.trim
  • strings.url_decode
  • timestamp.as_unix_seconds
  • timestamp.now

The following new YARA-L 2.0 functions are available in Rules:

  • hash.sha256
  • window.avg
  • window.first
  • window.last
  • window.median
  • window.mode
  • window.stddev
  • window.variance

Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation

Google SecOps SOAR

Due to technical issues, the SOAR version has been rolled back to Release 6.3.16.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.1 (2024-08-26)

Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.26.0 (#1945) (f082869)
  • deps: Update dependency protobufjs to ~7.4.0 (#1959) (25946e0)
  • Propagate set options to LeaseManager (from https://github.com/googleapis/nodejs-pubsub/pull/1880) (#1954) (cdb0916)
SAP on Google Cloud

ABAP SDK for Google Cloud version v1.8 (On-premises or any cloud edition)

Version 1.8 of the on-premises or any cloud edition of ABAP SDK for Google Cloud is generally available (GA). This version introduces the Vertex AI SDK for ABAP, a dedicated toolset for seamless interaction with Google Cloud's Vertex AI platform from SAP environment. The SDK lets you build AI-powered enterprise features and applications with reduced complexity and development efforts from within your SAP systems.

For more information, see:

Security Command Center

New configuration options for Vulnerability Assessment for AWS

When configuring Vulnerability Assessment for AWS, you can customize the scan settings by defining the scan interval, specific regions, specific tags, and specific instance IDs. You can also include SC1 or ST1 instances in the scan. For more information, see Enable and use Vulnerability Assessment for AWS.

Vertex AI

Ray cluster's autoscaling feature is now supported. See Scale Ray clusters on Vertex AI

September 08, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

September 07, 2024

Google SecOps SOAR

Release 6.3.18 is currently in Preview.

Playbooks are getting stuck in the queue. (ID #53247410)

September 06, 2024

Cloud Data Fusion

The CloudSQL MySQL plugin version 1.10.7 is available in Cloud Data Fusion versions 6.9.0 and 6.10.0. This plugin version lets you use a macro to specify the name of the CloudSQL instance in the plugin's Connection name field.

Cloud Monitoring

The Metrics management page in Cloud Monitoring now shows you the sources of metric reads and lets you exclude unneeded metrics entirely, eliminating the cost of ingesting them. For more information, see View and manage metric usage.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.117-debian10, 2.0.117-rocky8, 2.0.117-ubuntu18
  • 2.1.65-debian11, 2.1.65-rocky8, 2.1.65-ubuntu20, 2.1.65-ubuntu20-arm
  • 2.2.31-debian12, 2.2.31-rocky9, 2.2.31-ubuntu22

Dataproc on Compute Engine: The latest 2.2 image versions now support Hudi 0.15.0.

Dataproc on Compute Engine: The latest 2.2 image versions support Hudi Trino integration natively. If both components are selected when you create a Dataproc cluster, Trino will be configured to support Hudi automatically.

Google Kubernetes Engine

(2024-R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

There are no new releases in the Rapid channel.

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

There are no new releases in the Extended channel.

No channel

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

Regular channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Stable channel

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

Extended channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

No channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation.
  • The following control plane and node versions are now available:
  • The following versions are no longer available:
    • 1.27.15-gke.1252000
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1254000
    • 1.29.7-gke.1008000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Rapid channel.

(2024-R33) Version updates

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

(2024-R34) Version updates

There are no new releases in the Regular channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Stable channel.

(2024-R33) Version updates

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

(2024-R34) Version updates

There are no new releases in the Extended channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

Google SecOps

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Google SecOps SIEM

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Sensitive Data Protection

The SEXUAL_ORIENTATION infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

September 05, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee UI

On September 5, 2024, we released an updated version of the Apigee UI.

An informational message was added to the action creation flow for Apigee Security actions, informing users that actions can't be edited or deleted.

Bug ID Description
349284447 Correct sorting for revisions in Duplicate Proxy

The Duplicate Proxy experience now correctly sorts the list of existing revisions.

359475166 Fixed issue with Analytics Error Analysis

Resolved issue with the Error Composition page that interchanged the proxy error and target error legend.

Apigee hybrid

hybrid 1.13.0-hotfix.1

On September 5, 2024 we released an updated version of the Apigee hybrid software, 1.13.0-hotfix.1.

Apply this hotfix following the steps in Upgrading Apigee hybrid to version 1.13:

  1. Prepare for the Helm charts upgrade
  2. Install the Apigee hybrid Helm charts
Bug ID Description
362690729 Fix for aggressive scaling of runtime pods & cpu spike.
362979563 Fix for Ingress Health Check failure /healthz/ingress - route_not_found.
Capacity Planner

Preview: You can view the on-demand reservations and future reservation requests available for consumption in your project, folder, or organization. This helps you plan for future capacity assurance, as well as view the reserved resources that cover your projected growth or peak usage. For more information, see View usage and forecast data in Capacity Planner.

Preview: You can use the Capacity Planner API to export usage and forecast data of the VMs, Persistent Disk volumes, or GPUs in your project, folder, or organization. This lets you export usage and forecast data in a Cloud Storage bucket or BigQuery table. For more information, see Export usage and forecast data using the Capacity Planner API.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: Multi-writer support for Hyperdisk Balanced disks. Up to 8 VMs can simultaneously read from and write to the same disk. For more information, see Share disks between VMs.

Dataproc Metastore

Dataproc Metastore supports custom region configurations. A custom region configuration lets your service run workloads from two separate regions.

Firestore

You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. Additionally, use Firestore vector searches with inequality filters, retrieve the calculated vector distance, and specify a distance threshold. This feature is generally available (GA).

For more information, see Search with vector embeddings.

Google Cloud Architecture Center

(New guide) Enterprise application with Oracle Database on Compute Engine: Provides a reference architecture to host an application that uses an Oracle database, deployed on Compute Engine VMs.

Looker Studio

Gemini in Looker now available for Looker Studio content

Looker Studio Pro users can now create calculated fields and generate Google Slides from Looker Studio content using Gemini assistance. Gemini in Looker no longer requires content to be associated with a Looker Studio Pro subscription.

For more information about Gemini in Looker, see the Gemini in Looker overview.

September 04, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in africa-south1 (Johannesburg) and in
me-central2 (Damman). For more information, see AlloyDB locations.

Backup and DR

Backup and DR Service added support to automatically protect your Google Cloud VMware Engine VMs using vSphere tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.12.320 or later. You can check the appliance version from Manage > Appliances page.

BigQuery

You can now use vector search and vector index features in BigQuery.

You can use the VECTOR_SEARCH function to search embeddings in order to identify semantically similar entities.

You can use vector indexes to make VECTOR_SEARCH more efficient, with the trade-off of returning more approximate results.

You can try the vector search and vector index capabilities by using the Search embeddings with vector search tutorial.

The BigQuery vector search and vector index features are generally available (GA).

Dataproc

Dataproc on Compute Engine: Dataproc image version 2.2 will become the default Dataproc on Compute Engine image version on September 6, 2024.

Google Kubernetes Engine

For GKE versions 1.29 and later, the gke-metrics-agent Pod runs with the prometheus-metrics-collector container in addition to the existing gke-metrics-agent and core-metrics-exporter containers. This change might result in an increase in the Service time series ingestion requests per minute quota; however, there is no additional cost.

Migrate to Virtual Machines

Experimental: As CentOS Linux 7 has reached end-of-life (EOL) on June 30, 2024, Migrate to Virtual Machines lets you convert CentOS Linux 7 to Rocky Linux 8 as part of your migration.

To use this feature, send a request to the email address: centos-to-rocky-linux@google.com.

Note: This product or feature is subject to the Pre-GA Offerings Terms in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available as is and might have limited support.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, September 4, 2024, introduces updated widgets, new playbooks, optimized data synchronization jobs, updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, September 2024.

September 03, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.2.

Cloud Run

Deterministic URLs, which let you predict a Cloud Run service URL before the service is created, is now in general availability (GA).

Cloud SQL for MySQL

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for PostgreSQL

You can now use point-in-time recovery to restore your zonal instance to a preferred primary zone and your regional instance to both a preferred primary zone and a preferred secondary zone. For more information, see Use point-in-time recovery (PITR).

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for SQL Server

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Contact Center AI Platform

Version 3.24 is released

All release notes published on this date are part of version 3.24.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Raw data export

With raw data export, you can export detailed CCAI Platform session data to an external storage bucket. With this data you can get insights into calls, chats, emails, queues, agent performance, virtual agents, and more.

Virtual agents can create and assign tickets for custom CRM apps

Virtual agents can now create and assign incoming tickets for custom CRM apps prior to a human agent taking the ticket. This capability was previously available only for some commercial CRM apps. For more information, see Configure the assignment of chat or call records created by virtual agents.

Barge is available for chat

Barge, which lets supervisors join or take over calls with end-users, is now available for chat. For more information, see Barge for calls and chat.

Reserved data attributes

With reserved data attributes, you can tag sessions with one of the following labels: Verified Customer, Bad Actor, or Repeat Customer. You can send this information to Google at the start of a session using an SDK, a SIP header, or the Apps API. With the API you can also send this information after the session starts. After we receive this information we display it in the agent adapter so the agent or a supervisor can act accordingly. For more information, see Reserved data attributes.

Fixed an issue where listening to a voicemail would occasionally lead to the creation of a duplicate entry at the top of the list.

Fixed an issue that prevented emails from being sent to external storage.

Fixed an issue where integrating the Salesforce CRM with CCAI Platform was failing.

Container Optimized OS

cos-101-17162-528-27

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-40954 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-40994 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-41000 in the Linux kernel.

Fixed CVE-2024-42102 in the Linux kernel.

Fixed CVE-2024-40960 in the Linux kernel.

Fixed CVE-2024-40961 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

cos-109-17800-309-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812248

cos-beta-117-18613-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-44934 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811697 -> 811778
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-113-18244-151-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812039

cos-105-17412-448-22

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812696

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.116-debian10, 2.0.116-rocky8, 2.0.116-ubuntu18
  • 2.1.64-debian11, 2.1.64-rocky8, 2.1.64-ubuntu20, 2.1.64-ubuntu20-arm
  • 2.2.30-debian12, 2.2.30-rocky9, 2.2.30-ubuntu22,

Dataproc on Compute Engine: Apache Spark upgraded to version 3.5.1 in image version 2.2 starting with image version 2.2.30.

Generative AI on Vertex AI

Gemini 1.5 Flash (gemini-1.5-flash) supports controlled generation.

Google Cloud VMware Engine

VMware Engine now offers GA support for VPC Service Controls. VPC Service Controls provides an additional layer of security to prevent data exfiltration and unauthorized access. For more information, see VPC Service Controls.

Memorystore for Redis Cluster

Added support for Maintenance Windows (Preview). For more details, see About maintenance.

Workflows

Support for execution backlogging is available in Preview. Backlogged executions automatically run as soon as execution concurrency quota becomes available.

September 02, 2024

Backup and DR

Backup and DR Service added support to view mounted image logs in Cloud Logging.

Backup and DR Service added support to view mounted image reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.2 (2024-08-29)

Bug Fixes
  • ExecuteSelect now use provided credentials instead of GOOGLE_APP… (#3465) (cd82235)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3456) (f00977c)
  • Update actions/upload-artifact action to v4.3.5 (#3462) (e1c6e92)
  • Update actions/upload-artifact action to v4.3.6 (#3463) (ba91227)
  • Update github/codeql-action action to v2.26.6 (#3464) (2aeb44d)

2.42.1 (2024-08-27)

Bug Fixes
  • NPE for executeSelect nonFast path with empty result (#3445) (d0d758a)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3420) (d5ec87d)
  • Update actions/upload-artifact action to v4.3.5 (#3422) (c7d07b3)
  • Update actions/upload-artifact action to v4.3.5 (#3424) (a9d6869)
  • Update actions/upload-artifact action to v4.3.5 (#3427) (022eb57)
  • Update actions/upload-artifact action to v4.3.5 (#3430) (c7aacba)
  • Update actions/upload-artifact action to v4.3.5 (#3432) (b7e8244)
  • Update actions/upload-artifact action to v4.3.5 (#3436) (ccefd6e)
  • Update actions/upload-artifact action to v4.3.5 (#3440) (916fe9a)
  • Update actions/upload-artifact action to v4.3.5 (#3443) (187f099)
  • Update actions/upload-artifact action to v4.3.5 (#3444) (04aea5e)
  • Update actions/upload-artifact action to v4.3.5 (#3449) (c6e93cd)
  • Update actions/upload-artifact action to v4.3.5 (#3455) (fbfc106)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.49.0 (#3417) (66336a8)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.50.0 (#3448) (2c12839)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240714-2.0.0 (#3412) (8a48fd1)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3421) (91d780b)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3423) (16f350c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3428) (9ae6eca)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240803-2.0.0 (#3435) (b4e20db)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240815-2.0.0 (#3454) (8796aee)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.9.0 (c4afbef)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.53.0 (#3418) (6cff7f0)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.54.0 (#3450) (cc9da95)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3433) (801f441)
  • Update github/codeql-action action to v2.26.2 (#3426) (0a6574f)
  • Update github/codeql-action action to v2.26.3 (#3438) (390e182)
  • Update github/codeql-action action to v2.26.5 (#3446) (58aacc5)
Documentation
  • Update iam policy sample user to be consistent with other languages (#3429) (2fc15b3)
Cloud Composer

Added a new metric: composer.googleapis.com/workflow/task_instance/queued_duration. This metric is based on the dag.<dag_id>.<task_id>.queued_duration Airflow metric.

Fixed an issue where an upgrade of a PSC-based private IP environment failed leaving the environment in an inconsistent state.

(Cloud Composer 3) Fixed the cause of false-positive failures of Airflow Celery workers reported by the liveness health check.

The apache-airflow-providers-google package was upgraded to version 10.22.0 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.22.0.

The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.1 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.3.4 to version 8.4.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.6 (default)
  • composer-3-airflow-2.7.3-build.15

Cloud Composer 2.9.3 images are available:

  • composer-2.9.3-airflow-2.9.1 (default)
  • composer-2.9.3-airflow-2.7.3
Cloud Monitoring

You can now import Grafana dashboards into Cloud Monitoring by using the console. For more information, see Import Grafana dashboards into Cloud Monitoring.

Compute Engine

Generally available: You can use the performance monitoring unit (PMU) to monitor low-level CPU events and metrics in VMs that use a C4 machine type. Using the PMU is helpful to analyze and optimize the performance of the software running on your VM when running performance-sensitive workloads, such as high-performance computing (HPC) or machine learning (ML) workloads.

For more information, see the following pages:

Google SecOps SOAR

Release Notes 6.3.16 is now in General Availability.

Remote Agents 2.1.0 is now in General Availability.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.0 (2024-08-24)

Features
  • Add support for OTel context propagation and harmonized spans (#1833) (4b5c90d)

September 01, 2024

Cloud Data Fusion

Cloud Data Fusion version 6.8 is no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.

Google SecOps SOAR

Release Notes 6.3.17 is currently in Preview.

Last Close comment and Last Close Root Cause not showing up in BigQuery. (ID #00298031)

Alert names that are too long cover the time remaining on the alert SLA. (ID #52831259)

Unable to edit, delete or export custom integration (ID #52403533)

Multi Select option not working in Custom Actions. (ID #52874346)

Playbook shows failed step even though it's not being used by the playbook. (ID #00282731)

Playbook export contains archived blocks. (ID #00251935)

August 31, 2024

Access Approval

Access Approval supports Filestore in the GA stage.

August 30, 2024

Apigee X

On August 30, 2024, we released an updated version of Apigee (1-13-0-apigee-4).

Bug ID Description
N/A Updates to security infrastructure and libraries.
Artifact Registry

Updates to the Artifact Registry API are as follows:

Artifact Registry records metrics and logs for your projects. To explore the available Artifact Registry metrics and logs, view your project in the Metrics Explorer or the Logs Explorer.

For more information about metrics and logs, read Observability in Google Cloud.

Assured Workloads

Two new control packages are available in the GA stage:

  • Healthcare and Life Sciences Controls
  • Healthcare and Life Sciences Controls with US Support

These control packages replace the HIPAA and HITRUST Previews with a more robust set of controls for customers in the Healthcare and Life Sciences industries. For more information about these new controls, see Restrictions and Limitations for Healthcare and Life Sciences Controls.

Cloud Data Fusion

Excel plugin version 2.12.3 is available in Cloud Data Fusion 6.10.0 and later. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Excel plugin version 2.11.5 is available in Cloud Data Fusion 6.9 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Excel plugin version 2.10.3 is available in Cloud Data Fusion 6.8 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Cloud Database Migration Service

Database Migration Service for homogeneous migrations to Cloud SQL for SQL Server now supports differential backup files. For more information, see Supported types of backup files.

Compute Engine

Generally available: When applying a spread placement policy to VMs, you can specify the availability domain in which to place the VMs. Specifying an availability domain lets you decide how to physically locate VMs among each other, which can increase the reliability of your workload by placing VMs in different domains, or try to limit network latency among VMs by placing them in the same domain. Viewing the availability domains of your VMs is also useful for planning, deploying, or upgrading your application, as well as developing your availability SLAs.

For more information, see Create and apply spread placement policies to VMs.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Contact Center AI Platform

VPC Service Controls and private egress

You can now use VPC Service Controls with CCAI Platform to help mitigate the risk of data exfiltration from your contact center. When you include a CCAI Platform instance in a VPC Service Controls perimeter, the instance is restricted from exchanging data with Google Cloud services (such as Cloud Storage or Dialogflow) that are outside of the perimeter. You can further secure your instance by including Contact Center AI Platform API in your list of restricted services. You can then create an access level to allow access to only your own administrators. For more information, see VPC Service Controls.

In addition to private ingress, you can now use Private Service Connect to set up private egress from your CCAI Platform instances. For more information, see Set up private egress.

Generative AI on Vertex AI

Gen AI Evaluation Service is Generally Available. To learn more, see the Gen AI Evaluation Service overview.

Google Cloud Architecture Center

(New guide) Select a managed container runtime environment: Learn about managed runtime environments and assess your requirements to choose between Cloud Run and GKE Autopilot.

Google SecOps SIEM

The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.

Looker Studio

Community migration is complete

The Looker Studio Help community migration to Google Cloud is complete. To ask questions and participate in conversations with fellow Looker Studio users and experts, visit the new community.

Memorystore for Valkey

Preview release of Memorystore for Valkey.

Network Connectivity Center

Preset topologies and include export filters are generally available.

Preset topologies let you specify the connectivity configuration across all VPC spokes. You can choose between mesh or star preset topologies. Include export filters lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Service Catalog

Service Catalog now lets users provide a service account when they add or update a Terraform solution, deploy a new or existing Terraform solution, or deprovision a Terraform deployment, so that users can use their own managed service account to complete tasks with Service Catalog. For details, see Managing solutions and Changes to Cloud Build service accounts.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.65.0 (2024-07-29)

Features
  • spanner: Add RESOURCE_EXHAUSTED to retryable transaction codes (#10412) (29b52dc)
Bug Fixes
  • spanner/test: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner/test: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner/test: Update dependencies (257c40b)
  • spanner: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner: Fix negative values for max_in_use_sessions metrics #10449 (#10508) (4e180f4)
  • spanner: HealthCheck should not decrement num_in_use sessions (#10480) (9b2b47f)
  • spanner: Update dependencies (257c40b)

1.66.0 (2024-08-07)

Features
  • spanner: Add support of multiplexed session support in writeAtleastOnce mutations (#10646) (54009ea)
  • spanner: Add support of using multiplexed session with ReadOnlyTransactions (#10269) (7797022)

1.67.0 (2024-08-15)

Features
  • spanner/admin/database: Add resource reference annotation to backup schedules (#10677) (6593c0d)
  • spanner/admin/instance: Add edition field to the instance proto (6593c0d)
  • spanner: Support commit options in mutation operations. (#10668) (62a56f9)
Bug Fixes
  • spanner/test/opentelemetry/test: Update google.golang.org/api to v0.191.0 (5b32644)
  • spanner: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • spanner/admin/database: Add an example to filter backups based on schedule name (6593c0d)

Java

Changes for google-cloud-spanner

6.72.0 (2024-08-07)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (e859b29)
  • Add field order_by in spanner.proto (e859b29)
  • Add QueryCancellationAction message in executor protos (e859b29)
  • Add SessionPoolOptions, SpannerOptions protos in executor protos (e859b29)
  • Add support for multi region encryption config (e859b29)
  • Enable hermetic library generation (#3129) (94b2a86)
  • spanner: Add samples for instance partitions (#3221) (bc48bf2)
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (e859b29)
  • spanner: Set manual affinity incase of gRPC-GCP extenstion (#3215) (86b306a)
  • Support Read RPC OrderBy (#3180) (735bca5)
Bug Fixes
  • Make sure commitAsync always finishes (#3216) (440c88b)
  • SessionPoolOptions.Builder#toBuilder() skipped useMultiplexedSessions (#3197) (027f92c)
Dependencies
  • Bump sdk-platform-java-config to 3.33.0 (#3243) (35907c6)
  • Update dependencies to latest (#3250) (d1d566b)
  • Update dependency com.google.auto.value:auto-value-annotations to v1.11.0 (#3191) (065cd48)
  • Update dependency com.google.cloud:google-cloud-trace to v2.47.0 (#3067) (e336ab8)

6.73.0 (2024-08-22)

Features
  • Add option for cancelling queries when closing client (#3276) (95da1ed)
Bug Fixes
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3277) (c449a91)
  • Update dependency commons-cli:commons-cli to v1.9.0 (#3275) (84790f7)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.41.0 (#3269) (a7458e9)
  • Update dependency org.hamcrest:hamcrest to v3 (#3271) (fc2e343)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.11.0 (#3272) (1bc0c46)
  • Update opentelemetry.version to v1.41.0 (#3270) (88f6b56)
Documentation
  • Create a few code snippets as examples for using Spanner Graph using Java (#3234) (61f0ab7)

Node.js

Changes for @google-cloud/spanner

7.11.0 (2024-07-29)

Features

7.12.0 (2024-08-02)

Features

7.13.0 (2024-08-09)

Bug Fixes

7.14.0 (2024-08-14)

Features
  • spanner: Add resource reference annotation to backup schedules (#2093) (df539e6)
Bug Fixes
  • deps: Update dependency google-gax to v4.3.9 (#2094) (487efc0)

Python

Changes for google-cloud-spanner

3.48.0 (2024-07-30)

Features
  • Add field lock_hint in spanner.proto (9609ad9)
  • Add field order_by in spanner.proto (9609ad9)
  • spanner: Add support for txn changstream exclusion (#1152) (00ccb7a)
Bug Fixes

August 29, 2024

AlloyDB for PostgreSQL

Query federation between BigQuery and AlloyDB is now generally available (GA). This feature lets you use BigQuery to query data stored in AlloyDB databases.

Database server compatibility with PostgreSQL version 16 is now available in Preview. You can create AlloyDB clusters with PostgreSQL 16 compatibility.

Anthos Config Management

The spec.git and spec.enableLegacyFields fields of the ConfigManagement object have been removed. The spec.enableMultiRepo field is now set to true by default, automatically enabling the RootSync API. RootSync provides the same core functionality, along with additional features.

If you currently configure Git settings within a ConfigManagement object, to avoid disruptions, before upgrading you must migrate this configuration to a RootSync object.

Terraform version 5.41.0 introduced a new field to the google_gke_hub_feature_membership: config_sync.enabled. Because the default value of this field is false, it causes Config Sync installations to fail when Terraform is upgraded to version 5.41.0. For more information, including workarounds, see the known issue entry. This issue affects all supported Config Sync versions. This note was added on September 11, 2024.

Hierarchy Controller will not be available after December, 2024. After December, 2024, you can't install Hierarchy Controller and Config Sync will be blocked from upgrades if Hierarchy Controller is configured as a configmanagement fleet feature or through the ConfigManagement API. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller. This note was added on September 6, 2024 and edited on September 9, 2024 for clarification.

Optimized Config Sync resource usage by implementing watch filtering with ApplySet ("applyset.kubernetes.io/" labels and annotations). This reduces reconciler Deployment memory consumption by limiting events and cached objects to those relevant to the managed package. For more information on the resource usage optimization, see Config Sync Watch Filtering v1.18 vs v1.19.

Config Sync now enables loading files from directories beyond the Kustomize root during rendering. For more information, refer to Configure Kubernetes with Kustomize.

Improved support for private registries. If you've configured a private registry for your cluster, Config Sync now automatically detects and updates the image references within its reconciler Deployments to point to the corresponding images in your private registry.

Upgraded bundled Helm version from v3.14.4 to v3.15.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from 0.102.0 to 0.103.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed some inaccuracies in status updates and metrics reports.

BigQuery

The BigQuery Data Transfer Service now supports incremental transfers when you migrate your data from your Teradata data warehouses to BigQuery. This feature is generally available (GA).

Delta Lake BigLake tables are now generally available (GA). Delta Lake is an open source, tabular data storage format that supports petabyte scale data tables.

Dialogflow

Dialogflow CX & ES: Text-to-Speech Journey Voices will get an update in the week of Sept 3. If you select a journey voice in your agent Text-to-Speech settings (CX, ES), only LINEAR16 output audio_encoding (CX, ES) will be supported starting from Sept 3. This model update will also include slight variations in pauses, tone, and so on of the synthesized journey voices.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.0-gke.1930 runs on Kubernetes v1.30.3-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

  • For admin and user clusters created at 1.30 and later versions, loadBalancer.Kind needs to be set to either MetalLB or ManualLB.
  • For user clusters created at 1.30 and later versions, enableControlplaneV2 needs to be set to true.
  • The featureGates.GMPForSystemMetrics field in the stackdriver CR is now always on and can't be disabled. It has been default on since 1.16. If you have manually turned it off, this upgrade means a breaking change in some system metrics format. For information on changing this field, see Enabling and disabling Managed Service for Prometheus.

Version changes in 1.30.0-gke.1930:

  • Existing Seesaw load balancers now require TLS 1.2.
  • COS was upgraded to m109
  • Updated Dataplane V2 to use Cilium 1.13

Other changes in1.30.0-gke.1930:

  • Enhanced the upgrade process to include an automatic pre-upgrade check. Before you upgrade your admin or user cluster, the system runs this check to detect known issues. The check also provides guidance to ensure a smooth upgrade experience.
  • Ingress node ports are optional for ControlplaneV2 clusters.
  • Admin clusters created in 1.30 will use Dataplane V2, Google's Container Network Interface (CNI) implementation, which is based on Cilium.
  • Admin clusters upgraded to 1.30 from 1.29 will use Dataplane V2.
  • Removed mTLS on system metrics scrape endpoints, which makes it easier to integrate with 3rd party monitoring systems.
  • Stopped bundling cert-manager and removed the monitoring-operator because system components no longer depend on them. Cert-manager from existing 1.29 clusters will continue running, but stop being managed by Google after upgrading to 1.30. If you don't use cert-manager, you can delete cert-manager after upgrade. New clusters in 1.30 and higher won't come with cert-manager. If you rely on the bundled cert-manager for their own use case, you should install their own in new clusters.
  • The implementation of the preview feature usage metering has changed. Clusters using this feature will continue to function, but we recommend that you use the predefined dashboard, Anthos Cluster Utilization Metering, to understand resource usage at different levels.

​​The following issues were fixed in 1.30.0-gke.1930:

  • Fixed the known issue where cluster creation failed due to the control plane VIP in a different subnet.
  • Fixed the known issue where a user cluster with Binary Authorization failed to come up.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue where the admin cluster upgrade failed for clusters created on versions 1.10 or earlier.
  • Fixed the known issue where the Docker bridge IP used 172.17.0.1/16 for COS cluster control plane nodes.
  • Fixed the known issue where the HA admin cluster installation preflight check reported the wrong number of required static IPs.
  • Fixed the known issue that caused multiple network interfaces with the standard CNI didn't work.
  • Fixed a gkeadm preflight check that wasn't validating the VM folder.

The following vulnerabilities were fixed in 1.30.0-gke.1930:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.0-gke.1930

Google Distributed Cloud for bare metal 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.0-gke.1930 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.16 end of life: In accordance with the Version Support Policy, version 1.16 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.

New and updated features:

  • Preview: Added support for keyless mode for clusters. This feature uses short-lived tokens and Workload Identity Federation for your cluster and workload credentials, instead of the default long-lived service account keys and Kubernetes Secrets. This feature provides improved security and reduces credential maintenance.

  • Preview: Added support for Custom Scheduler Configuration for pods to automatically spread workloads across cluster nodes for increased reliability.

  • GA: Added support for admin and hybrid clusters to manage multiple versions of user clusters concurrently.

  • GA: Added support for node-level private registry configuration for workload images.

  • GA: Updated the bmctl update command to display the difference between the specs in the YAML cluster configuration file and the deployed Cluster resource. The diff covers the specs for both the Cluster resource and the NodePool resource.

  • GA: Added support for rolling back select node pool upgrades.

  • GA: Added support for specifying a session duration for Identity Service-issued tokens. You can set a session duration between 15 and 1440 minutes (24 hours). Shorter sessions provide better security (at the cost of more frequent reauthentication). Longer sessions reduce the frequency for reauthentication (at the cost of reduced security).

  • Preview: Updated the gcloud beta container fleet memberships get-credentials command to use a connect gateway preview feature that lets you run the kubectl attach, cp, and exec commands. For more information, see Limitations.

Functionality changes:

  • Updated the node pool upgrade behavior. Version 1.30 and higher clusters, support all node pool versions from the preceding two minor versions. The preview.baremetal.cluster.gke.io/two-minor-version-node-pool: enable annotation isn't required when upgrading clusters from version 1.29 to version 1.30.

  • Updated the bmctl version command to return the metadata image digest in the response. To print only the metadata image digest only, specify the new --option value metadata-digest.

  • Deprecated the spec.gkeVersion field in the Machine custom resource. Starting with version 1.30.0, the spec.gkeVersion field is set to empty. For accurate version information, use anthosBareMetalVersion (GDC for bare metal version) in the Cluster resource spec or gkeVersion (Kubernetes version) in the Cluster resource status.

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as Cluster, NodePool, BareMetalMachine, and BareMetalCluster.

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

  • Updated the stackdriver custom resource to remove the feature gate for using Managed Service for Prometheus for system metrics featureGates.GMPForSystemMetrics. This feature gate has defaulted to on (true) since version 1.16. If you have manually disabled using Managed Service for Prometheus for system metrics, upgrading to version 1.30 might be a breaking change for some system metrics formats.

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Updated GKE Identity Service custom resource definition to change the description for IdentityServiceOptions and improve formatting.

  • Added preflight checks for available disk space in specific directories:

    • During cluster creation, the following directories are checked:

      • / (the root directory) has at least 4 GiB of free space

      • /var/log/fluent-bit-buffers has at least 12 GiB of free space

      • /var/opt/buffered-metrics has at least 10016 MiB of free space

    • During a cluster upgrade, the following directory is checked:

      • / (the root directory) has at least 2 GiB of free space
  • GA: Adopted the GKE audit policy, instead of the previous unpopulated policy.

Fixes:

  • Fixed an issue where old, inoperable WebHook resources caused problems with cluster upgrades.

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.30.0-gke.1930:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.28.900-gke.112

Google Distributed Cloud for bare metal 1.28.900-gke.112 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.900-gke.112 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

Dynamic mute rules are generally available

Security Command Center now supports dynamic mute rules, which allow you to mute future and existing findings temporarily until a specified date or indefinitely until a finding no longer matches the configuration. We are adding these rules as an alternative to the original static mute rules that only mute future findings indefinitely.

We recommend using dynamic mute rules exclusively in your mute rule configurations. For instructions on how to migrate your existing mute rules to dynamic mute rules, see Migrate from static to dynamic mute rules.

For a comparison of static and dynamic mute rules, see Types of mute rules.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0 is now available for iOS.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 28, 2024

BigQuery

You can now use the GROUP BY clause and the SELECT DISTINCT clause with the ARRAY and STRUCT data types. This feature is in Preview.

The following Gemini in BigQuery features are now generally available (GA):

To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Phrase support for the SEARCH function is now generally available (GA).

Bigtable

The Preview of Data Boost for Bigtable has been expanded to let you use Data Boost compute resources when you read Bigtable data using a Spark application. For more information, see Use the Bigtable Spark connector.

Cloud Load Balancing

The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption. They continue to support modern forms of TLS resumption.

The TLS protocol supports an optimization which allows a client reconnecting to a server with which it has communicated before to perform a cheaper abbreviated handshake. This optimization is available in several modes, which include the modern PSK and ticket mechanisms, as well as the long-obsolete sessionID mechanism.

The Global external Application Load Balancer and the Classic Application Load Balancer are the only Google Cloud products that currently support the obsolete sessionID mechanism.

This sessionID mechanism is going to be disabled over the next 4-5 weeks. Clients that currently make use of sessionID will transparently fall back to full TLS handshakes. To recover the performance optimization gains, we recommend that you upgrade clients to modern TLS libraries which support the PSK or ticket mechanisms.

Cloud NGFW

You can use custom constraints to provide more granular and customizable control over specific fields for firewall policy resources. For more information, see Manage firewall policy resources by using custom constraints. This feature is available in General Availability.

Dataplex

Data insights is generally available (GA). Data insights offers an automated way to explore and understand your data. It uses Gemini to generate queries based on the metadata of a table, and helps you uncover patterns, assess data quality, and perform statistical analysis.

You generate data insights in BigQuery. You can view data insights in Dataplex and in BigQuery.

Google Kubernetes Engine

(2024-R32) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Regular channel

Stable channel

Extended channel

No channel

(2024-R32) Version updates

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

Vertex AI Agent Builder

Vertex AI Search: Turn off schema auto-detect for structured data

By default, schema auto-detect dynamically adds new properties to the schema when the property fields are detected on data import.

However, you can turn off the dynamic feature so that only data that corresponds to fields already in the schema get imported. This is good approach for not-so-clean data because you can choose not to import extraneous data that isn't part of your defined schema and that you don't want in your structured data store.

For more information, see About providing your own schema as a JSON object.

Vertex AI Search: Datetime and geolocation detection for structured data

By default, when structured data is imported, fields that are detected in datetime and geolocation format are assigned those types in the schema.

However, you can turn off datetime and geolocation detection so that in the schema the datetime fields are set to type string and the geolocation fields are set to type object.

For more information, see About providing your own schema as a JSON object.

August 27, 2024

Apigee X

Clarification: On July 26 we announced monetization support with data residency. Please note that monetization support with data residency is for non-hybrid organizations only at this time.

For more information, see Introduction to data residency.

Cloud Composer

(Cloud Composer 2) Starting on September 26, 2024, all Cloud Composer environments within a VPC SC perimeter will have no access to public PyPI repositories by default. For details about installing PyPI packages in the VPC SC mode, see Installing PyPI packages.

Cloud Run

The following Cloud Run volume types are now generally available (GA):

  • Mounting an NFS file share as a volume for Cloud Run services and jobs .
  • Mounting a Cloud Storage bucket as a storage volume for Cloud Run services and jobs.
Google Kubernetes Engine

Starting from version 1.30.3-gke.1451000, new and upgraded GKE clusters support the GKE Metrics Server updates where the addon-resizer runs in the cluster's control plane instead of worker nodes.

Security Command Center

Documentation is available for the Security Posture REST API.

Sensitive Data Protection

Regional endpoints are available for Sensitive Data Protection. Regional endpoints help you meet data residency requirements by keeping data at rest, in use, and in transit within your specified region. For more information, see Global and regional endpoints for Sensitive Data Protection.

Regional endpoints for Sensitive Data Protection are available in the following regions:

  • australia-southeast1
  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-northeast3
  • asia-south1
  • asia-south2
  • asia-southeast1
  • asia-southeast2
  • europe-central2
  • europe-north1
  • europe-southwest1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • europe-west6
  • europe-west8
  • europe-west9
  • me-central1
  • me-central2
  • me-west1
  • southamerica-east1
  • southamerica-west1
  • northamerica-northeast1
  • northamerica-northeast2
  • us-central1
  • us-east1
  • us-east4
  • us-east5
  • us-south1
  • us-west1
  • us-west2
  • us-west3
  • us-west4

August 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

Apigee X

On, August 26, 2024, Apigee announced the GA launch of its non-VPC provisioning option.

With the non-VPC peering provisioning approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects. Non-VPC peering is supported for command-line (CLI) steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.

To learn more, see Apigee networking options.

BigQuery

You can now create remote models in BigQuery ML based on the Anthropic Claude model in Vertex AI.

Use the ML.GENERATE_TEXT function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. Try this feature with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

This feature is in preview.

You can now use EXPORT DATA statements to directly export BigQuery data to Bigtable (reverse ETL). This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.43.0 (2024-08-22)

Features
  • Add fields and the BackupType proto for Hot Backups (#2300) (acaa3ff)
  • Allow non default service account in DirectPath (#2312) (09d0f23)
  • bigtable: Remove deprecated Bytes from BigEndianBytesEncoding (#2309) (32f244f)
  • Enable hermetic library generation (#2234) (169aea5)
Bug Fixes
  • Add missing call to EqualsTester#testEquals (#2307) (8b49f9c)
Dependencies
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • GKE On-prem API
    • gkeonprem.googleapis.com/BareMetalCluster
    • gkeonprem.googleapis.com/BareMetalNodePool
    • gkeonprem.googleapis.com/VmwareCluster
    • gkeonprem.googleapis.com/VmwareNodePool

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Controls Partner APIs
    • cloudcontrolspartner.googleapis.com/Partner
    • cloudcontrolspartner.googleapis.com/Customer
    • cloudcontrolspartner.googleapis.com/Workload
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.1 (2024-08-22)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#1677) (dbd050c)

Python

Changes for google-cloud-logging

3.11.2 (2024-08-15)

Bug Fixes
  • deps: Require google-cloud-appengine-logging>=0.1.3 (550abca)
  • deps: Require google-cloud-audit-log >= 0.2.4 (550abca)
  • deps: Require opentelemetry-api>=1.9.0 (550abca)
  • Fixed type hinting issue with specifying Transport class (#930) (e2875d6)
Cloud Run

You can now configure traffic routing between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services using Cloud Service Mesh service routing APIs. Cloud Run also automatically authenticates calls to destination services using service account credentials (In Preview).

Cloud Run functions

The Cloud Run functions (cloud functions v2 API) build process now supports cross-project Artifact Registry repositories for greater configurability. This support is at the Preview release level.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.42.0 (2024-08-19)

Features
  • Enable grpc.lb.locality label for client-side metrics (#2659) (b681ee0)
Bug Fixes
  • Update modified field handling for blob and bucket with json transport to properly clear fields (#2664) (e2f5537), closes #2662
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#2673) (453c29a)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.45.0 (#2667) (1f66dff)
Container Optimized OS

cos-dev-121-18632-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.47 v24.0.9 v1.7.20 See List

Upgraded app-admin/google-guest-agent to v20240816.00.

Upgraded app-admin/fluent-bit to v3.1.6.

Upgraded chromeos-base/shill-client to v0.0.1-r4654.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.

Upgraded chromeos-base/debugd-client to v0.0.1-r2710.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.

Upgraded dev-db/sqlite to v3.46.1.

Upgraded sys-fs/xfsprogs to v6.9.0.

Upgraded net-dns/c-ares to v1.33.0.

Upgraded sys-apps/gentoo-functions to v1.7.2.

Updated the Linux kernel to v6.6.47.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 811814 -> 811752

cos-101-17162-528-16

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2023-0597 in the Linux kernel.

Fixed CVE-2024-42154 in the Linux kernel

Fixed CVE-2024-41087 in the Linux kernel

Fixed CVE-2024-42247 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 813025 -> 813018
  • Changed: kernel.threads-max: 63552 -> 63551
  • Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
  • Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
  • Changed: user.max_cgroup_namespaces: 31776 -> 31775
  • Changed: user.max_ipc_namespaces: 31776 -> 31775
  • Changed: user.max_mnt_namespaces: 31776 -> 31775
  • Changed: user.max_net_namespaces: 31776 -> 31775
  • Changed: user.max_pid_namespaces: 31776 -> 31775
  • Changed: user.max_time_namespaces: 31776 -> 31775
  • Changed: user.max_user_namespaces: 31776 -> 31775
  • Changed: user.max_uts_namespaces: 31776 -> 31775

cos-beta-117-18613-0-10

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Upgraded app-admin/fluent-bit to v3.1.6.

Upgraded sys-apps/pv to v1.8.12.

Updated google-osconfig-agent to v20240822.00.

cos-105-17412-448-16

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2023-0597 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812707 -> 812685
  • Changed: kernel.threads-max: 63552 -> 63551
  • Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
  • Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
  • Changed: user.max_cgroup_namespaces: 31776 -> 31775
  • Changed: user.max_ipc_namespaces: 31776 -> 31775
  • Changed: user.max_mnt_namespaces: 31776 -> 31775
  • Changed: user.max_net_namespaces: 31776 -> 31775
  • Changed: user.max_pid_namespaces: 31776 -> 31775
  • Changed: user.max_time_namespaces: 31776 -> 31775
  • Changed: user.max_user_namespaces: 31776 -> 31775
  • Changed: user.max_uts_namespaces: 31776 -> 31775

cos-109-17800-309-24

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated google-osconfig-agent to v20240822.00.

cos-113-18244-151-27

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated google-osconfig-agent to v20240822.00.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.0 (2024-08-20)

Features
  • dataflow: Add support for Go 1.23 iterators (84461c0)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.115-debian10, 2.0.115-rocky8, 2.0.115-ubuntu18
  • 2.1.63-debian11, 2.1.63-rocky8, 2.1.63-ubuntu20, 2.1.63-ubuntu20-arm
  • 2.2.29-debian12, 2.2.29-rocky9, 2.2.29-ubuntu22
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.19.0 (2024-08-22)

Features

1.18.0 (2024-08-21)

Features
  • datastore: Add support for Go 1.23 iterators (84461c0)
  • datastore: Start generating datastorepb protos (946a5fc)
Bug Fixes
  • datastore: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • datastore: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • datastore: Ignore field mismatch errors (#8694) (6625d12)
  • datastore: Update dependencies (257c40b)
  • datastore: Update google.golang.org/api to v0.191.0 (5b32644)

Java

Changes for google-cloud-datastore

2.21.2 (2024-08-22)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#1547) (8c5f595)
Generative AI on Vertex AI

For controlled generation, you can have the model respond with an enum value in plain text, as defined in your response schema. Set the responseMimeType to text/x.enum. For more information, see Control generated output.

Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

Google Distributed Cloud (software only) for bare metal

Release 1.16.12

Google Distributed Cloud for bare metal 1.16.12 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.12 runs on Kubernetes 1.27.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Looker

To create a Looker (Google Cloud core) instance with Private Service Connect, it is no longer necessary to be added to an allowlist.

Network Intelligence Center

Network Analyzer now includes an insight indicating that the next hop IP address is not assigned to any forwarding rule in the relevant networks. This insight is already available in the Recommender API. For more information, see routes with an invalid next hop insight.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.6.0 (2024-07-12)

Features
  • Add max messages batching for Cloud Storage subscriptions (#1956) (90546f6)
  • Add use_topic_schema for Cloud Storage Subscriptions (#1948) (120fa1b)
Bug Fixes
  • docs samples: Update missing argv in sample metadata for push subscription (#1946) (34b8c03)

Go

Changes for pubsub/apiv1

1.42.0 (2024-08-19)

Features
Bug Fixes
  • pubsub: Update google.golang.org/api to v0.191.0 (5b32644)

Java

Changes for google-cloud-pubsub

1.132.1 (2024-08-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.42.0 (#2140) (80dca35)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#2141) (273fbf3)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.3 (#2127) (8523b4f)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.10.6 (#2135) (102ff84)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.0 (2024-08-20)

Features
  • secretmanager: Add support for Go 1.23 iterators (84461c0)

August 23, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Apigee API hub

On August 23, 2024, we updated the Preview release of Apigee API hub.

You can now edit an uploaded API specification's metadata through the Cloud console. See Edit specification metadata.

You can now choose in the Cloud console to restrict the upload of an API specification file that contains errors. By default, specs containing errors are uploaded. See Add a spec to an existing version.

When an Apigee API proxy is auto-registered, its deployment type is now labeled either Apigee X or Apigee hybrid. Existing Apigee proxy deployments registered with API hub will also be labeled with the appropriate type. See Auto-register Apigee proxies.

All API proxy endpoints auto-registered from Apigee will be prefixed with https:// by default. Endpoints for existing API proxies that were added to API hub will be updated.

A validation check has been added to reject an API specification style guide upload if the style guide's extends property contains a URL. See Upload a new style guide.

User interface and performance improvements were made.

Provisioning improvements were made to address potential failures.

Apigee hybrid

hybrid v1.13.0

On August 23, 2024 we released an updated version of the Apigee hybrid software, v1.13.0.

Storing additional secrets in an external secret store

Starting in version v1.13, You can now store AX Hash Salt, Redis password, and Encryption keys in an external secret store like Hashicorp Vault. See Storing Secrets in Vault.

Apigee Operator now runs in the Apigee Kubernetes namespace

Starting in version v1.13, apigee-operator runs in the same name space as the other Apigee hybrid components instead of the apigee-system namespace. You can use apigee or your own custom Apigee namespace. See Upgrading Apigee hybrid to version v1.13.0 and Step 3: Create the apigee namespace.

Improved backup and restore

Starting in version v1.13.0, Apigee hybrid introduces a new backup and restore system. The new system removes the need for pod exec permission and use of a Kubernetes ClusterRole, and requires fewer Kubernetes Service Accounts when using Workload Identity. The new system replaces use of the apigee-cassandra-backup-utility image by using the apigee-hybrid-cassandra-client image. The apigee-cassandra-backup-utility image will no longer be provided starting with this release. See Scheduling backups in a remote server.

Leader election enabled for apigee-watcher component

Starting in version v1.13.0, leader election is enabled for the apigee-watcher component. For proper functioning of the leader election, make sure that the apigee-watcher component uses only one replica set.

Bug ID Description
352070616 Update Go language version.
351868444 Tolerations are now working for Redis's Envoy pod. (Fixed in 1.12.1-hotfix.1)
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. (Fixed in 1.11.2-hotfix.1)
347798999 Fixed issue preventing configuration of forward proxy for opentelemetry pods. (Fixed in Apigee hybrid v 1.12.1)
346589998 Check Cassandra DNS hostname resolution during Hybrid region expansion.
345501069 Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting. (Fixed in Apigee hybrid v 1.12.1)
341797795 Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided. (Fixed in Apigee hybrid v 1.12.1)
340889560 Added csi to the apigee-logger SCC. (Fixed in Apigee hybrid v 1.12.0-hotfix.1)
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways. The default value is 75. (Fixed in Apigee hybrid v 1.12.1)
339849002 Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore. (Fixed in Apigee hybrid v 1.12.0-hotfix.1)
324779388 Improved error handling for backup and restore. (Fixed in Apigee hybrid v 1.12.1)
311489774 Removed inclusion of Java in Cassandra client image.. (Fixed in Apigee hybrid v 1.12.1)
310338146 Fixed invalid download directory output from the create-service-account tool. (Fixed in Apigee hybrid v 1.12.1)
300135626 Removed inclusion of Java in Cassandra Backup Utility image. (Fixed in Apigee hybrid v 1.12.1)
297539870 HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets. (Fixed in 1.11.2-hotfix.2)
239523766 Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy (Fixed in Apigee hybrid v 1.12.1)
181569113 Fixed an issue in new debug session creation. (Fixed in Apigee hybrid v 1.11.2)
Bug ID Description
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerability:
N/A Security fixes for apigee-connect-agent.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-envoy.
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerability:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-operators.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerability:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerability:
N/A Security fixes for apigee-watcher.
This addresses the following vulnerability:
N/A Security fixes for cassandra-backup-utility.
This addresses the following vulnerability:
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Vertex AI
    • aiplatform.googleapis.com/NotebookExecutionJob
Cloud Vision

New label detection model

An improved model is now available for Label Detection. Along with the improved model, the topicality field is now populated correctly.

Specify "builtin/latest" in the model field of a Feature object to use the new model. We'll support both the current model and the new model the next 90 days. After 90 days, the new models will become the default. The current models can still be accessed by specifying "builtin/legacy" for an additional 90 days before they are deprecated.

Compute Engine

Generally available: Hyperdisk Storage Pools with Advanced Performance provisioning help you to manage the performance needs of your Hyperdisk Balanced and Hyperdisk Throughput disks. By creating your disks in a storage pool, you can provision your disks to handle peak performance spikes while also optimizing costs. For more information, see Provisioning types for Hyperdisk Storage Pools.

Document AI

Model pretrained-foundation-model-v1.3-2024-08-31 is available as a Release Candidate (RC) for custom extractor. Recommended for those who want the lowest latency and best speed.

For more information about available models, see Custom extractor model versions.

Model pretrained-ocr-v2.1-2024-08-07 is available as RC version of the Document AI OCR 2.1 processor. It has three key improvements:

  • Better printed text recognition.
  • More precise checkbox detection.
  • More accurate reading order.
Memorystore for Redis Cluster

Added support for Node level monitoring metrics.

Secret Manager

You can now create regional secrets using Secret Manager. When you create a regional secret, you specify the location where you want it to be stored. Your secret data remains within the chosen location at all times, whether it's at rest, in use, or in transit. This capability allows you to meet data residency requirements, which mandate that data remains within specified geographic boundaries, often due to regulatory or compliance reasons. The feature is in Preview.

For more information, see Data residency and regional secrets.

Vertex AI Agent Builder

Vertex AI Search: Connect Google Cloud Storage datasets to Vertex AI Search (Public preview)

You can create Vertex AI Search data stores that periodically sync with data in Cloud Storage datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.

Synchronizing Cloud Storage data to Vertex AI Search is available in Public preview. For more information, see Import from Cloud Storage.

Virtual Private Cloud

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.

The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.

August 22, 2024

AlloyDB for PostgreSQL

AlloyDB Omni now offers in-depth documentation that describes how to install and use AlloyDB Omni in virtual machine (VM) environments. The information in these documents is in addition to the AlloyDB Omni documentation that describes how to install and use AlloyDB Omni in VM and Kubernetes environments. For more information, see Get started with AlloyDB Omni on VMs.

The extension temporal_tables version 1.2.2 has been added to extensions supported by AlloyDB.

The following extensions are updated:

  • Updated pg_partman to version 4.7.4.
  • Updated pgtt to version 3.0.0.
Apigee Integrated Portal

On August 22, 2024 we released a new version of the Apigee integrated portal.

Bug ID Description
350546059 Fixed an issue when displaying OpenAPI Specs in the portal that caused the Example button to show even when no example was present.
Application Integration

New canvas view

In the integration editor layout, you can try the new canvas view to create integration flows. This feature is in preview. The canvas view offers the following benefits:

  • Improved responsiveness of the canvas interaction
  • Clearer view of your integration
  • Minimap view
  • Easier to build integrations
Cloud Composer

(Cloud Composer 3) Fixed the dags backfill Airflow CLI command that was failing with a connection error.

Fixed a bug where executing Airflow CLI commands produced output that was not human-readable.

The apache-airflow-providers-google package was upgraded to version 10.21.1 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.21.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.5
  • composer-3-airflow-2.7.3-build.14

Cloud Composer 2.9.2 images are available:

  • composer-2.9.2-airflow-2.9.1 (default)
  • composer-2.9.2-airflow-2.7.3

Cloud Composer version 2.4.1 has reached its end of support period.

Cloud Monitoring

Cloud Monitoring has ended support for the ingestion of AWS CloudWatch metrics by using AWS connector projects. This is a breaking change. For information about this deprecation, see Deprecations: AWS CloudWatch metrics in Connector projects.

You can continue to collect AWS CloudWatch metrics by using the open source Prometheus CloudWatch exporter and the Ops Agent. For information about this solution, see Collect AWS CloudWatch metrics by using the Prometheus CloudWatch exporter.

Cloud Run

Cloud Run is now supported by Sovereign Controls by Partners. The set of packages and features provided by Sovereign Controls by Partners lets you use Cloud Run while meeting digital sovereignty requirements and managing your workloads with data sovereignty guarantees.

Cloud Service Mesh

The onboarding path for Managed Cloud Service Mesh with asmcli is deprecated as of August 22, 2024, and support will end in February 2025. This change affects only Google Cloud clusters. Any off-Google Cloud clusters will continue to use asmcli.

To ensure this transition is as smooth as possible, use the gcloud or Cloud Console onboarding paths when creating new clusters before February 2025.

For clusters with existing Cloud Service Mesh deployments, no immediate action is required from you and those deployments remain fully supported.

1.20.8-asm.6 is now available for in-cluster Cloud Service Mesh.

You can now download 1.20.8-asm.6 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh 1.20.8-asm.6 uses Envoy v1.28.5.

1.21.5-asm.5 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.5 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh 1.21.5-asm.5 uses Envoy v1.29.7.

1.22.4-asm.0 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.4-asm.0 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.4 subject to the list of supported features. Cloud Service Mesh 1.22.4-asm.0 uses Envoy v1.30.4.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.77
  • 1.2.21
  • 2.0.85
  • 2.2.21

Dataproc Serverless for Spark: Subminor version 2.0.85 is the last release of runtime version 2.0, which will no longer be supported and will not receive new releases.

Generative AI on Vertex AI

AI21 Labs

Managed models from AI21 Labs are available on Vertex AI. To use a AI21 Labs model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see AI21 models.

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Conditional formatting for collapsed pivot table charts

You can now apply single color conditional formatting to collapsed pivot table charts.

August 21, 2024

Artifact Registry

The following Artifact Registry Cloud Audit Log method names have changed:

  • Docker-EmptyTarBlob is renamed Docker-ServeBlob
  • Docker-GetEmptyTags is renamed Docker-GetTags
  • Docker-HeadEmptyTarBlob is renamed Docker-HeadBlob
  • Kfp-UploadPackage-Redirect is renamed Kfp-UploadPackage
  • Apt-ViewRemoteIndexFile is renamed to indicate the type of file requested:
    • Apt-ViewIndexFile: when a repository metadata file is requested
    • Apt-Contents: when the Contents index file for a specific repository component and architecture type is requested
    • Apt-ViewArchIndexFile: when the Packages index file for a specific repository component and architecture type is requested
  • Apt-ViewRemotePackageFile is renamed Apt-ViewPackageFile
  • Yum-ViewUpstreamFile is renamed to indicate the type of file requested:
    • Yum-ViewIndexKey: when the public key for signing Yum packages is requested
    • Yum-ViewIndexFile: when one of a repository's index files is requested
    • Yum-ViewPackageFile: when a Yum package file is requested

For more information on Artifact Registry logs, see Audit Logging.

BigQuery

Python code completion is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Certificate Manager

You can now update the "labels" and "descriptions" of your certificate issuance configurations using the Google Cloud CLI or API. For more information, see Manage certificate issuance configuration.

Regional Google-managed certificates are now generally available (GA). For more information, see Certificate Manager overview.

Support for managing certificates independently in each project with separate authorization is now generally available (GA). For more information, see Manage DNS authorizations.

Cloud Run

You can now configure GPU in your Cloud Run service (Preview).

You can now deploy functions in Cloud Run (Preview). Functions that were created using the Cloud Functions v2 API can now be directly updated in Cloud Run. Note that you must use Google Cloud SDK 489.0.0 version or later if using the gcloud CLI.

Learn more about the different use cases for deploying functions.

Cloud Run now provides security updates for services that are deployed from source when you specify the runtime base image (Preview). Automatic security updates are enabled by default for functions. For details, see Configure automatic base image updates.

Cloud Run functions

Cloud Functions has been renamed to Cloud Run functions.

  • Cloud Functions (1st gen) is now known as Cloud Run functions (1st gen).
  • Cloud Functions (2nd gen) is now known as Cloud Run functions.

Learn more in the blog post.

You can also deploy new functions, and modify existing functions that were created with the Cloud Functions v2 API in Cloud Run. This enables you to customize your function as you would a Cloud Run service.

Document AI

Date and Currency Normalization for custom extractor

With this release, the model will deduce the region information from the document and use it to disambiguate the date and currency formats in the following ways:

  • This release will enable the support of region based date and currency normalization of entities with datetime and currency data types in Custom Document Extractor (CDE) Generative AI based processor versions v1.1 and v1.2.
  • Currently CDE Generative AI based processor supports date and currency normalization but it defaults to US date format and USD respectively in case the values are ambiguous. In other words, if a date can be parsed in mm/dd/yyyy and dd/mm/yyyy formats, it will use mm/dd/yyyy format for normalization. Similarly if $ can be mean USD or CAD, it would default to USD.

For more information, go to the Entity Normalization page.

Google Kubernetes Engine

GKE support for Hyperdisk ML as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.30.2-gke.1394000 and later.

Migrate to Virtual Machines

On April 30, 2024, the 4.x versions of Migrate for Compute Engine reached end of life, and the product was deprecated on Google Cloud.

To migrate your virtual machines (VMs) to Compute Engine, use Migrate to Virtual Machines.

Secret Manager

You can attach tags to secrets to conditionally grant or deny access to Secret Manager resources. For example, you can conditionally grant Identity and Access Management (IAM) roles based on whether a secret has a specific tag. This feature is in Preview. For more information, see Create and manage tags.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0 is now available for Android.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 20, 2024

Access Transparency

Access Transparency supports Colab Enterprise in the GA stage.

Access Transparency supports Cloud Interconnect in the GA stage.

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

Backup and DR

Backup and DR Service hotfixes hf-11.0.12.3217, hf-11.0.12.3218, and hf-11.0.12.3219 automatically update backup/recovery appliances. These hotfixes address the following issues:

  • Oracle DB application backups wait indefinitely for in-progress log backups to complete. These log backups, in turn, cannot obtain a lock mutex to discover the backup staging LUNs, resulting in an indefinite hang. This issue occurs when the size of the application transaction logs exceeds the log backup staging size.
  • Cloud stats are repeatedly logged into the enginemgr log and increase log usage.
BigQuery

You can now perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models. This feature lets you detect anomalies in historical time series data or in new data with multiple feature columns. You can try this feature by using the Perform anomaly detection with a multivariate time-series forecasting model tutorial. This feature is generally available (GA).

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Config Controller

Config Controller now uses the following versions of its included products:

Container Optimized OS

cos-beta-117-18613-0-3

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Updates to Major Packages:

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-admin/google-guest-configs to v20240607.00.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-agent to v20240716.00.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Upgraded go to version 1.22.3.

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded app-emulation/cloud-init to v23.4.3.

Updated sys-apps/systemd to v254.9.

Updated app-emulation/kubernetes to v1.30.3.

Updated docker-credential-gcr to v2.1.22.

Updated app-containers/runc to v1.1.12.

Updated net-misc/openssh to v9.6_p1-r1.

Updated toolbox to v20230714.

Upgraded app-admin/fluent-bit to v3.1.3.

New Features and Changes in the Linux Kernel:

Runtime sysctl changes:

  • Added: dev.tty.legacy_tiocsti: 1
  • Added: kernel.io_uring_group: -1
  • Added: kernel.kexec_load_limit_panic: -1
  • Added: kernel.kexec_load_limit_reboot: -1
  • Added: kernel.loadpin.enforce: 1
  • Added: net.core.mem_pcpu_rsv: 256
  • Added: net.core.rps_default_mask: 00
  • Added: net.ipv4.tcp_plb_cong_thresh: 128
  • Added: net.ipv4.tcp_plb_enabled: 0
  • Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
  • Added: net.ipv4.tcp_plb_rehash_rounds: 12
  • Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Added: net.ipv4.tcp_shrink_window: 0
  • Added: net.ipv4.tcp_syn_linear_timeouts: 4
  • Added: net.ipv4.udp_child_hash_entries: 0
  • Added: net.ipv4.udp_hash_entries: 4096
  • Added: net.ipv6.conf.all.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.default.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
  • Added: net.ipv6.icmp.error_anycast_as_unicast: 0
  • Added: vm.memfd_noexec: 0
  • Added: kernel.io_uring_disabled: 0
  • Added: fs.overflowgid: 65534
  • Changed: net.core.optmem_max: 131072 -> 20480
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811776 -> 811724
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3

Added support for iSCSI targets and RAM block devices.

Added support for dm-zero and dm-clone.

Enabled support for MGLRU in the Linux kernel.

Enabled vrf, ip_gre, and ip6_gre modules.

Updated the Linux kernel to v6.6.44.

New Features and Changes in the Image:

Disable NVIDIA persistence mode with -no-verify flag

Added support for TPU v6 devices.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Mount efivarfs fs by default on EFI-enabled systems.

Added igzip CLI tool.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Removed support for NVIDIA 470 drivers.

Fixed bug that cause constant restarts in fluent-bit stackdriver plugin.

Installed the google_optimize_local_ssd script.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Added NVIDIA GPU drivers R550 branch and updated latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Fixed integrity-fs dm-crypt creation flakiness.

Added automatic generation of known modules list to image build process.

Included nvidia plugin into sosreport.

Fixed a time-to-login slowdown introduced by cloud-init changes.

Changed default umask value for a user to 027.

Removed legacy logging agent (fluentd).

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Enhanced integrity-fs with disk resize and dm-clone.

Removed deprecated R525 NVIDIA GPU drivers.

Added more service logs to the default Cloud Logging configuration.

Allow GPU driver installation on dev-channel images without the -test flag.

CVE/Security Fixes:

Fixed CVE-2024-39894 in net-misc/openssh.

Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-34459 in the libxml2 package.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Upgraded docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.

Fixed CVE-2023-40551 in sys-boot/shim.

Fixed CVE-2023-40547 in sys-boot/shim.

Updated dev-libs/openssl to v3.0.14. This resolves CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-23851 in the Linux kernel.

Fixed CVE-2024-21626 in app-containers/runc.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.

Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed CVE-2023-4016 in sys-process/procps.

Fixed CVE-2023-1255 in the dev-libs/openssl package.

Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Fixed CVE-2024-39472 in the linux kernel.

Updates for Minor Packages:

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.97.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0-r1.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Upgraded sys-apps/rootdev to v0.0.1-r50.

Upgraded dev-util/puffin to v1.0.0-r451.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded dev-python/jinja to v3.1.4.

Upgraded net-libs/gnutls to v3.8.6.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded sys-apps/less to v661.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded net-libs/libtirpc to v1.3.4-r2.

Upgraded sys-apps/gentoo-functions to v1.6.

Upgraded net-misc/wget to v1.24.5.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Removed net-libs/grpc.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Updated dev-go/pprof to v0.0.0_p20230811.

Updated dev-go/go-tools to v0.16.2_p20231218.

Updated dev-go/term to v0.15.0.

Updated dev-go/go-sys to v0.15.0.

Updated dev-go/sync to v0.5.0.

Updated dev-go/mod to v0.14.0.

Updated dev-go/demangle to v0.0.0_p20230524.

Updated dev-go/go-arch to v0.6.0.

Upgraded chromeos-base/vm_protos to v0.0.1-r563.

Upgraded chromeos-base/hiberman-client to v0.0.1-r470.

Upgraded app-benchmarks/bootchart to v0.9.2-r5.

Downgraded app-misc/ca-certificates to v20230311.3.96.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded net-misc/chrony to v4.5.

Upgraded chromeos-base/system_api to v0.0.1-r5653.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Upgraded sys-fs/squashfs-tools to v4.6.1.

Upgraded sys-apps/sandbox to v2.29-r1.

Upgraded app-arch/xz-utils to v5.4.6-r1.

Upgraded dev-util/bsdiff to v4.3.1-r42.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-apps/coreutils to v9.3-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/file to v5.45-r4.

Upgraded sys-libs/timezone-data to v2024a.

Upgraded sys-libs/zlib to v1.3.1-r1.

Updated gzip to v1.13-r1.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/libcap-ng to v0.8.4-r1.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded sys-libs/gdbm to v1.24.

Updated protobuf-legacy-api to v1.5.4.

cos-dev-121-18623-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.46 v24.0.9 v1.7.20 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Updated app-emulation/kubernetes to 1.30.3.

Upgraded app-admin/google-guest-agent to v20240716.00.

Upgraded app-admin/fluent-bit to v3.1.3.

Upgraded app-emulation/kubernetes to 1.29.7.

Upgraded app-containers/containerd to 1.7.20.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.

Upgraded chromeos-base/debugd-client to v0.0.1-r2708.

Upgraded chromeos-base/shill-client to v0.0.1-r4637.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-apps/gentoo-functions to v1.7.1.

Upgraded dev-libs/nss to v3.103.

Upgraded sys-apps/pv to v1.8.12.

Upgraded app-arch/gzip to v1.13-r1.

Upgraded net-libs/gnutls to v3.8.6.

Upgraded net-misc/rsync to v3.3.0-r1.

Upgraded sys-apps/less to v661.

Upgraded sys-libs/gdbm to v1.24.

Upgraded dev-libs/nss to v3.102.

Upgraded the Linux kernel to v6.6.46.

Added more service logs to the default Cloud Logging configuration.

Allowed GPU driver installation on dev-channel images without the -test flag.

Updated protobuf-legacy-api to v1.5.4.

Downgraded sys-apps/ethtool to v6.7.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Runtime sysctl changes:

  • Changed: fs.file-max: 811776 -> 811814
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-113-18244-151-23

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Upgraded sys-apps/pv to v1.8.12.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Fixed CVE-2024-6602 in dev-libs/nss

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812026 -> 812045
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-109-17800-309-20

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-6602 in dev-libs/nss.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812257 -> 812229
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-105-17412-448-12

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-6602 in dev-libs/nss.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812708 -> 812707

Deep Learning Containers

M124 release

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 container images are now available.
Deep Learning VM Images

M124 release

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 VM images are now available.
Google Kubernetes Engine

1.31 is now available in the Rapid channel

Kubernetes 1.31 is now available in the Rapid channel. For more information about the content of Kubernetes 1.31, read the Kubernetes 1.31 Release Notes.

New features

The following features are new in Kubernetes 1.31:

Deprecated APIs in 1.31

  • The following Beta versions of graduated APIs were deprecated in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.29, will no longer be served in 1.32
      • instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29
  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

Deprecated in-tree volume support

  • The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated since 1.28 and are removed in 1.31.
  • To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type.

    • kubectl describe pv | egrep \-i 'Type: \*(RBD|CephFS)'
    • kubectl describe pod \-A | egrep \-i 'Type: \*(RBD|CephFS)'
  • Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided at https://github.com/ceph/ceph-csi/), or a Google Cloud-managed solution like Filestore.

  • For more information, refer to the OSS Kubernetes announcement and https://github.com/ceph/ceph-csi/

(2024-R31) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1051000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.

Regular channel

  • Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

Stable channel

  • Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

Extended channel

  • Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

No channel

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

The C4 machine family is generally available in the following versions:

  • Standard clusters in version 1.29.2-gke.1521000 and later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.
  • Autopilot clusters in 1.30.3-gke.1225000 and later. To use this family in GKE Autopilot, you can use the Performance compute class when scheduling your workloads.
  • Cluster autoscaler and node auto-provisioning are supported in 1.30.3-gke.1225000 and later.

(2024-R31) Version updates

  • Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R31) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R31) Version updates

  • Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R31) Version updates

(2024-R31) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1051000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.
Pub/Sub

BigQuery subscriptions with use table schema enabled now support type conversions for DATE, TIME, DATETIME, TIMESTAMP, NUMERIC, and BIGNUMERIC data types. For more information about these conversions, see the Use table schema documentation.

Pub/Sub has increased the limit on schema definition size to 300 KB. For more information, see Resource limits.

Cloud Storage subscriptions now support using the schema of the Pub/Sub topic to which the subscription is attached when writing Avro files. For more information, see the file format documentation.

Secret Manager

Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA). With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. You can install the Secret Manager add-on on both Standard clusters and Autopilot clusters. The Secret Manager add-on is a Google managed and officially supported version of the open source Kubernetes Secrets Store CSI driver.

For more information, see Use Secret Manager add-on with Google Kubernetes Engine.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Workbench

M124 release

The M124 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.

August 19, 2024

Access Transparency

Access Transparency supports Filestore in the GA stage.

Apigee X

Timeouts when deploying API proxies and shared flows

The following endpoints may experience timeouts when used with a high volume of queries per second (QPS):

To reduce the likelihood of timeouts, we recommend a target of three QPS when using these endpoints.

To track the status of this issue, see Apigee Known Issues.

BigQuery

You can now view your BigQuery insights and recommendations using the Recommendations page in the Google Cloud console. You can also view your BigQuery insights and recommendations using the following INFORMATION_SCHEMA views:

These features are now in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.26.0 (2024-08-12)

Features
  • Add fields and the BackupType proto for Hot Backups (#1010) (b95801f)
  • Add MergeToCell to Mutation APIs (f029a24)
  • Add min, max, hll aggregators and more types (f029a24)
  • Async execute query client (#1011) (45bc8c4)
Bug Fixes
Documentation
  • Add clarification around SQL timestamps (#1012) (6e80190)
  • Corrected various type documentation (f029a24)
Binary Authorization

Setting specific rules in Binary Authorization policies is generally available (GA) as of September 28, 2023.

Cloud Build

Cloud Build support for custom organization policies is now generally available.

Custom organization policies let you define constraints for programmatic, fine-grained control over your organization's resources. You can set these policies at the organization, folder, or project level.

To learn more, see Manage Cloud Build resources with custom constraints.

Compute Engine

Generally available: General purpose C4 VMs on the Intel Emerald Rapids CPU. The C4 machine series offers consistently high performance with up to 192 vCPUs and 1.5 TB of DDR5 memory, and support for Hyperdisk storage.

C4 VMs are available in the following regions and zones:

  • Singapore - asia-southeast1-a,b
  • Belgium - europe-west1-b,c
  • Netherlands - europe-west4-a,b,c
  • Iowa - us-central1-a,b,c
  • South Carolina - us-east1-b,c,d
  • Virginia - us-east4-a,b,c
Contact Center AI Insights

You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. See the Overview, Basics, Setup Guide, and Best Practices pages for more details.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.114-debian10, 2.0.114-rocky8, 2.0.114-ubuntu18
  • 2.1.62-debian11, 2.1.62-rocky8, 2.1.62-ubuntu20, 2.1.62-ubuntu20-arm
  • 2.2.28-debian12, 2.2.28-rocky9, 2.2.28-ubuntu22

syslog is now available for Dataproc cluster nodes in Cloud Logging. See Dataproc logs for cluster and job log information.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.20.1 (2024-08-14)

Bug Fixes
  • Allow protobuf 5.x; require protobuf >=3.20.2 (#560) (ad50e36)
Google Cloud Architecture Center

(New guide) Use generative AI for utilization management: A reference architecture for health insurance companies to automate prior authorization (PA) request processing and improve their utilization review (UR) processes.

Google Cloud Deploy

Cloud Deploy is now available in the following region: africa-south1 (Johannesburg)

Sovereign Controls by Partners

The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT partner offerings are now generally available.

Vertex AI Workbench

The ability to create a Vertex AI Workbench instance based on a custom container is now generally available. Only custom containers derived from the Google-provided base container are supported. For more information, see Create an instance using a custom container.

August 18, 2024

Application Integration

In the Application Integration editor, you can now search, browse, and select tasks and connectors in the Tasks list. For more information, see Add a Connectors task.

Google SecOps SOAR

Release Notes 6.3.16 is currently in Preview.

Unable to edit, delete or export custom integration (ID #52403533)

Remote Agents 2.1.0 is currently in Preview

Agent logs are now consolidated in one location: /opt/SiemplifyAgent/Logs.

Agent source code logs are located in agent.log

python scripts logs are located in python.log

Release 6.3.15 is now in General Availability.

August 17, 2024

Google SecOps SIEM

The documentation for the SIEM product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SIEM now appears at the bottom of the left hand navigation bar.

In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SIEM. You can click on the label to reach the SIEM table of contents.

Google SecOps SOAR

The documentation for the SOAR product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SOAR now appears at the bottom of the left hand navigation bar.

In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SOAR. You can click on the label to reach the SOAR table of contents.

August 16, 2024

AlloyDB for PostgreSQL Apigee X

On August 16, 2024, we released an updated version of Apigee (1-13-0-apigee-3).

Bug ID Description
324418891 Added improvements to the MessageLogging policy to avoid potential downtime and deployment failures.
351068926 Updated the error format, fault status, and status code returned (from 500 to 404) in cases where an invalid authorization code causes an error.
Batch

Documentation has been added to explain how to export job information. Exporting a job's information is useful when you want to retain the information after a job is deleted or analyze the information outside of Batch. For more information, see Export job information.

Error Reporting

Error Reporting can now analyze log entries that have been routed to a log bucket in a non-global region, provided the log sink is in the same project as the log bucket.

Google Cloud Architecture Center

(New guide) Migrate from Amazon RDS and Amazon Aurora for MySQL to Cloud SQL for MySQL: Describes how to design, implement, and validate a plan to migrate from Amazon RDS or Amazon Aurora to Cloud SQL for MySQL.

Google Kubernetes Engine

In GKE version 1.29.7-gke.1238000-1.30, and 1.30.3-gke.1571000 or later, node pools use regional instance templates instead of global instance templates. To learn more, see Regional and global instance templates.

Live Stream API

You can now create static overlays and position them on top of a live stream.

SAP on Google Cloud

New SAP certifications: C4 series of general-purpose machine types

For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the Compute Engine C4 series of general-purpose machine types.

For more information, see the following:

Vertex AI Agent Builder

Vertex AI Search: Search tuning (GA)

Search tuning for unstructured data stores is Generally available (GA). You can upload training files to tune the model for your search app.

Search tuning supports Data Residency; you can tune data stores in the US and EU multi-regions as well as global data stores.

For information, see Improve search results with search tuning.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for iOS.

This version contains bug fixes and improvements.

August 15, 2024

Apigee UI

On August 15, 2024, we released an updated version of the Apigee UI.

Bug ID Description
356453519 Fixed issue with the display of shared flow detail pages.

In some cases, detail pages for shared flows with names containing a space (" ") would not display and resulted in UI errors.

355674677 Fixed infinite redirect loop after Subscription org provisioning.

Clicking the Continue button in the final step of the Subscription organization provisioning flow resulted in an infinite redirect loop.

Apigee X

On August 15, 2024 documentation was added describing how to provision Apigee in the Google Cloud console.

See Get started in the Google Cloud console for more information.

Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.

Cloud SQL for MySQL

Extended support pricing is now available for Cloud SQL for MySQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Cloud SQL for PostgreSQL

Extended support pricing is now available for Cloud SQL for PostgreSQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.

To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR).

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.76
  • 1.2.20
  • 2.0.84
  • 2.2.20
Dialogflow

Dialogflow CX: You can now configure sensitivity levels of safety filters with respect to different Responsible AI (RAI) categories.

Vertex AI Agents: OpenAPI tool authentication now supports custom client certificates for mutual TLS authentication.

Eventarc

Eventarc support for creating triggers for direct events from Apigee API hub is generally available (GA).

Google Cloud Architecture Center

(New guide) Manage and scale networking for Windows applications that run on managed Kubernetes: Discusses how to manage networking for Windows applications that run on Google Kubernetes Engine using Cloud Service Mesh and Envoy gateways. This reference architecture is accompanied by a deployment guide.

Looker

Looker (Google Cloud core) customers can now create a Looker (Google Cloud core) instance with Private Service Connect. To create a Private Service Connect instance, ensure that you have received confirmation from your sales representative that your project has been added to the allowlist for Private Service Connect.

Looker Studio

New Looker and Looker Studio shared terms and concepts glossary

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Sort list controls by any metric

List controls now support sorting the options on any metric, rather than just the reference metric.

Policy Intelligence

The IAM recommender generates policy insights and role recommendations for the following identities:

  • All identities in a workload identity pool
  • Single identity in a workload identity pool
  • All identities in a workforce identity pool
  • Single identity in a workforce identity pool
  • All Google Kubernetes Engine Pods that use a specific Kubernetes service account

To learn more, see Availability. This feature is generally available.

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.5

Version 3.5 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to support Workload Manager's observability service for SAP, metric enhancements, and some minor fixes.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by the date August 15, 2024, provides updates to the security operations features of the Enterprise tier of Security Command Center.

For installation instructions, see Update Enterprise use case, August 2024.

Sensitive Data Protection

The PHONE_NUMBER infoType functionality that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

To enable the new functionality, leave InfoType.version unset, or set it to latest or stable. To use the old functionality, set InfoType.version to legacy. You can continue to use the legacy functionality for 90 days.

August 14, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni Kubernetes Operator version 1.0.0 and later lets you schedule matching new database Pods to nodes to balance node distribution across the AlloyDB Omni cluster and help optimize performance.

BigQuery

You can now get lower latency for small queries with the new short query optimized mode. BigQuery automatically determines which queries may be accelerated while other queries continue to run like before. This feature is now in preview.

Carbon Footprint

Beginning with the release of January 2024 data, Google Cloud Carbon Footprint has adopted a semi-annual methodology improvement schedule, with updates planned for January and July data releases each year.

For the July 2024 data release (in mid-August 2024), we have upgraded the carbon model to version 11 and implemented the following updates:

Updating Scope 1 & 3 emissions from Google's corporate footprint:

  • Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2024 Google Environmental Report. See the non-electricity emission sources section of methodology documentation on how we apply these Scope 1 & 3 emissions across Google products and services.

  • Notably, expanded the Scope 1 & 3 inventory boundary to include the following for a more comprehensive emissions inventory:

    • HVAC fugitive emissions
    • Additional emissions categories of transmission & distribution (T&D) loss
    • Extraction and transportation of fuels used to generate grid electricity

Updating renewable electricity percentage for Scope 2 market-based emissions from Google's corporate footprint:

  • Updated annual renewable electricity percentage from Google's clean energy procurement, in accordance with 2024 Google Environmental Report, as an input for Scope 2 market-based emissions. Note that Scope 2 location-based emissions are estimated using hourly greenhouse gas emissions factors. Read more about the difference in methodology between Scope 2 location-based and market-based emissions in the methodology document.

Improving allocation of shared internal AI/ML resources:

  • Improved the treatment of central machine learning compute resources and workloads across Google products and services, including corrected central resource impact to the following Google Cloud services:
    • Cloud Natural Language
    • Translate
    • Cloud Vision API
    • Cloud Speech API
    • Cloud Dialogflow API
    • Vertex AI
    • Cloud AutoML
    • Cloud Machine Learning Engine
    • Video Stitcher API
    • Cloud Video Intelligence API
    • Notebooks
    • Cloud Text-to-Speech API

Improving data accuracy:

  • Improved data center PUE mapping and energy allocation to internal services.
Colab Enterprise

The notebook scheduler is now generally available. See Schedule a notebook run.

Google Kubernetes Engine

(2024-R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

Regular channel

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

Stable channel

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Extended channel

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

No channel

We've identified a potential issue that may cause downtime for traffic coming to your GKE managed Internal passthrough Network Load Balancers, after certain cluster operations like node upgrades. This issue specifically affects clusters with GKE Subsetting and Services with externalTrafficPolicy=Cluster.

This issue is more likely to occur in clusters with more than 25 nodes. To prevent this issue altogether, we recommend updating your Service configuration to use externalTrafficPolicy=Local. If you're already experiencing downtime, scale up the number of pods backing your LoadBalancer to provide immediate relief. A fix for this issue will be available in upcoming GKE releases.

(2024-R30) Version updates

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

Looker

Looker 24.14 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, August 19, 2024

  • Expected Looker (original) final deployment and download available: Thursday, August 29, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, August 19, 2024

  • Expected Looker (Google Cloud core) final deployment: Saturday, September 7, 2024

The Edit Connection page URL has been changed from admin/next/connections/:id to admin/next/connections/:id/edit. The Looker UI will not change, but any scripts or hyperlinks that you have created that reference the old URLs may break.

The presumed_looker_employee property is now omitted from the user API response model. If you were relying on this functionality, migrate to use the verified_looker_employee property instead.

The Chart Config Editor now supports a new Sankey chart type.

The Edit button appears only for model sets for which the user has edit access.

The Queries Admin page now contains a SQL Interface tab in the Details pop-up for queries that originate from the Open SQL Interface.

The Chart Config Editor now supports a Venn diagram chart type.

The Open SQL Interface is now generally available and the SQL Interface Looker Labs toggle is removed.

The Looker–Tableau BI Connector is now generally available. You can now use Tableau Desktop to connect to your Looker data.

The Looker IDE supports Vim and Emacs editors in addition to the default Looker IDE editor. You now can set your editor preference in the new IDE Settings page in the Looker IDE. Note: The IDE Settings page will be available in a future release. Update: This feature is supported in Looker 24.16.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE. Note: This feature will be available in a future release. Update: This feature is supported in Looker 24.16.

The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); and the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel). You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE. Note: This feature will be available in a future release. Update: This feature is supported in Looker 24.16.

The LookML validator will no longer report inaccessible field errors for fields that are excluded from Explores.

System Activity queries that count Looker employee usage on your instance will no longer count Google employees that don't work on Looker products.

Performance has been improved for model preparation for models that use local import.

An issue has been fixed where some custom fields could not be deleted from the data table in an Explore. This feature now performs as expected.

An issue that caused some schedules to get indefinitely stuck in the scheduler queue has been fixed. This feature now performs as expected.

Previously, Look IDs were not always saved in the query metadata. This issue has been fixed, and this feature now performs as expected.

Previously, an issue caused some table calculations that referenced row totals to not appear in the series editor. This feature now performs as expected.

Previously, an issue could cause one invalid conditional data formatting rule to disable all conditional formatting rules for a series. This feature now performs as expected.

A previous issue with some Liquid variables would unnecessarily pull fields into the SQL query. This feature now performs as expected.

Rather than returning a 500 error as it would have previously, the sync_lookml_dashboard endpoint will now return a 422 with a more informative error message if there is an issue with the LookML dashboard layout.

The custom field editor now displays an error when users attempt to enter a conditional formatting rule with more than three conditions.

Unqualified field references in Liquid will no longer trigger SQL dependencies if the value does not depend on the result set.

An issue has been fixed where an escaped single quote in a LookML string was being treated as the end of the string. The fix enables color formatting to be applied to the entire string.

An issue has been fixed where dashboard filters were applied to tile queries during tile editing. This feature now performs as expected.

An issue has been fixed where LookML details were exposed to users who did not have the see_lookml permission.

An issue has been fixed where Looker would draw incorrect markers in the Google map visualization. This feature now performs as expected.

An issue with Exasol pivot queries has been fixed. This feature now performs as expected.

An issue with the User Activity dashboard has been resolved. This feature now performs as expected.

An issue with SSO logins has been fixed. This feature now performs as expected.

An issue has been fixed where the top-level item in an object tree was sometimes not expanded upon first loading. This feature now performs as expected.

An issue that could cause the LookML Validator to time out has been fixed. This feature now performs as expected.

Previously, a Validation or Query operation might fail if a measure did not have a type and used a sql_distinct_key. This feature now performs as expected.

An issue has been fixed with the Denodo dialect where the TRUNC() function could erroneously return a NULL value. This feature now performs as expected.

HighCharts error codes are now displayed in the UI rather than a blank visualization being rendered.

An issue has been fixed where unlocalized strings were rendered as "Bad Translation Key" when the project localization level was set to "permissive." This feature now performs as expected.

Looker can now use more efficient queries to determine the names of Redshift external schemas.

An issue has been fixed where, previously, a project could not be deleted because of a timeout on the Delete Confirmation page. This feature now performs as expected.

Previously, updating an OAuth client secret when there were multiple connections sometimes failed. This feature now performs as expected.

Previously, the PDT Admin panel could not be filtered by the status "Failed." This feature now performs as expected.

The editing experience in the Chart Config Editor is now more responsive.

A new progress bar, called the Explore query tracker, appears in the Explore UI when a query is running. You can toggle this off in the Labs features under Explore Query Tracker.

For Google BigQuery connections, Looker (Google Cloud core) can automatically use the OAuth application credentials that your Looker admin used when they created the Looker (Google Cloud core) instance. See the Looker (Google Cloud core) documentation for more information.

August 13, 2024

Apigee Advanced API Security

On August 13, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Note: This functionality is not available in the me-central2 region at this time. See Available Apigee API Analytics Regions for region information. We will announce with a release note when that region is supported.

Public preview of Risk Assessment v2

This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:

  • Improved reliability: Faster score calculations with recent proxy data.
  • Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.

For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.

Batch

Cancel jobs is available in Preview.

Batch CentOS (batch-centos) and Batch HPC CentOS (batch-hpc-centos) have reached end of development due to the end of support (EOS) of Compute Engine CentOS 7 images on June 30, 2024.

The final image versions of these Batch OSes—batch-centos-7-official-20240628-00-p00 and batch-hpc-centos-7-official-20240628-00-p00 from June 28, 2024—are only supported until August 27, 2024. By then, migrate any job that uses Batch CentOS or Batch HPC CentOS to a different OS.

The documentation has been updated to clarify that a Batch OS stops being supported when its base Compute Engine OS is deprecated. This restriction only applies to Batch OSes that have not already reached the end of development as of the date of this notice.

For more information, see Restrictions for VM OS images.

Bigtable

You can now enable client-side metrics with the Bigtable client library for Go. Used in conjunction with server-side monitoring metrics, client-side metrics can provide a complete, actionable view of Bigtable performance. For more information, see Set up client-side metrics.

Cloud Billing

The Carbon footprint dashboard in the FinOps hub now includes market-based emissions data (preview)

Scope 2 market-based emissions data (preview) for the Carbon footprint dashboard are now available in the FinOps hub. The market-based emissions metric represents purchased electricity, incorporating Google's annual renewable energy purchases. You can use the data in the Carbon footprint dashboard to optimize your cloud spend and reduce your carbon impact.

Cloud Composer

(Airflow 2.7.3) Improved the reliability of connections between Airflow components and the Redis component.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.4
  • composer-3-airflow-2.7.3-build.13

Cloud Composer 2.9.1 images are available:

  • composer-2.9.1-airflow-2.9.1 (default)
  • composer-2.9.1-airflow-2.7.3
Cloud Database Migration Service

Database Migration Service now supports migrations to MySQL minor version 8.0.37. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Logging

Introducing log scopes. Log scopes are persistent, project-level resources that list a set of resources to be searched for log entries. For example, you might configure a log scope to contain multiple projects and several log views. If you select your log scope when using the Logs Explorer, it displays the log entries that originate in the specified projects and those in the specified log views.

You can create, edit, and delete log scopes. You can also set one log scope as the default log scope, which determines the resources that the Logs Explorer searches for log entries.

For more information, see Create and manage log scopes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.400-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.400-gke.81 runs on Kubernetes v1.29.6-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

The following vulnerabilities are fixed in 1.29.400-gke.81:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

In GKE version 1.30 and later, there is a workaround in the PDCSI driver for privileged workloads that access container namespaces with hostpath. The workaround delays NodeUnstage until attached filesystems are no longer in use. Under certain conditions, the privileged hostpath workloads may cause a container's mount namespace to be retained longer than the container's lifecycle. The workaround addresses an issue where the driver could proceed with detaching a GCE persistent disk even if the block device filesystem is still in use.

With this fix, the PDCSI driver will validate that an attached block device is no longer in use prior to unmounting it from a GKE node.

Custom compute classes are a new set of capabilities in GKE that provide an API for fine-grained control over fallback compute priorities, autoscaling configuration, obtainability and node consolidation. Custom compute classes offer enhanced flexibility and control over your GKE compute infrastructure so that you can ensure optimal resource allocation for your workloads. You can use custom compute classes in GKE version 1.30.3-gke.1451000 and later. To learn more, see About custom compute classes.

Looker

Choosing a hosting option for a Looker (original) instance helps you understand the benefits and limitations of each hosting option — Looker-hosted or customer-hosted — so that you can make the best decision for their organization.

Looker (Google Cloud core) users now have access to the first-ever Learn Assistant panel on Google Cloud console pages. This panel provides tailored documentation and tutorials that are specifically related to the tasks or concepts covered on that console page.

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Spanner

A new multi-region instance configuration is now available in North America - nam16 (Iowa/Northern Virginia/Columbus).

August 12, 2024

Access Approval

Access Approval supports Cloud Armor in the GA stage.

Access Transparency

Access Transparency supports Cloud Armor in the GA stage.

Agent Assist

Customer Manager Encryption Key support is now available in preview for all Agent Assist features in regionalized environments, including all generative AI features. See the documentation for more details.

Apigee X

On August 12, 2024, we released a new version of Apigee.

We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.

Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps.

With this release, Apigee expanded its support for data residency to additional regions in Japan:

  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.0 (2024-08-01)

Features
  • Add retryOptions passing to underlying Service class (#1390) (a7cd3af)
  • Clean cached rows and responses after conversion (#1393) (3fd28b8)
Bug Fixes
  • Add missing alias for valid types (#1388) (